NO19 Optimize Linux system--important self-starting services at boot--close self-starting items

Others 2022-04-27 20:48:40 views: 0

 

**How ​​to optimize your Linux system:

1 Without root, add ordinary users and authorize management through sudo.
2 Change the default remote connection SSH service port and prohibit the root user from connecting remotely.
3 Regularly update the server time automatically.
4 Configure the yum update source and download the rpm package from the domestic update source.
5 Turn off selinux and iptables (if there is a wan ip in the iptables working scenario, it is generally necessary to open it, except for high concurrency).
6 Adjust the number of file descriptors. Processes and file openings will consume file descriptors.
7 Automatically clean up the junk files in the /var/spool/clinentmquene/ directory regularly to prevent the inodes nodes from being full. (c6.4n does not have sendmail by default, so it can be unmatched).
8 Simplified boot auto-start services (crond, sshd, network, rsyslog).
9 Linux kernel parameter optimization /etc/sysctl.conf. Execute sysctl -p to take effect.
10 Change the character set to support Chinese (it is best to use the English character set to prevent garbled characters).
11 Lock key system files:
    chattr +i /etc/passwd /etc/shadow /etc/group /etc/group /etc/gshadow /etc/inittab
    After processing the above content, rename chattr and lsattr to oldboy, which is much safer.
12 Clear /etc/issue to remove the screen display before system and kernel version login.
13 Clear useless default system accounts or groups. (not necessary).

 


1. Important self-starting services after booting:
1. sshd: This service program is needed when connecting to the Linux server remotely, so it must be enabled, otherwise the Linux server will not be able to provide remote connection services.

2. rsyslog: log related file software, which is a mechanism provided by the operating system. The system daemon usually uses the rsyslog program to write various information to each system log file. Before C6, the name of this service was: syslog. ,

3. network: When the system starts, if you want to activate/deactivate each network interface, you must open it.

4. crond: This service is used to periodically execute the task plan configured by the system and the user. When there is a task to be executed periodically, it must be turned on. This service is almost a software that must be used in production scenarios.

5. sysstat: This is a software package that includes a set of tools for monitoring system performance and efficiency. These tools are very helpful for our mobile phone system performance data, such as CPU usage, hard disk and network throughput data, etc. The collection of these data It is helpful to judge whether the system is running normally or not, so it is the right-hand man to improve the efficiency of system operation and run the server safely.
   The main tools integrated in the Sysstat package are:
   1. iostat: The tool provides data on CPU usage and hard disk throughput efficiency.
   2. mpstat: The tool provides data related to a single or multiple processors.
   3. sar: The tool is responsible for collecting, reporting and storing system activity information.

 

 

Turn off the self-starting item:
ideas:
1. Turn off the unnecessary, because the service we need is turned on by default:
Step analysis:
[root@localhost ~]# chkconfig --list|grep 3:on   

(Select the project automatically started under level 3 as the experimental target)
[root@localhost ~]# chkconfig --list|grep 3:on|egrep "crond|sshd|network|rsyslog|sysstat"  

(filter out items to keep)
[root@localhost ~]# chkconfig --list|grep 3:on|egrep -v "crond|sshd|network|rsyslog|sysstat"   

(filter out targets other than items to keep)
[root@localhost ~]# chkconfig --list|grep 3:on|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print $1} '  

( Print the target of the previous step, this step can actually be omitted and go directly to the next step)

[root@localhost ~]# chkconfig --list|grep 3:on|egrep -v  "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfiig",$1,"off"}'  

(Write the operation command into it)
Just follow this command:
[root@localhost ~]# chkconfig --list|grep 3:on|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ' {print "chkconfig",$1,"off"}'|bash 
(give it to the system script bash, execute the written operation command)
**Linux command line is a bash session, all the Linux commands we usually type are parsed by bash implemented.
[root@localhost ~]# chkconfig --list|grep 3:on  (check the effect)


2. Turn off all services, and then turn on the services we need.
[root@localhost ~]# chkconfig --list|grep 3:on|awk '{print "chkconfig",$1,"off"}'|bash
[root@localhost ~]# chkconfig --list|egrep "crond| sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"on"}'|bash

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325846949&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com