Without root, add ordinary users and authorize management through sudo
Change the default remote connection SSH service port and prohibit root user remote connection
Automatically update server time regularly
Configure the yum update source, download and install the rpm package from the domestic update source
Turn off selinux and iptables (if there is wan ip in the iptables working scenario, it should be turned on, except for high concurrency)
Adjust the number of file descriptors, process and file opening will consume file descriptors
Simplified boot auto-start services (sshd, crond, network, rsyslog)
Linux kernel parameter optimization /etc/sysctl.conf, execute sysctl -p to take effect
Change the character set, support Chinese, but it is recommended to use the English character set to prevent the problem of garbled characters, do not use Chinese
Lock critical system files
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
Unlock
chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/ inittab to
see if it is locked
[root@cobub04 ~]# lsattr /etc/passwd
-------------e- /etc/passwd
Empty /etc/issue
cat /dev/null > /etc/issue or > /etc/issue
Kernel parameter optimization
vi /etc/sysctl.cong