linux system optimization and security configuration
Systems mentioned herein, if not otherwise stated, are used RedHat's redhat linux system.
linux system optimization
Speaking linux system optimization, in fact, the best optimization is to upgrade the hardware configuration, such as increasing the cpu computing power, increase memory capacity, personally I think that if you are considering upgrading hardware, I suggest priorities to improve memory capacity, because the general server applications, memory consumption is the highest use requirements. Of course, this is a digression.
Here we discuss the most important, it is in the same hardware configuration (the same server, without hardware upgrade) to optimize your system.
As a system administrator, I think, we need to clear a point: any operation, upgrade and modify any configuration files or software on the server, you must first consider security, not the more new things the better, which is why on linux and windows management feels different places, windows first recommend you to use the latest version of its software and operating systems, in fact, I personally think that this is a commercial activity as from the system management, this is very bad using new software and systems may bring new problems, some even fatal.
Therefore, as management, we should consider the stability of long-term use of the software version as our version, the specific benefits I do not say. I believe as an administrator you should know.
In fact, the personal use of an optimized linux is to upgrade the kernel most direct, own compiled kernel is compiled according to their system from, will get the maximum performance and minimal kernel.
However, the server not the same, of course, we also hope that each server is manually compiling their own kernel, efficient and sophisticated. But the actual desire and there is a gap, Imagine, if you manage to come to Taiwan 100 linux host, but each configuration might not the same, that the process of compiling a kernel will be a huge project, but also from practical considerations, workload Great unimaginable. I think you will not be willing to do this kind of thing right. Therefore, personal recommendations, using the official release of the kernel upgrade package is a good choice.
First, we installed the new system, will make a series of upgrades, including software and the kernel, which is a very important step, (details in this regard I welcome the view of another article on the upgrading).
After upgrade all good software, after basic firewall and configuration are doing, we began to optimize some of the details of the configuration, if you are old systems, then for this problem and some of the operations and optimize your system before, be sure to back up all data to other media.
linux system optimization 1, the virtual memory optimization
First, view the virtual memory usage, use the command
View the current memory usage of the system.
In general, linux physical memory is almost completely used. The windows and a very big difference, its memory management mechanism will make full use of system memory, no matter how much memory is not the windows have to use some of the same virtual memory. This requires attention.
Linux virtual memory the following default configuration through the command
# Cat / proc / sys / vm / freepages
You can see, three figures show the current system: the minimum memory blank page, the minimum and maximum memory memory blank page blank.
Note that this system uses the principle of virtual memory is: If a blank page below the maximum number of blank pages set up, use disk swap space. When it reaches the minimum blank page settings, use memory exchange (Note: This is my view some of the information obtained from the specific application also needed to observe their own look, but this does not affect us configure a new virtual memory parameters).
4k bytes of memory is generally allocated to each page. Minimum system memory blank page setting is 2 times the amount of memory; the minimum memory settings are blank pages 4 times the amount of memory; the maximum memory blank page setting is 6 times of system memory. These values determine when the system starts.
In general, in the configuration system allocates virtual memory configuration, I personally think that increasing the maximum memory a blank page is a good configuration to 1G of memory configuration example:
The original allocation ratio can be amended as follows:
# Echo "2048 4096 6444"> / proc / sys / vm / freepages
Blank page because of the increased maximum configuration, it can make more efficient use of memory.
2 linux system optimization, hard disk optimization
If you are a scsi or ide hard drive array, you can skip this section, this section describes the parameter adjustment is only for the use of server ide hard drive.
We set the hdparm IDE hard disk through the program,
Use DMA and 32-bit transfer can significantly improve system performance. Use the following commands:
# / Sbin / hdparm -c 1 / dev / hda
This command first IDE hard drive PCI bus is designated as 32, use -c 0 parameter to disable the 32-bit transfers.
Use DMA on the hard disk, use the command:
# / Sbin / hdparm -d 1 / dev / hda
Close DMA can use the parameter -d 0's.
When changes are complete, you can use hdparm to check the revised results, use the command:
# / Sbin / hdparm -t / dev / had
In order to ensure the same result set, use the command: # / sbin / hdparm -k 1 / dev / hda
Some commonly used functions of other parameters Hdparm command
-g Displays hard disk tracks, heads, magnetic domain and other parameters.
-i shows the hard disk hardware specification information, which is provided in the boot from the hard disk itself.
-I Directly read the hard disk provided by hardware specifications.
-p drive's PIO mode.
-Tt Assess the efficiency and hard disk read cache read efficiency drive.
-u when disk access, allow other interrupt requirements simultaneously.
-v displays set the hard disk.
linux system optimization 3, other optimization
Close unneeded services on the system automatically starts the service, the Internet has a lot of information, and I will not go into details;
linux system security configuration
1, security check
As a system administrator, the periodic system, a comprehensive security check is very important to meet some friends recently wrote to say that there have been some strange problems, such as the biggest problem is a clear sense of network service is slow, which is very phenomenon may be attacked.
Practice has proved that, whether it is the kind of system, the default installation is unsafe, the actual Ye Hao whether you use windows, linux, bsd, or other kind of system, the default installation has a lot of loopholes, how it can become a secure system, this is our system managers need to do. Configuring reconfiguration.
Any system, as long as careful configuration, blocking known vulnerabilities, we can say the system is safe, it is not a lot of friends said, to install the system, the configuration of the firewall, antivirus software installed, you'll be safe, in fact, If the system does not make any security settings, it is equal to hacking open a door made of paper, complete control over dozens of minutes!
This is not shocking.
As a linux system, there are also many loopholes, Black could exploit these vulnerabilities to control your entire system, to prevent these problems, we need to do the following steps:
1, upgrade the system in the latest versions of all packages;
2, set a more robust firewall;
3, the key log files periodically check, configure antivirus software
4, greater concern for security information warning of website publishing and master some of the latest features of viruses and hacker programs, which are conducive to the normal operation of the system.
This article is mainly to optimize the main, in line with this theme, we only discuss the security part of some routine maintenance work.
In addition to four of the administrator compulsory extra-curricular listed above, some of the details of the linux system maintenance is also very important.
linux system security configuration includes:
1, configure the log rotation tool, regularly download the backup log, is a very good habit, so not only can reduce the disk space consumed by the log, improve system efficiency, more timely detection of problems, linux under some very good log analyzer system, can be extracted directly log special items, eliminating the trouble of reading the log;
2, use the command lsof -i, netstat -a, ps -e commands, regular inspection system service port monitor, etc., can also produce a regular basis of the script, these commands will be executed after regularly sent to the mailbox;
3, regular inspection of the history list of root user, last list, vipw user list is normal;
4, regular backup file, use the tar command can be a good backup, of course, you need to download and transfer those backup media;
As it found any particular port or not seen, so to attract enough attention, do not lose the greater.
The above are my linux system security and optimization of some simple understanding, urging everyone to safe and efficient use linux facilitate your work life.