How to optimize after the Linux server is installed?

Our servers are not directly hosted in the computer room after installation, but need to perform a series of optimized configuration and security configuration, etc.

1. Turn off unneeded services

This should be easy to understand. Any service that our system does not need is turned off. One advantage is to reduce the memory and CPU time. Another benefit is to improve security.

So which services are Definitely want to keep it?

There are usually four services on Linux machines that must be reserved

iptables

A powerful firewall under Linux, as long as the machine needs to be connected to the Internet Where can't leave it

network

The network of linux machines can be turned off if you don't have Internet access, as long as you want to open it online

sshd

Is the openssh server, if your machine is not local operation, but hosted to the IDC room,

then access to the machine through this sshd service

syslog

Linux system Log system, must have,

Otherwise, the machine will not find the reason

In addition to these four required services, what other services need to be retained?

At this time, depending on the purpose of the system, such as: database server, you need to enable mysqld (or oracle)

web server, you need to enable apache

2, close not Need tty

Please edit your /etc/inittab

to find the following section:

1:2345:respawn:/sbin/mingetty tty1

2:2345:respawn:/sbin/mingetty tty2

3:2345:respawn:/sbin/mingetty tty3

4:2345:respawn:/sbin/mingetty tty4

5:2345:respawn:/sbin/mingetty tty5

6:2345:respawn:/sbin/mingetty tty6

This command causes init to open 6 consoles for you, respectively You can use alt+f1 to alt+f6 to access

These 6 consoles all reside in memory by default, in fact there is no need to use so much

you use ps aux f This command can be seen, is six processes

root 3004 0.0 0.0 1892 412 tty1 Ss+ Jun29 0:00 /sbin/mingetty tty1

root 3037 0.0 0.0 2492 412 tty2 Ss+ Jun29 0 :00 /sbin/mingetty tty2

root 3038 0.0 0.0 2308 412 tty3 Ss+ Jun29 0:00 /sbin/mingetty tty3

root 3051 0.0 0.0 1812 412 tty4 Ss+ Jun29 0:00 /sbin /mingetty tty4

root 3056 0.0 0.0 2116 412 tty5 Ss+ Jun29 0:00 /sbin/mingetty tty5

root 3117 0.0 0.0 2396 412 tty6 Ss+ Jun29 0:00 /sbin/mingetty tty6< Br>

How to close these processes?

Usually we keep the first 2 consoles,

Comment out the last 4 comments with #

Then you don't need to restart the machine, just execute the init q command.

init q

q as a parameter meaning: re-execute the command in /etc/inittab

After the modification is completed, you need to restart the machine to make it effective.

4. How to close atime?

A linux file There are 3 times by default:

atime: access time for this file

ctime: time when this file inode changes

mtime: modification time of this file

If there are multiple small files, it is usually not necessary to record the access time of the files.

This can reduce the io of the disk, such as multiple small pictures on the web server page

How to set it up?

Modify the file system configuration file: vi /etc/fstab

Use noatime, nodiratime in a partition containing a large number of small files

:

/dev/md5 /data/pics1 ext3 noatime,nodiratime 0 0

When the file is accessed, it will not generate io

To get your server running at level 3

Practice:

vi /etc/inittab

id:3:initdefault:

Let the server run X is not necessary

6, optimize sshd

X11Forwarding no //do not forward x graphics

U seDNS no //Do not reverse the IP address

7. Optimize the shell

Modify the history record

# vi /etc/profile

Find HISTSIZE=1000 to HISTSIZE=100

then source /etc/profile