Talking about Linux Optimization and Security
Summary
I am a lot of understanding of Linux system security and optimization, I hope everyone can safely and efficiently use Linux to make it easy for your work. (2005-03-16 09:29:41)
BY clearly: http://www.linuxaid.com.cn/Articles/5/1/516690527.SHTML
Foreword: I haven't written the article for a long time. I recently received a lot of friends to believe, mentioned the optimization configuration and some new security issues, here I want to discuss these problems with everyone, what is wrong and better Way, please give me a letter to discuss the improvement. I saw a lot of articles about Linux optimization on the Internet. I haven't described these articles here, I just want to talk about this issue from my own experience. As a system administrator, I will talk about the server application's Linux. Because it is not like the server on the personal computer, it is preferred to pursue safety and stability, so the friend used by the personal computer is only a reference. The system mentioned in this paper, if there is no special statement, all use Redhat Linux system from Redhat. About optimization, optimization, in fact, the best optimization is to enhance hardware configuration, such as increasing the CPU's computing power, improving the capacity of memory, individual thinking if you consider upgrading hardware, it is recommended to give priority to the capacity of memory, because general server applications, The consumption requirements for memory are the highest. Of course, this is the topic. Here we first discuss it is to optimize your system under the same hardware configuration (the same server, no hardware). As a system administrator, I think, first we must clear a point: on the server, upgrade, and modify any configuration file or software, you must first consider security, not more new things, better, this is why Linux management feels with Windows different places, Windows first recommend everyone to use its latest version of the software and operating system, in fact, I personally think this is a business behavior. As a result from system management, this is very bad. , Using new software and systems may bring new problems, some or even fatal. Therefore, as management, we should consider stable long-term software versions as our version, and I will not say more. I believe you should know as an administrator. In fact, personal use of Linux is the most direct optimization is to upgrade the kernel, and the kernel you compile is compiled by your system, which will get the maximum performance and the smallest kernel. However, the server is not the same, of course, we also hope that every server is hand-compiled kernel, which is efficient and and more and more and more. But the actual and wishes are gaps. Imagine that if you manage 100 Linux hosts, and each may be configured, one process of compiling kernels will be a vast project, and from actual consideration, workload It's hard to imagine. I think you will not be willing to do this. Therefore, personal suggestions, using the officially released kernel upgrade package is a good choice. First, we will make a series of upgrades, including software and kernels, including software and kernels, (this detailed situation welcomes the article on upgrading). After upgrading all software, the basic firewalls and configurations have been made, we start to optimize some detail configuration, if you are an old system, then you must be backup all data before your problem and some operations and some of your system. To other media. 1. Virtual Memory Optimization First View the usage of virtual memory, uses command # free to view the memory usage of the current system. In general, Linux's physical memory is almost completely Used. This and Windows are very different. Its memory management mechanism is fully utilized by system memory, no matter how much memory is used in WINDOWS. This needs attention.
LINUX The default configuration of the virtual memory is configured by command # cat / proc / sys / vm / freepages, the three numbers displayed are the current system: the minimum memory blank page, the lowest memory blank page and the highest memory blank. Note that the system uses virtual memory here is that if the number of blank pages is below the highest blank page setting, the disk swap space is used. When reaching the minimum blank page settings, use memory exchange (Note: This is what I have to see some information, and you need to observe yourself when applying, but this does not affect our configured new virtual memory parameters). Memory is generally assigned by 4k byte per page. The minimum memory blank page setting is 2 times the number of memory in the system; the minimum memory blank page setting is 4 times the number of memory quantities; the highest memory blank page setting is 6 times the system memory. These values are determined when the system is started. Generally speaking on the virtual memory configuration assigned by the system, I personally think that the maximum memory blank page is a relatively good configuration, with 1G memory configuration as an example: the original configuration is modified to: 2048 4096 6444 By command # echo "2048 4096 6444"> / proc / sys / vm / freepages, memory can be utilized because of the highest blank page configuration. 2, hard disk optimization If you are a SCSI hard drive or an IDE array, you can skip this section, the parameter adjustment of this section is only for servers using the IDE hard drive. We have set the IDE hard drive through the HDPARM program, using DMA and 32-bit transfer to greatly improve system performance. Use the command as follows: # / sbin / hdparm -c 1 / dev / hda This command specifies the first IDE hard disk PCI bus to 32 bits, use -c 0 parameters to disable 32-bit transmission. Use DMA on the hard disk, use the command: # / sbin / hdparm -d 1 / dev / hda to close the DMA can use -d 0 parameters. Once the change is complete, you can use HDPARM to check the modified result. Use the command: # / sbin / hdparm -t / dev / had To ensure the settings of the settings, use the command: # / sbin / hdparm -k 1 / dev / Some commonly used other parameter functions of the hdahdparm command -g displays the magnetic rails, magnetic heads, and magnetic regions of the hard disk. -I Displays the hardware specifications of the hard disk, which is provided by the hard disk itself when booting. -I directly reads the hardware specifications provided by the hard disk. -P
