Linux basic optimization and security focus

1. Do not log in to the management system as root, but log in as an ordinary user and manage through sudo authorization.

2. Change the default remote connection SSH server port, prohibit root users from remote connections, or even change the SSH service to only listen to the intranet IP.

3. Automatically update the server time regularly to synchronize it with the Internet time.

4. Configure the yum update source and download and install the software package from the domestic update source.

5. Turn off SELinux and iptables.

6. Adjust the number of file descriptors. Processes and file openings will consume the number of file descriptors.

7. Automatically clean up junk files in the temporary email directory regularly to prevent the inodes on the disk from being filled up with small files.

8. Streamline and retain necessary self-starting services.

9.Linux kernel parameter optimization "/etc/sysctl.conf" takes effect by executing sysctl -p.

10. Change the system character set to "zh_CN.UTF-8" to support Chinese to prevent garbled characters.

11. Lock key system files, such as /etc/passwd, /etc/shadow, /etc/group, etc., and use chattr and lsattr commands.

12. Clear /etc/issue and /etc/issue.net. Remove the screen display before system and kernel version login.

13. Clear redundant system virtual user accounts.

14. Add a password to the grup boot menu. If you only run here when you remotely restart or automatically start the operating system, you need to enter a password to continue running, so it is not recommended to set a password here.