码迷,mamicode.com
首页 > 系统相关 > 详细

linux系统调优及安全设置

时间:2018-09-25 23:04:46      阅读:233      评论:0      收藏:0      [点我收藏+]

标签:nsa   print   chkconfig   防火墙   退出   不用   生产环境   enforce   profile   

(1)关闭SELinux功能

它是美国安全局(NSA)对于强制访问控制的实现,我们需要把它关闭这也是生产环境的做法。

[root@linzhongniao ~]#sed -i ‘s#SELINUX=enforcing#SELINUX=diasbled#g‘ /etc/selinux/config
[root@linzhongniao ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of disabled.
# disabled - No SELinux policy is loaded.
SELINUX=diasbled 
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@linzhongniao ~]# grep "SELINUX=diasbled" /etc/selinux/config
SELINUX=disabled

查看selinux的状态

[root@linzhongniao ~]# getenforce
Enforcing

修改完文件还是enforcing,只有重启才能生效生产中又不能重启服务器,我们可以用setenforce来设置

[root@linzhongniao ~]# setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

enforcing的状态是1 ,Permissive的状态是0 警告不影响,所以我们不用重启服务器,可以将selinux的状态设置为0

[root@linzhongniao ~]# setenforce 0
[root@linzhongniao ~]# getenforce
Permissive

(2)关闭防火墙

[root@linzhongniao ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter  [  OK  ]
iptables: Flushing firewall rules:   [  OK  ]
iptables: Unloading modules: [  OK  ]
[root@linzhongniao ~]# /etc/init.d/iptables status
iptables: Firewall is not running.

永久关闭防火墙,禁止其开机自启动

[root@linzhongniao ~]# chkconfig iptables off

(3)linux中文显示设置

字符集的调整

[root@linzhongniao ~]# cat /etc/sysconfig/i18n 
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"

(4)历史记录数及登录超时环境变量设置

用export TMOUT=10来设置超过10秒退出用户

技术分享图片

也可以追加到/etc/profile里面让它永久生效,source /etc/profile

技术分享图片

linux系统调优及安全设置

标签:nsa   print   chkconfig   防火墙   退出   不用   生产环境   enforce   profile   

原文地址:http://blog.51cto.com/10642812/2285527

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!