linux系统调优及安全设置

（1）关闭SELinux功能

它是美国安全局（NSA）对于强制访问控制的实现，咱们须要把它关闭这也是生产环境的作法。

[root@linzhongniao ~]#sed -i 's#SELINUX=enforcing#SELINUX=diasbled#g' /etc/selinux/config
[root@linzhongniao ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of disabled.
# disabled - No SELinux policy is loaded.
SELINUX=diasbled 
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@linzhongniao ~]# grep "SELINUX=diasbled" /etc/selinux/config
SELINUX=disabled

查看selinux的状态

[root@linzhongniao ~]# getenforce
Enforcing

修改完文件仍是enforcing,只有重启才能生效生产中又不能重启服务器，咱们能够用setenforce来设置

[root@linzhongniao ~]# setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

enforcing的状态是1 ，Permissive的状态是0 警告不影响，因此咱们不用重启服务器，能够将selinux的状态设置为0

[root@linzhongniao ~]# setenforce 0
[root@linzhongniao ~]# getenforce
Permissive

（2）关闭防火墙

[root@linzhongniao ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter  [  OK  ]
iptables: Flushing firewall rules:   [  OK  ]
iptables: Unloading modules: [  OK  ]
[root@linzhongniao ~]# /etc/init.d/iptables status
iptables: Firewall is not running.

永久关闭防火墙，禁止其开机自启动

[root@linzhongniao ~]# chkconfig iptables off

（3）linux中文显示设置

字符集的调整

[root@linzhongniao ~]# cat /etc/sysconfig/i18n 
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"

（4）历史记录数及登陆超时环境变量设置

用export TMOUT=10来设置超过10秒退出用户

也能够追加到/etc/profile里面让它永久生效,source /etc/profile