linux系統調優及安全設置

（1）關閉SELinux功能

它是美國安全局（NSA）對於強制訪問控制的實現，咱們須要把它關閉這也是生產環境的作法。

[root@linzhongniao ~]#sed -i 's#SELINUX=enforcing#SELINUX=diasbled#g' /etc/selinux/config
[root@linzhongniao ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of disabled.
# disabled - No SELinux policy is loaded.
SELINUX=diasbled 
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@linzhongniao ~]# grep "SELINUX=diasbled" /etc/selinux/config
SELINUX=disabled

查看selinux的狀態

[root@linzhongniao ~]# getenforce
Enforcing

修改完文件仍是enforcing,只有重啓才能生效生產中又不能重啓服務器，咱們能夠用setenforce來設置

[root@linzhongniao ~]# setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

enforcing的狀態是1 ，Permissive的狀態是0 警告不影響，因此咱們不用重啓服務器，能夠將selinux的狀態設置爲0

[root@linzhongniao ~]# setenforce 0
[root@linzhongniao ~]# getenforce
Permissive

（2）關閉防火牆

[root@linzhongniao ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter  [  OK  ]
iptables: Flushing firewall rules:   [  OK  ]
iptables: Unloading modules: [  OK  ]
[root@linzhongniao ~]# /etc/init.d/iptables status
iptables: Firewall is not running.

永久關閉防火牆，禁止其開機自啓動

[root@linzhongniao ~]# chkconfig iptables off

（3）linux中文顯示設置

字符集的調整

[root@linzhongniao ~]# cat /etc/sysconfig/i18n 
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"

（4）歷史記錄數及登陸超時環境變量設置

用export TMOUT=10來設置超過10秒退出用戶

也能夠追加到/etc/profile裏面讓它永久生效,source /etc/profile