- 用户组创建
groupadd -g 500 sysadm
groupadd -g 501 appadm
- 用户创建
useradd -u 500 -g 500 sysctl -m
passwd sysctl
Gf9Jk6Hvuh
useradd -u 501 -g 500 sysadm -m
passwd sysadm
TAZk9TmpR6
useradd -u 502 -g 501 nflow -m
passwd nflow
DPe2cU4Ggb
- 导入共钥
/home/sysctl/.ssh(mode 755)
/home/sysctl/.ssh/authorized_keys(mode 600)
/home/sysadm/.ssh(mode 755)
/home/sysadm/.ssh/authorized_keys(mode 600)
/home/nflow/.ssh(mode 755)
/home/nflow/.ssh/authorized_keys(mode 600)
- 关闭ssh密码登录
/etc/ssh/sshd_config
PasswordAuthentication no
- 开启公钥登录
/etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
- 关闭root ssh登录
/etc/ssh/sshd_config
PermitRootLogin no
- 增加sudoer组
/etc/sudoers
%sysadm ALL=(ALL) NOPASSWD: ALL
- 优化系统内核参数
/etc/sysctl.conf
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.ip_forward = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.core.netdev_max_backlog = 8192
net.core.somaxconn = 256
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048586
fs.file-max = 6553500
kernel.core_uses_pid = 1
kernel.shmmax = 2147483648
kernel.shmall = 1048576
kernel.shmmni = 4096
kernel.msgmnb = 65536
kernel.msgmax = 8192
kernel.perf_event_paranoid = 2
sysctl -p
- 优化程序运行参数
/etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535
- soft nofile 65535
hard nofile 65535
/etc/security/limits.d/20-nproc.conf
- soft nproc 65536
- 优化shell环境参数
- 修改Shell提示符
- 传递环境变量
- 保存命令历史至指定日志文件