(1)关闭SELinux功能
它是美国安全局(NSA)对于强制访问控制的实现,我们需要把它关闭这也是生产环境的做法。
[[email protected] ~]#sed -i ‘s#SELINUX=enforcing#SELINUX=diasbled#g‘ /etc/selinux/config
[[email protected] ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of disabled.
# disabled - No SELinux policy is loaded.
SELINUX=diasbled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] ~]# grep "SELINUX=diasbled" /etc/selinux/config
SELINUX=disabled
查看selinux的状态
[[email protected] ~]# getenforce
Enforcing
修改完文件还是enforcing,只有重启才能生效生产中又不能重启服务器,我们可以用setenforce来设置
[[email protected] ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
enforcing的状态是1 ,Permissive的状态是0 警告不影响,所以我们不用重启服务器,可以将selinux的状态设置为0
[[email protected] ~]# setenforce 0
[[email protected] ~]# getenforce
Permissive
(2)关闭防火墙
[[email protected] ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[[email protected] ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
永久关闭防火墙,禁止其开机自启动
[[email protected] ~]# chkconfig iptables off
(3)linux中文显示设置
字符集的调整
[[email protected] ~]# cat /etc/sysconfig/i18n
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"
(4)历史记录数及登录超时环境变量设置
用export TMOUT=10来设置超过10秒退出用户
也可以追加到/etc/profile里面让它永久生效,source /etc/profile
原文地址:http://blog.51cto.com/10642812/2285527
时间: 2024-11-13 09:34:49