Topics

Solutions

Easy solutions and ideas found after long googling or hard coding

disable root login

Check Installing CentOS 6.2 on VMware post.

This should make the server more secure, review creating admin users post

– this will disable logging in ssh as root

vi /etc/ssh/sshd_config 
#add
PermitRootLogin no
#restart ssh
/etc/init.d/sshd restart

Adding new users and admins to Linux server

Check Installing CentOS 6.2 on VMware post.

Using admin user avoids common mistakes done when logging as root, instead use sudo to run root commands.

mkdir /server

#adding web-server user www
adduser www -d /server -s /sbin/nologin

#adding admins group to use instead of root
groupadd admins
visudo
#add
%admins ALL=(ALL)       NOPASSWD: ALL

#add new admin 
adduser admin -g admins
#set password
passwd admin

#add email for user admin
vi /etc/aliases
#add
admin: admin@example.com
#rebuild data
newaliases

Disabling unneeded services on CentOS

Check Installing CentOS 6.2 on VMware post.

More information about each service can be found here

chkconfig setroubleshoot --levels 345 off;service setroubleshoot stop
chkconfig portmap --levels 345 off;service portmap stop
chkconfig rpcidmapd --levels 345 off;service rpcidmapd stop
chkconfig restorecond --levels 345 off;service restorecond stop
chkconfig pcscd --levels 345 off;service pcscd stop
chkconfig nfslock --levels 345 off;service nfslock stop
chkconfig nfs --levels 345 off;service nfs stop
chkconfig netfs --levels 345 off;service netfs stop
chkconfig mdmonitor --levels 345 off;service mdmonitor stop
chkconfig hidd --levels 345 off;service hidd stop
chkconfig cpuspeed --levels 345 off;service cpuspeed stop
chkconfig cups --levels 345 off;service cups stop
chkconfig cpuspeed --levels 345 off;service cpuspeed stop
chkconfig apmd --levels 345 off;service apmd stop
chkconfig autofs --levels 345 off;service autofs stop
chkconfig atd --levels 345 off;service atd stop
chkconfig apf --levels 345 off;service apf stop
chkconfig yum-updatesd  --levels 345 off;service yum-updatesd  stop

#disable apache if not needed
chkconfig httpd  --levels 345 off;service httpd  stop

increase linux file descriptors

Check Installing CentOS 6.2 on VMware and mounting partitions with noatime posts.

This is very important performance tuning for any web server more information here

#adduser www first http://gadelkareem.com/2012/02/26/adding-new-users-and-admins-to-linux-server/
ulimit -n unlimited - www
#check default number of concurrently open file descriptors 
cat /proc/sys/fs/file-max
#set the number to high value depending on server config
echo '1773914' > /proc/sys/fs/file-max
echo 'fs.file-max=1773914' >> /etc/sysctl.conf
/sbin/sysctl -w fs.file-max=1773914

Mounting partitions with noatime

Check Installing CentOS 6.2 on VMware and increase linux file descriptors posts.

This should help reduce disk IO by telling the system not to update inode access times. more here

vi /etc/fstab
#add noatime to the options of the / file system ex:
/dev/mapper/vg_centos6-lv_root /                       ext4    defaults,noatime         1 1

– remount file system

mount -o remount /
#check
cat /proc/mounts | grep noatime