The current mainstream foreign vps linux system in the majority,Because linux system is free,The service provider or the user can save a little money,Moreover, for the average network applications,Linux platform performance and stability are much better than win platform。The only downside is linux platform server does not use a graphical interface,Ease of use is poor,Most non-professionals Configuration、Control them difficult,Even professionals,Many operations in the command line also somewhat cumbersome,To solve this problem,There are a variety of web-based linux platform control panel,The common actions graphic,Making it easy to manage。
Among the many linux distributions,centos is a very good,Because it is based on the original Redhat Linux,Relative to RHEL (Red Hat Enterprise Linux,Now charges) free version,Excellent performance,Available documents and other resources are also very rich。In a number of panel,From resource consumption、Considering the terms of ease of use,kloxo (formerly lxadmin) undoubtedly more suitable for the most novice of vps,And its basic function is free of charge,The only restriction is that business can not bind more than 40 domain names,Completely sufficient for the average user。Therefore centos + kloxo vps platform is used to build web service very good choice。
The following steps will be described in several steps to get the initial setup vps,Only briefly described in a memo。The following methods are mainly from online collection。
——————————- The first step -----------
Because vps generally get the full version installed centos,Comes with components such as apache,We want to use the built-in server components kloxo,We need to uninstall that comes with apache、mysql, etc.。
Uninstall Mysql
# rpm -qa | grep mysql
mysql-3.23.58-9
php-mysql-4.3.4-11
mod_auth_mysql-20030510-4.1
mysql-server-3.23.58-9
Explanation:rpm -qa | grep mysql command mysql related to the package are listed,Uninstall a package from the bottom of the beginning,Up to uninstall first date。
such as:In this example,,We should first uninstall mysql-server-3.23.58-9 follows:
rpm -e mysql-server
Explanation:rpm -e command is to uninstall the rpm package,Followed by the package name,The final version is not to fight,For example, our next step to uninstall mod_auth_mysql-20030510-4.1 package,Methods as below:
rpm -e mod_auth_mysql
Uninstall Apache
# rpm -qa | grep httpd
Uninstall PHP
# rpm -qa | grep php
note:If you can not afford to unload unloading time,The system will generally prompt dependency package,And the name of dependent packages listed,Uninstall prompt dependent package on。If you really can not afford to really have to uninstall package,-nodeps can add this parameter to uninstall,For example, we unload php-4.3.4-11,We can not afford to unload。then apply:
rpm -e php-4.3.4-11 -nodeps
Command very tough,Should line。
——————————- The second step -----------
centos system security settings
1、Change the SSH port,Preferably to 10,000 or more,Others to port scan chances will fall
vi / etc / ssh / ssh_config
vi /etc/ssh/sshd_config
Then modify the port number for the port as needed
Service sshd restart as root
2、Delete unnecessary bloated system of accounts:
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp if you do not allow anonymous FTP,To delete the user account
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
groupdel pppusers
3、Increase the general account,And prohibits remote login root:
useradd newuser // add a new user
passwd newuser // Change Password
usermod -G10 newuser
Or usermod -G wheel newuser // add the user to the wheel group,It allows the use of su - command to root privilege escalation
vi /etc/ssh/sshd_config
Add a row:
PermitRootLogin no // prohibits remote login root
there /etc/pam.d/su
#auth required /lib/security/$ISA/pam_wheel.so use_uid ← 找到此行,Remove the first line of "#"
echo "SU_WHEEL_ONLY yes" >> /etc/login.defs // use su or more users is not prohibited wheel set - command
Restart sshd service
#service sshd restart
4、Change the following file permissions,People do not make any changes to the account permissions:
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow
5、Edit "host.conf" file(vi /etc/host.conf)These add the following lines:
order bind,hosts
multi on
nospoof on
chmod 600 /etc/xinetd.conf
vi /etc/xinetd.conf ban all unnecessary services,Such as:ftp、telnet、shell、login、exec、talk、ntalk、imap、pop-2、pop-3、finger、auth, etc.,You can also be set directly by the service item setup command。
After changing the "inetd.conf" file,Do not forget to send a SIGHUP signal to the inetd process:
killall -HUP xinetd
chattr + i /etc/xinetd.conf // put into an immutable inetd.conf,If you want to change the file xinetd.conf,You must first clear sign of this change is not allowed:
chattr -i /etc/inetd.conf
Again, for server security,You can configure the anti-ping:
First with the / sbin / ifconfig see card information,Find external network card name,As venet0
run
/sbin/iptables -A OUTPUT -o venet0 -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i venet0 -p icmp –icmp-type echo-reply -j ACCEPT
/sbin/iptables -A INPUT -i venet0 -p icmp –icmp-type echo-request -j DROP
/sbin/service iptables save
After seeing OK to restart。
MySQL can also be optimized by using MySQLTuner analysis。MySQLTuner is a Perl script,MySQL to analyze your performance,And given Optimization Tips。
download,carried out:
# wget http://mysqltuner.com/mysqltuner.pl
# chmod +x mysqltuner.pl
# ./mysqltuner.pl
——————————- third step -----------
安装 kloxo
wget http://download.lxlabs.com/download/kloxo/production/kloxo-install-master.sh
sh ./kloxo-install-master.sh
yum install php-bcmath / * mathematical precision assembly,Not installed by default,When used MD5 operations * /
yum check-update / * check all the updates * /
yum update /*更新全部更新*/
yum clean all / * clean up all the cached installation files to save space * /
This installation finished kloxo,The web panel can be landed。
address:https://yourdomain:7777/ /*Secure connection * /
http://yourdomain:7778/ /*Normal Connection,Common * /
General off for security reasons to modify the default port 7777 and 7778 in the panel,Modified to run in ssh:
/script/restart
Kloxo restart the service to make it take effect。
Here you can add the site in accordance with the Panel's instructions。