（1）关闭SELinux功能

它是美国安全局（NSA）对于强制访问控制的实现，我们需要把它关闭这也是生产环境的做法。

[root@linzhongniao ~]#sed -i 's#SELINUX=enforcing#SELINUX=diasbled#g' /etc/selinux/config[root@linzhongniao ~]# cat /etc/selinux/config# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of disabled.# disabled - No SELinux policy is loaded.SELINUX=diasbled # SELINUXTYPE= can take one of these two values:# targeted - Targeted processes are protected,# mls - Multi Level Security protection.SELINUXTYPE=targeted[root@linzhongniao ~]# grep "SELINUX=diasbled" /etc/selinux/configSELINUX=disabled

查看selinux的状态

[root@linzhongniao ~]# getenforceEnforcing

修改完文件还是enforcing,只有重启才能生效生产中又不能重启服务器，我们可以用setenforce来设置

[root@linzhongniao ~]# setenforceusage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

enforcing的状态是1 ，Permissive的状态是0 警告不影响，所以我们不用重启服务器，可以将selinux的状态设置为0

[root@linzhongniao ~]# setenforce 0[root@linzhongniao ~]# getenforcePermissive

（2）关闭防火墙

[root@linzhongniao ~]# /etc/init.d/iptables stopiptables: Setting chains to policy ACCEPT: filter  [  OK  ]iptables: Flushing firewall rules:   [  OK  ]iptables: Unloading modules: [  OK  ][root@linzhongniao ~]# /etc/init.d/iptables statusiptables: Firewall is not running.

永久关闭防火墙，禁止其开机自启动

[root@linzhongniao ~]# chkconfig iptables off

（3）linux中文显示设置

字符集的调整

[root@linzhongniao ~]# cat /etc/sysconfig/i18n LANG="zh_CN.UTF-8"SYSFONT="latarcyrheb-sun16"

（4）历史记录数及登录超时环境变量设置

用export TMOUT=10来设置超过10秒退出用户

也可以追加到/etc/profile里面让它永久生效,source /etc/profile