含羞草高清视频在线观看视频,国产我和岳拇看a片

主頁(yè) > 知識(shí)庫(kù) > FREEBSD系統(tǒng)優(yōu)化精華

FREEBSD系統(tǒng)優(yōu)化精華

1、優(yōu)化內(nèi)核
mkdir /usr/kern
cp /usr/src/sys/i386/conf/GENERIC /usr/kern/proxy
ln -s /usr/kern/proxy /usr/src/sys/i386/conf/proxy

cd /sys/i386/conf
ee proxy

options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default

options TCP_DROP_SYNFIN

options PQ_LARGECACHE
## 為512k二級(jí)緩存的CPU提供支持
options SC_DISABLE_REBOOT
##屏蔽Ctrl+Del+Alt熱鍵重啟系統(tǒng)

#To make an SMP kernel,the netx two are needed
options SMP #Symmetric MultiProcess Kernel
device apic # I/O APIC
#如果沒(méi)有雙cpu就不需要了

#####加入對(duì)polling的支持##################################
#options DEVICE_POLLING
#options HZ=1193
在/sys/kern/kern_pool.c里面找到#error一行刪掉。
在/etc/sysctl.conf里面加入 kern.polling.enable=1
DEVICE_POLLING不能跟SMP同時(shí)使用，所以本服務(wù)器可省略。
###########################################################
其余的優(yōu)化選項(xiàng)可參考其他內(nèi)核優(yōu)化的文章。

2、系統(tǒng)資源優(yōu)化

ee /etc/sysctl.conf

#######################/etc/sysctl.conf############################################
net.inet.tcp.rfc1323=1
net.inet.tcp.rfc1644=1
net.inet.tcp.rfc3042=1
net.inet.tcp.rfc3390=1
#### 某些加快網(wǎng)絡(luò)性能的協(xié)議，請(qǐng)參考RFC文章。

net.inet.ip.forwarding=1
##作路由必須打開(kāi)
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0
##安全方面的參數(shù)

kern.ipc.maxsockbuf=8388608
##最大的套接字緩沖區(qū)
kern.ipc.somaxconn=8192
##最大的等待連接完成的套接字隊(duì)列大小，高負(fù)載服務(wù)器和受到分布式服務(wù)阻塞攻擊的系統(tǒng)也許
會(huì)因?yàn)檫@個(gè)隊(duì)列被塞滿而不能提供正常服務(wù)。默認(rèn)僅為128，根據(jù)機(jī)器和實(shí)際情況需要改動(dòng)，太大就浪費(fèi)了內(nèi)存
kern.maxfiles=65536
##系統(tǒng)中允許的最多文件數(shù)量，缺省的是幾千個(gè)但如果你在運(yùn)行數(shù)據(jù)庫(kù)或大的很吃描述符的進(jìn)程可以把它設(shè)到1萬(wàn)或2萬(wàn)個(gè)
kern.maxfilesperproc=32768
##每個(gè)進(jìn)程能夠同時(shí)打開(kāi)的最大文件數(shù)量
net.inet.tcp.delayed_ack=0
##當(dāng)一臺(tái)計(jì)算機(jī)發(fā)起TCP連接請(qǐng)求時(shí)，系統(tǒng)會(huì)回應(yīng)ACK應(yīng)答數(shù)據(jù)包。該選項(xiàng)設(shè)置是否延遲ACK應(yīng)答數(shù)據(jù)包，把它和包含數(shù)據(jù)的數(shù)據(jù)包一起發(fā)送，在高速網(wǎng)絡(luò)和低負(fù)載的情況下會(huì)略微提高性能，但在網(wǎng)絡(luò)連接較差的時(shí)候，對(duì)方計(jì)算機(jī)得不到應(yīng)答會(huì)持續(xù)發(fā)起連接請(qǐng)求，反而會(huì)降低性能。
net.inet.tcp.sendspace=65535
##最大的待發(fā)送TCP數(shù)據(jù)緩沖區(qū)空間，應(yīng)用程序?qū)?shù)據(jù)放到這里就認(rèn)為發(fā)送成功了，系統(tǒng)TCP堆棧保證數(shù)據(jù)的正常發(fā)送
net.inet.tcp.recvspace=65535
##最大的接受TCP緩沖區(qū)空間，系統(tǒng)從這里將數(shù)據(jù)分發(fā)給不同的套接字，增大該空間可提高系統(tǒng)瞬間接受數(shù)據(jù)的能力以提高性能。
net.inet.udp.recvspace=65535
##最大的接受UDP緩沖區(qū)大小
net.inet.udp.maxdgram=57344
##最大的發(fā)送UDP數(shù)據(jù)緩沖區(qū)大小
net.local.stream.recvspace=32768
##本地套接字連接的數(shù)據(jù)接收空間
net.local.stream.sendspace=65535
##本地套接字連接的數(shù)據(jù)發(fā)送空間
net.inet.icmp.drop_redirect=1
net inet.icmp.log_redirect=1‘
net.inet.ip.redirect=0
#net.inet6.ip6.redirect=0
##屏蔽ICMP重定向功能
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
##防止廣播風(fēng)暴
net.inet.icmp.icmplim=100
##限制系統(tǒng)發(fā)送ICMP速率
net.inet.icmp.icmplim_output=0
net.inet.tcp.drop_synfin=1
##安全參數(shù)，編譯內(nèi)核的時(shí)候加了options TCP_DROP_SYNFIN才可以用
net.inet.tcp.always_keepalive=0
##設(shè)置為1會(huì)幫助系統(tǒng)清除沒(méi)有正常斷開(kāi)的TCP連接，這增加了一些網(wǎng)絡(luò)帶寬的使用，但是一些死掉的連接最終能被識(shí)別并清除。死的TCP連接是被撥號(hào)用戶存取的系統(tǒng)的一個(gè)特別的問(wèn)題，因?yàn)橛脩艚?jīng)常斷開(kāi)modem而不正確的關(guān)閉活動(dòng)的連接。
net.inet.ip.intr_queue_maxlen=1000
##若看到net.inet.ip.intr_queue_drops這個(gè)在增加，就要調(diào)大net.inet.ip.intr_queue_maxlen，為0最好

####以下為防止dos攻擊#####
net.inet.tcp.msl=7500
##freebsd默認(rèn)為30000
net.inet.tcp.blackhole=2
##接收到一個(gè)已經(jīng)關(guān)閉的端口發(fā)來(lái)的所有包，直接drop，如果設(shè)置為1則是只針對(duì)TCP包
net.inet.udp.blackhole=1
##接收到一個(gè)已經(jīng)關(guān)閉的端口發(fā)來(lái)的所有UDP包直接drop
########end#################

net.inet.ipf.fr_tcpidletimeout=7200
net.inet.ipf.fr_tcpclosewait=60
net.inet.ipf.fr_tcplastack=120
net.inet.ipf.fr_tcptimeout=120
net.inet.ipf.fr_tcpclosed=60
net.inet.ipf.fr_udptimeout=90
net.inet.ipf.fr_icmptimeout=35
net.inet.ipf.fr_tcphalfclosed=300
net.inet.ipf.fr_defnatage=600

net.inet.tcp.inflight.enable=1
## 為網(wǎng)絡(luò)數(shù)據(jù)連接時(shí)提供緩沖
net.inet.ip.fastforwarding=0
##如果打開(kāi)的話每個(gè)目標(biāo)地址一次轉(zhuǎn)發(fā)成功以后它的數(shù)據(jù)都將被記錄進(jìn)路由表和arp數(shù)據(jù)表，節(jié)約路由的計(jì)算時(shí)間,但會(huì)需要大量的內(nèi)核內(nèi)存空間來(lái)保存路由表。

#kern.polling.enable=1
##打開(kāi)POLLING功能
##SMP不能和polling一起用
#########################The end##################################################

3、設(shè)置rc.sysctl, rc.conf 和 sysctl.conf 權(quán)限：

chmod 600 /etc/rc.sysctl
chmod 600 /etc/rc.conf
chmod 600 /etc/sysctl.conf

4、優(yōu)化啟動(dòng)選項(xiàng)
##################編輯/boot/loader.conf優(yōu)化啟動(dòng)########

autoboot_delay="2"
## 設(shè)置啟動(dòng)等待時(shí)間為2秒。

kern.ipc.nmbclusters="32768"
##設(shè)置系統(tǒng)的mbuf大小，系統(tǒng)的緩沖區(qū)

kern.ipc.maxsockets="16384"
## 增大線程間套接數(shù)量

net.inet.tcp.tcbhashsize="10240"
## 增大TCP控制塊數(shù)量

beastie_disable="YES"
## 關(guān)閉小惡魔圖像啟動(dòng)菜單
#############################################

5、增強(qiáng)ipfilter功能

修改/sys/contrib/ipfilter/netinet/ip_nat.h，把里面的LARGE_NAT前面的注釋去掉，改為#define LARGE_NAT

修改/sys/contrib/ipfilter/netinet/ip_state.h

IPSTATE_SIZE 64997
IPSTATE_MAX 45497

IP_STATE_MAX=IPSTATE_SIZE*0.7左右
第一個(gè)可以調(diào)到10萬(wàn)左右
注意都要是質(zhì)數(shù)

6、編譯內(nèi)核
##############打系統(tǒng)補(bǔ)丁以后重新編譯內(nèi)核#############

cd /usr/src
fetch http://people.freebsd.org/~delphij/patch-SMP
patch 重新編譯內(nèi)核并重新啟動(dòng)。
#這是針對(duì)5.3 SMP的delphij大哥做的補(bǔ)丁，

cd /sys/contrib/ipfilter/netinet/
patch 這個(gè)是針對(duì)ip_nat的一個(gè)補(bǔ)丁，也可以自己手動(dòng)注釋，改了ip_nat的參數(shù)以后編譯內(nèi)核會(huì)提示兩個(gè)變量沒(méi)有定義。

cd /usr/src
make buildkernel KERNCONF=proxy
make installkernel KERNCONF=proxy
reboot
這種編譯方法將保留原來(lái)的kernel為kernel.old，
這樣如果你做錯(cuò)了什么，就有機(jī)會(huì)通過(guò)boot:出現(xiàn)時(shí)輸入kernel.old來(lái)恢復(fù)。

######如果用config/make編譯內(nèi)核的會(huì)在/usr/src產(chǎn)生很多中間文件#########
cd /usr/src/sys/i386/conf
/usr/sbin/config proxy
cd ../compile/proxy
make depend
make
make install
reboot
#########################################################################

7、自動(dòng)備份日志
目前方法不太成熟，我曾經(jīng)試過(guò)把nat.log清空，但是也許是因?yàn)橄到y(tǒng)正在頻繁的寫(xiě)入該文件，所以我只能是先暫停記錄，備份完記錄以后再重新開(kāi)始記錄，好在我是一個(gè)小時(shí)備份一個(gè)日志文件，拷貝這一小時(shí)的記錄不用很長(zhǎng)時(shí)間的，所以基本上不會(huì)少記錄東西的，看到本文的兄弟們?nèi)绻懈玫那袑?shí)可行的方法，望告訴我一聲，多謝！

#################/usr/local/beifen.sh
#!/bin/sh
year=$(date +%Y)
month=$(date +%m)
date=$(date +%d)
time=$(date +%Y%m%d%H%M)
mkdir -p /usr/local/logbak/$year/$month/$date
killall ipmon
cp /var/nat.log /usr/local/logbak/$year/$month/$date/$time.log
cat >; /var/nat.log; /var/nat.log &
#############################################

chmod +x /usr/local/beifen.sh

crontab -e
編輯一個(gè)文件：

0 0 * * * /usr/local/beifen.sh
0 1 * * * /usr/local/beifen.sh
0 2 * * * /usr/local/beifen.sh
0 3 * * * /usr/local/beifen.sh
2 3 * * 1 /sbin/reboot
0 4 * * * /usr/local/beifen.sh
0 5 * * * /usr/local/beifen.sh
0 6 * * * /usr/local/beifen.sh
0 7 * * * /usr/local/beifen.sh
0 8 * * * /usr/local/beifen.sh
0 9 * * * /usr/local/beifen.sh
0 10 * * * /usr/local/beifen.sh
0 11 * * * /usr/local/beifen.sh
0 12 * * * /usr/local/beifen.sh
0 13 * * * /usr/local/beifen.sh
0 14 * * * /usr/local/beifen.sh
0 15 * * * /usr/local/beifen.sh
0 16 * * * /usr/local/beifen.sh
0 17 * * * /usr/local/beifen.sh
0 18 * * * /usr/local/beifen.sh
0 19 * * * /usr/local/beifen.sh
0 20 * * * /usr/local/beifen.sh
0 21 * * * /usr/local/beifen.sh
0 22 * * * /usr/local/beifen.sh
0 23 * * * /usr/local/beifen.sh

(七) 郵件服務(wù)器安裝與設(shè)置

第一部分：安裝郵件服務(wù)器：postfix+vm-pop3d+openwebmail

以下的安裝在FreeBSD 5.2.1系統(tǒng)上完成

1．更新 ports

# cvsup -gL 2 -h cvsup.freebsdchina.org /usr/share/examples/cvsup/ports-supfile

2. 安裝 openssl+apache 服務(wù)器

# cd /usr/ports/security/openssl
# make install
# make clean
# cd /usr/ports/www/apache2
# make install
# make clean
# vi /etc/rc.conf

apache2_enable="YES"

3. 安裝 openwebmail

# cd /usr/ports/mail/openwebmail/
# make WITH_QUOTA=yes install
# make clean

4. 安裝 postfix ，在安裝過(guò)程中用yes回答提出的問(wèn)題

# cd /usr/ports/mail/postfix/
# make install
# make clean

# vi /etc/rc.conf

為了能啟動(dòng)postfix加入：

sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"

5. 安裝 vm-pop3d

# cd /usr/ports/mail/vm-pop3d
# make install
# make clean

6. 配置 postfix

# vi /usr/local/etc/postfix/main.cf

添加：

myhostname = nero.3322.org
mydomain = nero.3322.org
virtual_alias_maps=hash:/usr/local/etc/postfix/virtual
alias_maps=hash:/usr/local/etc/postfix/aliases
default_privs=nobody
allow_mail_to_commands = alias,forward,include
allow_mail_to_files = alias,forward,include

下面我加入一個(gè) nero.3322.org 的虛擬域，并添加一個(gè)用戶llzqq
# vi /usr/local/etc/postfix/virtual

添加：

nero.3322.org anything //之間用[tab]
llzqq@nero.3322.org llzqq.nero.3322.org //之間用[tab]

執(zhí)行下面的命令，生成 virtual.db：

# cd /usr/local/etc/postfix/
# postmap virtual

# vi /usr/local/etc/postfix/aliases

添加：

llzqq.nero.3322.org:/var/spool/virtual/nero.3322.org/llzqq

執(zhí)行下面的命令，生成 aliases.db:

# cd /usr/local/etc/postfix
# postalias aliases

7. 配置 vm-pop3d 使其開(kāi)機(jī)自動(dòng)執(zhí)行

# cd /usr/local/etc/rc.d
# mv vm-pop3d.sh.sample vm-pop3d.sh

配置 openwebmail 支持 nero.3322.org 域，創(chuàng)建下面的文件：

# vi /usr/local/www/cgi-bin/openwebmail/etc/sites.conf/nero.3322.org

=========================== nero.3322.org =======================
auth_module auth_vdomain.pl
auth_withdomain yes
mailspooldir /var/spool/virtual/nero.3322.org
use_syshomedir no
use_homedirspools no
enable_autoreply no
enable_setforward no
enable_vdomain yes
vdomain_admlist llzqq //這里設(shè)置了這個(gè)域的管理員
vdomain_maxuser 500
vdomain_vmpop3_pwdpath /usr/local/etc/virtual
vdomain_vmpop3_pwdname passwd
vdomain_vmpop3_mailpath /var/spool/virtual
vdomain_postfix_aliases /usr/local/etc/postfix/aliases
vdomain_postfix_virtual /usr/local/etc/postfix/virtual
vdomain_postfix_postalias /usr/local/sbin/postalias
vdomain_postfix_postmap /usr/local/sbin/postmap
# quota設(shè)置部分
quota_module quota_du.pl
quota_limit 52400 //定義了郵箱大小
quota_threshold 85
delmail_ifquotahit no
delfile_ifquotahit no
=========================== nero.3322.org =======================

# mkdir -p /var/spool/virtual/nero.3322.org
# chown nobody /var/spool/virtual/nero.3322.org
# chgrp mail /var/spool/virtual/nero.3322.org

# mkdir -p /usr/local/etc/virtual/nero.3322.org
# touch /usr/local/etc/virtual/nero.3322.org/passwd
# chmod 644 /usr/local/etc/virtual/nero.3322.org/passwd

# htpasswd /usr/local/etc/virtual/nero.3322.org/passwd llzqq
# chmod 755 /usr/local/www/cgi-bin/openwebmail/etc/users

# sync
# reboot

8. 最后通過(guò)瀏覽器登陸到OPENWEBMAIL

第二部分：防病毒、垃圾郵件：clamav+amavisd-new+spam

1．0 安裝clamav:

# cd /usr/ports/security/clamav
# make install
# make clean

# vi /usr/local/etc/clamav.conf
===============================clamav.conf============================
# Comment or remove the line below.
# Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 1M
LogTime
LogVerbose
PidFile /var/run/clamav/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
StreamMaxLength 10M
MaxThreads 10
MaxDirectoryRecursion 15
User clamav
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /var/spool/virtual
ClamukoMaxFileSize 6M
ClamukoScanArchive
===============================clamav.conf============================

1.1 更新病毒庫(kù)

# /usr/local/etc/rc.d/clamav-freshclam.sh start

2.0 安裝amavisd-new

# cd /usr/ports/security/amavisd-new
# make install
# make clean

# cd /usr/local/etc
# mv amavisd.conf-dist amavisd.conf
# vi amavisd.conf
============================== amavisd.conf ===============================
$MYHOME = '/var/amavis'; # (default is '/var/amavis')
$mydomain = 'nero.3322.org'; # (no useful default)
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis)
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis)

$log_level = 0;

$sa_spam_subject_tag = '***SPAM***'

$virus_admin = "root\@$mydomain";
$spam_admin = "llzqq\@$mydomain";
$mailfrom_notify_admin = "llzqq\@$mydomain";
$mailfrom_notify_recip = "llzqq\@$mydomain";
$mailfrom_notify_spamadmin = "llzqq\@$mydomain";

$inet_socket_bind = '127.0.0.1';
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$inet_socket_port = 10024;
$max_servers = 2;

['Clam Antivirus-clamd',
\&, ["CONTSCAN {}\n", '/tmp/clamd'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
============================== amavisd.conf ===============================

2.1 要啟動(dòng)clamav和amavisd-new需要配置一下/etc/rc.conf

# vi /etc/rc.conf

spamd_enable="YES"
amavisd_enable="YES
clamav_clamd_enable="YES"

3.0 由于在安裝amavisd-new時(shí)spamassassin被一起安裝了下面對(duì)其進(jìn)行配置

3.1 建立過(guò)濾規(guī)則：

# cd /usr/local/etc/mail/spamassassin
# env LANG=C vi local.cf
=============================== local.cf ===============================
# SpamAssassin config file for version x.xx
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits 4.0

# Whether to change the subject of suspected spam
rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM*****

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report 0

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
auto_learn 1

# Enable or disable network checks
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english
ok_languages zh en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en zh
score SUBJ_FULL_OF_8BITS 2
score NO_REAL_NAME 4.0
=============================== local.cf ===============================

3.2 下載新的垃圾郵件地址列表文件

# cd /usr/local/share/spamassassin
# fetch http://anti-spam.org.cn/rules/sa/55_diy_score.cf

4.0 對(duì)POSFIX進(jìn)行配置，在他的配置文件中添加下面的一些內(nèi)容

# vi /usr/local/etc/postfix/master.cf

---------------------- master.cf ---------------------
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8
---------------------- master.cf ---------------------

# vi /usr/local/etc/postfix/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024

好了，現(xiàn)在一個(gè)基于FreeBSD的功能相對(duì)完整的郵件服務(wù)器就建立起來(lái)了，虛擬域的管理員可以登陸OPENWEBMAIL進(jìn)行用戶的添加、刪除等操作，虛擬用戶可以通過(guò)OPENWEBMAIL修改自己的密碼。

標(biāo)簽：信陽(yáng) 泰州韶關(guān) 邢臺(tái) 宿遷營(yíng)口安康眉山

巨人網(wǎng)絡(luò)通訊聲明：本文標(biāo)題《FREEBSD系統(tǒng)優(yōu)化精華》，本文關(guān)鍵詞；如發(fā)現(xiàn)本文內(nèi)容存在版權(quán)問(wèn)題，煩請(qǐng)?zhí)峁┫嚓P(guān)信息告之我們，我們將及時(shí)溝通與處理。本站內(nèi)容系統(tǒng)采集于網(wǎng)絡(luò)，涉及言論、版權(quán)與本站無(wú)關(guān)。

FREEBSD系統(tǒng)優(yōu)化精華

QQ咨詢

電話咨詢