生产环境跑的Linux服务器，默认的一些参数有时候需要调整，以下是个小总结，大部分内容来源自网络上别人的经验。

首先，调整网络方面的参数：

[root@banping conf]# vi /etc/sysctl.conf # add by banping net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 2097152 3145728 4194304 net.ipv4.tcp_max_orphans [...]

最近弄了一台阿里云服务器，安装的是RedHat5.4 64位的系统。有点奇怪的是阿里云只提供CentOS 32位的系统，RH才有64位的。但是在使用yum的过程中报错：

[root@banping mysql-5.5.10]# yum install libaio-devel

Loaded plugins: rhnplugin, security

This system is not registered with RHN.

RHN support will be disabled.

Setting up Install Process

No package libaio-devel available.

Nothing to do

意思是这套RH没有在官网上注册，不能下载RH的软件包。后来我把yum替换成了CentOS的版本，过程如下：

首先看看有哪些yum包，然后卸载掉：

[root@banping mysql-5.5.10]# rpm -qa|grep yum

yum-rhn-plugin-0.5.4-13.el5

yum-3.2.22-20.el5

yum-metadata-parser-1.1.2-3.el5

yum-security-1.1.16-13.el5

yum-updatesd-0.9-2.el5

卸载要使用nodeps参数，否则由于依赖关系是无法卸载成功的：

rpm -e --nodeps yum-rhn-plugin-0.5.4-13.el5

......

然后可以从163的镜像下载CentOS的yum包：

[root@banping [...]

要在一台Linux上ssh到另外一台Linux服务器，而不需要每次都输入密码，其实很简单。比如要从A服务器登录到B服务器，那么首先在A服务器上生成公钥和私钥，用RSA加密算法：

[root@test awstats]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 9c:74:d0:05:48:c8:43:84:a8:44:8f:b6:a1:2f:8c:91 root@test.banping.com [root@test awstats]# cd /root/.ssh/ [...]

今天在centos 5.6 x86_64的服务器上配置一个vsftpd的时候碰到了一些波折，系统用户登录后死活都不能切换目录，也无法上传文件：

C:\Users\rt8>ftp 192.168.0.26 连接到 192.168.0.26。 220 (vsFTPd 2.0.5) 用户(192.168.0.26:(none)): dev 331 Please specify the password. 密码: 230 Login successful. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. admins api_www backend_templates backend_templates_c bt.tar.gz command config home icon lib mobile mobile_templates mobile_templates_c rt.cn rtweb.tar.gz script site_api temp templates [...]

首先查看一下现有的防火墙配置：

[root@localhost banping]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT