centos初始化系统的脚本
来源:互联网 发布:自定义快递打印软件 编辑:程序博客网 时间:2024/05/22 04:39
#!/bin/sh
#Source function library.
. /etc/init.d/functions
#Require root to run this script.
if [ "$(whoami)" != "root" ];then
action "Please run this script as root" /bin/false
exit 1
fi
#Config Yum CentOS-Bases.repo
configYum(){
echo "================更新YUM源=================="
cd /etc/yum.repos.d/
ping -c 1 www.aliyun.com >/dev/null
rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
yum clean all
yum makecache
action "配置YUM完成" /bin/true
echo "================================================="
sleep 5
}
#Charset zh_CN.UTF-8
initI18n(){
echo "================更改为中文字符集================="
\cp /etc/bashrc /etc/bashrc.$(date +%F)
echo ’LANG="zh_CN.UTF-8"’ >> /etc/bashrc
source /etc/bashrc
grep LANG /etc/bashrc
action "更改字符集zh_CN.UTF-8完成" /bin/true
echo "================================================="
sleep 5
}
#Close Selinux and Iptables
initFirewall(){
echo "============禁用SELINUX及关闭防火墙=============="
\cp /etc/selinux/config /etc/selinux/config.$(date +%F)
/etc/init.d/iptables stop
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
echo '#grep SELINUX=disabled /etc/selinux/config '
grep 'SELINUX=disabled' /etc/selinux/config
getenforce
action "禁用selinux及关闭防火墙完成"/bin/true
echo "================================================="
sleep 5
}
#Init Auto Startup Service
initService(){
echo "===============精简开机自启动===================="
for A in `chkconfig --list |grep3:on |awk'{print $1}'`;do chkconfig $A off;done
for B in rsyslog sshd crond;do systemctl enable $B ;done
echo'+--------which services on---------+'
chkconfig --list | grep '3:'
action "精简开机自启动完成" /bin/true
echo "================================================="
sleep 5
}
#Change sshd default port and prohibit user root remote login.
initSsh(){
echo "=================禁用root远程登录==============="
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
#sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
echo'+-------modify the sshd_config-------+'
echo 'PermitEmptyPasswords no'
echo 'PermitRootLogin no'
echo 'UseDNS no'
echo '+------------------------------------+'
systemctl restart sshd && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
echo "================================================="
sleep 5
}
#time sync
syncSysTime(){
echo "================配置时间同步====================="
\cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null | wc -l`
if [ $NTPDATE -eq 0 ];then
echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
fi
echo '#crontab -l'
crontab -l
action "配置时间同步完成" /bin/true
echo "================================================="
sleep 5
}
#install tools
initTools(){
echo "================安装软件====================="
yum install sysstat ntp net-snmp rsync lrzsz wget net-tools openssl* telnet -y &> /dev/null
echo "install toos complete"
sleep 5
}
#add user and give sudoers
addUser(){
echo "===================新建用户======================"
#add user
read -p "请输入新用户名:" name
useradd $name
#create password
read -p "为 $name 创建一个密码:" pass1
if [ ${#pass1} -eq 0 ]
then
echo "密码不能为空,请重新输入。"
continue
fi
#add visudo
echo "#####add visudo#####"
\cp /etc/sudoers /etc/sudoers.$(date +%F)
SUDO=`grep -w "$name" /etc/sudoers|wc -l`
if [ $SUDO -eq 0 ];then
echo "$name ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo '#tail -1 /etc/sudoers'
grep -w "$name" /etc/sudoers
fi
action "创建用户$name并将其加入visudo完成" /bin/true
echo "================================================="
sleep 5
}
#Adjust the file descriptor(limits.conf)
initLimits(){
echo "===============加大文件描述符===================="
LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
if [ $LIMIT -eq 0 ]
then
\cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
echo '* - nofile 65535' >> /etc/security/limits.conf
fi
echo '#tail -1 /etc/security/limits.conf'
tail -1 /etc/security/limits.conf
ulimit -HSn 65535
echo '#ulimit -n'
ulimit -n
action "配置文件描述符为65535" /bin/true
echo "================================================="
sleep 5
}
#Optimizing the system kernel
initSysctl(){
echo "================优化内核参数====================="
SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
if [ $SYSCTL -lt 10 ];then
\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_tcp_timeout_established = 180
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
\cp /etc/rc.local /etc/rc.local.$(date +%F)
modprobe nf_conntrack
echo "modprobe nf_conntrack" >> /etc/rc.local
modprobe bridge
echo "modprobe bridge" >> /etc/rc.local
sysctl -p
action "内核调优完成" /bin/true
echo "================================================="
sleep 5
}
#menu2
menu2(){
while true
do
clear
cat << EOF
----------------------------------------
|****Please Enter Your Choice:[0-10]****|
----------------------------------------
(1) 新建一个用户并将其加入visudo
(2) 配置YUM源
(3) 配置中文字符集
(4) 禁用SELINUX及关闭防火墙
(5) 精简开机自启动
(6) 禁用root远程登录
(7) 设置时间同步
(8) 加大文件描述符
(9) 内核调优
(10)安装软件
(0) 返回上一级菜单
EOF
read -p "Please enter your Choice[0-10]: " input2
case "$input2" in
0)
clear
break
;;
1)
addUser
;;
2)
configYum
;;
3)
initI18n
;;
4)
initFirewall
;;
5)
initService
;;
6)
initSsh
;;
7)
syncSysTime
;;
8)
initLimits
;;
9)
initSysctl
;;
10)
initTools
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Numbers! |"
echo "----------------------------------"
clear
esac
done
}
#initTools
#menu
while true
do
clear
echo "========================================"
echo ' Linux Optimization '
echo "========================================"
cat << EOF
|-----------System Infomation-----------
| DATE :$DATE
| HOSTNAME :$HOSTNAME
| USER :$USER
| IP :$IPADDR
| DISK_USED :$DISK_SDA
| CPU_AVERAGE:$cpu_uptime
----------------------------------------
|****Please Enter Your Choice:[1-3]****|
----------------------------------------
(1) 一键优化
(2) 自定义优化
(3) 退出
EOF
#choice
read -p "Please enter your choice[0-3]: " input1
case "$input1" in
1)
#addUser
configYum
initTools
initI18n
initFirewall
initService
initSsh
syncSysTime
initLimits
initSysctl
;;
2)
menu2
;;
3)
clear
break
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Numbers! |"
echo "----------------------------------"
clear
esac
done
#Source function library.
. /etc/init.d/functions
#Require root to run this script.
if [ "$(whoami)" != "root" ];then
action "Please run this script as root" /bin/false
exit 1
fi
#Config Yum CentOS-Bases.repo
configYum(){
echo "================更新YUM源=================="
cd /etc/yum.repos.d/
ping -c 1 www.aliyun.com >/dev/null
rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
yum clean all
yum makecache
action "配置YUM完成" /bin/true
echo "================================================="
sleep 5
}
#Charset zh_CN.UTF-8
initI18n(){
echo "================更改为中文字符集================="
\cp /etc/bashrc /etc/bashrc.$(date +%F)
echo ’LANG="zh_CN.UTF-8"’ >> /etc/bashrc
source /etc/bashrc
grep LANG /etc/bashrc
action "更改字符集zh_CN.UTF-8完成" /bin/true
echo "================================================="
sleep 5
}
#Close Selinux and Iptables
initFirewall(){
echo "============禁用SELINUX及关闭防火墙=============="
\cp /etc/selinux/config /etc/selinux/config.$(date +%F)
/etc/init.d/iptables stop
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
echo '#grep SELINUX=disabled /etc/selinux/config '
grep 'SELINUX=disabled' /etc/selinux/config
getenforce
action "禁用selinux及关闭防火墙完成"/bin/true
echo "================================================="
sleep 5
}
#Init Auto Startup Service
initService(){
echo "===============精简开机自启动===================="
for A in `chkconfig --list |grep3:on |awk'{print $1}'`;do chkconfig $A off;done
for B in rsyslog sshd crond;do systemctl enable $B ;done
echo'+--------which services on---------+'
chkconfig --list | grep '3:'
action "精简开机自启动完成" /bin/true
echo "================================================="
sleep 5
}
#Change sshd default port and prohibit user root remote login.
initSsh(){
echo "=================禁用root远程登录==============="
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
#sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
echo'+-------modify the sshd_config-------+'
echo 'PermitEmptyPasswords no'
echo 'PermitRootLogin no'
echo 'UseDNS no'
echo '+------------------------------------+'
systemctl restart sshd && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
echo "================================================="
sleep 5
}
#time sync
syncSysTime(){
echo "================配置时间同步====================="
\cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null | wc -l`
if [ $NTPDATE -eq 0 ];then
echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
fi
echo '#crontab -l'
crontab -l
action "配置时间同步完成" /bin/true
echo "================================================="
sleep 5
}
#install tools
initTools(){
echo "================安装软件====================="
yum install sysstat ntp net-snmp rsync lrzsz wget net-tools openssl* telnet -y &> /dev/null
echo "install toos complete"
sleep 5
}
#add user and give sudoers
addUser(){
echo "===================新建用户======================"
#add user
read -p "请输入新用户名:" name
useradd $name
#create password
read -p "为 $name 创建一个密码:" pass1
if [ ${#pass1} -eq 0 ]
then
echo "密码不能为空,请重新输入。"
continue
fi
#add visudo
echo "#####add visudo#####"
\cp /etc/sudoers /etc/sudoers.$(date +%F)
SUDO=`grep -w "$name" /etc/sudoers|wc -l`
if [ $SUDO -eq 0 ];then
echo "$name ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo '#tail -1 /etc/sudoers'
grep -w "$name" /etc/sudoers
fi
action "创建用户$name并将其加入visudo完成" /bin/true
echo "================================================="
sleep 5
}
#Adjust the file descriptor(limits.conf)
initLimits(){
echo "===============加大文件描述符===================="
LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
if [ $LIMIT -eq 0 ]
then
\cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
echo '* - nofile 65535' >> /etc/security/limits.conf
fi
echo '#tail -1 /etc/security/limits.conf'
tail -1 /etc/security/limits.conf
ulimit -HSn 65535
echo '#ulimit -n'
ulimit -n
action "配置文件描述符为65535" /bin/true
echo "================================================="
sleep 5
}
#Optimizing the system kernel
initSysctl(){
echo "================优化内核参数====================="
SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
if [ $SYSCTL -lt 10 ];then
\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_tcp_timeout_established = 180
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
\cp /etc/rc.local /etc/rc.local.$(date +%F)
modprobe nf_conntrack
echo "modprobe nf_conntrack" >> /etc/rc.local
modprobe bridge
echo "modprobe bridge" >> /etc/rc.local
sysctl -p
action "内核调优完成" /bin/true
echo "================================================="
sleep 5
}
#menu2
menu2(){
while true
do
clear
cat << EOF
----------------------------------------
|****Please Enter Your Choice:[0-10]****|
----------------------------------------
(1) 新建一个用户并将其加入visudo
(2) 配置YUM源
(3) 配置中文字符集
(4) 禁用SELINUX及关闭防火墙
(5) 精简开机自启动
(6) 禁用root远程登录
(7) 设置时间同步
(8) 加大文件描述符
(9) 内核调优
(10)安装软件
(0) 返回上一级菜单
EOF
read -p "Please enter your Choice[0-10]: " input2
case "$input2" in
0)
clear
break
;;
1)
addUser
;;
2)
configYum
;;
3)
initI18n
;;
4)
initFirewall
;;
5)
initService
;;
6)
initSsh
;;
7)
syncSysTime
;;
8)
initLimits
;;
9)
initSysctl
;;
10)
initTools
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Numbers! |"
echo "----------------------------------"
clear
esac
done
}
#initTools
#menu
while true
do
clear
echo "========================================"
echo ' Linux Optimization '
echo "========================================"
cat << EOF
|-----------System Infomation-----------
| DATE :$DATE
| HOSTNAME :$HOSTNAME
| USER :$USER
| IP :$IPADDR
| DISK_USED :$DISK_SDA
| CPU_AVERAGE:$cpu_uptime
----------------------------------------
|****Please Enter Your Choice:[1-3]****|
----------------------------------------
(1) 一键优化
(2) 自定义优化
(3) 退出
EOF
#choice
read -p "Please enter your choice[0-3]: " input1
case "$input1" in
1)
#addUser
configYum
initTools
initI18n
initFirewall
initService
initSsh
syncSysTime
initLimits
initSysctl
;;
2)
menu2
;;
3)
clear
break
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Numbers! |"
echo "----------------------------------"
clear
esac
done
0 0
- centos初始化系统的脚本
- centos系统初始化脚本
- CentOS 6.5 最小化安装系统初始化脚本
- CentOS 6.X 系统初始化脚本
- 系统初始化SHELL脚本
- 系统初始化SHELL脚本
- linux系统初始化脚本
- LINUX 系统初始化脚本
- CentOS Jboss7的一个初始化脚本(用于启动、停止)
- centos系统服务配置初始化
- shell 初始化linux系统脚本
- 系统初始化-设置时间脚本
- centos6/7 系统初始化脚本
- 系统初始化脚本(根据具体需求关闭不需要的服务)
- CentOS 6.5 Linux系统安全初始化脚本
- CentOS 6 系统优化脚本
- CentOS Nginx的一个初始化脚本(用于启动、停止、查看状态)
- CentOS系统生产系统优化脚本
- JQuery鼠标移到图片改变,移出图片恢复原来图片
- HTML 特殊符号对照表、常用的字符实体
- Git之忽略文件(ignore file)
- 深入理解JavaScript系列(20):《你真懂JavaScript吗?》答案详解
- Android 全局异常捕获之CrashHandler,用于开发者收集获取异常信息
- centos初始化系统的脚本
- java.lang.ClassNotFoundException: org.springframework.core.ResolvableTypeProvider
- android-Ultra-Pull-To-Refresh 源码解析
- vbox安装debian8.7及设置
- ubuntu中eclipse乱码( 不支持gbk编码)
- JAVA中的一维数组
- Win10 安装配置Maven
- CodeForces
- 一次完整的HTTP请求需要的步骤(http通信协议)
