前端之家收集整理的这篇文章主要介绍了
系统安装初始化脚本,
前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
本脚本使用范围:
[root@lb01src]#cat/etc/redhat-release
CentOSrelease6.7
[root@lb01src]#viminitialization.sh
#!/bin/bash
###########################################
#thisscriptfunctionis:
#systemctlinitialization
#USERYYYY-MM-DD-ACTION
#brucefu20017-08-08-Created
#mail270064522@qq.com
############################################
#添加epel和rpmforge的外部yum扩展源
url_yum=https://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm
cd/usr/local/src
wget"$url_yum"
rpm-ivhepel-release-latest-6.noarch.rpm
#安装gcc基础库文件以及sysstat工具
yum-yinstallgccgcc-c++vim-enhancedunzipunrarsysstat
#配置ntpdate自动对时
yuminstalllrzszntpdatesysstat-y
echo'*/5****/usr/sbin/ntpdatetime.windows.com>/dev/null2>&1'>>/var/spool/cron/root
echo'*/10****/usr/sbin/ntpdatetime.nist.gov>/dev/null2>&1'>>/var/spool/cron/root
#设置字符集
sed-i's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#'/etc/sysconfig/i18n
source/etc/sysconfig/i18n
servicecrondrestart
#ulimitkey
ulimit-SHn65535
echo"ulimit-SHn65535">>/etc/rc.local
cat>>/etc/security/limits.conf<<EOF
*softnofile60000
*hardnofile65535
EOF
#tunekernelparametres(内核参数优化)
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout=2
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_keepalive_time=600
net.ipv4.ip_local_port_range=400065000
net.ipv4.tcp_max_syn_backlog=16384
net.ipv4.tcp_max_tw_buckets=36000
net.ipv4.route.gc_timeout=100
net.ipv4.tcp_syn_retries=1
net.ipv4.tcp_synack_retries=1
net.core.somaxconn=16384
net.core.netdev_max_backlog=16384
net.ipv4.tcp_max_orphans=16384
#一下参数是对iptables防火墙的优化,防火墙不开会有提示,可以忽略不理。
net.ipv4.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
EOF
/sbin/sysctl-p
#forbidcontrol-alt-delete
sed-i's@ca::ctrlaltdel:/sbin/shutdown-t3-rnow@#ca::ctrlaltdel:/sbin/shutdown-t3-rnow@'/etc/inittab
#关闭SElinux
sed-i's@SELINUX=enforcing@SELINUX=disabled@'/etc/selinux/config
#forbidipv6address
echo"aliasnet-pf-10off">>/etc/modprobe.conf
echo"aliasipv6off">>/etc/modprobe.conf
echo"installipv6/bin/true">>/etc/modprobe.conf
echo"IPV6INIT=no">>/etc/sysconfig/network
sed-i's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@'/etc/sysconfig/network
chkconfigip6tablesoff
#viminitialization
echo"Syntaxon">>/root/.vimrc
echo"setnohlsearch">>/root/.vimrc
#stopsystemctlservice
chkconfigbluetoothoff
chkconfigsendmailoff
chkconfigkudzuoff
chkconfignfslockoff
chkconfigportmapoff
chkconfigiptablesoff
chkconfigautofsoff
chkconfigyum-updatesdoff
chkconfigpostfixoff
chkconfigpcscdoff
chkconfigalsasoundoff
chkconfigsmboff
#系统敏感权限设置
chmod400/etc/crontab
chmod400/etc/securetty
chmod600/boot/grub/grub.conf
chmod600/etc/inittab
chmod600/etc/login.defs
#forbidUSB
echo"installusb-storage/bin/true">>/etc/modprobe.d/usb-storage.conf
#重启服务器
reboot