CentOS6&7系统初始化脚本

前端之家收集整理的这篇文章主要介绍了CentOS6&7系统初始化脚本前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
#!/bin/bash
###Usage:Thisscriptusetoconfiglinuxsystem

#获取IP地址172.16.100.100
outip=`ifconfigeth1|grepinet|cut-f2-d":"|cut-f1-d""|awk-F"."'{print$4}'`

#定义系统主机名
hostname=dbbak$outip.mstuc.cn1

#修改yum源
#Changeyumsourcetomirrors.163.com
mv-f/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backup
curl-shttp://mirrors.163.com/.help/CentOS6-Base-163.repo-o/etc/yum.repos.d/CentOS-Base.repo

#添加第三方的yum源
#addthethird-partyrepo
#addtheepel
rpm-Uvhhttp://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm--import/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
#addtherpmforge
rpm-Uvhhttp://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm--import/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag

#生成yum缓存
yumcleanall
yummakecache

#安装一些常用的软件
yuminstall-ysysstatvimlrzszntptraceroutevixie-croncrontabslsofpcrepcre-develwgetopensslopenssl-develrsync

#时间校正
#setntp
/usr/sbin/ntpdatentp.api.bz
echo"*/5****/usr/sbin/ntpdatentp.api.bz>/dev/null2>&1">>/var/spool/cron/root
#setclock

#校正硬件时钟bios里面的时间
hwclock--set--date="`date+%D\%T`"
hwclock--hctosys

#ulimit修改
#setulimit
echo"ulimit-SHn102400">>/etc/rc.local
cat>>/etc/security/limits.conf<<EOF
*softnofile102400
*hardnofile102400
*softnproc102400
*hardnproc102400
EOF

#禁止使用controlaltdelete重启服务器
#closectrl+alt+del
sed-i's/exec\/sbin\/shutdown-rnow"Control-Alt-Deletepressed"/#exec\/sbin\/shutdown-rnow"Control-Alt-Deletepressed"/g'/etc/init/control-alt-delete.conf

#修改运行级别,修改成默认为3
sed-i's/^id:5:initdefault:/id:3:initdefault:/'/etc/inittab

#关闭所有的服务的开机启动,只打开部分需要的服务
###serviceconfig
foriin`chkconfig--list|awk'{print$1}'`;doecho$i;chkconfig$ioff;done
foriinsshdnetworkcrondsysstatacpidirqbalanceiptablesrsyslogntpdate;dochkconfig$ion;done

#添加系统需要的用户
###Addnewuser.
useraddlyp_hx
echo'Hu0X!nG%12'|passwd--stdinlyp_hx
chage-d0lyp_hx
useradddeveloper
echo'Hu0X!nG%12'|passwd--stdindeveloper
chage-d0developer
useraddxunge
echo'Hu0X!nG%12'|passwd--stdinxunge
chage-d0xunge
useraddroke01
echo'Hu0X!nG%12'|passwd--stdinroke01
chage-d0roke01

#允许哪些用户有sudo的权限
chmodu+w/etc/sudoers
echo-e"lyp_hxALL=(ALL)ALL\ndeveloperALL=(ALL)ALL">>/etc/sudoers
echo-e"xungeALL=(ALL)ALL\nroke01ALL=(ALL)ALL">>/etc/sudoers
chmodu-w/etc/sudoers

#让所有的网卡开机自动启动
#networkstartwithsystem.
sed-is/ONBOOT=no/ONBOOT=yes/g/etc/sysconfig/network-scripts/ifcfg-eth0
sed-is/ONBOOT=no/ONBOOT=yes/g/etc/sysconfig/network-scripts/ifcfg-eth1

#禁止使用密码登录
###sshdconfig
sed-is/"PasswordAuthenticationyes"/"PasswordAuthenticationno"/g/etc/ssh/sshd_config

#添加ssh的密钥
[!-d/root/.ssh]&&mkdir-p/root/.ssh/
chmod700/root/.ssh/
echo"ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEAyVbaOb8yYSOfcfKXQo0zzOFlpUDAAxltM5lo44E0QG5IFtKe5NpUhl/3shOoS78SS6mfADF5+S+jyB/d32CwsG0M4P9ZcX4wt5vNrVuCyud3VF6qhYjuEx28T8L7EjGIHZdNto7mlc8nK2+juE4JxuMXwYknpb22zOR/j1DQcsysymvfgqsHVG2C0cyPCYffzO4baik68KSiyuECl2IQZtj611fHZkFk6jqxFUUav6vwXTBf/RCHYwo8l15IuiPK5YtHT0iLbbXOxlC8G24QAIaPU5FfX445qpd4iCwhYUIcGQAZXCXRwWCODUsTO/D6GtPB2fB1fnPTxUTkzQfe1Q==liyuanpeng@corp.the9.com
ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEAr905kqmgZT3kTrUEwnoJJpq0ecSo1g8p4NIaklsxOzjBmwKfXcN0RkPKm5qDcanWtalY7OEiJYg1ZMhdGutaFuuVLxsjJJsh2n1vRPC9TYNMEGQ0i99lEEz1shRih5VfHvdsx+htt68GtrUJUxQVE9nlBox6NIqch9FmTxxmegHX/W1nRQ1ejcLw9T0bfwU7/6f37eM4jQ9B72hhZc6tpVFvfrQRCp5rPDZ6agGY9PzNkKldulLmZ5egHhhzA/4UX7L358QeSI7UNb2gkxITqIxM2HS8P8IG0gJb41RJwl4l0dGKfvi32tK1aICSntKF8Bozj4am+6QrpaUip6S6dw==developer
ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEA4qV2CbFgB0rdEhYkfZYz3EcMy9mHBmPy8kxDw29RHqP5Pvx58fgHgDILdAoKQqpRDN7S4zTznPVJXt7atbGugWMdokG78du8K73CdNbB2NSl9l+XS3wdwQfeALgo+JX/NSuiDk0Zx9SSmfm10izix+4XJ+D5IjzsOrxrGbys3CbYyFx9bIuBN1at618gZezDB9bQaq0AL30w7D3qxp8s2V05s4t1Xngd5Kn1ZcK8327pAmipcHjpn7SDsH04suNdhCE7HJcrBIac2dfauw/90/mkhpA/58L6Hek6TRTPza7Y8+WVYe2RBLVZODmOym2gA9+qhcebVhgyUpAscXgOQQ==program
ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEAxSo72gHJX+tkCze25v3xr16urGM04oHKNWyo5+5eSafeJS+Xl8pHNN4EV3a3tuMvZo1tBmziONqmUv13N8rv1D3rMbkYZAzu10vZi/8Id9UJCu6X15+4j+mga95k/RkYDNydxaMV72f6Zue/ZR6NaoXLYKuXdHXZmRbRE435tAepmbbuxNrdOzM8hdRvFFc4LmM1GBfc3vPDCwNz3+lpLYsO0qPpeT8aVg3vaLX7gLul+f0W+iHzPtdRiGm9U6EXvuRVhv1FEAVpB+hGJmM1L2ECY3s6aWbCNF4bFWFxwtTR8Ykvlq4ekL4DIVF1qY1/vMOG5hp0zPNYGx5i5Y4Ghw==roke001
ssh-rsaAAAAB3NzaC1yc2EAAAABIwAAAQEA34QAb/xi1Sme/YEBeuJrBW8hn1nIVSL03XiEcJacQO9VVkvKUdY8sXL9fUS2qFgFcFVj5GMI/7YCECp/PMAkox6LAs2+WbmfXgasK+aFWEY9Anop2qmrtvmtvMOy1cINB6fFC9UgXHFL7qm63h5OlZaRrXRzyf2G+LVnV+6vCzJuAO3vkeVzi6XTtrPhXIbh8HBmTFNCr2OQ1g5vX8IMpvhb60j6yY/CUlBbY2WktLPO7bPYOPat2GlrzPy4Ku2xITXnq3CwZnAfe2XTJ7kMG3Bp7YJhOhBV1fZ9VQNuOsodVRnMjNzgyftdZ/8Do5HMT66umos9MSI8f+zSWLoUBQ==xunge
#key">/root/.ssh/authorized_keys

#重启sshd
/etc/init.d/sshdrestart
#修改服务器的DNS
###setdnsserver
echo-e"nameserver114.114.114.114\nnameserver8.8.8.8">/etc/resolv.conf

#给一些自定义的脚本一些可执行权限
chmoda+x/opt/scripts/*.sh

#关闭SELinux
###disableselinux
sed-i's/SELINUX=enforcing/SELINUX=disalbed/g'/etc/selinux/config

#把一些服务添加到开机启动
echo'bash/opt/zabbix/zabbix_agentd.sh'>>/etc/rc.local
echo'bash/opt/scripts/firewall_kvm.sh'>>/etc/rc.local
echo'cd/opt/scripts;nohup/opt/scripts/ssh_deny.sh&'>>/etc/rc.local

#把hostname写到配置文件中
echo'NETWORKING=yes'>/etc/sysconfig/network
echo"HOSTNAME=$hostname">>/etc/sysconfig/network

#设置vim语法高亮
##Setvim
echo'Syntaxon'>/root/.vimrc

#修改内核参数
###sysctl
cat>>/etc/sysctl.conf<<END
net.ipv4.ip_forward=0
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.accept_source_route=0
kernel.sysrq=0
kernel.core_uses_pid=1
net.ipv4.tcp_syncookies=1
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmax=68719476736
kernel.shmall=4294967296
net.core.wmem_max=873200
net.core.rmem_max=873200
net.core.somaxconn=256
net.core.netdev_max_backlog=1000
net.ipv4.ip_local_port_range=500065000
net.ipv4.tcp_mem=78643210485761572864
net.ipv4.tcp_wmem=8192436600873200
net.ipv4.tcp_rmem=32768436600873200
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_retries2=5
net.ipv4.tcp_keepalive_time=1800
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_max_tw_buckets=20000
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
END
modprobebridge

#让修改后的内核参数生效
/sbin/sysctl-p

#添加执行命令的路径
#AddPATHenvironment.
echo'exportPATH=$PATH:/opt/node/bin:/opt/node/lib/node_modules/npm/bin/node-gyp-bin:/opt/zabbix/bin:/opt/zabbix/sbin'>>/etc/profile

#添加zabbix这个用户
/usr/sbin/groupaddzabbix
/usr/sbin/useradd-gzabbixzabbix-s/sbin/nologin

#重启
###reboot
sleep10
reboot

CentOS7初始化脚本,优化了CentOS6的脚本,将代码进行函数化。

#!/bin/bash

#CentOS7initialization


if[["$(whoami)"!="root"]];then

echo"pleaserunthisscriptasroot.">&2
exit1
fi

echo-e"\033[31mcentos7系统初始化脚本,请慎重运行!pressctrl+Ctocancel\033[0m"
sleep5


#updatesystempack
yum_update(){
yum-yinstallwget
cd/etc/yum.repos.d/
mkdirbak
mv./*.repobak
wget-O/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo
wget-O/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-7.repo
yumcleanall&&yummakecache
yum-yinstallnet-toolslrzszgccgcc-c++makecmakelibxml2-developenssl-develcurlcurl-develunzipsudontplibaio-develwgetvimncurses-develautoconfautomakezlib-develpython-develexpect
}
#setntp
zone_time(){
cp/usr/share/zoneinfo/Asia/Chongqing/etc/localtime
printf'ZONE="Asia/Chongqing"\nUTC=false\nARC=false'>/etc/sysconfig/clock
/usr/sbin/ntpdatepool.ntp.org
echo"*/5****/usr/sbin/ntpdatepool.ntp.org>/dev/null2>&1">>/var/spool/cron/root;chmod600/var/spool/cron/root
echo'LANG="en_US.UTF-8"'>/etc/sysconfig/i18n
source/etc/sysconfig/i18n
}
#setulimit
ulimit_config(){
echo"ulimit-SHn102400">>/etc/rc.local
cat>>/etc/security/limits.conf<<EOF
*softnofile102400
*hardnofile102400
*softnproc102400
*hardnproc102400
EOF
}

#setssh
sshd_config(){
sed-i's/^GSSAPIAuthenticationyes$/GSSAPIAuthenticationno/'/etc/ssh/sshd_config
sed-i's/#UseDNSyes/UseDNSno/'/etc/ssh/sshd_config
systemctlstartcrond
}

#setsysctl
sysctl_config(){
cp/etc/sysctl.conf/et/sysctl.conf.bak
cat>/etc/sysctl.conf<<EOF
net.ipv4.ip_forward=0
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.accept_source_route=0
kernel.sysrq=0
kernel.core_uses_pid=1
net.ipv4.tcp_syncookies=1
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmax=68719476736
kernel.shmall=4294967296
net.ipv4.tcp_max_tw_buckets=6000
net.ipv4.tcp_sack=1
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_rmem=4096873804194304
net.ipv4.tcp_wmem=4096163844194304
net.core.wmem_default=8388608
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.core.netdev_max_backlog=262144
net.core.somaxconn=262144
net.ipv4.tcp_max_orphans=3276800
net.ipv4.tcp_max_syn_backlog=262144
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_synack_retries=1
net.ipv4.tcp_syn_retries=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_mem=94500000915000000927000000
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_time=1200
net.ipv4.ip_local_port_range=102465535
EOF
/sbin/sysctl-p
echo"sysctlsetOK!!"
}

#disableselinux
selinux_config(){
sed-i's@SELINUX=enforcing@SELINUX=disabled@g'/etc/selinux/config
setenforce0
}

iptables_config(){
systemctlstopfirewalld.servic
systemctldisablefirewalld.service
yuminstalliptables-services
cat>/etc/sysconfig/iptables<<EOF
#Firewallconfigurationwrittenbysystem-config-securitylevel
#Manualcustomizationofthisfileisnotrecommended.
*filter
:INPUTDROP[0:0]
:FORWARDACCEPT[0:0]
:OUTPUTACCEPT[0:0]
:syn-flood-[0:0]
-AINPUT-ilo-jACCEPT
-AINPUT-mstate--stateRELATED,ESTABLISHED-jACCEPT
-AINPUT-ptcp-mstate--stateNEW-mtcp--dport22-jACCEPT
-AINPUT-ptcp-mstate--stateNEW-mtcp--dport80-jACCEPT
-AINPUT-picmp-mlimit--limit100/sec--limit-burst100-jACCEPT
-AINPUT-picmp-mlimit--limit1/s--limit-burst10-jACCEPT
-AINPUT-ptcp-mtcp--tcp-flagsFIN,SYN,RST,ACKSYN-jsyn-flood
-AINPUT-jREJECT--reject-withicmp-host-prohibited
-Asyn-flood-ptcp-mlimit--limit3/sec--limit-burst6-jRETURN
-Asyn-flood-jREJECT--reject-withicmp-port-unreachable
COMMIT
EOF
/sbin/serviceiptablesrestart
}
main(){
yum_update
zone_time
ulimit_config
sysctl_config
sshd_config
selinux_config
iptables_config
}
main

猜你在找的CentOS相关文章