centos6x新装一键优化脚本

前端之家收集整理的这篇文章主要介绍了centos6x新装一键优化脚本前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

#!/bin/bash

##############################################################

# File Name: optimization.sh

# Version: V1.0

# Author: jiege

# Organization: http://jiege3324.blog.51cto.com/

# Created Time : 2017-04-14 14:26:08

# Description: Linux system initialization

# E.g: /bin/sh optimization.sh 192.168.169.11

##############################################################

. /etc/init.d/functions

if [ $# -ne 1 ];then

Msg "Please enter the ip address passed to the script!"

exit 1

fi

ipaddr=$1

# Defined result function

function Msg(){

if [ $? -eq 0 ];then

action "$1" /bin/true

else

action "$1" /bin/false

fi

}

# Defined Time Synchronization Functions

function Time(){

echo "#time sync by jiege at $(date +%F)" >>/var/spool/cron/root

echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov &>/dev/null' >>/var/spool/cron/root

Msg "Time Synchronization"

}

# Defined IP function

function ConfigIP(){

#Suffix=`ifconfig eth1|awk -F "[ .]+" 'NR==2 {print $6}'`

Suffix=`echo $ipaddr |awk -F "." '{print $4}'`

cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

USERCTL=no

IPV6INIT=no

IPADDR=192.168.169.$Suffix

NETMASK=255.255.255.0

GATEWAY=192.168.169.2

DNS1=192.168.169.2

NAME="System eth0"

EOF

Msg "config eth0"

cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF

DEVICE=eth1

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

USERCTL=no

IPV6INIT=no

IPADDR=192.168.10.$Suffix

NETMASK=255.255.255.0

NAME="System eth1"

EOF

Msg "config eth1"

}

# Defined Yum source Functions

function UpdateYumSource(){

YumDir=/etc/yum.repos.d

repoDir=http://mirrors.aliyun.com/repo/Centos-6.repo

epelDir=http://mirrors.aliyun.com/repo/epel-6.repo

[ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori}

#wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null &&\

#wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null &&\

wget -O $YumDir/CentOS-Base.repo $repoDir &>/dev/null &&\

wget -O $YumDir/epel.repo $epelDir &>/dev/null &&\

#清空yum缓存,建立yum缓存

yum clean all && yum makecache &&\

#然后使用如下命令将系统更新到最新

# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* #导入签名KEY到RPM

# yum upgrade -y #更新系统内核到最新

Msg "YUM source"

}

#Install the base package (tree nmap sysstat lrzsz telnet dos2unix)

function InstallBasePackage() {

yum install -y tree nmap sysstat lrzsz dos2unix telnet &>/dev/null &&\

Msg "Base packages"

}

#Lock critical file systems()

function LockCriticalFile() {

chattr +i /etc/passwd &&\

chattr +i /etc/inittab &&\

chattr +i /etc/group &&\

chattr +i /etc/shadow &&\

chattr +i /etc/gshadow &&\

Msg "Lock files"

}

# Defined Hide the system version number Functions

function HideVersion(){

[ -f "/etc/issue" ] && >/etc/issue

Msg "Hide issue"

[ -f "/etc/issue.net" ] && > /etc/issue.net

Msg "Hide issue.net"

}

# Defined OPEN FILES Functions

function openfiles(){

[ -f "/etc/security/limits.conf" ] && {

echo '* - nofile 65535' >> /etc/security/limits.conf

Msg "open files"

}

}

#Defined Stop iptables Functions

function StopIptables() {

[ -f "/etc/init.d/iptables" ] && {

/etc/init.d/iptables stop

chkconfig iptables off

Msg "stop iptables"

}

}

#Defined Close SELinux Functions

function CloseSELinux(){

[ -f "/etc/selinux/config" ] && {

sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config

setenforce 0

Msg "Close SELinux"

}

}

#Defined Modify the remote login configuration on the SSH server

function ModifySSHConfig(){

[ -f "/etc/ssh/sshd_config" ] && {

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori

sed '13i Port 6666\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' /etc/ssh/sshd_config

/etc/init.d/sshd reload

Msg "Modify ssh config"

}

}

#Kernel parameter optimization

function KernelParameterOpti() {

cat >>/etc/sysctl.conf <<EOF

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time =600

net.ipv4.ip_local_port_range = 4000 65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

#以下参数是对iptables防火墙的优化,防火墙不开会有提示,可以忽略不理

net.ipv4.ip_conntrack_max = 25000000

net.ipv4.netfilter.ip_conntrack_max = 25000000

net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180

net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120

net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60

net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120

EOF

#使配置文件生效

sysctl �Cp &>/dev/null &&\

Msg "Kernel parameter optimization"

}

# Defined System Startup Services Functions

function boot(){

for n in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd|sysstat"`

do

chkconfig $n off

done

Msg "BOOT config"

}

# Defined main Functions

function main(){

ConfigIP

ClonedNetworkOpti

Time

UpdateYumSource

InstallBasePackage

CloseSELinux

StopIptables

openfiles

boot

KernelParameterOpti

HideVersion

LockCriticalFile

}

猜你在找的CentOS相关文章