前端之家收集整理的这篇文章主要介绍了
CentOS 6.X 系统初始化脚本,
前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
#!/bin/bash ################################################# # --Info # Initialization CentOS 6.x script ################################################# # Changelog # 20160601 shaonbean initial creation ################################################# # Auther: hwang@aniu.tv ################################################# # Check if user is root if [ $(id -u) != "0" ]; then echo "Error: You must be root to run this script,please use root to initialization OS" exit 1 fi echo "+------------------------------------------------------------------------+" echo "| To initialization the system for security and performance |" echo "+------------------------------------------------------------------------+" #check host && network check_hosts() { hostname=`hostname` if grep -Eqi '^127.0.0.1[[:space:]]*localhost' /etc/hosts; then echo "Hosts: ok." else echo "127.0.0.1 localhost.localdomain $hostname" >> /etc/hosts fi ping -c1 www.aniu.tv if [ $? -eq 0 ] ; then echo "DNS...ok" echo "nameserver 8.8.8.8" >> /etc/resolv.conf else echo "DNS...fail" echo -e "nameserver 8.8.8.8\nnameserver 114.114.114.114" > /etc/resolv.conf fi } #Set time zone synchronization set_timezone() { echo "Setting timezone..." rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #install ntp echo "[+] Installing ntp..." yum install ntpdate -y /usr/sbin/ntpdate pool.ntp.org echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root /sbin/service crond restart } #update os update(){ yum -y update # change yum source # cd /etc/yum.repos.d/ # mkdir bak # mv ./*.repo bak # wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo # wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo # yum clean all && yum makecache yum -y install wget vim unzip openssl-devel gcc gcc-c++ sysstat iotop openssh-clients telnet lsof echo "yum update && yum install common command ......... succeed." } selinux() { sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 echo "disbale selinux ..................succeed." } #xen_hwcap_setting() #{ # if [ -s /etc/ld.so.conf.d/libc6-xen.conf ]; then # sed -i 's/hwcap 1 nosegneg/hwcap 0 nosegneg/g' /etc/ld.so.conf.d/libc6-xen.conf # fi #} #Modify file open number,define 1024 # /etc/security/limits.conf limits_config() { cat >> /etc/security/limits.conf <<EOF * soft nproc 65535 * hard nproc 65535 * soft nofile 8192 * hard nofile 8192 EOF #ulimit -n 8192 echo "ulimit -SHn 65535" >> /etc/rc.local } ulimit -n 8192 #Shut off system service stop_server() { echo "stop not nessccery services!" for server in `chkconfig --list |grep 3:on|awk '{ print $1}'` do chkconfig --level 3 $server off done for server in crond network rsyslog sshd lvm2-monitor sysstat netfs blk-availability udev-post do chkconfig --level 3 $server on done } #define sshd sshd_config(){ #sed -i '/^#Port/s/#Port 22/Port 54077/g' /etc/ssh/sshd_config sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config #sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config /etc/init.d/sshd restart echo "set sshd && restat sshd succedd!" } # iptables iptables(){ #disable iptables /etc/init.d/iptables stop chkconfig --level 3 iptables off #disable ipv6 echo "alias net-pf-10 off" >> /etc/modprobe.d/modprobe.conf echo "alias ipv6 off" >> /etc/modprobe.d/modprobe.conf echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network chkconfig --level 3 ip6tables off /etc/init.d/ip6tables stop echo "iptables is stop && ipv6 is disabled!" } other(){ # initdefault sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab /sbin/init q # PS1 #echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile echo "TMOUT=7200" >> /etc/profile # Record command sed -i 's/^HISTSIZE=.*$/HISTSIZE=1000/' /etc/profile #echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile # wrong password five times locked 180s sed -i '4a auth
required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth # forbiden ctl-alt-delete sed -i 's/exec \/sbin\/shutdown -r now \"Control-Alt-Delete pressed"/\#exec \/sbin\/shutdown -r now \"Control-Alt-Delete pressed"/g' /etc/init/control-alt-delete.conf source /etc/profile } # delete_user() { # delete no use user echo "delete not use user" echo "" for user in adm lp sync shutdown halt uucp operator gopher do userdel $user ; done } # sysctl_add(){ cat >> /etc/sysctl.conf << EOF # appends net.ipv4.tcp_synack_retries = 0 net.ipv4.tcp_max_syn_backlog = 20480 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 10 fs.file-max = 819200 net.core.somaxconn = 65536 net.core.rmem_max = 1024123000 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 165536 net.ipv4.ip_local_port_range = 10000 65535 EOF # set kernel parameters work sysctl -p } #main function main(){ check_hosts set_timezone selinux update limits_config stop_server sshd_config iptables other delete_user sysctl_add } # execute main functions main echo "+------------------------------------------------------------------------+" echo "| To initialization system all completed !!! |" echo "+------------------------------------------------------------------------+"
原文链接:https://www.f2er.com/centos/380367.html