CentOS 6.X 系统初始化脚本
版权声明:本文为木偶人shaon原创文章,转载请注明原文地址,非常感谢。 https://cloud.tencent.com/developer/article/1435745
#!/bin/bash #################################################
--Info
Initialization CentOS 6.x script
#################################################
Changelog
20160601 shaonbean initial creation
#################################################
Auther: hwang@aniu.tv
#################################################
Check if user is root
if $(id -u) != "0" ; then
echo "Error: You must be root to run this script, please use root to initialization OS" exit 1fi
echo "+------------------------------------------------------------------------+"
echo "| To initialization the system for security and performance |"
echo "+------------------------------------------------------------------------+"
#check host && network
check_hosts()
{
hostname=`hostname` if grep -Eqi '^127.0.0.1[[:space:]]\*localhost' /etc/hosts; then echo "Hosts: ok." else echo "127.0.0.1 localhost.localdomain $hostname" >> /etc/hosts fi ping -c1 www.aniu.tv if [ $? -eq 0 ] ; then echo "DNS...ok" echo "nameserver 8.8.8.8" >> /etc/resolv.conf else echo "DNS...fail" echo -e "nameserver 8.8.8.8\nnameserver 114.114.114.114" > /etc/resolv.conf fi}
#Set time zone synchronization
set_timezone()
{
echo "Setting timezone..." rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #install ntp echo "[+] Installing ntp..." yum install ntpdate -y /usr/sbin/ntpdate pool.ntp.org echo '\*/5 \* \* \* \* /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root /sbin/service crond restart}
#update os
update(){
yum -y update change yum source
cd /etc/yum.repos.d/
mkdir bak
mv ./*.repo bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all && yum makecache
yum -y install wget vim unzip openssl-devel gcc gcc-c++ sysstat iotop openssh-clients telnet lsof echo "yum update && yum install common command ......... succeed."}
selinux()
{
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 echo "disbale selinux ..................succeed."}
#xen_hwcap_setting()
#{
if -s /etc/ld.so.conf.d/libc6-xen.conf ; then
sed -i 's/hwcap 1 nosegneg/hwcap 0 nosegneg/g' /etc/ld.so.conf.d/libc6-xen.conf
fi
#}
#Modify file open number,define 1024
/etc/security/limits.conf
limits_config()
{
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 8192
* hard nofile 8192
EOF
#ulimit -n 8192
echo "ulimit -SHn 65535" >> /etc/rc.local
}
ulimit -n 8192
#Shut off system service
stop_server()
{
echo "stop not nessccery services!" for server in `chkconfig --list |grep 3:on|awk '{ print $1}'` do chkconfig --level 3 $server off done for server in crond network rsyslog sshd lvm2-monitor sysstat netfs blk-availability udev-post do chkconfig --level 3 $server on done}
#define sshd
sshd_config(){
#sed -i '/^#Port/s/#Port 22/Port 54077/g' /etc/ssh/sshd\_config sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd\_config #sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd\_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd\_config /etc/init.d/sshd restart echo "set sshd && restat sshd succedd!"}
iptables
iptables(){
#disable iptables/etc/init.d/iptables stopchkconfig --level 3 iptables off#disable ipv6echo "alias net-pf-10 off" >> /etc/modprobe.d/modprobe.confecho "alias ipv6 off" >> /etc/modprobe.d/modprobe.confecho "NETWORKING\_IPV6=no" >> /etc/sysconfig/networkchkconfig --level 3 ip6tables off/etc/init.d/ip6tables stopecho "iptables is stop && ipv6 is disabled!"}
other(){
initdefault
sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab
/sbin/init q
PS1
#echo 'PS1="[\e[37;40m][[\e[32;40m]\u[\e[37;40m]@\h [\e[35;40m]\W[\e0m]\$ [\e[33;40m]"' >> /etc/profile
echo "TMOUT=7200" >> /etc/profile
Record command
sed -i 's/^HISTSIZE=.*$/HISTSIZE=1000/' /etc/profile
#echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:`pwd`/:\$msg ---- \$(who am i); } >> /tmp/`hostname`.`whoami`.history-timestamp'" >> /root/.bash_profile
wrong password five times locked 180s
sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
forbiden ctl-alt-delete
sed -i 's/exec \/sbin\/shutdown -r now \"Control-Alt-Delete pressed"/#exec \/sbin\/shutdown -r now \"Control-Alt-Delete pressed"/g' /etc/init/control-alt-delete.conf
source /etc/profile
}
delete_user()
{
delete no use user
echo "delete not use user"
echo ""
for user in adm lp sync shutdown halt uucp operator gopher
do userdel $user ; done
}
sysctl_add(){
cat >> /etc/sysctl.conf << EOF
appends
net.ipv4.tcp_synack_retries = 0
net.ipv4.tcp_max_syn_backlog = 20480
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 10
fs.file-max = 819200
net.core.somaxconn = 65536
net.core.rmem_max = 1024123000
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 165536
net.ipv4.ip_local_port_range = 10000 65535
EOF
set kernel parameters work
sysctl -p
}
#main function
main(){
check\_hosts set\_timezone selinux update limits\_config stop\_server sshd\_config iptables other delete\_user sysctl\_add }
execute main functions
main
echo "+------------------------------------------------------------------------+"
echo "| To initialization system all completed !!! |"
echo "+------------------------------------------------------------------------+"