版权声明:本文为木偶人shaon原创文章,转载请注明原文地址,非常感谢。 https://cloud.tencent.com/developer/article/1435745
#!/bin/bash
#################################################
#################################################
#################################################
#################################################
if $(id -u) != "0" ; then
echo "Error: You must be root to run this script, please use root to initialization OS"
exit 1
fi
echo "+------------------------------------------------------------------------+"
echo "| To initialization the system for security and performance |"
echo "+------------------------------------------------------------------------+"
#check host && network
check_hosts()
{
hostname=`hostname`
if grep -Eqi '^127.0.0.1[[:space:]]\*localhost' /etc/hosts; then
echo "Hosts: ok."
else
echo "127.0.0.1 localhost.localdomain $hostname" >> /etc/hosts
fi
ping -c1 www.aniu.tv
if [ $? -eq 0 ] ; then
echo "DNS...ok"
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
else
echo "DNS...fail"
echo -e "nameserver 8.8.8.8\nnameserver 114.114.114.114" > /etc/resolv.conf
fi
}
#Set time zone synchronization
set_timezone()
{
echo "Setting timezone..."
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#install ntp
echo "[+] Installing ntp..."
yum install ntpdate -y
/usr/sbin/ntpdate pool.ntp.org
echo '\*/5 \* \* \* \* /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root
/sbin/service crond restart
}
#update os
update(){
yum -y update
yum -y install wget vim unzip openssl-devel gcc gcc-c++ sysstat iotop openssh-clients telnet lsof
echo "yum update && yum install common command ......... succeed."
}
selinux()
{
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo "disbale selinux ..................succeed."
}
#xen_hwcap_setting()
#{
#}
#Modify file open number,define 1024
limits_config()
{
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 8192
* hard nofile 8192
EOF
#ulimit -n 8192
echo "ulimit -SHn 65535" >> /etc/rc.local
}
ulimit -n 8192
#Shut off system service
stop_server()
{
echo "stop not nessccery services!"
for server in `chkconfig --list |grep 3:on|awk '{ print $1}'`
do
chkconfig --level 3 $server off
done
for server in crond network rsyslog sshd lvm2-monitor sysstat netfs blk-availability udev-post
do
chkconfig --level 3 $server on
done
}
#define sshd
sshd_config(){
#sed -i '/^#Port/s/#Port 22/Port 54077/g' /etc/ssh/sshd\_config
sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd\_config
#sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd\_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd\_config
/etc/init.d/sshd restart
echo "set sshd && restat sshd succedd!"
}
iptables(){
#disable iptables
/etc/init.d/iptables stop
chkconfig --level 3 iptables off
#disable ipv6
echo "alias net-pf-10 off" >> /etc/modprobe.d/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.d/modprobe.conf
echo "NETWORKING\_IPV6=no" >> /etc/sysconfig/network
chkconfig --level 3 ip6tables off
/etc/init.d/ip6tables stop
echo "iptables is stop && ipv6 is disabled!"
}
other(){
sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab
/sbin/init q
#echo 'PS1="[\e[37;40m][[\e[32;40m]\u[\e[37;40m]@\h [\e[35;40m]\W[\e0m]\$ [\e[33;40m]"' >> /etc/profile
echo "TMOUT=7200" >> /etc/profile
sed -i 's/^HISTSIZE=.*$/HISTSIZE=1000/' /etc/profile
#echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:`pwd`/:\$msg ---- \$(who am i); } >> /tmp/`hostname`.`whoami`.history-timestamp'" >> /root/.bash_profile
sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
sed -i 's/exec \/sbin\/shutdown -r now \"Control-Alt-Delete pressed"/#exec \/sbin\/shutdown -r now \"Control-Alt-Delete pressed"/g' /etc/init/control-alt-delete.conf
source /etc/profile
}
delete_user()
{
echo "delete not use user"
echo ""
for user in adm lp sync shutdown halt uucp operator gopher
do userdel $user ; done
}
sysctl_add(){
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_synack_retries = 0
net.ipv4.tcp_max_syn_backlog = 20480
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 10
fs.file-max = 819200
net.core.somaxconn = 65536
net.core.rmem_max = 1024123000
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 165536
net.ipv4.ip_local_port_range = 10000 65535
EOF
sysctl -p
}
#main function
main(){
check\_hosts
set\_timezone
selinux
update
limits\_config
stop\_server
sshd\_config
iptables
other
delete\_user
sysctl\_add
}
main
echo "+------------------------------------------------------------------------+"
echo "| To initialization system all completed !!! |"
echo "+------------------------------------------------------------------------+"