系统初始化-centos7

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120

#!/bin/bash #检测是否为root用户 if [ $UID -ne 0 ];then echo "Must be root can do this." exit 9 fi #检测网络 echo "检测网络中......" /bin/ping www.baidu.com -c 2 &>/dev/null if [ $? -ne 0 ];then echo "现在网络无法通信，准备设置网络" read -p 'pls enter your ip: ' IP read -p 'pls enter your gateway: ' GW read -p 'pls enter your netmask: ' NM read -p 'pls enter your netcard: ' NC echo "IPADDR=$IP" >> /etc/sysconfig/network-scripts/ifcfg-$NC echo "NETMASK=$NM" >> /etc/sysconfig/network-scripts/ifcfg-$NC echo "GATEWAY=$GW" >> /etc/sysconfig/network-scripts/ifcfg-$NC echo "DNS1=114.114.114.114" >> /etc/sysconfig/network-scripts/ifcfg-$NC echo "DNS2=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-$NC sed -i 's/dhcp/static/g' /etc/sysconfig/network-scripts/ifcfg-$NC sed -i 's/ONBOOT=no/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-$NC /etc/init.d/network restart echo -e "\033[031m network is configure ok.\033[0m" else echo -e "\033[031m network is ok.\033[0m" fi #关闭selinux echo "关闭SElinux......" sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config echo -e "\033[31m selinux is disabled,if you need,you must reboot.\033[0m" #更新yum源 echo "备份yum源......" mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum clean all yum makecache #安装基础库 echo "安装基础环境和库......" yum install -y vim-enhanced iproute net-tools util-linux-ng gcc-c++ make cmake libxml2-devel openssl-devel \ screen git mailx dos2unix lrzsz dstat xinetd rsync tree bind-utils ncurses-devel autoconf automake zlib* fiex* libxml* \ ntpdate curl wget zip unzip gcc man perl-Net-SSLeay perl-IO-Socket-SSL libmcrypt* libtool-ltdl-devel* \ dstat tcpdump telnet salt-minion iptables-services bind-utils mtr python-devel #设置时钟同步 echo "设置时钟同步......" echo "*/5 * * * * root /usr/sbin/ntpdate time7.aliyun.com &>/dev/null" >> /etc/crontab #修改Bash提示符字符串 echo "改Bash提示符字符串......" echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\\$ "' >> ~/.bashrc source .bashrc #修改文件打开数 echo "修改文件打开数......" cat >> /etc/security/limits.conf <<EOF * soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 EOF echo "ulimit -SH 65535" >> /etc/rc.local #优化内核参数 echo "优化内核参数....." sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf cat >> /etc/sysctl.conf << ENDF net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65535 ENDF sysctl -p #创建普通用户 read -p "what's your system admin user and password? " U P useradd $U echo "$P" | passwd $U --stdin sed -i 's/#auth sufficient pam_wheel.so trust use_uid/auth sufficient pam_wheel.so trust use_uid/g' /etc/pam.d/su usermod -G wheel $U #优化ssh参数 echo "优化ssh....." sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config systemctl restart sshd #关闭firewalld，开启iptables systemctl stop firewalld sed -i '/dport 22/a -A INPUT -p udp -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT' /etc/sysconfig/iptables sed -i "/dport 22/a -A INPUT -p tcp -m tcp --dport '$S' -j ACCEPT" /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 61.233.17.4/32 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 61.233.17.5/32 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 218.240.128.48/30 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 221.122.120.228/32 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 218.240.137.220/30 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 222.35.22.74/29 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 127.0.0.0/8 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 10.0.0.0/8 -j ACCEPT' /etc/sysconfig/iptables sed -i '/dport 22/a -A INPUT -s 116.63.0.0/24 -j ACCEPT' /etc/sysconfig/iptables systemctl reload iptables #关闭NetworkManager systemctl disable NetworkManager systemctl stop NetworkManager