CentOS 6.5初始化优化脚本
时间:2015-03-05 17:24 来源:blog.51cto.com 作者:rong341233
#!/bin/bash
echo "这个是系统初始化脚本,请慎重运行!"
input_fun()
{
OUTPUT_VAR=$1
INPUT_VAR=""
while [ -z $INPUT_VAR ];do
read -p "$OUTPUT_VAR" INPUT_VAR
done
echo $INPUT_VAR
}
input_again()
{
MYHOSTNAME=$(input_fun "please input the hostname:")
DOMAINNAME=$(input_fun "please input the domainname:")
CARD_TYPE=$(input_fun "please input card type(eth0):")
IPADDR=$(input_fun "please input ip address(192.168.100.1):")
NETMASK=$(input_fun "please input netmask(255.255.255.0):")
GATEWAY=$(input_fun "please input gateway(192.168.100.1):")
MYDNS1=$(input_fun "please input DNS1(114.114.114.114):")
MYDNS2=$(input_fun "please input DNS2(8.8.4.4):")
}
input_again
MAC=$(ifconfig $CARD_TYPE | grep "HWaddr" | awk -F[" "]+ '{print $5}')
#SET COMPUTER NAME
cat >/etc/sysconfig/network <<ENDF
NETWORK=yes
HOSTNAME=$MYHOSTNAME
ENDF
cat >/etc/sysconfig/network-scripts/ifcfg-$CARD_TYPE <<ENDF
DEVICE=$CARD_TYPE
BOOTPROTO=static
HWADDR=$MAC
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
IPADDR=$IPADDR
NETMASK=$NETMASK
GATEWAY=$GATEWAY
ENDF
/etc/init.d/network restart
cat >/etc/hosts <<ENDF
127.0.0.1 $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost
$IPADDR $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost
ENDF
cat >/etc/resolv.conf <<ENDF
domain $DOMAINNAME
search $DOMAINNAME
nameserver $MYDNS1
nameserver $MYDNS2
ENDF
#关闭SEKINUX
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0
#修改文件打开数
echo "* soft nofile 66666" >> /etc/security/limits.conf
echo "* hard nofile 66666" >> /etc/security/limits.conf
#优化内核参数
cat >> /etc/sysctl.conf << ENDF
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65535
ENDF
sysctl -p
#关闭系统不用的服务
for server in `chkconfig --list |grep 3:on|awk '{ print $1}'`
do
chkconfig --level 3 $server off
done
for server in crond network rsyslog sshd
do
chkconfig --level 3 $server on
done
#增加用户并sudo提权
user_add()
{
USERNAME=$(input_fun "please input new user name:")
useradd $USERNAME
passwd $USERNAME
}
user_add
chmod +w /etc/sudoers
echo "$USERNAME ALL=(ALL) ALL" >>/etc/sudoers
chmod -w /etc/sudoers
#设置时间时区同步
yum -y install ntpdate
/usr/sbin/ntpdate time.nist.gov
echo "*/5 * * * * root /usr/sbin/ntpdate time.nist.gov 1> /dev/null 2>&1" >> /var/spool/cron/root
#配置SSHD
sed -i '/^#Port/s/#Port 22/Port 65535/g' /etc/ssh/sshd_config
sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
iptables -A INPUT -p tcp --dport 65535 -j ACCEPT
/etc/init.d/sshd restart
(责任编辑:IT)
#!/bin/bashecho "这个是系统初始化脚本,请慎重运行!"input_fun(){ OUTPUT_VAR=$1 INPUT_VAR="" while [ -z $INPUT_VAR ];do read -p "$OUTPUT_VAR" INPUT_VAR done echo $INPUT_VAR}input_again(){MYHOSTNAME=$(input_fun "please input the hostname:")DOMAINNAME=$(input_fun "please input the domainname:")CARD_TYPE=$(input_fun "please input card type(eth0):")IPADDR=$(input_fun "please input ip address(192.168.100.1):")NETMASK=$(input_fun "please input netmask(255.255.255.0):")GATEWAY=$(input_fun "please input gateway(192.168.100.1):")MYDNS1=$(input_fun "please input DNS1(114.114.114.114):")MYDNS2=$(input_fun "please input DNS2(8.8.4.4):")}input_againMAC=$(ifconfig $CARD_TYPE | grep "HWaddr" | awk -F[" "]+ '{print $5}')#SET COMPUTER NAMEcat >/etc/sysconfig/network <<ENDFNETWORK=yesHOSTNAME=$MYHOSTNAMEENDFcat >/etc/sysconfig/network-scripts/ifcfg-$CARD_TYPE <<ENDFDEVICE=$CARD_TYPEBOOTPROTO=staticHWADDR=$MACNM_CONTROLLED=yesONBOOT=yesTYPE=EthernetIPV6INIT=noIPADDR=$IPADDRNETMASK=$NETMASKGATEWAY=$GATEWAYENDF/etc/init.d/network restartcat >/etc/hosts <<ENDF127.0.0.1 $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost$IPADDR $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhostENDFcat >/etc/resolv.conf <<ENDFdomain $DOMAINNAME search $DOMAINNAME nameserver $MYDNS1 nameserver $MYDNS2 ENDF#关闭SEKINUXsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinuxsetenforce 0#修改文件打开数echo "* soft nofile 66666" >> /etc/security/limits.conf echo "* hard nofile 66666" >> /etc/security/limits.conf #优化内核参数cat >> /etc/sysctl.conf << ENDFnet.ipv4.tcp_max_syn_backlog = 65536net.core.netdev_max_backlog = 32768net.core.somaxconn = 32768net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.ipv4.tcp_timestamps = 0net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries = 2net.ipv4.tcp_tw_recycle = 1#net.ipv4.tcp_tw_len = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_max_orphans = 3276800net.ipv4.ip_local_port_range = 1024 65535ENDFsysctl -p #关闭系统不用的服务for server in `chkconfig --list |grep 3:on|awk '{ print $1}'`do chkconfig --level 3 $server offdonefor server in crond network rsyslog sshddo chkconfig --level 3 $server ondone#增加用户并sudo提权user_add(){ USERNAME=$(input_fun "please input new user name:") useradd $USERNAME passwd $USERNAME}user_addchmod +w /etc/sudoersecho "$USERNAME ALL=(ALL) ALL" >>/etc/sudoerschmod -w /etc/sudoers#设置时间时区同步yum -y install ntpdate/usr/sbin/ntpdate time.nist.govecho "*/5 * * * * root /usr/sbin/ntpdate time.nist.gov 1> /dev/null 2>&1" >> /var/spool/cron/root#配置SSHDsed -i '/^#Port/s/#Port 22/Port 65535/g' /etc/ssh/sshd_configsed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_configsed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_configsed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_configiptables -A INPUT -p tcp --dport 65535 -j ACCEPT/etc/init.d/sshd restart(责任编辑:IT) |