> CentOS > CentOS运维 >

centos6系统优化脚本

今天看到个不错的centos6优化脚本,现分享出来给大家,有需要的可以拿去自己改.
 
 
001 #!/bin/bash
002 # ID 201510192126
003 # Author Ricky
004 # E-mail 564001002@qq.com
005 # CentOS 6 系统初始优化脚本
006 # version 1.1.0
007  
008  
009 # 检查是否为root用户,脚本必须在root权限下运行 #
010 if [[ "$(whoami)" != "root" ]]; then
011     echo "please run this script as root !" >&2
012     exit 1
013 fi
014 echo -e "\033[31m the script only Support CentOS_6 x86_64 \033[0m"
015 echo -e "\033[31m system initialization script, Please Seriously. press ctrl+C to cancel \033[0m"
016  
017  
018 # 按Y继续默认N,其他按键全部退出 #
019 yn="n"
020 echo "please input [Y\N]"
021 echo -n "default [N]: "
022 read yn
023 if [ "$yn" != "y" -a "$yn" != "Y" ]; then
024    echo "bye-bye!"
025    exit 0
026 fi
027  
028  
029 # 倒计时 #
030 for i in `seq -w 3 -1 1`
031   do
032     echo -ne "\b>>>>>$i";
033     sleep 1;
034   done
035 echo -e "\b\Good Luck"
036  
037  
038 # 检查是否为64位系统,这个脚本只支持64位脚本
039 platform=`uname -i`
040 if [ $platform != "x86_64" ];then
041     echo "this script is only for 64bit Operating System !"
042     exit 1
043 fi
044 echo "the platform is ok"
045  
046  
047 # 安装必要支持工具及软件工具
048 yum -y install redhat-lsb vim unzip openssl-client gcc gcc-c++
049 # clear
050 echo "Tools installation is complete"
051  
052  
053 # 检查系统版本为centos 6
054 distributor=`lsb_release -i | awk '{print $NF}'`
055 version=`lsb_release -r | awk '{print substr($NF,1,1)}'`
056 if [ $distributor != 'CentOS' -o $version != '6' ]; then
057     echo "this script is only for CentOS 6 !"
058     exit 1
059 fi
060 # clear
061 cat << EOF
062 +---------------------------------------+
063 |   your system is CentOS 6 x86_64      |
064 |           start optimizing            |
065 +---------------------------------------+
066 EOF
067 sleep 3
068  
069  
070 # instll repo
071 yum_update(){
072 #make the 163.com as the default yum repo
073 if [ ! -e "/etc/yum.repos.d/bak" ]; then
074     mkdir /etc/yum.repos.d/bak
075     mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/bak/CentOS-Base.repo.backup
076 fi
077  
078 #add
079 wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo
080  
081 #add the third-party repo
082 #rpm -Uvh http://download.Fedora.RedHat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
083 rpm -Uvh ftp://ftp.muug.mb.ca/mirror/centos/6.7/extras/x86_64/Packages/epel-release-6-8.noarch.rpm
084 #add the epel
085 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
086  
087 #add the rpmforge
088 rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
089 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
090  
091 #update the system
092 yum clean all && yum makecache
093 yum -y update glibc\*
094 yum -y update yum\* rpm\* python\*
095 yum -y update
096 echo -e "\033[31m yum update ok \033[0m"
097 sleep 1
098 }
099  
100  
101 #time zone
102 zone_time(){
103 #install ntp
104 yum -y install ntp
105  
106 #time zone
107 if [ `date +%z` != "+0800" ]; then
108     rm -rf /etc/localtime
109     ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
110 cat > /etc/sysconfig/clock << EOF
111 ZONE="Asia/Shanghai"
112 UTC=false
113 ARC=false
114 EOF
115  
116 if [ `date +%z` != "+0800" ]; then
117     echo "The Shanghai time zone error"
118     rm -rf /etc/localtime
119     ln -sf /usr/share/zoneinfo/Asia/Chongqing /etc/localtime
120 cat > /etc/sysconfig/clock << EOF
121 ZONE="Asia/Chongqing"
122 UTC=false
123 ARC=false
124 EOF
125  
126 if [ `date +%z` != "+0800" ]; then
127     echo "The Chongqing time zone error"
128     rm -rf /etc/localtime
129  
130     ln -sf /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime
131 cat > /etc/sysconfig/clock << EOF
132 ZONE="Asia/Hang_Kong"
133 UTC=false
134 ARC=false
135 EOF
136  
137 if [ `date +%z` != "+0800" ]; then
138     echo "The Hang_Kong time zone error, To write Shanghai time zone "
139     echo -e "\033[31m time zone error , please manual settings \033[0m"
140     rm -rf /etc/localtime
141     ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
142 cat > /etc/sysconfig/clock << EOF
143 ZONE="Asia/Shanghai"
144 UTC=false
145 ARC=false
146 EOF
147 fi
148 fi
149 fi
150 fi
151  
152 echo "Present time zone:"`date +%z`
153 cat /etc/sysconfig/clock
154 echo -e "\033[31m time zone ok \033[0m"
155 sleep 1
156  
157  
158 # set time
159 echo "update time please wait!"
160 /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1
161 #sed -i "/ntpdate/s/^/#/g" /var/spool/cron/root
162 sed -i "/ntpdate/d" /var/spool/cron/root
163 sed -i "/hwclock/d" /var/spool/cron/root
164 cat >> /var/spool/cron/root << EOF
165 */5 * * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1
166 * * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1
167 EOF
168 chmod 600 /var/spool/cron/root
169 /sbin/service crond restart
170 echo -e "\033[31m time zone ok \033[0m"
171 sleep 1
172 }
173  
174  
175 # set hosts
176 hosts(){
177 #修改hostname为127.0.0.1
178 if [ "$(hostname -i)" != "127.0.0.1" ]; then
179     sed -i "s@^127.0.0.1\(.*\)@127.0.0.1 `hostname`\1@" /etc/hosts
180 fi
181  
182 hostname -i
183 echo -e "\033[31m hosts ok \033[0m"
184 sleep 1
185 }
186  
187  
188 #set the file limit
189 limits_config(){
190 #修改文件打开数
191 sed -i "/^ulimit -SHn.*/d" /etc/rc.local
192 echo "ulimit -SHn 102400" >> /etc/rc.local
193  
194 sed -i "/^ulimit -s.*/d" /etc/profile
195 sed -i "/^ulimit -c.*/d" /etc/profile
196 sed -i "/^ulimit -SHn.*/d" /etc/profile
197  
198 cat >> /etc/profile << EOF
199 #
200 #
201 #
202 ulimit -c unlimited
203 ulimit -s unlimited
204 ulimit -SHn 102400
205 EOF
206  
207 source /etc/profile
208 ulimit -a
209 cat /etc/profile | grep ulimit
210 echo -e "\033[31m hosts ok \033[0m"
211  
212 if [ ! -f "/etc/security/limits.conf.bak" ]; then
213     cp /etc/security/limits.conf /etc/security/limits.conf.bak
214 fi
215 sed -i "/^*.*soft.*nofile/d" /etc/security/limits.conf
216 sed -i "/^*.*hard.*nofile/d" /etc/security/limits.conf
217 sed -i "/^*.*soft.*nproc/d" /etc/security/limits.conf
218 sed -i "/^*.*hard.*nproc/d" /etc/security/limits.conf
219 cat >> /etc/security/limits.conf << EOF
220 #
221 #
222 #
223 #
224 #---------custom-----------------------
225 #
226 *           soft   nofile       65535
227 *           hard   nofile       65535
228 *           soft   nproc        65535
229 *           hard   nproc        65535
230 EOF
231 cat /etc/security/limits.conf | grep "^*           .*"
232 echo -e "\033[31m limits ok \033[0m"
233 sleep 1
234 }
235  
236  
237 # tune kernel parametres #优化内核参数
238 sysctl_config(){
239 #delete
240 if [ ! -f "/etc/sysctl.conf.bak" ]; then
241     cp /etc/sysctl.conf /etc/sysctl.conf.bak
242 fi
243 sed -i "/^net.ipv4.ip_forward/d" /etc/sysctl.conf
244 sed -i "/^net.ipv4.conf.default.rp_filter/d" /etc/sysctl.conf
245 sed -i "/^net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf
246 sed -i "/^kernel.sysrq/d" /etc/sysctl.conf
247 sed -i "/^kernel.core_uses_pid/d" /etc/sysctl.conf
248 sed -i "/^net.ipv4.tcp_syncookies/d" /etc/sysctl.conf
249 sed -i "/^kernel.msgmnb/d" /etc/sysctl.conf
250 sed -i "/^kernel.msgmax/d" /etc/sysctl.conf
251 sed -i "/^net.ipv4.tcp_max_tw_buckets/d" /etc/sysctl.conf
252 sed -i "/^net.ipv4.tcp_sack/d" /etc/sysctl.conf
253 sed -i "/^net.ipv4.tcp_window_scaling/d" /etc/sysctl.conf
254 sed -i "/^net.ipv4.tcp_rmem/d" /etc/sysctl.conf
255 sed -i "/^net.ipv4.tcp_wmem/d" /etc/sysctl.conf
256 sed -i "/^net.core.wmem_default/d" /etc/sysctl.conf
257 sed -i "/^net.core.rmem_default/d" /etc/sysctl.conf
258 sed -i "/^net.core.rmem_max/d" /etc/sysctl.conf
259 sed -i "/^net.core.wmem_max/d" /etc/sysctl.conf
260 sed -i "/^net.core.netdev_max_backlog/d" /etc/sysctl.conf
261 sed -i "/^net.core.somaxconn/d" /etc/sysctl.conf
262 sed -i "/^net.ipv4.tcp_max_orphans/d" /etc/sysctl.conf
263 sed -i "/^net.ipv4.tcp_max_syn_backlog/d" /etc/sysctl.conf
264 sed -i "/^net.ipv4.tcp_timestamps/d" /etc/sysctl.conf
265 sed -i "/^net.ipv4.tcp_synack_retries/d" /etc/sysctl.conf
266 sed -i "/^net.ipv4.tcp_syn_retries/d" /etc/sysctl.conf
267 sed -i "/^net.ipv4.tcp_tw_recycle/d" /etc/sysctl.conf
268 sed -i "/^net.ipv4.tcp_tw_reuse/d" /etc/sysctl.conf
269 sed -i "/^net.ipv4.tcp_mem/d" /etc/sysctl.conf
270 sed -i "/^net.ipv4.tcp_fin_timeout/d" /etc/sysctl.conf
271 sed -i "/^net.ipv4.tcp_keepalive_time/d" /etc/sysctl.conf
272 sed -i "/^net.ipv4.ip_local_port_range/d" /etc/sysctl.conf
273 #sed -i "/^net.ipv4.tcp_tw_len/d" /etc/sysctl.conf
274  
275 #add
276 cat >> /etc/sysctl.conf << EOF
277 #
278 #
279 #
280 #
281 #-------custom---------------------------------------------
282 #
283 net.ipv4.ip_forward = 0
284 net.ipv4.conf.default.rp_filter = 1
285 net.ipv4.conf.default.accept_source_route = 0
286 kernel.sysrq = 0
287 kernel.core_uses_pid = 1
288 net.ipv4.tcp_syncookies = 1
289 kernel.msgmnb = 65536
290 kernel.msgmax = 65536
291 net.ipv4.tcp_max_tw_buckets = 6000
292 net.ipv4.tcp_sack = 1
293 net.ipv4.tcp_window_scaling = 1
294 net.ipv4.tcp_rmem = 4096    87380   4194304
295 net.ipv4.tcp_wmem = 4096    16384   4194304
296 net.core.wmem_default = 8388608
297 net.core.rmem_default = 8388608
298 net.core.rmem_max = 16777216
299 net.core.wmem_max = 16777216
300 net.core.netdev_max_backlog = 262144
301 net.core.somaxconn = 262144
302 net.ipv4.tcp_max_orphans = 3276800
303 net.ipv4.tcp_max_syn_backlog = 262144
304 net.ipv4.tcp_timestamps = 0
305 #net.ipv4.tcp_synack_retries = 1
306 net.ipv4.tcp_synack_retries = 2
307 #net.ipv4.tcp_syn_retries = 1
308 net.ipv4.tcp_syn_retries = 2
309 net.ipv4.tcp_tw_recycle = 1
310 net.ipv4.tcp_tw_reuse = 1
311 net.ipv4.tcp_mem = 94500000 915000000 927000000
312 #net.ipv4.tcp_fin_timeout = 1
313 net.ipv4.tcp_fin_timeout = 15
314 net.ipv4.tcp_keepalive_time = 30
315 net.ipv4.ip_local_port_range = 1024    65535
316 #net.ipv4.tcp_tw_len = 1
317 EOF
318  
319 #buckets
320 echo 6000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
321  
322 #delete
323 sed -i "/^kernel.shmmax/d" /etc/sysctl.conf
324 sed -i "/^kernel.shmall/d" /etc/sysctl.conf
325  
326 #add
327 shmmax=`free -l |grep Mem |awk '{printf("%d\n",$2*1024*0.9)}'`
328 shmall=$[$shmmax/4]
329 echo "kernel.shmmax = "$shmmax >> /etc/sysctl.conf
330 echo "kernel.shmall = "$shmall >> /etc/sysctl.conf
331  
332 #bridge
333 modprobe bridge
334 lsmod|grep bridge
335  
336 #reload sysctl
337 /sbin/sysctl -p
338 echo -e "\033[31m sysctl ok \033[0m"
339 sleep 1
340 }
341  
342  
343 # control-alt-delete
344 set_key(){
345 #set the control-alt-delete to guard against the miSUSE
346 sed -i 's#^exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#'/etc/init/control-alt-delete.conf
347 cat /etc/init/control-alt-delete.conf | grep /sbin/shutdown
348 echo -e "\033[31m control-alt-delete ok \033[0m"
349 sleep 1
350 }
351  
352  
353 #disable selinux #关闭SELINUX
354 selinux(){
355 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
356 setenforce 0
357 echo -e "\033[31m selinux ok \033[0m"
358 sleep 1
359 }
360  
361  
362 #set sshd_config UseDNS
363 ssh_GSS(){
364 #sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
365 sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
366 sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
367 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g'/etc/ssh/sshd_config
368 /etc/init.d/sshd restart
369 cat /etc/ssh/sshd_config | grep -i usedns
370 cat /etc/ssh/sshd_config | grep -i PermitEmptyPasswords
371 echo -e "\033[31m sshd ok \033[0m"
372 sleep 1
373 }
374  
375  
376 #define the backspace button can erase the last character typed
377 backspace_button(){
378 sed -i "/^stty erase ^H/d" /etc/profile
379 echo 'stty erase ^H' >> /etc/profile
380 sed -i "/^syntax.*/d" /root/.vimrc
381 echo "syntax on" >> /root/.vimrc
382 echo -e "\033[31m backspace ok \033[0m"
383 cat /etc/profile | grep -i "stty erase ^H"
384 cat /root/.vimrc | grep -i "syntax"
385 sleep 1
386 }
387  
388  
389 #stop some crontab
390 stop_crond(){
391 if [ ! -e "/etc/cron.daily.bak" ]; then
392     mkdir /etc/cron.daily.bak
393     mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak > /dev/null 2>&1
394     mv /etc/cron.daily/mlocate.cron /etc/cron.daily.bak > /dev/null 2>&1
395 fi
396 echo -e "\033[31m crond ok \033[0m"
397 sleep 1
398 }
399  
400  
401 #disable some service
402 dissable_service(){
403 chkconfig bluetooth off > /dev/null 2>&1
404 chkconfig cups off  > /dev/null 2>&1
405 chkconfig ip6tables off  > /dev/null 2>&1
406 chkconfig | grep -E "cups|ip6tables|bluetooth"
407 echo -e "\033[31m service ok \033[0m"
408 sleep 1
409 }
410  
411  
412 #disable the ipv6
413 stop_ipv6(){
414 cat > /etc/modprobe.d/ipv6.conf << EOFI
415 #
416 #
417 #
418 #---------------custom-----------------------
419 #
420 alias net-pf-10 off
421 options ipv6 disable=1
422 EOFI
423 sed -i "/^NETWORKING_IPV6.*/d" /etc/sysconfig/network
424 echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
425 cat /etc/sysconfig/network | grep NETWORKING_IPV6
426 echo -e "\033[31m ipv6 ok \033[0m"
427 sleep 1
428 }
429  
430  
431 #language..
432 inittab(){
433 if [ -z "$(cat /etc/redhat-release | grep '6\.')" ];then
434     sed -i 's/3:2345:respawn/#3:2345:respawn/g' /etc/inittab
435     sed -i 's/4:2345:respawn/#4:2345:respawn/g' /etc/inittab
436     sed -i 's/5:2345:respawn/#5:2345:respawn/g' /etc/inittab
437     sed -i 's/6:2345:respawn/#6:2345:respawn/g' /etc/inittab
438     sed -i 's/ca::ctrlaltdel/#ca::ctrlaltdel/g' /etc/inittab
439     sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
440 else
441     sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@'/etc/sysconfig/init
442     sed -i 's@^start@#start@' /etc/init/control-alt-delete.conf
443 fi
444 /sbin/init q
445  
446 #locale
447 echo $LANG
448 echo -e "\033[31m inittab ok \033[0m"
449 sleep 1
450 }
451  
452  
453 # iptables
454 iptables(){
455 #add iptables
456 yum -y install iptables
457  
458 #iptables conf bak
459 if [ ! -e "/etc/sysconfig/iptables.bak" ]; then
460     cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak > /dev/null 2>&1
461 fi
462  
463 #add config
464 cat > /etc/sysconfig/iptables << EOF
465 # Firewall configuration written by system-config-securitylevel
466 # Manual customization of this file is not recommended.
467 # 防火墙规则有先后顺序,修改前请测试确定后更改
468 # E-Mail:564001002@QQ.COM
469 *filter
470 :INPUT DROP [0:0]
471 :FORWARD ACCEPT [0:0]
472 :OUTPUT ACCEPT [0:0]
473 :syn-flood - [0:0]
474 #RELATED,ESTABLISHED
475 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
476 #io
477 -A INPUT -i lo -j ACCEPT
478 #ping
479 -A INPUT -p icmp -j ACCEPT
480 #redis
481 #-A INPUT -p tcp -m tcp --dport 6379 -j ACCEPT
482 #-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 6379 -j ACCEPT
483 #mysql
484 #-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
485 #-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
486 #memcache
487 #-A INPUT -p tcp -m tcp --dport 11211 -j ACCEPT
488 #-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 11211 -j ACCEPT
489 #php
490 #-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
491 #-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 9000 -j ACCEPT
492 #ssh
493 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
494 #-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name SSH --rsource -j DROP
495 #-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
496 #http  500 * 90%  需要限制情况下可以取消第一行注释
497 #-A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable
498 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
499 #https 500 * 90% 需要限制情况下可以取消第一行注释
500 #-A INPUT -p tcp -m tcp --dport 443 -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable
501 -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
502 #---service--------------------------------------------------
503 #DNS 安装DNS服务器后需要打开
504 #-A INPUT -p udp --sport 53  -j ACCEPT
505 #ntp 配置ntp服务器时候需要打开
506 #-A INPUT -p udp --sport 123 -j ACCEPT
507 #对外访问,比如api接口 需要结合OUTPUT DROP 全部关闭情况下才需要打开,这种限制非常严格情况下才配置
508 #-A OUTPUT -p tcp --dport 80 -j ACCEPT
509 #-A OUTPUT -p tcp --dport 443 -j ACCEPT
510 ######################################################################################
511 #以下#号部分未测试或为成功,并可能有错误开启之前请先测试,并保证能与你的环境匹配
512 #syn-flood
513 #-A syn-flood -p tcp -m limit --limit 500/sec --limit-burst 10000 -j RETURN
514 #------FIN SYN RST ACK SYN-----------------
515 #-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
516 #-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10/sec --limit-burst 100 -j ACCEPT
517 ######################################################################################
518 #PORTSAN 端口扫描拒绝,缺少工具没能测试好,请慎用。
519 #-A INPUT -p tcp --syn -m recent --name portscan --rcheck --seconds 60 --hitcount 10 -j LOG
520 #-A INPUT -p tcp --syn -m recent --name portscan --set -j DROP
521 -A INPUT -j REJECT --reject-with icmp-host-prohibited
522 -A syn-flood -j REJECT --reject-with icmp-port-unreachable
523 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
524 COMMIT
525 EOF
526 /sbin/service iptables restart
527 source /etc/profile
528 chkconfig iptables on
529 /sbin/iptables -L -v
530 chkconfig | grep iptables
531 echo -e "\033[31m iptables ok \033[0m"
532 sleep 1
533 }
534  
535  
536 # others
537 other(){
538 # initdefault
539 sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab
540 /sbin/init q
541 cat /etc/inittab | grep "id:"
542  
543 # PS1 /tmp/
544 sed -i "/^PS1=.*/d" /etc/profile
545 echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile
546  
547 # HISTSIZ
548 sed -i 's/^HISTSIZE=.*$/HISTSIZE=300/' /etc/profile
549 cat /etc/profile | grep "^HISTSIZE"
550  
551 # Record command
552 sed -i "/^export PROMPT_COMMAND=.*/d" /root/.bash_profile
553 echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile
554  
555 # Wrong password five times locked 180s
556 sed -i "/^auth        required      pam_tally2.so deny=5 unlock_time=180/d"/etc/pam.d/system-auth
557 sed -i '4a auth        required      pam_tally2.so deny=5 unlock_time=180'/etc/pam.d/system-auth
558 source /etc/profile
559 cat /etc/pam.d/system-auth | grep "auth        required      pam_tally2.so"
560 echo -e "\033[31m other ok \033[0m"
561 sleep 1
562 }
563  
564  
565 # done
566 done_ok(){
567 cat << EOF
568 +-------------------------------------------------+
569 |               optimizer is done                 |
570 |   it's recommond to restart this server !       |
571 |            E-mail:564001002@QQ.COM              |
572 |                                                 |
573 |             Please Reboot system                |
574 +-------------------------------------------------+
575 EOF
576 }
577  
578  
579 # main
580 main(){
581     yum_update
582     zone_time
583     hosts
584     limits_config
585     sysctl_config
586     set_key
587     selinux
588     ssh_GSS
589     backspace_button
590     stop_crond
591     dissable_service
592     stop_ipv6
593     inittab
594     iptables
595     other
596     done_ok
597 }
598 main



(责任编辑:IT)