centos6系统优化脚本

时间:2016-06-04 21:57 来源:linux.it.net.cn 作者:IT

今天看到个不错的centos6优化脚本,现分享出来给大家,有需要的可以拿去自己改.

001	#!/bin/bash

002	# ID 201510192126

003	# Author Ricky

004	# E-mail 564001002@qq.com

005	# CentOS 6 系统初始优化脚本

006	# version 1.1.0

007

008

009	# 检查是否为root用户，脚本必须在root权限下运行 #

010	if [[ "$(whoami)" != "root" ]]; then

011	echo "please run this script as root !" >&2

012

exit 1

013

014	echo -e "\033[31m the script only Support CentOS_6 x86_64 \033[0m"

015	echo -e "\033[31m system initialization script, Please Seriously. press ctrl+C to cancel \033[0m"

016

017

018	# 按Y继续默认N，其他按键全部退出 #

019

yn="n"

020	echo "please input [Y\N]"

021	echo -n "default [N]: "

022

read yn

023	if [ "$yn" != "y" -a "$yn" != "Y" ]; then

024	echo "bye-bye!"

025

exit 0

026

027

028

029

# 倒计时 #

030	for i in `seq -w 3 -1 1`

031

032	echo -ne "\b>>>>>$i";

033

sleep 1;

034

done

035	echo -e "\b\Good Luck"

036

037

038	# 检查是否为64位系统，这个脚本只支持64位脚本

039	platform=`uname -i`

040	if [ $platform != "x86_64" ];then

041	echo "this script is only for 64bit Operating System !"

042

exit 1

043

044	echo "the platform is ok"

045

046

047	# 安装必要支持工具及软件工具

048	yum -y install redhat-lsb vim unzip openssl-client gcc gcc-c++

049

# clear

050	echo "Tools installation is complete"

051

052

053	# 检查系统版本为centos 6

054	distributor=`lsb_release -i \| awk '{print $NF}'`

055	version=`lsb_release -r \| awk '{print substr($NF,1,1)}'`

056	if [ $distributor != 'CentOS' -o $version != '6' ]; then

057	echo "this script is only for CentOS 6 !"

058

exit 1

059

060

# clear

061	cat << EOF

062	+---------------------------------------+

063	\| your system is CentOS 6 x86_64 \|

064	\| start optimizing \|

065	+---------------------------------------+

066

EOF

067

sleep 3

068

069

070	# instll repo

071	yum_update(){

072	#make the 163.com as the default yum repo

073	if [ ! -e "/etc/yum.repos.d/bak" ]; then

074	mkdir /etc/yum.repos.d/bak

075	mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/bak/CentOS-Base.repo.backup

076

077

078

#add

079	wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo

080

081	#add the third-party repo

082	#rpm -Uvh http://download.Fedora.RedHat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm

083	rpm -Uvh ftp://ftp.muug.mb.ca/mirror/centos/6.7/extras/x86_64/Packages/epel-release-6-8.noarch.rpm

084	#add the epel

085	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

086

087	#add the rpmforge

088	rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

089	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag

090

091	#update the system

092	yum clean all && yum makecache

093	yum -y update glibc\*

094	yum -y update yum\* rpm\* python\*

095	yum -y update

096	echo -e "\033[31m yum update ok \033[0m"

097

sleep 1

098

}

099

100

101	#time zone

102	zone_time(){

103	#install ntp

104	yum -y install ntp

105

106	#time zone

107	if [ `date +%z` != "+0800" ]; then

108	rm -rf /etc/localtime

109	ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

110	cat > /etc/sysconfig/clock << EOF

111	ZONE="Asia/Shanghai"

112

UTC=false

113

ARC=false

114

EOF

115

116	if [ `date +%z` != "+0800" ]; then

117	echo "The Shanghai time zone error"

118	rm -rf /etc/localtime

119	ln -sf /usr/share/zoneinfo/Asia/Chongqing /etc/localtime

120	cat > /etc/sysconfig/clock << EOF

121	ZONE="Asia/Chongqing"

122

UTC=false

123

ARC=false

124

EOF

125

126	if [ `date +%z` != "+0800" ]; then

127	echo "The Chongqing time zone error"

128	rm -rf /etc/localtime

129

130	ln -sf /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime

131	cat > /etc/sysconfig/clock << EOF

132	ZONE="Asia/Hang_Kong"

133

UTC=false

134

ARC=false

135

EOF

136

137	if [ `date +%z` != "+0800" ]; then

138	echo "The Hang_Kong time zone error， To write Shanghai time zone "

139	echo -e "\033[31m time zone error , please manual settings \033[0m"

140	rm -rf /etc/localtime

141	ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

142	cat > /etc/sysconfig/clock << EOF

143	ZONE="Asia/Shanghai"

144

UTC=false

145

ARC=false

146

EOF

147

148

149

150

151

152	echo "Present time zone:"`date +%z`

153	cat /etc/sysconfig/clock

154	echo -e "\033[31m time zone ok \033[0m"

155

sleep 1

156

157

158	# set time

159	echo "update time please wait!"

160	/usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1

161	#sed -i "/ntpdate/s/^/#/g" /var/spool/cron/root

162	sed -i "/ntpdate/d" /var/spool/cron/root

163	sed -i "/hwclock/d" /var/spool/cron/root

164	cat >> /var/spool/cron/root << EOF

165	/5 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1

166	* * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1

167

EOF

168	chmod 600 /var/spool/cron/root

169	/sbin/service crond restart

170	echo -e "\033[31m time zone ok \033[0m"

171

sleep 1

172

}

173

174

175	# set hosts

176

hosts(){

177	#修改hostname为127.0.0.1

178	if [ "$(hostname -i)" != "127.0.0.1" ]; then

179	sed -i "s@^127.0.0.1$.*$@127.0.0.1 `hostname`\1@" /etc/hosts

180

181

182	hostname -i

183	echo -e "\033[31m hosts ok \033[0m"

184

sleep 1

185

}

186

187

188	#set the file limit

189	limits_config(){

190

#修改文件打开数

191	sed -i "/^ulimit -SHn.*/d" /etc/rc.local

192	echo "ulimit -SHn 102400" >> /etc/rc.local

193

194	sed -i "/^ulimit -s.*/d" /etc/profile

195	sed -i "/^ulimit -c.*/d" /etc/profile

196	sed -i "/^ulimit -SHn.*/d" /etc/profile

197

198	cat >> /etc/profile << EOF

199

200

201

202	ulimit -c unlimited

203	ulimit -s unlimited

204	ulimit -SHn 102400

205

EOF

206

207	source /etc/profile

208

ulimit -a

209	cat /etc/profile \| grep ulimit

210	echo -e "\033[31m hosts ok \033[0m"

211

212	if [ ! -f "/etc/security/limits.conf.bak" ]; then

213	cp /etc/security/limits.conf /etc/security/limits.conf.bak

214

215	sed -i "/^.soft.*nofile/d" /etc/security/limits.conf

216	sed -i "/^.hard.*nofile/d" /etc/security/limits.conf

217	sed -i "/^.soft.*nproc/d" /etc/security/limits.conf

218	sed -i "/^.hard.*nproc/d" /etc/security/limits.conf

219	cat >> /etc/security/limits.conf << EOF

220

221

222

223

224	#---------custom-----------------------

225

226	* soft nofile 65535

227	* hard nofile 65535

228	* soft nproc 65535

229	* hard nproc 65535

230

EOF

231	cat /etc/security/limits.conf \| grep "^* .*"

232	echo -e "\033[31m limits ok \033[0m"

233

sleep 1

234

}

235

236

237	# tune kernel parametres #优化内核参数

238	sysctl_config(){

239

#delete

240	if [ ! -f "/etc/sysctl.conf.bak" ]; then

241	cp /etc/sysctl.conf /etc/sysctl.conf.bak

242

243	sed -i "/^net.ipv4.ip_forward/d" /etc/sysctl.conf

244	sed -i "/^net.ipv4.conf.default.rp_filter/d" /etc/sysctl.conf

245	sed -i "/^net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf

246	sed -i "/^kernel.sysrq/d" /etc/sysctl.conf

247	sed -i "/^kernel.core_uses_pid/d" /etc/sysctl.conf

248	sed -i "/^net.ipv4.tcp_syncookies/d" /etc/sysctl.conf

249	sed -i "/^kernel.msgmnb/d" /etc/sysctl.conf

250	sed -i "/^kernel.msgmax/d" /etc/sysctl.conf

251	sed -i "/^net.ipv4.tcp_max_tw_buckets/d" /etc/sysctl.conf

252	sed -i "/^net.ipv4.tcp_sack/d" /etc/sysctl.conf

253	sed -i "/^net.ipv4.tcp_window_scaling/d" /etc/sysctl.conf

254	sed -i "/^net.ipv4.tcp_rmem/d" /etc/sysctl.conf

255	sed -i "/^net.ipv4.tcp_wmem/d" /etc/sysctl.conf

256	sed -i "/^net.core.wmem_default/d" /etc/sysctl.conf

257	sed -i "/^net.core.rmem_default/d" /etc/sysctl.conf

258	sed -i "/^net.core.rmem_max/d" /etc/sysctl.conf

259	sed -i "/^net.core.wmem_max/d" /etc/sysctl.conf

260	sed -i "/^net.core.netdev_max_backlog/d" /etc/sysctl.conf

261	sed -i "/^net.core.somaxconn/d" /etc/sysctl.conf

262	sed -i "/^net.ipv4.tcp_max_orphans/d" /etc/sysctl.conf

263	sed -i "/^net.ipv4.tcp_max_syn_backlog/d" /etc/sysctl.conf

264	sed -i "/^net.ipv4.tcp_timestamps/d" /etc/sysctl.conf

265	sed -i "/^net.ipv4.tcp_synack_retries/d" /etc/sysctl.conf

266	sed -i "/^net.ipv4.tcp_syn_retries/d" /etc/sysctl.conf

267	sed -i "/^net.ipv4.tcp_tw_recycle/d" /etc/sysctl.conf

268	sed -i "/^net.ipv4.tcp_tw_reuse/d" /etc/sysctl.conf

269	sed -i "/^net.ipv4.tcp_mem/d" /etc/sysctl.conf

270	sed -i "/^net.ipv4.tcp_fin_timeout/d" /etc/sysctl.conf

271	sed -i "/^net.ipv4.tcp_keepalive_time/d" /etc/sysctl.conf

272	sed -i "/^net.ipv4.ip_local_port_range/d" /etc/sysctl.conf

273	#sed -i "/^net.ipv4.tcp_tw_len/d" /etc/sysctl.conf

274

275

#add

276	cat >> /etc/sysctl.conf << EOF

277

278

279

280

281	#-------custom---------------------------------------------

282

283	net.ipv4.ip_forward = 0

284	net.ipv4.conf.default.rp_filter = 1

285	net.ipv4.conf.default.accept_source_route = 0

286	kernel.sysrq = 0

287	kernel.core_uses_pid = 1

288	net.ipv4.tcp_syncookies = 1

289	kernel.msgmnb = 65536

290	kernel.msgmax = 65536

291	net.ipv4.tcp_max_tw_buckets = 6000

292	net.ipv4.tcp_sack = 1

293	net.ipv4.tcp_window_scaling = 1

294	net.ipv4.tcp_rmem = 4096 87380 4194304

295	net.ipv4.tcp_wmem = 4096 16384 4194304

296	net.core.wmem_default = 8388608

297	net.core.rmem_default = 8388608

298	net.core.rmem_max = 16777216

299	net.core.wmem_max = 16777216

300	net.core.netdev_max_backlog = 262144

301	net.core.somaxconn = 262144

302	net.ipv4.tcp_max_orphans = 3276800

303	net.ipv4.tcp_max_syn_backlog = 262144

304	net.ipv4.tcp_timestamps = 0

305	#net.ipv4.tcp_synack_retries = 1

306	net.ipv4.tcp_synack_retries = 2

307	#net.ipv4.tcp_syn_retries = 1

308	net.ipv4.tcp_syn_retries = 2

309	net.ipv4.tcp_tw_recycle = 1

310	net.ipv4.tcp_tw_reuse = 1

311	net.ipv4.tcp_mem = 94500000 915000000 927000000

312	#net.ipv4.tcp_fin_timeout = 1

313	net.ipv4.tcp_fin_timeout = 15

314	net.ipv4.tcp_keepalive_time = 30

315	net.ipv4.ip_local_port_range = 1024 65535

316	#net.ipv4.tcp_tw_len = 1

317

EOF

318

319

#buckets

320	echo 6000 > /proc/sys/net/ipv4/tcp_max_tw_buckets

321

322

#delete

323	sed -i "/^kernel.shmmax/d" /etc/sysctl.conf

324	sed -i "/^kernel.shmall/d" /etc/sysctl.conf

325

326

#add

327	shmmax=`free -l \|grep Mem \|awk '{printf("%d\n",$210240.9)}'`

328	shmall=$[$shmmax/4]

329	echo "kernel.shmmax = "$shmmax >> /etc/sysctl.conf

330	echo "kernel.shmall = "$shmall >> /etc/sysctl.conf

331

332

#bridge

333	modprobe bridge

334	lsmod\|grep bridge

335

336	#reload sysctl

337	/sbin/sysctl -p

338	echo -e "\033[31m sysctl ok \033[0m"

339

sleep 1

340

}

341

342

343	# control-alt-delete

344	set_key(){

345	#set the control-alt-delete to guard against the miSUSE

346	sed -i 's#^exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#'/etc/init/control-alt-delete.conf

347	cat /etc/init/control-alt-delete.conf \| grep /sbin/shutdown

348	echo -e "\033[31m control-alt-delete ok \033[0m"

349

sleep 1

350

}

351

352

353	#disable selinux #关闭SELINUX

354	selinux(){

355	sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

356	setenforce 0

357	echo -e "\033[31m selinux ok \033[0m"

358

sleep 1

359

}

360

361

362	#set sshd_config UseDNS

363	ssh_GSS(){

364	#sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config

365	sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config

366	sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config

367	sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g'/etc/ssh/sshd_config

368	/etc/init.d/sshd restart

369	cat /etc/ssh/sshd_config \| grep -i usedns

370	cat /etc/ssh/sshd_config \| grep -i PermitEmptyPasswords

371	echo -e "\033[31m sshd ok \033[0m"

372

sleep 1

373

}

374

375

376	#define the backspace button can erase the last character typed

377	backspace_button(){

378	sed -i "/^stty erase ^H/d" /etc/profile

379	echo 'stty erase ^H' >> /etc/profile

380	sed -i "/^syntax.*/d" /root/.vimrc

381	echo "syntax on" >> /root/.vimrc

382	echo -e "\033[31m backspace ok \033[0m"

383	cat /etc/profile \| grep -i "stty erase ^H"

384	cat /root/.vimrc \| grep -i "syntax"

385

sleep 1

386

}

387

388

389	#stop some crontab

390	stop_crond(){

391	if [ ! -e "/etc/cron.daily.bak" ]; then

392	mkdir /etc/cron.daily.bak

393	mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak > /dev/null 2>&1

394	mv /etc/cron.daily/mlocate.cron /etc/cron.daily.bak > /dev/null 2>&1

395

396	echo -e "\033[31m crond ok \033[0m"

397

sleep 1

398

}

399

400

401	#disable some service

402	dissable_service(){

403	chkconfig bluetooth off > /dev/null 2>&1

404	chkconfig cups off > /dev/null 2>&1

405	chkconfig ip6tables off > /dev/null 2>&1

406	chkconfig \| grep -E "cups\|ip6tables\|bluetooth"

407	echo -e "\033[31m service ok \033[0m"

408

sleep 1

409

}

410

411

412	#disable the ipv6

413	stop_ipv6(){

414	cat > /etc/modprobe.d/ipv6.conf << EOFI

415

416

417

418	#---------------custom-----------------------

419

420	alias net-pf-10 off

421	options ipv6 disable=1

422

EOFI

423	sed -i "/^NETWORKING_IPV6.*/d" /etc/sysconfig/network

424	echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network

425	cat /etc/sysconfig/network \| grep NETWORKING_IPV6

426	echo -e "\033[31m ipv6 ok \033[0m"

427

sleep 1

428

}

429

430

431	#language..

432	inittab(){

433	if [ -z "$(cat /etc/redhat-release \| grep '6\.')" ];then

434	sed -i 's/3:2345:respawn/#3:2345:respawn/g' /etc/inittab

435	sed -i 's/4:2345:respawn/#4:2345:respawn/g' /etc/inittab

436	sed -i 's/5:2345:respawn/#5:2345:respawn/g' /etc/inittab

437	sed -i 's/6:2345:respawn/#6:2345:respawn/g' /etc/inittab

438	sed -i 's/ca::ctrlaltdel/#ca::ctrlaltdel/g' /etc/inittab

439	sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n

440

else

441	sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@'/etc/sysconfig/init

442	sed -i 's@^start@#start@' /etc/init/control-alt-delete.conf

443

444	/sbin/init q

445

446

#locale

447	echo $LANG

448	echo -e "\033[31m inittab ok \033[0m"

449

sleep 1

450

}

451

452

453	# iptables

454	iptables(){

455	#add iptables

456	yum -y install iptables

457

458	#iptables conf bak

459	if [ ! -e "/etc/sysconfig/iptables.bak" ]; then

460	cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak > /dev/null 2>&1

461

462

463	#add config

464	cat > /etc/sysconfig/iptables << EOF

465	# Firewall configuration written by system-config-securitylevel

466	# Manual customization of this file is not recommended.

467	# 防火墙规则有先后顺序，修改前请测试确定后更改

468	# E-Mail:564001002@QQ.COM

469

*filter

470	:INPUT DROP [0:0]

471	:FORWARD ACCEPT [0:0]

472	:OUTPUT ACCEPT [0:0]

473	:syn-flood - [0:0]

474	#RELATED,ESTABLISHED

475	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

476

#io

477	-A INPUT -i lo -j ACCEPT

478

#ping

479	-A INPUT -p icmp -j ACCEPT

480

#redis

481	#-A INPUT -p tcp -m tcp --dport 6379 -j ACCEPT

482	#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 6379 -j ACCEPT

483

#mysql

484	#-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

485	#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT

486

#memcache

487	#-A INPUT -p tcp -m tcp --dport 11211 -j ACCEPT

488	#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 11211 -j ACCEPT

489

#php

490	#-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT

491	#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 9000 -j ACCEPT

492

#ssh

493	-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

494	#-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name SSH --rsource -j DROP

495	#-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT

496	#http 500 * 90% 需要限制情况下可以取消第一行注释

497	#-A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable

498	-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

499	#https 500 * 90% 需要限制情况下可以取消第一行注释

500	#-A INPUT -p tcp -m tcp --dport 443 -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable

501	-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

502	#---service--------------------------------------------------

503	#DNS 安装DNS服务器后需要打开

504	#-A INPUT -p udp --sport 53 -j ACCEPT

505	#ntp 配置ntp服务器时候需要打开

506	#-A INPUT -p udp --sport 123 -j ACCEPT

507	#对外访问，比如api接口需要结合OUTPUT DROP 全部关闭情况下才需要打开，这种限制非常严格情况下才配置

508	#-A OUTPUT -p tcp --dport 80 -j ACCEPT

509	#-A OUTPUT -p tcp --dport 443 -j ACCEPT

510	######################################################################################

511	#以下#号部分未测试或为成功，并可能有错误开启之前请先测试，并保证能与你的环境匹配

512	#syn-flood

513	#-A syn-flood -p tcp -m limit --limit 500/sec --limit-burst 10000 -j RETURN

514	#------FIN SYN RST ACK SYN-----------------

515	#-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT

516	#-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10/sec --limit-burst 100 -j ACCEPT

517	######################################################################################

518	#PORTSAN 端口扫描拒绝，缺少工具没能测试好，请慎用。

519	#-A INPUT -p tcp --syn -m recent --name portscan --rcheck --seconds 60 --hitcount 10 -j LOG

520	#-A INPUT -p tcp --syn -m recent --name portscan --set -j DROP

521	-A INPUT -j REJECT --reject-with icmp-host-prohibited

522	-A syn-flood -j REJECT --reject-with icmp-port-unreachable

523	-A FORWARD -j REJECT --reject-with icmp-host-prohibited

524

COMMIT

525

EOF

526	/sbin/service iptables restart

527	source /etc/profile

528	chkconfig iptables on

529	/sbin/iptables -L -v

530	chkconfig \| grep iptables

531	echo -e "\033[31m iptables ok \033[0m"

532

sleep 1

533

}

534

535

536

# others

537

other(){

538	# initdefault

539	sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab

540	/sbin/init q

541	cat /etc/inittab \| grep "id:"

542

543	# PS1 /tmp/

544	sed -i "/^PS1=.*/d" /etc/profile

545	echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile

546

547

# HISTSIZ

548	sed -i 's/^HISTSIZE=.*$/HISTSIZE=300/' /etc/profile

549	cat /etc/profile \| grep "^HISTSIZE"

550

551	# Record command

552	sed -i "/^export PROMPT_COMMAND=.*/d" /root/.bash_profile

553	echo "export PROMPT_COMMAND='{ msg=\$(history 1 \| { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile

554

555	# Wrong password five times locked 180s

556	sed -i "/^auth required pam_tally2.so deny=5 unlock_time=180/d"/etc/pam.d/system-auth

557	sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180'/etc/pam.d/system-auth

558	source /etc/profile

559	cat /etc/pam.d/system-auth \| grep "auth required pam_tally2.so"

560	echo -e "\033[31m other ok \033[0m"

561

sleep 1

562

}

563

564

565

# done

566	done_ok(){

567	cat << EOF

568	+-------------------------------------------------+

569	\| optimizer is done \|

570	\| it's recommond to restart this server ! \|

571	\| E-mail:564001002@QQ.COM \|

572

| |

573	\| Please Reboot system \|

574	+-------------------------------------------------+

575

EOF

576

}

577

578

579

# main

580

main(){

581	yum_update

582

zone_time

583

hosts

584	limits_config

585	sysctl_config

586

set_key

587

selinux

588

ssh_GSS

589	backspace_button

590	stop_crond

591	dissable_service

592

stop_ipv6

593

inittab

594

iptables

595

other

596

done_ok

597

}

598

main

(责任编辑：IT)