网站首页
网站导航
Ctrl+D收藏
首 页
代码段
源码包
文档库
工具箱
代码语言
.
CSharp
.
JS
Java
Asp.Net
C
MSSQL
PHP
Css
PLSQL
Python
Shell
EBS
ASP
Perl
ObjC
VB.Net
VBS
MYSQL
GO
Delphi
AS
DB2
Domino
Rails
ActionScript
Scala
代码分类
文件
系统
字符串
数据库
网络相关
图形/GUI
多媒体
算法
游戏
Jquery
Extjs
Android
HTML5
菜单
网页交互
WinForm
控件
企业应用
安全与加密
脚本/批处理
开放平台
其它
【
Shell
】
centos6系统初始化脚本
作者:
51clocker
/ 发布于
2015/7/20
/
773
#!/bin/bash #written:51clocker #date:2015-07-18 #email:admin@51clocker.com #web:http://www.51clocker.com echo -e "\033[31m 这个是系统初始化脚本,请慎重运行! press ctrl+C to cancel \033[0m" sleep 5 yum_update(){ yum -y install wget cd /etc/yum.repos.d/ mkdir bak mv ./*.repo bak wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo yum clean all && yum makecache yum -y install vim unzip openssl-client gcc gcc-c++ ntp } # /etc/hosts #[ "$(hostname -i)" != "127.0.0.1" ] && sed -i "s@^127.0.0.1\(.*\)@127.0.0.1 `hostname` \1@" /etc/hosts #关闭SEKINUX selinux(){ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux setenforce 0 } #修改文件打开数 # /etc/security/limits.conf limits_config(){ cat >> /etc/security/limits.conf <<EOF * soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 EOF echo "ulimit -SH 65535" >> /etc/rc.local } #优化内核参数 sysctl_config(){ sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf cat >> /etc/sysctl.conf << ENDF net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65535 ENDF sysctl -p } #关闭系统不用的服务 stop_server(){ for server in `chkconfig --list |grep 3:on|awk '{ print $1}'` do chkconfig --level 3 $server off done for server in crond network rsyslog sshd do chkconfig --level 3 $server on done } #language.. inittab(){ if [ -z "$(cat /etc/redhat-release | grep '6\.')" ];then sed -i 's/3:2345:respawn/#3:2345:respawn/g' /etc/inittab sed -i 's/4:2345:respawn/#4:2345:respawn/g' /etc/inittab sed -i 's/5:2345:respawn/#5:2345:respawn/g' /etc/inittab sed -i 's/6:2345:respawn/#6:2345:respawn/g' /etc/inittab sed -i 's/ca::ctrlaltdel/#ca::ctrlaltdel/g' /etc/inittab sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n else sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@' /etc/sysconfig/init sed -i 's@^start@#start@' /etc/init/control-alt-delete.conf fi /sbin/init q } #设置时间时区同步 zone_time(){ rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # Update time /usr/sbin/ntpdate pool.ntp.org echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root /sbin/service crond restart } #配置SSHD sshd_config(){ #sed -i '/^#Port/s/#Port 22/Port 65535/g' /etc/ssh/sshd_config sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config #sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config /etc/init.d/sshd restart } # iptables iptables(){ cat > /etc/sysconfig/iptables << EOF # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :syn-flood - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood -A INPUT -j REJECT --reject-with icmp-host-prohibited -A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN -A syn-flood -j REJECT --reject-with icmp-port-unreachable COMMIT EOF /sbin/service iptables restart source /etc/profile } other(){ # initdefault sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab /sbin/init q # PS1 echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile # Record command sed -i 's/^HISTSIZE=.*$/HISTSIZE=100/' /etc/profile echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile # Wrong password five times locked 180s sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth . /etc/profile } main(){ yum_update selinux limits_config sysctl_config stop_server inittab zone_time sshd_config # iptables other } main
评论列表
本站所提供的代码,版权归原作者所有,若有侵犯作者版权,请与我们联系,我们将立即删除或修改。谢谢!
本站所有代码发布及提供者。
试试其它关键字
系统初始化
centos6
同语言下
.
判断用户输入的是否为IP地址
.
根据web访问日志,封禁请求量异常的IP,如IP在半小时
.
iptables自动屏蔽访问网站频繁的IP
.
批量修改服务器用户密码
.
监控httpd的进程数,根据监控情况做相应处理
.
创建10个用户,并分别设置密码,密码要求10位且包含大
.
Expect实现SSH免交互执行命令
.
输入数字运行相应命令
.
用shell打印示例语句中字母数小于6的单词
.
扫描主机端口状态
可能有用的
.
SQL查询 多列合并成一行用逗号隔开
.
一行一行读取txt的内容
.
C#动态修改文件夹名称(FSO实现,不移动文件)
.
c# 移动文件或文件夹
.
c#图片添加水印
.
Java PDF转换成图片并输出给前台展示
.
网站后台修改图片尺寸代码
.
处理大图片在缩略图时的展示
.
实现对图片上传的接收
.
判断用户输入的是否为IP地址
51clocker
贡献的其它代码
(
2
)
.
扫描包下所有的类
.
centos6系统初始化脚本
地图
本站
我们
服务
版权
联系
回馈
博客