centos6系统初始化脚本代码,Shell代码库,德仔网

代码语言
代码分类
【Shell】 centos6系统初始化脚本
作者:51clocker / 发布于2015/7/20/ 1109

	#!/bin/bash
	
	#written:51clocker
	#date:2015-07-18
	#email:admin@51clocker.com
	#web:http://www.51clocker.com
	
	echo -e "\033[31m 这个是系统初始化脚本，请慎重运行！ press ctrl+C to cancel \033[0m"
	sleep 5
	
	yum_update(){
	 yum -y install wget
	 cd /etc/yum.repos.d/
	 mkdir bak
	 mv ./*.repo bak
	 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
	 wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
	 yum clean all && yum makecache
	 yum -y install vim unzip openssl-client gcc gcc-c++ ntp
	}
	
	# /etc/hosts
	#[ "$(hostname -i)" != "127.0.0.1" ] && sed -i "s@^127.0.0.1\(.*\)@127.0.0.1 `hostname` \1@" /etc/hosts
	
	#关闭SEKINUX
	selinux(){
	sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
	setenforce 0
	}
	
	#修改文件打开数
	# /etc/security/limits.conf
	limits_config(){
	cat >> /etc/security/limits.conf <<EOF
	* soft nproc 65535
	* hard nproc 65535
	* soft nofile 65535
	* hard nofile 65535
	EOF
	echo "ulimit -SH 65535" >> /etc/rc.local
	}
	#优化内核参数
	sysctl_config(){
	sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
	cat >> /etc/sysctl.conf << ENDF
	net.ipv4.tcp_max_syn_backlog = 65536
	net.core.netdev_max_backlog = 32768
	net.core.somaxconn = 32768
	net.core.wmem_default = 8388608
	net.core.rmem_default = 8388608
	net.core.rmem_max = 16777216
	net.core.wmem_max = 16777216
	net.ipv4.tcp_timestamps = 0
	net.ipv4.tcp_synack_retries = 2
	net.ipv4.tcp_syn_retries = 2
	net.ipv4.tcp_tw_recycle = 1
	#net.ipv4.tcp_tw_len = 1
	net.ipv4.tcp_tw_reuse = 1
	net.ipv4.tcp_mem = 94500000 915000000 927000000
	net.ipv4.tcp_max_orphans = 3276800
	net.ipv4.ip_local_port_range = 1024 65535
	ENDF
	sysctl -p
	}
	
	#关闭系统不用的服务
	stop_server(){
	for server in `chkconfig --list |grep 3:on|awk '{ print $1}'`
	do
	 chkconfig --level 3 $server off
	done
	
	for server in crond network rsyslog sshd
	do
	 chkconfig --level 3 $server on
	done
	}
	
	
	#language..
	inittab(){
	if [ -z "$(cat /etc/redhat-release | grep '6\.')" ];then
	 sed -i 's/3:2345:respawn/#3:2345:respawn/g' /etc/inittab
	 sed -i 's/4:2345:respawn/#4:2345:respawn/g' /etc/inittab
	 sed -i 's/5:2345:respawn/#5:2345:respawn/g' /etc/inittab
	 sed -i 's/6:2345:respawn/#6:2345:respawn/g' /etc/inittab
	 sed -i 's/ca::ctrlaltdel/#ca::ctrlaltdel/g' /etc/inittab
	 sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
	else
	 sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@' /etc/sysconfig/init
	 sed -i 's@^start@#start@' /etc/init/control-alt-delete.conf
	fi
	/sbin/init q
	}
	#设置时间时区同步
	zone_time(){
	 rm -rf /etc/localtime
	 ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
	
	 # Update time
	 /usr/sbin/ntpdate pool.ntp.org
	 echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root
	 /sbin/service crond restart
	}
	
	#配置SSHD
	sshd_config(){
	 #sed -i '/^#Port/s/#Port 22/Port 65535/g' /etc/ssh/sshd_config
	 sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
	 #sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
	 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
	 /etc/init.d/sshd restart
	}
	
	# iptables
	iptables(){
	cat > /etc/sysconfig/iptables << EOF
	# Firewall configuration written by system-config-securitylevel
	# Manual customization of this file is not recommended.
	*filter
	:INPUT DROP [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	:syn-flood - [0:0]
	-A INPUT -i lo -j ACCEPT
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
	-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
	-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
	-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
	-A INPUT -j REJECT --reject-with icmp-host-prohibited
	-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
	-A syn-flood -j REJECT --reject-with icmp-port-unreachable
	COMMIT
	EOF
	/sbin/service iptables restart
	source /etc/profile
	}
	other(){
	# initdefault
	sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab
	/sbin/init q
	# PS1
	echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile
	
	# Record command
	sed -i 's/^HISTSIZE=.*$/HISTSIZE=100/' /etc/profile
	echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile
	
	# Wrong password five times locked 180s
	sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
	. /etc/profile
	}
	
	main(){
	 yum_update
	 selinux
	 limits_config
	 sysctl_config
	 stop_server
	 inittab
	 zone_time
	 sshd_config
	# iptables
	 other
	}
	main
试试其它关键字
　系统初始化　　 centos6　
同语言下
可能有用的
51clocker贡献的其它代码(2)