linux系统初始化配置脚本分享

这个脚本是我借鉴某大神的脚本改写的（其实是赤裸裸的拿来用了），功能主要是实现系统自定义配置，搭建原始的linux环境模板，分享给大家，顺便分享个小诀窍：

复制代码后，请使用"notepad++"或其它编辑器打开此文档, "alt+0"将函数折叠后方便查阅 。

插句话，这个方法我是从雪松大神的[python实例手册] [shell实例手册]学到的，感谢他们的共享精神，一直在维护这两个手册的更新， 分享下着两个手册的地址：

[python实例手册] [shell实例手册] [LazyManage运维批量管理(shell/python两个版本)]
网盘更新下载地址: http://pan.baidu.com/s/1sjsFrmX github更新下载地址: https://github.com/liquanzhou/ops_doc
下面就是我的脚本，可以给运维小伙伴借鉴成框架，自己写脚本时可以在这个基础上改哦，建议大家不要拿来就用，这个脚本中还有些不健全的地方，欢迎大家来找茬.

#!/bin/sh
#####################################################################################
#auther:gushao
#time:2015-5-11
#system: centos 6.5
#系统基础优化脚本,适用于xenserver虚拟机
#####################################################################################
#set env
#export PATH=$PATH:/bin:/sbin:/usr/sbin
#PATH没有配置且为空，才对其配置
#本版本适用于centos 6.5
#####################################################################################
#申明环境变量
export PATH=${PATH:-/bin:/sbin:/usr/sbin}
export LANG="zh_CN.UTF-8"
#Source funtion library.
. /etc/init.d/functions
#Require root to run this script
if [[ "$(whoami)" != 'root' ]];then
echo "please run this script as root" > $2
exit 1
fi
#define cmd var
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
#####################################################################################
#申明环境变量
BACK_CONF=/root/back_conf
ADJUST_CONF=/root/adjust_conf
test -d $BACK_CONF || mkdir  -p $BACK_CONF
test -d $ADJUST_CONF || mkdir  -p $ADJUST_CONF
#####################################################################################
#申明设置变量
SSH_PORT=22
#saUserArr=(oldboy oldboy1 oldboy2)
saUserArr=nginx
saUserPass=nginx
hostNameTmp=tomcat04.qhfax
ip=your_IP
IP_GATWAY=your_gatway_ip
#####################################################################################
#01  软件准备
installTool(){
echo '"Development tools" "Chinese Support" '
yum -y groupinstall 'Development tools' 'Chinese Support'   > /dev/null
yum -y update  > /dev/null
action "01 软件更新成功"  /bin/true
yum install wget -y
}
#02 主机域名设置
initHostName(){
\cp /etc/hosts $BACK_CONF/hosts.$(date +%F)
echo "$ip $hostNameTmp" >> /etc/hosts
#使hostname生效
hostname $hostNameTmp
action "02 主机名称设置成功！"  /bin/true
}
#03 IP设置
initHostIP(){
cat > $ADJUST_CONF/ifcfg-eth0 << EOF
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=$ip
NETMASK="255.255.255.0"
GATEWAY=${IP_GATWAY}
EOF
sed -i "s/HOSTNAME=/HOSTNAME=$hostNameTMP/" /etc/sysconfig/network
\cp /etc/sysconfig/network-scripts/ifcfg-eth0 $BACK_CONF/ifcfg-eth0.$(date +%F)
cat $ADJUST_CONF/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0
if [ `cat /etc/hosts | grep $hostNameTmp | wc -l` -lt 1 ];then
echo "$ip $hostNameTmp" >> /etc/hosts
fi
#使IP生效
/etc/init.d/network reload
action "03 IP地址设置成功！"  /bin/true
}
#04 设置正确的时区
initZone(){
if [ 'ZONE="Asia/Shanghai' == `cat /etc/sysconfig/clock`  ];then
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'ZONE="Asia/Shanghai"' > /etc/sysconfig/clock
fi
action "04 时区已设置成功！"  /bin/true
}
#05 时间同步
syncSystemTime(){
if [ `grep 0.0.0.123 /var/spool/cron/root | grep -v grep | wc -l ` -lt 1 ];then
echo "*/5 * * * * root /usr/sbin/ntpdate 10.0.0.123 > /dev/null 2>&1 " >> /var/spool/cron/root
fi
action "05 同步系统时间成功！"  /bin/true
}
#06 设置服务器字符编码
initI18n(){
cat > $ADJUST_CONF/i18n  << EOF
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.GB2312:zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16"
EOF
cmp  $ADJUST_CONF/i18n  /etc/sysconfig/i18n
if  [ $? -ne  0 ];then
\cp  /etc/sysconfig/i18n $BACK_CONF/i18n.$(date +%F)
#此处需要修改，增加判断
cat $ADJUST_CONF/i18n > /etc/sysconfig/i18n
source /etc/sysconfig/i18n
grep LANG /etc/sysconfig/i18n
action "06 字符编码已设置成功"  /bin/true
else
action "06 字符编码已设置成功"  /bin/true
fi
sleep 1
}
#07 用户设置
AddSAUser(){
datetmp=`date +"%Y-%m-%d_%H-%M-%S"`
#\cp /etc/sudoers /etc/sudoers.${datetmp}
for((i=0;i<${#saUserArr[@]};i++))
do
if [ `cat /etc/passwd | grep  ${saUserArr[$1]} | wc -l` -lt 1 ];then
useradd   ${saUserArr[$1]}
echo "${saUserPass}" | passwd ${saUserArr[$i]} --stdin
action "07 添加新用户成功！"  /bin/true
else
action "07 新用户已添加！"  /bin/true
fi
echo "${saUserPass}" | passwd ${saUserArr[$i]} --stdin
#config sudo perm
#[ $(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL " /etc/sudoers|wc -l ) -le 0 ] && echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
#[ `grep "\%sa" | grep -v grep | wc -l` -ne 1 ] &&  echo "%sa  ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
done
#/usr/sbin/visudo -c
#[ $? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers && echo $"Sudoers not configured -- exinging" && exit 1
sleep 1
}
#08 文件打开数等资源设置
openFiles(){
cat > $ADJUST_CONF/limits.conf  << EOF
# nofile 可以被理解为是文件句柄数 文件描述符 还有socket数
* soft nofile 65535
* hard nofile 65535
# 最大进程数
* soft nproc 65535
* hard nproc 65535
EOF
cmp  $ADJUST_CONF/limits.conf  /etc/security/limits.conf
if  [ $? -ne  0 ];then
echo "----调整最大打开系统文件个数65535个------"
\cp /etc/security/limits.conf $BACK_CONF/limits.conf.`date +%F`
cat $ADJUST_CONF/limits.conf > /etc/security/limits.conf
ulimit -HSn 65535
echo "ulimit -HSn 65535" >> /etc/rc.local
action "08 调整打开系统文件个数成功！（修改后重新登录生效）"  /bin/true
else
action "08 调整打开系统文件个数已配置！"  /bin/true
fi
sleep 1
}
#09 防火墙iptables设置
closeIptables(){
/etc/init.d/iptables stop
action "09 已关闭iptables"  /bin/true
}
#10 selinux设置
initFirewall(){
if [ `cat /etc/selinux/config | grep -v '#' | grep SELINUX=` !=  'SELINUX=disabled' ];then
\cp /etc/selinux/config $BACK_CONF/config.`date +%F`
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
/etc/init.d/iptables status
grep SELINUX=disabled /etc/selinux/config
action "10 已关闭selinux"  /bin/true
else
action "10 selinux均已关闭"  /bin/true
fi
setenforce 0
sleep 1
}
#11 sshd设置
initSsh(){
cat > $ADJUST_CONF/sshd_config  << EOF
PORT $SSH_PORT
Protocol 2
Compression yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile.ssh/authorized_keys
PermitRootLogin yes
UseDns no
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding no
Subsystem       sftp    /usr/libexec/openssh/sftp-server
EOF
cmp  $ADJUST_CONF/sshd_config /etc/ssh/sshd_config
if  [ $? -ne  0 ];then
\cp /etc/ssh/sshd_config  $BACK_CONF/sshd_config.`date +%F`
cat $ADJUST_CONF/sshd_config > /etc/ssh/sshd_config
egrep "UseDns|52113|PermitRootLogin|PeermitEmpPasswords"  /etc/ssh/sshd_config
/etc/init.d/sshd reload && action "11 ssh已配置完成！"  /bin/true  || action "11 ssh已配置完成！"  /bin/false
else
action "11 ssh已配置完成！"  /bin/true
fi
sleep 1
}
#12 禁止ctrl+alt+del三键重启系统
init_safe(){
cp /etc/init/control-alt-delete.conf $BACK_CONF/control-alt-delete.conf.`date +F`
sed -i 's#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#\#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#g' /etc/init/control-alt-delete.conf
action "12 禁止ctrl+alt+del三键重启系统" /bin/true
}
#13 禁止IPv6
disableIPV6(){
if [ `cat /etc/modprobe.conf | grep "alias net-pf-10 off" | wc -l` -lt 1 ];then
cp /etc/modprobe.conf $BACK_CONF/modprobe.conf.`date +%F`
echo "alias net-pf-10 off"  >> /etc/modprobe.conf
echo "alias ipv6 off"  >> /etc/modprobe.conf
fi
action $"13 禁止使用IPV6" /bin/true
}
#14 yum源配置
ConfigYum(){
echo "Config Yum CentOS-Base.repo"
#\cp的作用是逃离别名
if [ ! -f "/etc/yum.repos.d/epel.repo" ];then
\cp CentOS-Base.repo CentOS-Base.repo.bak.$(date +%F)
ping -c 1 baidu.com > /dev/null
[ ! $? -eq 0 ] && echo "Networking not configured -- exiting" && exit 1
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
else
echo  "YUM源已进行过优化"
fi
}
#15 基础服务
initService(){
echo "Close Nouseful Service"
export LANG="en_US.UTF-8"
for i in `chkconfig --list | grep 3:on | awk '{print $1}'`;do chkconfig --level 3 $i off ; done
for i in cron syslog sshd;do chkconfig --level 3 $i on ; done
export LANG="zh_CN.UTF-8"
echo "Close Nouserful service ->OK"
sleep 1
}
#16 内核优化
optimizationKernel(){
echo " 优化系统内核------------>"
\cp /etc/sysctl.conf $BACK_CONF/sysctl.conf.`date +%F`
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_timestamps = on
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 945000000 914000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.core_wmem_default = 8388608
net.ipv4.core_rmem_default = 8388608
net.ipv4.core_wmem_max = 16777216
net.ipv4.core_rmem_max = 16777216
net.ipv4.tcp_rmem =  4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.core.netdev_max_backlog = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p && action $"内核优化：" /bin/true  || action $"内核优化：" /bin/false
}
installTool
initHostName
#initHostIp
initZone
#syncSystemTime
#initI18n
AddSAUser
openFiles
closeIptables
initFirewall
initSsh
init_safe
#disableIPV6
#optimizationKernel
#ConfigYum
#initService

本文出自 “运维路上” 博客，请务必保留此出处http://vekergu.blog.51cto.com/9966832/1674825