CentOS6.x系统初始化脚本
2016-08-21 13:37
417 查看
#!/bin/bash #by authors Mox #Email 827897564@qq.com # #--变量 err_echo(){ echo -e "\\033[31m[Error]: $1 \\033[0m" exit 1 } info_echo(){ echo -e "\\033[32m [Info]: $1 \\033[0m" } warn_echo(){ echo -e "\\033[33m [Warning]: $1 \\033[0m" } check_exit(){ if [ $? -ne 0 ]; then err_echo "$1" exit 1 fi } SSH_PORT=15300 LOGIN_USER=login_user LOGIN_PASSWD=login_user #用户登录失败锁定阀值 LOGIN_FAILD=3 LOCK_TIME=30 cat << EOF +--------------------------------------------------------------+ | === Welcome to CentOS 6.x System init ===" | +--------------------------------------------------------------+ EOF info_echo "start check system vertion" sv=`grep "CentOS" /etc/issue|awk '{print $1}'` cv=`uname -r | awk -F. '{print $NF}'` if [ $sv != CentOS ] && [ $cv != x86_64 ] ;then erro_echo "no CentOS or no x86_64 system !!! exit...." exit 7 fi #添加epel外部yum扩展源 info_echo "add epel rpm sours..." cd /usr/local/src wget http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm #安装gcc基础库文件以及sysstat工具 info_echo "install gcc gcc-c++ unzip unzip vim wget...." yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat vim wget info_echo "install ntpd..." #配置ntpdate自动对时 yum -y install ntp echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab ntpdate ntp.api.bz service crond restart #配置文件的ulimit值 info_echo "config ulimit..." ulimit -SHn 65535 echo "ulimit -SHn 65535" >> /etc/rc.local cat >> /etc/security/limits.conf << EOF * soft nofile 60000 * hard nofile 65535 EOF info_echo "disabled control-alt-delete..." #禁用control-alt-delete组合键以防止误操作 sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab #关闭SElinux info_echo "disable Selinux..." sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config #内核网络基础优化 info_echo "system kernel network optimize... " cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 EOF /sbin/sysctl -p #ssh服务配置优化 info_echo "backup sshd config..." cp -f /etc/ssh/sshd_config /etc/ssh/sshd_config.back info_echo "deny root login..." sed -i '/#PermitRootLogin/a\PermitRootLogin no' /etc/ssh/sshd_config info_echo "set ssh port $SSH_PORT" sed -i "/#Port 22/a\ Port $SSH_PORT" /etc/ssh/sshd_config info_echo "enable port $SSH_PORT" iptables -I INPUT -p tcp -m state --state NEW --dport $SSH_PORT -j ACCEPT sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config service sshd restart #增加登录用户 info_echo "add login user..." useradd $LOGIN_USER echo $LOGIN_USER | passwd --stdin $LOGIN_USER #禁用ipv6地址 info_echo "disabled ipv6..." echo "alias net-pf-10 off" >> /etc/modprobe.conf echo "alias ipv6 off" >> /etc/modprobe.conf echo "install ipv6 /bin/true" >> /etc/modprobe.conf echo "IPV6INIT=no" >> /etc/sysconfig/network sed -i 's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@' /etc/sysconfig/network chkconfig ip6tables off #vim基础语法优化 info_echo "vim optimized..." echo "syntax on" >> /root/.vimrc echo "set nohlsearch" >> /root/.vimrc #停用系统中不必要的服务 info_echo "optimized auto start servcie..." chkconfig auditd off chkconfig postfix off chkconfig ip6tables off chkconfig mdmonitor off #设置用户登录失败锁定阀值,锁定时间 info_echo "set login faild lock time..." cp -p /etc/pam.d/sshd /etc/pam.d/sshd.back sed -i "/#%PAM-1.0/a\ auth required pam_tally2.so deny=$LOGIN_FAILD unlock_time=$LOCK_TIME even_deny_root root_unlock_time=$LOCK_TIME" /etc/pam.d/sshd #查看错误登录次数 #pam_tally2 –u USER #解锁命令 #pam_tally2 -u USER --reset #设置bash保留的历史命令数目 info_echo "set bash history command amount..." cp -p /etc/profile /etc/profile.back sed -i "s/HISTSIZE=1000/HISTSIZE=5/" /etc/profile info_echo "init OK @@!!" #重启服务器 #reboot
相关文章推荐
- [原创]java局域网聊天系统
- 部分喷墨机初始化方法
- Windows 系统组策略应用全攻略(下)第1/3页
- 如何进行系统配置
- C#列出当前系统所有正在运行程序的方法
- SqlServer系统数据库的作用深入了解
- Powershell获取系统中所有可停止的服务
- C#中数组初始化与数组元素复制的方法
- C#中结构(struct)的部分初始化和完全初始化实例分析
- 不用杀毒软件也能让系统百毒不侵的技巧
- C#实现系统托盘通知的方法
- Android操作系统的架构设计分析
- 文章推荐系统(二)
- PHP网上调查系统
- C#实现简单的汽车租赁系统
- Shell脚本实现Linux系统和进程资源监控
- jQuery页面加载初始化的3种方法(推荐)
- c#对象初始化顺序实例分析
- 在windows下手动初始化PostgreSQL数据库教程
- 基于JS代码实现实时显示系统时间