CentOS6.x系统初始化脚本

#!/bin/bash
#by authors Mox
#Email 827897564@qq.com
#

#--变量
err_echo(){
echo -e "\\033[31m[Error]: $1 \\033[0m"
exit 1
}

info_echo(){
echo -e "\\033[32m [Info]: $1 \\033[0m"
}

warn_echo(){
echo -e "\\033[33m [Warning]: $1 \\033[0m"
}

check_exit(){
if [ $? -ne 0 ]; then
err_echo "$1"
exit 1
fi
}

SSH_PORT=15300
LOGIN_USER=login_user
LOGIN_PASSWD=login_user

#用户登录失败锁定阀值
LOGIN_FAILD=3
LOCK_TIME=30

cat << EOF
+--------------------------------------------------------------+
|         === Welcome to CentOS 6.x System init ==="           |
+--------------------------------------------------------------+
EOF

info_echo "start check system vertion"
sv=`grep "CentOS" /etc/issue|awk '{print $1}'`
cv=`uname -r | awk -F. '{print $NF}'`
if [ $sv != CentOS ] && [ $cv != x86_64 ] ;then
erro_echo "no CentOS or no x86_64 system !!! exit...."
exit 7
fi

#添加epel外部yum扩展源
info_echo "add epel rpm sours..."
cd /usr/local/src
wget http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm

#安装gcc基础库文件以及sysstat工具
info_echo "install gcc gcc-c++ unzip unzip vim wget...."
yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat vim wget

info_echo "install ntpd..."
#配置ntpdate自动对时
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz    >> /dev/null 2>&1" >> /etc/crontab
ntpdate ntp.api.bz
service crond restart

#配置文件的ulimit值
info_echo "config ulimit..."
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*                     soft     nofile             60000
*                     hard     nofile             65535
EOF

info_echo "disabled control-alt-delete..."
#禁用control-alt-delete组合键以防止误操作
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab

#关闭SElinux
info_echo "disable Selinux..."
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config

#内核网络基础优化
info_echo "system kernel network optimize... "
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
EOF
/sbin/sysctl -p

#ssh服务配置优化
info_echo "backup sshd config..."
cp -f /etc/ssh/sshd_config /etc/ssh/sshd_config.back
info_echo "deny root login..."
sed -i '/#PermitRootLogin/a\PermitRootLogin no' /etc/ssh/sshd_config
info_echo "set ssh port $SSH_PORT"
sed -i "/#Port 22/a\ Port $SSH_PORT" /etc/ssh/sshd_config
info_echo "enable port $SSH_PORT"
iptables -I INPUT -p tcp -m state --state NEW --dport $SSH_PORT -j ACCEPT
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config
service sshd restart

#增加登录用户
info_echo "add login user..."
useradd $LOGIN_USER
echo $LOGIN_USER | passwd --stdin $LOGIN_USER

#禁用ipv6地址
info_echo "disabled ipv6..."
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "install ipv6 /bin/true" >> /etc/modprobe.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network
sed -i 's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@'    /etc/sysconfig/network
chkconfig ip6tables off

#vim基础语法优化
info_echo "vim optimized..."
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc

#停用系统中不必要的服务
info_echo "optimized auto start servcie..."
chkconfig auditd off
chkconfig postfix off
chkconfig ip6tables off
chkconfig mdmonitor off

#设置用户登录失败锁定阀值，锁定时间
info_echo "set login faild lock time..."
cp -p /etc/pam.d/sshd /etc/pam.d/sshd.back
sed -i "/#%PAM-1.0/a\ auth    required    pam_tally2.so    deny=$LOGIN_FAILD    unlock_time=$LOCK_TIME even_deny_root root_unlock_time=$LOCK_TIME" /etc/pam.d/sshd
#查看错误登录次数
#pam_tally2 –u USER
#解锁命令
#pam_tally2 -u USER --reset

#设置bash保留的历史命令数目
info_echo "set bash history command amount..."
cp -p /etc/profile /etc/profile.back
sed -i "s/HISTSIZE=1000/HISTSIZE=5/" /etc/profile

info_echo "init OK @@!!"

#重启服务器
#reboot