centos7最小化安装优化脚本(使用firewall防火墙)
2017-06-15 18:08
483 查看
#!/bin/bash #安装系统防火墙firewalld或者升级 yum install -y firewalld systemctl start firewalld systemctl enable firewalld defaultfirewall=`firewall-cmd --list-all | sed -n "1p"` echo "系统默认防火墙ZONE是:$defaultfirewall" sleep 2 firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent firewall-cmd --reload echo "启动防火墙并删除防火墙自带的dhcpv6-client服务" sleep 2 #关闭selinux sed -i 's/enforcing/disabled/' /etc/selinux/config setenforce 0 echo "已关闭selinux" #将vi软链到vim,默认用vim编辑 echo 'alias vi=vim' >> /etc/profile source /etc/profile #优化网络安全 echo "进行网络安全部分优化......" sleep 2 sysctl -w net.ipv4.conf.all.send_redirects=0 echo "net.ipv4.conf.all.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.default.send_redirects=0 echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.accept_redirects=0 echo "net.ipv4.conf.all.accept_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.default.accept_redirects=0 echo "net.ipv4.conf.default.accept_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.secure_redirects=0 echo "net.ipv4.conf.all.secure_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.default.secure_redirects=0 echo "net.ipv4.conf.default.secure_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv6.conf.all.accept_ra=0 echo "net.ipv6.conf.all.accept_ra=0" >> /etc/sysctl.conf sysctl -w net.ipv6.conf.default.accept_ra=0 echo "net.ipv6.conf.default.accept_ra=0" >> /etc/sysctl.conf sysctl -w net.ipv6.conf.all.accept_redirects=0 echo "net.ipv6.conf.all.accept_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv6.conf.default.accept_redirects=0 echo "net.ipv6.conf.default.accept_redirects=0" >> /etc/sysctl.conf #优化vim配置 echo "开始优化vim编辑器配置......" sleep 2 cp -a /etc/vimrc /etc/vimrc_bak cat /dev/null>/etc/vimrc #清空vimrc配置文件 echo """ set nocompatible set history=100 filetype on filetype plugin on filetype indent on set autoread set mouse= syntax enable set cursorline hi cursorline guibg=#00ff00 hi CursorColumu guibg=#00ff00 set nofen set fdl=0 set expandtab set tabstop=4 set shiftwidth=4 set softtabstop=4 set smarttab set ai set si set wrap set sw=4 set wildmenu set ruler set cmdheight=1 set lz set backspace=eol,start,indent set whichwrap+=<,>,h,l set magic set noerrorbells set novisualbell set showmatch set mat=2 set hlsearch set ignorecase set encoding=utf-8 set fileencodings=utf-8 set termencoding=utf-8 set smartindent set cin set showmatch set guioptions-=T set guioptions-=m set vb t_vb= set laststatus=2 set pastetoggle=<F9> set background=dark highlight Search ctermbg=black ctermfg=white guifg=white guibg=black autocmd BufNewFile *.py,*.cc,*.sh,*.java exec \":call SetTitle()\" func SetTitle() if expand(\"%:e\") == 'sh' call setline(1, \"#!/bin/bash\") call setline(2, \"#Author:Benson\") call setline(3, \"#Blog:http://www.itzui.top\") call setline(4, \"#Time:\".strftime(\"%F %T\")) call setline(5, \"#Name:\".expand(\"%\")) call setline(6, \"#Version:V1.0\") call setline(7, \"#Description:\") endif endfunc """ > /etc/vimrc #优化部分系统文件权限,加强安全性 echo """ 开始优化部分文件权限,优化列表如下: /etc/services 0600 /etc/security/sepermit.conf 0600 /etc/security/console.handlers 0600 /etc/security/namespace.conf 0600 /etc/security/chroot.conf 0600 /etc/security/group.conf 0600 /etc/security/console.perms 0600 /etc/security/pam_env.conf 0600 /etc/security/access.conf 0600 /etc/security/pwquality.conf 0600 /etc/security/namespace.init 0600 /etc/security/time.conf 0600 /etc/security/limits.conf 0600 /etc/rc.d/init.d/cloudmonitor 0755 """ sleep 10 for i in /etc/services /etc/security/sepermit.conf /etc/security/console.handlers /etc/security/namespace.conf /etc/security/chroot.conf /etc/security/group.conf /etc/security/console.perms /etc/security/pam_env.conf /etc/security/access.conf /etc/security/pwquality.conf /etc/security/namespace.init /etc/security/time.conf /etc/security/limits.conf; do chmod 600 $i done echo "列表中文件权限已优化!" sleep 2 chmod +x /etc/rc.d/rc.local #定义函数soft功能为循环安装部分工具及软件,方便下面的询问条件调用 function soft() { for i in gcc gcc-c++ epel-release wget unzip screen telnet psmisc vim net-tools ntpdate htop iptables-services iftop git; do yum install -y $i done } echo "是否开始安装常用到的软件包括:gcc gcc-c++ epel-release wget unzip screen telnet psmisc vim net-tools ntpdate htop iptables-services iftop git?" select goon in 是 否 do case $goon in 是) soft && break;; 否) break;; esac done #同步更新系统时间 echo "开始同步时间" ntpdate time.windows.com #设定服务器主机名 sleep 2 echo "开始设定主机名" read -p "请输入要修改的主机名:" hname hostnamectl set-hostname "$hname" echo "以下是你设定的主机名内容:" hostnamectl status | grep "hostname" #定义了一个系统命令cxdx可直接查询当前目录下的文件夹大小排行前十并显示 echo "cxdx () { du -cksm * | sort -rn | head -n 10 }" >> /etc/profile #优化系统文件打开数 echo "* soft nofile 65535 * hard nofile 65535" >> /etc/security/limits.conf echo "调整系统最大文件打开数为65535,需重启系统后运行ulimit -a命令查看" source /etc/profile echo "接下来进行系统更新操作。" sleep 5 yum update -y echo "进行升级系统内核操作。" sleep 3 yum update kernel -y
相关文章推荐
- centos7 pptp安装脚本,防火墙使用firewall
- centos7-pptp安装脚本,防火墙为默认的firewall
- centos7 关闭firewall防火墙指令以及更换安装iptables并配置
- 关于centos7的firewall防火墙命令使用
- 使用kickstart脚本安装CentOS7
- CentOS7系统中关闭firewall,并使用iptables管理防火墙
- CentOS7中关闭firewall,并使用iptables管理防火墙
- Linux系统最小化安装之后的系统基础环境安装以及内核优化脚本
- CentOS7 防火墙(firewall)使用方法
- Linux服务器 CentOS 6系列最小化安装优化脚本详解02————修改history记录、定时校正服务器时间、停止IPv6网络服务、调整最大文件打开数、关闭写磁盘I/O功能、配置SSH服务
- 服务器最小化安装后的优化脚本
- centos7 关闭firewall防火墙指令以及更换安装iptables并配置
- centos7 最小化安装后的配置优化
- 使用VirtalBox在CentOS7(64位最小化安装)中通过源码安装MySQL5.7.18
- CentOS7中关闭firewall,并使用iptables管理防火墙
- Centos7 最小化安装出现无法使用网络的问题
- 服务器最小化安装后的优化脚本
- centos7中nginx的安装使用和配置优化
- 服务器最小化安装后的优化脚本 推荐
- Centos5.5最小化安装后的优化