CentOS7最小化安装后的基础配置脚本

最小化安装后的脚本文件：

[root@localhost ~]# vi init.sh

#!/bin/bash

#change network to eth0
sed -i "/linux16.*$/s//& net.ifnames=0 biosdevname=0/g" /boot/grub2/grub.cfg

mv /etc/sysconfig/network-scripts/ifcfg-ens* /etc/sysconfig/network-scripts/ifcfg-eth0
echo "TYPE=Ethernet">/etc/sysconfig/network-scripts/ifcfg-eth0
echo "BOOTPROTO=static">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "DEFROUTE=yes">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "NAME=eth0">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "DEVICE=eth0">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "ONBOOT=yes">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "IPADDR=">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "NETMASK=">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "GATEWAY=">>/etc/sysconfig/network-scripts/ifcfg-eth0
echo "DNS1=">>/etc/sysconfig/network-scripts/ifcfg-eth0

#change resource limits
echo "session    required    pam_limits.so" >> /etc/pam.d/login
sed -i "s/4096/250000/g" /etc/security/limits.d/20-nproc.conf
sed -i "s/#DefaultLimitNPROC=/DefaultLimitNPROC=250000/g" /etc/systemd/system.conf
echo "*             soft    nofile          250000">>/etc/security/limits.conf
echo "*             hard    nofile          250000">>/etc/security/limits.conf

#change selinux disabled
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

#change firewalld disable
systemctl disable firewalld

#change NetworkManager disable
systemctl disable NetworkManager

#change postfix disable
systemctl disable postfix

#add history time
echo "export HISTTIMEFORMAT=\"[%Y.%m.%d %H:%M:%S]\"">>/etc/profile
echo "export HISTSIZE=5000">>/etc/profile
echo "export HISTIGNORE=\"ls:ls -lrt:ls -al:clear:pwd\"">>/etc/profile

#change memory parameter
echo "vm.swappiness = 0">>/etc/sysctl.d/99-sysctl.conf

#change network parameter
echo "net.core.netdev_max_backlog = 10240">>/etc/sysctl.d/99-sysctl.conf
echo "net.core.somaxconn = 10240">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 10240">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 240">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 15">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 4">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.ip_local_port_range = 10000 65000">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 20480">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_retries2 = 5">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_syn_retries = 3">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_synack_retries = 3">>/etc/sysctl.d/99-sysctl.conf
echo "net.netfilter.nf_conntrack_max = 250000">>/etc/sysctl.d/99-sysctl.conf
echo "net.nf_conntrack_max = 250000">>/etc/sysctl.d/99-sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30">>/etc/sysctl.d/99-sysctl.conf

#if the server is high concurrency or error with Out of socket memory,try to increase the tcp_mem parameter
#echo "net.ipv4.tcp_mem = `cat /proc/sys/net/ipv4/tcp_mem|awk -F" " '{print $1*2,$2*2,$3*2}'`">>/etc/sysctl.d/99-sysctl.conf



#change hostname && IPaddress
echo -n "Enter the hostname:"
read hostname
hostnamectl set-hostname $hostname
echo -n "Enter the IPaddress:"
read IPaddress
echo -n "Enter the NETMASK:"
read NETMASK
echo -n "Enter the GATEWAY:"
read GATEWAY
echo -n "Enter the DNS1:"
read DNS1
echo "$IPaddress  $hostname">>/etc/hosts
sed -i "s/IPADDR=/IPADDR=$IPaddress/g" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "s/NETMASK=/NETMASK=$NETMASK/g" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "s/GATEWAY=/GATEWAY=$GATEWAY/g" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "s/DNS1=/DNS1=$DNS1/g" /etc/sysconfig/network-scripts/ifcfg-eth0
reboot

执行初始化脚本后的RPM包安装脚本（根据需要使用）：

[root@localhost ~]# vi init-after.sh

#!/bin/bash

#yum install package
yum install -y wget
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
yum install -y deltarpm
yum install -y net-tools psmisc tree sysstat perl gcc unzip bzip2 zlib-devel pcre pcre-devel openssl openssl-devel

 [root@localhost ~]# vi init-optional.sh

#!/bin/bash

#yum install optional package 
yum install -y iptraf lsof perf numactl tcpdump iotop nmap strace dstat traceroute

---

包安装说明：

 deltarpm    (安装RPM增量包套件，在更新rpm包时，可以只更新增量内容与旧rpm包合成新包使用，可以减少下载量）

 openssl  openssl-devel  (安装nginx指定ssl加密协议时使用）

 pcre pcre-devel （安装nginx指定正则时使用）

 zlib-devel （安装python及PIP时使用）

 unzip bzip2 （解压工具）

  gcc  （编译器）

 perl  （有些工具需要perl的支持）

 sysstat （使用iostat、mpstat、sar等命令）

 tree （tree命令）

 psmisc （使用killall、fuser、pstree等命令）

 net-tools （使用ifconfig等命令）

 iptraf （linux流量监控工具 新版本的iptraf启动命令为 iptraf-ng）

 lsof （进程打开文件的监控工具）

 nmon （整体性能监控工具）

 perf （linux性能分析工具）

 numactl （查看numa架构下的内存命中率）

 tcpdump （tcp抓包分析工具）

 iotop （io性能分析工具）

 nmap （端口扫描工具）

 strace （动态追踪工具）

---

net.netfilter.nf_conntrack_max及net.nf_conntrack_max两个参数只在开启firewalld时生效，手动执行sysctl -p时会报参数文件不存在但不会产生影响。