151.sleep 1
152.###############################
153.cat >> /etc/sysctl.conf << endf  //优化内核参数调整
154.#michaelkang add 120724
155.net.ipv4.tcp_abort_on_overflow = 1
156.net.ipv4.tcp_syncookies = 1
157.net.ipv4.tcp_tw_reuse = 1
158.net.ipv4.tcp_tw_recycle = 1
159.net.ipv4.tcp_fin_timeout = 20
160.net.ipv4.tcp_retries1 = 2
161.net.ipv4.tcp_retries2 = 5
162.net.ipv4.tcp_max_orphans = 2000
163.net.ipv4.tcp_keepalive_time = 1200
164.net.ipv4.tcp_keepalive_intvl = 15
165.net.ipv4.tcp_keepalive_probes = 5
166.net.ipv4.tcp_syn_retries = 2
167.net.ipv4.tcp_synack_retries = 3
168.net.ipv4.tcp_max_syn_backlog = 8192
169.net.ipv4.tcp_max_tw_buckets = 5000
170.endf
171.sysctl -p
172.echo "Adjust the kernel parameters!......................OK!"
173.sleep 1
174.#############################################
175.for I in `ls /etc/rc3.d/S*` //关闭系统不需要的服务,其中S打头的都是正在运行的服务,K打头的是没有运行的服务.
176.do
177.        STOP_SRV=`echo $I|cut -c 15-` //过滤服务名称,从15个字符往后.
178.        echo $STOP_SRV
179.        case $STOP_SRV in
180.                local | cpuspeed | crond | irqbalance | microcode_ctl | xinetd | network | mon | partmon | messagebus| udev-post | sshd | rsyslog | syslog )
181.                echo "Base services, Skip!"
182.                ;;
183.                *)
184.                echo "change $STOP_SRV to off"
185.                chkconfig --level 235 $STOP_SRV off
186.                service $STOP_SRV stop
187.                ;;
188.        esac
189.done
190.echo "Close useless services.........................ok"
191.sleep 1
192.############################################## //系统一些安全密码文件加锁,不允许修改创建
193.chattr +i /etc/passwd  
194.chattr +i /etc/shadow  
195.chattr +i /etc/group  
196.chattr +i /etc/gshadow  
197.chattr +a /root/.bash_history  //root执行命令数据只运行添加
198.sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile //设置使用history命令只能查看10条命令
199.echo "The passwd shadow group gshadow is locked,if you use them,please use chattr -i!..............ok"
200.sleep 1
201.##############################################
202.cat >> /etc/hosts.allow << ENDF  //设置运行远程使用ssh登录的网段
203.sshd:192.168.100.0/255.255.255.0
204.ENDF
205.echo 'sshd:all' >>/etc/hosts.deny
206.echo "Allowd 192.168.100.0 to use ssh................ok "
207.############################################ //设置默认创建用户密码最大存活天数以及密码长度
208.sed -i -e "s/PASS_MAX_DAYS.*$/PASS_MAX_DAYS  90/" -e "s/PASS_MIN_LEN.*$/PASS_MIN_LEN 8/"  /etc/login.defs  
209.echo "###################The script is stop!!####################"