shell学习二十八--centos7初始化脚本
#!/bin/bash
declare run_time_1=`date "+%Y.%m.%d-%H:%M:%S"`
if [[ "$(whoami)" != "root" ]]; then
echo "please run this script as root ." >&2
exit 1
fi
echo -e "\033[31m 这个是centos7系统初始化脚本,请慎重运行!Please continue to enter or ctrl+C to cancel \033[0m"
sleep 5
#hostname
hostname_config(){
HostName=$(echo "ip"-$(ip addr|grep inet|grep brd|grep scope|awk '{print $2}'|awk -F '/' '{print $1}'|sed 's/\./-/g'))
sed -i -e '/HOSTNAME/d' /etc/sysconfig/network
echo "HOSTNAME=$HostName" >>/etc/sysconfig/network
echo "127.0.0.1 $HostName" >> /etc/hosts
hostname $HostName
}
#configure yum source
yum_config(){
yum install wget epel-release -y
cd /etc/yum.repos.d/ && mkdir bak && mv -f *.repo bak/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
yum -y install iotop iftop net-tools lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel bash-completion lsof
}
#firewalld
firewalld_config(){
systemctl stop firewalld.service
systemctl disable firewalld.service
touch /etc/sysconfig/selinux.$run_time_1
cat /etc/sysconfig/selinux >> /etc/sysconfig/selinux.$run_time_1
echo "SELINUX=disabled">/etc/sysconfig/selinux
echo "SELINUXTYPE=targeted">>/etc/sysconfig/selinux
system_config(){
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
timedatectl set-local-rtc 1 && timedatectl set-timezone Asia/Shanghai
yum -y install chrony && systemctl start chronyd.service && systemctl enable chronyd.service
}
ulimit_config(){
echo "ulimit -SHn 102400" >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 102400
* hard nproc 102400
* soft stack 8192
* hard stack 8192
EOF
sed -i -e '/\*/d' /etc/security/limits.d/90-nproc.conf
echo "* soft nproc 300000" >>/etc/security/limits.d/90-nproc.conf
}
#set sysctl
sysctl_config(){
cp /etc/sysctl.conf /etc/sysctl.conf.$run_time_1
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}
#ssh
ssh_config(){
touch /etc/ssh/sshd_config.$run_time_1
cat /etc/ssh/sshd_config >> /etc/ssh/sshd_config.$run_time_1
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
sed -i 's%GSSAPIAuthentication yes%GSSAPIAuthentication no%' /etc/ssh/sshd_config
}
#ntp
ntp_config(){
ln -sf /usr/share/zoneinfo/posix/Asia/Shanghai /etc/localtime
service ntpd stop
chkconfig ntpd off
ntpdate time.windows.com
clock --systohc
cat >> /etc/cron.daily/ntp.sh <<'EOF'
#!/bin/bash
ntplog=/tmp/wmbak.log
ntpdate ntp.wumart.com 2>&1 >>$ntplog
clock --systohc
EOF
chmod 755 /etc/cron.daily/ntp.sh
}
#zabbix
zabbix_config(){
sed -i 's/^Defaults.*.requiretty/#Defaults requiretty/' /etc/sudoers
echo 'zabbix ALL=(root) NOPASSWD:/bin/netstat'>/etc/sudoers.d/zabbix
echo 'zabbix ALL=(root) NOPASSWD:/usr/sbin/ss'>>/etc/sudoers.d/zabbix
chmod 400 /etc/sudoers.d/zabbix
}
##Disable Transparent Huge Pages
other_config(){
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
cat << EOF >> /etc/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF
echo 1 > /proc/sys/vm/swappiness
}
main(){
hostname_config
yum_config
iptables_config
system_config
ulimit_config
sysctl_config
ssh_config
ntp_config
zabbix_config
other_config
}
main
declare run_time_1=`date "+%Y.%m.%d-%H:%M:%S"`
if [[ "$(whoami)" != "root" ]]; then
echo "please run this script as root ." >&2
exit 1
fi
echo -e "\033[31m 这个是centos7系统初始化脚本,请慎重运行!Please continue to enter or ctrl+C to cancel \033[0m"
sleep 5
#hostname
hostname_config(){
HostName=$(echo "ip"-$(ip addr|grep inet|grep brd|grep scope|awk '{print $2}'|awk -F '/' '{print $1}'|sed 's/\./-/g'))
sed -i -e '/HOSTNAME/d' /etc/sysconfig/network
echo "HOSTNAME=$HostName" >>/etc/sysconfig/network
echo "127.0.0.1 $HostName" >> /etc/hosts
hostname $HostName
}
#configure yum source
yum_config(){
yum install wget epel-release -y
cd /etc/yum.repos.d/ && mkdir bak && mv -f *.repo bak/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
yum -y install iotop iftop net-tools lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel bash-completion lsof
}
#firewalld
firewalld_config(){
systemctl stop firewalld.service
systemctl disable firewalld.service
touch /etc/sysconfig/selinux.$run_time_1
cat /etc/sysconfig/selinux >> /etc/sysconfig/selinux.$run_time_1
echo "SELINUX=disabled">/etc/sysconfig/selinux
echo "SELINUXTYPE=targeted">>/etc/sysconfig/selinux
}
system_config(){
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
timedatectl set-local-rtc 1 && timedatectl set-timezone Asia/Shanghai
yum -y install chrony && systemctl start chronyd.service && systemctl enable chronyd.service
}
ulimit_config(){
echo "ulimit -SHn 102400" >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 102400
* hard nproc 102400
* soft stack 8192
* hard stack 8192
EOF
sed -i -e '/\*/d' /etc/security/limits.d/90-nproc.conf
echo "* soft nproc 300000" >>/etc/security/limits.d/90-nproc.conf
}
#set sysctl
sysctl_config(){
cp /etc/sysctl.conf /etc/sysctl.conf.$run_time_1
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}
#ssh
ssh_config(){
touch /etc/ssh/sshd_config.$run_time_1
cat /etc/ssh/sshd_config >> /etc/ssh/sshd_config.$run_time_1
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
sed -i 's%GSSAPIAuthentication yes%GSSAPIAuthentication no%' /etc/ssh/sshd_config
}
#ntp
ntp_config(){
ln -sf /usr/share/zoneinfo/posix/Asia/Shanghai /etc/localtime
service ntpd stop
chkconfig ntpd off
ntpdate time.windows.com
clock --systohc
cat >> /etc/cron.daily/ntp.sh <<'EOF'
#!/bin/bash
ntplog=/tmp/wmbak.log
ntpdate ntp.wumart.com 2>&1 >>$ntplog
clock --systohc
EOF
chmod 755 /etc/cron.daily/ntp.sh
}
#zabbix
zabbix_config(){
sed -i 's/^Defaults.*.requiretty/#Defaults requiretty/' /etc/sudoers
echo 'zabbix ALL=(root) NOPASSWD:/bin/netstat'>/etc/sudoers.d/zabbix
echo 'zabbix ALL=(root) NOPASSWD:/usr/sbin/ss'>>/etc/sudoers.d/zabbix
chmod 400 /etc/sudoers.d/zabbix
}
##Disable Transparent Huge Pages
other_config(){
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
cat << EOF >> /etc/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF
echo 1 > /proc/sys/vm/swappiness
}
main(){
hostname_config
yum_config
iptables_config
system_config
ulimit_config
sysctl_config
ssh_config
ntp_config
zabbix_config
other_config
}
main