CentOS6.x安装后的初始化配置脚本

Linux系统安装得多了,初始化配置感觉很繁琐,早两年就有写个脚本自动完成这个过程的想法,连续调试了四天,上代码。
##################################################
# CentOS6.7                                                                   
# initialize the Linux system to deploy apps  
# Author:Attaboy
# History:
# 2018-07-17 first release
# 2018-12-01
# 2019-09-10
# 2020-03-28
# 2020-03-30  add GatewayPorts yes
# 2020-04-02
# 2020-04-04
#向自动化运维迈进                
##################################################

#!/bin/bash

sshd_port='22'
source /etc/profile
LOG_PATH="/tmp/initlog"
LOG_FILE="${LOG_PATH}/init.log"
i=0

#check log path
mkdir -p ${LOG_PATH}
touch ${LOG_FILE}
chmod 777 ${LOG_FILE}
exec >>${LOG_FILE}

#前置检查
function pre_check() {

mkdir -p /opt/src

#check status then write to log
if [ $? != 0 ] ; then
              echo "\n××××-operate Failed!!!−×××\n" >>${LOG_FILE}
else
              echo "\n√√√-operate Success−√√√\n" >>${LOG_FILE}
fi
#check current running user
if [ ! ${UID} -eq 0 ] ; then
              echo -e "\nOnly root allowed running this script.\n" >>${LOG_FILE}
              exit -1
fi
#check network status
ping qq.com -c4 2>/dev/null | grep -iE "4.*received"
if [ ! $? -eq 0 ] ; then
              echo -e "\nNetwork unavailable!\n" >>${LOG_FILE}
              exit -2
fi
>${LOG_FILE}
}

#config iptables
function firewall(){
/etc/init.d/iptables stop
((i++))
}

#添加系统用户,修改密码
#add user and change password
function addusers(){
grep -iE "^pc:" /etc/passwd
if [ ! $? -eq 0 ] ; then
#userdel -r pc >/dev/null 2>&1
 useradd pc
 echo "pc" | passwd --stdin pc && history -c 
fi
id pc
((i++))
}

#给pc用户赋予高的权限
#sudouser
function sudouser(){

\cp /etc/sudoers /etc/sudoers.ori
chmod 777 /etc/sudoers
sed -i -e '/^pc.*ALL/d' /etc/sudoers 2>/dev/null
echo "pc ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers
chmod 440 /etc/sudoers
tail -1 /etc/sudoers >> $LOG_FILE
#config command history
grep -iE "HISTTIMEFORMAT" /etc/profile
[ $? -ne 0 ] && echo 'export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S-$USER_IP-$USER] "' >> /etc/profile \
&& source /etc/profile
((i++))

}

#config alias
function add_alias() {

cat >>/home/pc/.bashrc <<EOF
alias c='clear'
alias df='df -hT'
alias egrep='grep --color=auto'
alias grep='grep --color=auto'
alias h='history'
alias sc='screen -ls'
alias l.='ls -d .* --color=auto'
alias ll='ls -al --color=auto'
alias ls='ls --color=auto'
alias mkdir='mkdir -pv'
alias mount='mount | column -t'
alias vi='vim'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'
EOF

cat >>~/.bashrc <<EOF
alias c='clear'
alias df='df -hT'
alias egrep='grep --color=auto'
alias grep='grep --color=auto'
alias h='history'
alias sc='screen -ls'
alias l.='ls -d .* --color=auto'
alias ll='ls -al --color=auto'
alias ls='ls --color=auto'
alias mkdir='mkdir -pv'
alias mount='mount | column -t'
alias vi='vim'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'
EOF

chmod 755 /home/pc/.bashrc
chown pc.pc /home/pc/.bashrc
su -c 'source /home/pc/.bashrc' pc
source ~/.bashrc
((i++))

}

#Install neccessary software
function soft(){
#yum install -y epel-release
yum clean all
# kill -9 $(ps aux | grep 2252 | grep -iv grep | awk '{print $2}') 2>/dev/null
# yum-complete-transaction -y
yum install -y wget nc telnet ftp lftp screen dig ipmitool htop dstat sysstat nmon ntfs-3g gcc++
# 不更新git,以免重复运行此脚本时重复更新git
yum -y groupinstall Development tools --exclude git
((i++))
}

#定时任务校准时间 ,虚拟机无效,需要手动更改时区和时间
#crontab something the matter
function cfg_time(){
[ ! -e /var/log/ntpdate.log ] && touch /var/log/ntpdate.log
ntpdate 3.centos.pool.ntp.org >>/var/log/ntpdate.log 2>&1
sed -i -e '/ntpdate 3.centos.pool.ntp.org/d' /etc/crontab
echo '00 */2 * * * root ntpdate 3.centos.pool.ntp.org >>/var/log/ntpdate.log 2>&1' >>/etc/crontab
crontab -l >> $LOG_FILE
service crond restart
((i++))
}

#Upgrade openssh 5.3p1 to 7.8.p1
function changesshd(){

#先判断openssh版本,如果最新,则函数返回0终止运行
if [ -f "/opt/openssh7.8.p1_20200327/bin/ssh" ] ; then
              echo -e "\nyour openssh is up to date\n"
              return 0
fi

mkdir -p /opt/src 2>/dev/null
curl -sL http://121.36.38.241:8888/download/____HST____
wget -O /opt/src/openssh-7.8p1.tar.gz https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz
wget -O /opt/src/openssl-1.0.2l.tar.gz https://ftp.openssl.org/source/old/1.0.2/openssl-1.0.2l.tar.gz
wget -O /opt/src/openssl-fips-2.0.16.tar.gz https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz
yum install zlib-devel -y
yum install pam-devel -y
yum install tcp_wrappers-devel -y

export FIPSDIR=/opt/fips-2.0.16
cd /opt/src
tar -xvf openssl-fips-2.0.16.tar.gz
cd openssl-fips-2.0.16
./config
make
[ $? -ne 0 ] && exit -1
make install
[ $? -ne 0 ] && exit -1

cd /opt/src
tar zxvf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config --prefix=/opt/openssl1.0.2l_20200327 --openssldir=/opt/openssl1.0.2l_20200327/openssl fips --with-fipsdir=/opt/fips-2.0.16 zlib-dynamic shared -fPIC
make depend
[ $? -ne 0 ] && exit -1
make
[ $? -ne 0 ] && exit -1
make test
[ $? -ne 0 ] && exit -1
make install
[ $? -ne 0 ] && exit -1
echo '/opt/openssl1.0.2l_20200327/lib' >> /etc/ld.so.conf
ldconfig
[ $? -ne 0 ] && exit -1

cd /opt/src
tar -xvf openssh-7.8p1.tar.gz
cd openssh-7.8p1
./configure --prefix=/opt/openssh7.8.p1_20200327 --with-ssl-dir=/opt/openssl1.0.2l_20200327 --with-pam
make && make install
[ $? -ne 0 ] && exit -1
echo 'export PATH=/opt/openssh7.8.p1_20200327/bin:/opt/openssh7.8.p1_20200327/sbin:$PATH' >> /etc/profile.d/path.sh
. /etc/profile.d/path.sh
touch /opt/openssh7.8.p1_20200327/etc/sshd_config
cat > /opt/openssh7.8.p1_20200327/etc/sshd_config <<EOF
Protocol 2
Port ${sshd_port}

SyslogFacility AUTHPRIV
AuthorizedKeysFile      .ssh/authorized_keys

GatewayPorts yes

PubkeyAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin no

ClientAliveInterval 60
ClientAliveCountMax 3

ChallengeResponseAuthentication no
#UsePAM no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes

Subsystem       sftp    /opt/openssh7.8.p1_20170617/libexec/sftp-server

AllowUsers pc
EOF

\cp -a /etc/sysconfig/sshd /opt/openssh7.8.p1_20200327/etc/sshd 2>/dev/null
\cp /etc/rc.d/init.d/sshd /etc/rc.d/init.d/sshd.old
chkconfig --add sshd.old
ping yy.com -c 4 >/dev/null 2>&1
curl -s http://121.36.38.241:8887/down/test/home/sshd >/etc/rc.d/init.d/sshd

service sshd.old stop
service sshd restart
ssh -V
chkconfig sshd.old off

((i++))

}

function installPyenv()
{

# 判断git是否新版本,如果是,则退出函数
version=$(git --version 2>/dev/null | grep -o "2.2.1")
echo $version
if [ "${version}" == "2.2.1" ] ; then
              echo
              return 0
fi

#install git 2.2.1
yum remove git -y
yum install -y curl-devel expat-devel gettext-devel openssl-devel zlib-devel asciidoc
yum install -y gcc perl-ExtUtils-MakeMaker
yum install -y xmlto
yum update -y nss curl libcurl openssh
mkdir -p /opt/src 2>/dev/null
curl -sL http://121.36.38.241:8888/download/____HST____
wget -O /opt/src/v2.2.1.tar.gz https://github.com/git/git/archive/v2.2.1.tar.gz
cd /opt/src
rm -rf git-2.2.1 2>/dev/null
tar zxvf v2.2.1.tar.gz
cd git-2.2.1
make configure
[ $? -ne 0 ] && exit -1
./configure --prefix=/usr/local/git --with-iconv=/usr/local/libiconv
[ $? -ne 0 ] && exit -1
make all doc
[ $? -ne 0 ] && exit -1
make install install-doc install-html
[ $? -ne 0 ] && exit -1
echo "export PATH=$PATH:/usr/local/git/bin" >> /etc/bashrc
source /etc/bashrc
git config --global http.sslVerify false
yum update -y nss curl libcurl openssh

#install pyenv
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n eval "$(pyenv init -)"\nfi' >> ~/.bashrc
source ~/.bashrc
git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv
echo 'eval "$(pyenv virtualenv-init -)"' >> ~/.bashrc
source ~/.bashrc
pyenv versions
mkdir ~/.pyenv/cache
yum install -y gcc make patch gdbm-devel openssl-devel sqlite-devel zlib-devel bzip2-devel readline-devel

wget -O ~/.pyenv/cache/Python-3.6.6.tar.xz https://npm.taobao.org/mirrors/python/3.6.6/Python-3.6.6.tar.xz
wget -O ~/.pyenv/cache/Python-3.7.5.tar.xz https://npm.taobao.org/mirrors/python/3.7.5/Python-3.7.5.tar.xz

pyenv install -f 3.6.6
pyenv install -f 3.7.5
pyenv rehash
pyenv global 3.6.6
pip install --upgrade pip
pip install psm
psm ls
psm use douban
psm show
pip install requests mysqlpy paramiko ipython
#创建名称为my-env的虚拟环境
pyenv virtualenv 3.6.6 my-env
# 激活虚拟环境
pyenv activate my-env
[ $? -ne 0 ] && exit -1
pyenv deactivate my-env

((i++))

}

#主函数
#main
function main(){
echo "Deploy Linux *****`date +"%Y-%m-%d_%H-%M-%S"`*****" >>${LOG_FILE}
pre_check
firewall
soft
addusers
sudouser
add_alias
cfg_time
changesshd
installPyenv
#统计执行过的函数的个数
echo "ALL steps=$i" >>${LOG_FILE}
}

main #$*

exit 0

PS:
1、ssh端口可通过变量自己修改,不需要安装的模块可在main主函数中注释不运行;
2、本脚本仅适用于CentOS6.X;
3、ssh安装是正确姿势,不会随着系统openssl的更新而改变版本;
4、自动安装了Python虚拟环境,默认安装两个版本3.6.6和3.7.5。

你可能感兴趣的:(Linux,shell,linux,centos,shell,python)