系统初始化脚本

写在最前面

装机不容易，配置更不容易，最好都看完先..

#!/bin/bash

set -x

# disable ipv6
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
/sbin/chkconfig --level 35 ip6tables off
echo "ipv6 is disabled!"

# disable selinux
sed -i 's/^\(SELINUX=\).*/\1permissive/g' /etc/sysconfig/selinux
echo "selinux is permissive,you must reboot!"

# vim
sed -i "/^alias/a\alias vi='vim'/" /root/.bashrc
sed -i "/^alias/a\alias grep='grep --color'" /root/.bashrc
. /root/.bashrc

cat >/root/.vimrc<<EOF
syntax on
set expandtab
set shiftwidth=4
set softtabstop=4
set tabstop=4
EOF


# init_ssh

sed -i '/GSSAPI/ {s/yes/no/g};/UseDNS/ {s/.*/UseDNS no/};/^SyslogFacility/ {s/AUTHPRIV/local5/g}' /etc/ssh/sshd_config
sed -i '/StrictHostKeyChecking/ {s/.*/StrictHostKeyChecking no/}' /etc/ssh/ssh_config
sed -i '$ a\# save sshd messages also to sshd.log \nlocal5.* \t\t\t\t\t\t /var/log/sshd.log'  /etc/syslog.conf
sed -i '/^#Port/a\Port 22245' /etc/ssh/sshd_config
#sed -i '/^#PermitRootLogin/a\PermitRootLogin no' /etc/ssh/sshd_config
sed -i '/^#PermitEmptyPasswords/a\PermitEmptyPasswords no' /etc/ssh/sshd_config
sed -i 's/^\(Protocol\).*/\1 2/g' /etc/ssh/sshd_config
sed -i 's/^\(X11Forwarding\).*/\1 no/g' /etc/ssh/sshd_config
sed -i '/^#MaxStartups/a\MaxStartups 5' /etc/ssh/sshd_config
sed -i '/^#LoginGraceTime/a\LoginGraceTime 1m' /etc/ssh/sshd_config
sed -i '/^#ClientAliveInterval/a\ClientAliveInterval 600' /etc/ssh/sshd_config
sed -i '/^#ClientAliveCountMax/a\ClientAliveCountMax 3' /etc/ssh/sshd_config
echo "#AllowUsers" >>/etc/ssh/sshd_config
echo "Configured SSH initialization!"


# initab

sed -i '/ctrlaltdel/s/^/#/g' /etc/inittab
sed -i '/initdefault:/s/[0-9]/3/g' /etc/inittab

# chkser
# tunoff services

for i in `ls /etc/rc3.d/S*`
do
             CURSRV=`echo $i|cut -c 15-`

echo $CURSRV
case $CURSRV in
     acpid|atd|auditd|cpuspeed|crond|gpm|iptables|irqbalance|lvm2-monitor|mcstrans|microcode_ctl|network|portmap|rawdevices|restorecond|sshd|syslog|sendmail|local|mysqld|nginx|php-fpm|autofs)
     echo "Base services, Skip!"
     ;;
     *)
         echo "change $CURSRV to off"
         chkconfig --level 235 $CURSRV off
         service $CURSRV stop
     ;;
esac
done

# set ntpdate
# crontab
[ -f /usr/sbin/ntpdate ] || yum install ntp -y
crontab -l > /tmp/crontab2.tmp
echo '15 1 * * * /usr/sbin/ntpdate ntp.api.bz;/usr/sbin/hwclock -w > /dev/null 2>&1' >> /tmp/crontab2.tmp
crontab /tmp/crontab2.tmp
rm /tmp/crontab2.tmp

echo -e "\033[32;49;1mInitialization complete"
echo -en "\033[39;49;0m"


# arp
GW=`route -n|grep UG|awk '{print $2}'`
for i in $GW
do
    GW_MAC=`/sbin/arping -c1 $i|awk -F '(\\\[|\\\])' '/reply/{print $2}'`
    echo -e "$i\t$GW_MAC" >>/etc/ethers
    /sbin/arp -f
done


# kernel
# turning system

ulimit -HSn 65536
echo -ne "
*\tsoft\tnofile\t65536
*\thard\tnofile\t65536
" >>/etc/security/limits.conf


# /etc/sysctl.conf
cat >>/etc/sysctl.conf<<EOF

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

net.ipv4.netfilter.ip_conntrack_max = 131072
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 8192    436600  873200
net.ipv4.tcp_wmem = 32768   436600  873200
net.ipv4.tcp_mem = 786432   1048576 1572864

net.ipv4.ip_local_port_range = 1024    65000
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3


net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_fin_timeout = 30

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.core.netdev_max_backlog =  262144
net.core.somaxconn = 262144


EOF