centos 5 系统安装后

在centOS 5 的系统安装后如果是最小化安安装第一步要配置yum:

cd /usr/local/src
wget http://mirrors.ustc.edu.cn/fedora/epel//5/x86_64/epel-release-5-4.noarch.rpm
rpm -ivh epel-release-5-4.noarch.rpm
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

或者也可以:

wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
mv  CentOS6-Base-163.repo /etc/yum.repos.d/

安装后如果你要安装lnmp环境需要用yum安装下面这些应该就可以了:

yum -y install lrzsz wget make apr* autoconf automake curl-devel gcc gcc-c++ zlib-devel openssl openssl-devel pcre-devel gd  kernel keyutils  patch  perl kernel-headers compat* mpfr cpp glibc libgomp libstdc++-devel ppl cloog-ppl keyutils-libs-devel libcom_err-devel libsepol-devel libselinux-devel krb5-devel zlib-devel libXpm* freetype libjpeg* libpng* php-common php-gd ncurses* libtool* libxml2 libxml2-devel patch

在用yum安装一些需要的的软件之后:

#!/bin/sh
PWD_PATH=`pwd`
#set DNS
> /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver $IP[自定义]" >> /etc/resolv.conf
echo "nameserver $IP[自定义]" >> /etc/resolv.conf
#set hosts
> /etc/hosts
echo "127.0.0.1               localhost.localdomain localhost" > /etc/hosts
#Disable SSH1 Protocol
sed -i 's/#Protocol 2,1/Protocol 2/' /etc/ssh/sshd_config
sed -i 's/#Port 22/Port [自定义]/' /etc/ssh/sshd_config
chmod 600 /etc/ssh/sshd_config
service sshd restart
#Change System Level
sed -i 's/id\:5/id\:3/g' /etc/inittab  
#Change Ulimit Size
grep 65536 /etc/security/limits.conf
if [ $? = 1 ];then
echo "*  soft  nofile 655360" >> /etc/security/limits.conf
echo "*  hard  nofile 655360" >> /etc/security/limits.conf
echo "*  soft  nproc  65536" >> /etc/security/limits.conf
echo "*  hard  nproc  65536" >> /etc/security/limits.conf
else
OPEN_FILE=`ulimit -n`
echo "System Open File Size:'$OPEN_FILE'"
echo "ulimit has change..."
sleep 5
fi
SYS_VER=`uname -m`
if [ $SYS_VER = x86_64 ];then
grep "pam_limits.so" /etc/pam.d/login
if [ $? = 1 ];then
echo "session    required     /lib64/security/pam_limits.so" >> /etc/pam.d/login
else
echo "/etc/pam.d/login has change ..."
fi
else
grep "pam_limits.so" /etc/pam.d/login
if [ $? = 1 ];then
echo "session    required     /lib/security/pam_limits.so" >> /etc/pam.d/login
else
echo "/etc/pam.d/login has change ..."
fi
fi
#Change stack size 1M
STACK_SIZE=`ulimit -s`
grep "ulimit -s 1024" /etc/profile
if [ $? != 0 ];then
sed -i '/ulimit\ -S\ -c\ 0/ a\ulimit -s 1024' /etc/profile
source /etc/profile
else
echo "STACK_SIZE is Ture"
fi
#delete user
echo "*************************************************************"
echo "del user begin !!!!!!!!!!"
echo "*************************************************************"
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel ftp
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel dip
echo "delete user finish!!!!!"
#日志文件的属性设置
chattr +i /var/log/messages.*
chattr +a /var/log/messages
#禁用IP源路由,一般做NAT用的
for f in /proc/sys/net/ipv4/conf/*/accept_source_route
do echo 0 >$f
done
#系统参数设定
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
#Coles Service
echo "*************************************************************"
echo "Now we will shut down some unneccessary services in our server"
echo "*************************************************************"
service anacron stop
service atd stop
service autofs stop
service cpuspeed stop
service cups stop
service gpm stop
service isdn stop
service kudzu stop
service lvm2-monitor stop
service netfs stop
service nfslock stop
service pcmcia stop
service rawdevices stop
service rhnsd stop
service rpcidmapd stop
service sendmail stop
service smartd stop
service mdmonitor stop
service rpcgssd stop
service xfs stop
service portmap stop
service avahi-daemon stop
chkconfig --level 345 anacron off
chkconfig --level 345 atd off
chkconfig --level 345 autofs off
chkconfig --level 345 cpuspeed off
chkconfig --level 345 cups off
chkconfig --level 345 gpm off
chkconfig --level 345 isdn off
chkconfig --level 345 kudzu off
chkconfig --level 345 lvm2-monitor off
chkconfig --level 345 netfs off
chkconfig --level 345 nfslock off
chkconfig --level 345 pcmcia off
chkconfig --level 345 portmap off
chkconfig --level 345 rawdevices off
chkconfig --level 345 rhnsd off
chkconfig --level 345 rpcidmapd off
chkconfig --level 345 sendmail off
chkconfig --level 345 smartd off
chkconfig --level 345 mdmonitor off
chkconfig --level 345 rpcgssd off
chkconfig --level 345 xfs off
chkconfig --level 345 avahi-daemon off
sleep 3
#Other Setting
chmod 700 /etc/security/console.apps/
chmod 700 /etc/init.d/ -R
grep HISTSIZE /etc/profile
if [ $? = 0 ];then
sed -i 's/HISTSIZE=1000/HISTSIZE=30/g' /etc/profile
else
echo "histsize has change"
fi
grep "TMOUT=1800" /etc/profile
if [ $? != 0 ];then
sed -i '/HISTSIZE=30/ a\TMOUT=1800' /etc/profile
source /etc/profile
else
echo "TMOUT has Change"
fi


你可能感兴趣的:(优化,linux,安全,linux初始化)