linux 系统初始化脚本
服务器初始化脚本,可以参考一下。
#!/bin/env bash
exportPATH=$PATH:/bin:/sbin:/usr/sbin
# Require root to run thisscript. 判断当前用户是否为root
if [[ "$(whoami)"!= "root" ]]; then
echo "Please run this script asroot." >&2
exit 1
fi
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
#每10分钟网络对时一次
crontab -l >>/tmp/crontab2.tmp
echo '*/10 * * * *(/usr/sbin/ntpdate ntp.abc.local;/usr/sbin/hwclock -w) >>/var/log/ntpdate.log 2>&1' >> /tmp/crontab2.tmp
crontab /tmp/crontab2.tmp
rm /tmp/crontab2.tmp
#设置shell控制台颜色、调整VIM编辑器设置
echo 'exportPS1="\[\e[36;1m\]\u@\[\e[31;1m\]\h\[\e[32;1m\]\w\[\e[33;1m\]\\$\[\e[0m\]"'>> /etc/profile
sed -i "8 s/^/aliasvi='vim'/" /root/.bashrc
cat>/root/.vimrc<<EOF
syntax on
set expandtab
set shiftwidth=4
set softtabstop=4
set tabstop=4
EOF
#禁用SELINUX
cp /etc/sysconfig/selinux/etc/sysconfig/selinux.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i'/SELINUX/s/\(enforcing\|permissive\)/disabled/' /etc/sysconfig/selinux
#关闭IPV6
cp /etc/modprobe.conf/etc/modprobe.conf.`date +"%Y-%m-%d_%H-%M-%S"`
echo "alias net-pf-10off" >> /etc/modprobe.conf
echo "alias ipv6off" >> /etc/modprobe.conf
echo "options ipv6disable=1" >> /etc/modprobe.conf
#修改SSH设置,取消不必要的功能
cp /etc/ssh/sshd_config/etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i '/GSSAPI/{s/yes/no/g};/UseDNS/ {s/.*/UseDNS no/};/^SyslogFacility/{s/AUTHPRIV/local5/g}' /etc/ssh/sshd_config
sed -i'/StrictHostKeyChecking/ {s/.*/StrictHostKeyChecking no/}' /etc/ssh/ssh_config
sed -i '$ a\# save sshdmessages also to sshd.log \nlocal5.* \t\t\t\t\t\t /var/log/sshd.log' /etc/syslog.conf
#导入it部分发、管理机的ssh公钥
mkdir -p /root/.ssh
echo 'ssh-yc2EAAAABIwAAAttssddddrwwewGok0HTeFeYtpZ7F19cQBaozlNEMy5LTO1Nra11g+ZOXrTZIiRRZh+LylwnD4ugF0x2gSKxsChP93VjBnCdnhYYjlI3W8ziMQmqUktMwKF5Pvlbmvvj81pkeNrvFx2ouS815d2K2O7M/BkfUTENK1Dz3EK2QIxdNTAZn/HW2tgiUIWTj9ZhNFnEPyGn2LMo/+X1tfuUdGfsSWWgEQSkrwjfbx22LLEGa8ZM/ostdh4qXnFsDHf5inUXBupddddddddjMXiQ==root@fenfa'>>/root/.ssh/authorized_keys
/etc/init.d/sshd reload
#关闭蓝牙、打印机等系统服务
SERVICES="acpid atdauditd avahi-daemon bluetooth cpuspeed cups cpuspeed firstboot hidd ip6tablesiptables isdn mcstrans messagebus pcscd yum-updatesd sendmail "
for service in $SERVICES
do
${CHKCONFIG} $service off
${SERVICE} $service stop
done
#调整系统网络设置、TCP优化等
mv /etc/sysctl.conf /etc/sysctl.conf.`date+"%Y-%m-%d_%H-%M-%S"`
echo -e"kernel.core_uses_pid = 1\n"\
"kernel.panic= 6\n"\
"fs.file-max= 980000\n"\
"kernel.msgmnb =65536\n"\
"kernel.msgmax =65536\n"\
"kernel.shmmax =68719476736\n"\
"kernel.shmall =4294967296\n"\
"kernel.sysrq =0\n"\
"net.core.netdev_max_backlog= 262144\n"\
"net.core.rmem_default= 8388608\n"\
"net.core.rmem_max =16777216\n"\
"net.core.somaxconn =262144\n"\
"net.core.wmem_default= 8388608\n"\
"net.core.wmem_max =16777216\n"\
"net.ipv4.conf.default.rp_filter= 1\n"\
"net.ipv4.conf.default.accept_source_route= 0\n"\
"net.ipv4.ip_forward =0\n"\
"net.ipv4.ip_local_port_range= 1024 65000\n"\
"net.ipv4.tcp_fin_timeout= 10\n"\
"net.ipv4.tcp_keepalive_time= 600\n"\
"net.ipv4.tcp_max_orphans= 3276800\n"\
"net.ipv4.tcp_max_syn_backlog= 262144\n"\
"net.ipv4.tcp_max_tw_buckets= 180000\n"\
"net.ipv4.tcp_sack =1\n"\
"net.ipv4.tcp_syn_retries= 1\n"\
"net.ipv4.tcp_synack_retries= 1\n"\
"net.ipv4.tcp_syncookies= 0\n"\
"net.ipv4.tcp_timestamps= 0\n"\
"net.ipv4.tcp_tw_recycle= 1\n"\
"net.ipv4.tcp_tw_reuse= 1\n"\
"net.ipv4.tcp_window_scaling= 1\n"\
"net.ipv4.tcp_mem =94500000 915000000 927000000\n"\
"net.ipv4.tcp_rmem =4096 87380 16777216\n"\
"net.ipv4.tcp_wmem =4096 16384 16777216\n" > /etc/sysctl.conf
sysctl -p
#修改系统进程打开文件的最大数目
cp/etc/security/limits.conf /etc/security/limits.conf.`date+"%Y-%m-%d_%H-%M-%S"`
sed -i '/# End offile/i\*\t\t-\tnofile\t\t65535' /etc/security/limits.conf
#取消ctrl+alt+del键的重启功能
cp /etc/inittab/etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i"s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -rnow/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
/sbin/init q