这个脚本是我借鉴某大神的脚本改写的(其实是赤裸裸的拿来用了),功能主要是实现系统自定义配置,搭建原始的linux环境模板,分享给大家,顺便分享个小诀窍:
复制代码后,请使用"notepad++"或其它编辑器打开此文档, "alt+0"将函数折叠后方便查阅 。
插句话,这个方法我是从雪松大神的[python实例手册] [shell实例手册]学到的,感谢他们的共享精神,一直在维护这两个手册的更新, 分享下着两个手册的地址:
[python实例手册] [shell实例手册] [LazyManage运维批量管理(shell/python两个版本)]
网盘更新下载地址: http://pan.baidu.com/s/1sjsFrmX
github更新下载地址: https://github.com/liquanzhou/ops_doc
下面就是我的脚本,可以给运维小伙伴借鉴成框架,自己写脚本时可以在这个基础上改哦,建议大家不要拿来就用,这个脚本中还有些不健全的地方,欢迎大家来找茬.
#!/bin/sh ##################################################################################### #auther:gushao #time:2015-5-11 #system: centos 6.5 #系统基础优化脚本,适用于xenserver虚拟机 ##################################################################################### #set env #export PATH=$PATH:/bin:/sbin:/usr/sbin #PATH没有配置且为空,才对其配置 #本版本适用于centos 6.5 ##################################################################################### #申明环境变量 export PATH=${PATH:-/bin:/sbin:/usr/sbin} export LANG="zh_CN.UTF-8" #Source funtion library. . /etc/init.d/functions #Require root to run this script if [[ "$(whoami)" != 'root' ]];then echo "please run this script as root" > $2 exit 1 fi #define cmd var SERVICE=`which service` CHKCONFIG=`which chkconfig` ##################################################################################### #申明环境变量 BACK_CONF=/root/back_conf ADJUST_CONF=/root/adjust_conf test -d $BACK_CONF || mkdir -p $BACK_CONF test -d $ADJUST_CONF || mkdir -p $ADJUST_CONF ##################################################################################### #申明设置变量 SSH_PORT=22 #saUserArr=(oldboy oldboy1 oldboy2) saUserArr=nginx saUserPass=nginx hostNameTmp=tomcat04.qhfax ip=your_IP IP_GATWAY=your_gatway_ip ##################################################################################### #01 软件准备 installTool(){ echo '"Development tools" "Chinese Support" ' yum -y groupinstall 'Development tools' 'Chinese Support' > /dev/null yum -y update > /dev/null action "01 软件更新成功" /bin/true yum install wget -y } #02 主机域名设置 initHostName(){ \cp /etc/hosts $BACK_CONF/hosts.$(date +%F) echo "$ip $hostNameTmp" >> /etc/hosts #使hostname生效 hostname $hostNameTmp action "02 主机名称设置成功!" /bin/true } #03 IP设置 initHostIP(){ cat > $ADJUST_CONF/ifcfg-eth0 << EOF DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=$ip NETMASK="255.255.255.0" GATEWAY=${IP_GATWAY} EOF sed -i "s/HOSTNAME=/HOSTNAME=$hostNameTMP/" /etc/sysconfig/network \cp /etc/sysconfig/network-scripts/ifcfg-eth0 $BACK_CONF/ifcfg-eth0.$(date +%F) cat $ADJUST_CONF/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0 if [ `cat /etc/hosts | grep $hostNameTmp | wc -l` -lt 1 ];then echo "$ip $hostNameTmp" >> /etc/hosts fi #使IP生效 /etc/init.d/network reload action "03 IP地址设置成功!" /bin/true } #04 设置正确的时区 initZone(){ if [ 'ZONE="Asia/Shanghai' == `cat /etc/sysconfig/clock` ];then cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo 'ZONE="Asia/Shanghai"' > /etc/sysconfig/clock fi action "04 时区已设置成功!" /bin/true } #05 时间同步 syncSystemTime(){ if [ `grep 0.0.0.123 /var/spool/cron/root | grep -v grep | wc -l ` -lt 1 ];then echo "*/5 * * * * root /usr/sbin/ntpdate 10.0.0.123 > /dev/null 2>&1 " >> /var/spool/cron/root fi action "05 同步系统时间成功!" /bin/true } #06 设置服务器字符编码 initI18n(){ cat > $ADJUST_CONF/i18n << EOF LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.GB2312:zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en" SYSFONT="latarcyrheb-sun16" EOF cmp $ADJUST_CONF/i18n /etc/sysconfig/i18n if [ $? -ne 0 ];then \cp /etc/sysconfig/i18n $BACK_CONF/i18n.$(date +%F) #此处需要修改,增加判断 cat $ADJUST_CONF/i18n > /etc/sysconfig/i18n source /etc/sysconfig/i18n grep LANG /etc/sysconfig/i18n action "06 字符编码已设置成功" /bin/true else action "06 字符编码已设置成功" /bin/true fi sleep 1 } #07 用户设置 AddSAUser(){ datetmp=`date +"%Y-%m-%d_%H-%M-%S"` #\cp /etc/sudoers /etc/sudoers.${datetmp} for((i=0;i<${#saUserArr[@]};i++)) do if [ `cat /etc/passwd | grep ${saUserArr[$1]} | wc -l` -lt 1 ];then useradd ${saUserArr[$1]} echo "${saUserPass}" | passwd ${saUserArr[$i]} --stdin action "07 添加新用户成功!" /bin/true else action "07 新用户已添加!" /bin/true fi echo "${saUserPass}" | passwd ${saUserArr[$i]} --stdin #config sudo perm #[ $(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL " /etc/sudoers|wc -l ) -le 0 ] && echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers #[ `grep "\%sa" | grep -v grep | wc -l` -ne 1 ] && echo "%sa ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers done #/usr/sbin/visudo -c #[ $? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers && echo $"Sudoers not configured -- exinging" && exit 1 sleep 1 } #08 文件打开数等资源设置 openFiles(){ cat > $ADJUST_CONF/limits.conf << EOF # nofile 可以被理解为是文件句柄数 文件描述符 还有socket数 * soft nofile 65535 * hard nofile 65535 # 最大进程数 * soft nproc 65535 * hard nproc 65535 EOF cmp $ADJUST_CONF/limits.conf /etc/security/limits.conf if [ $? -ne 0 ];then echo "----调整最大打开系统文件个数65535个------" \cp /etc/security/limits.conf $BACK_CONF/limits.conf.`date +%F` cat $ADJUST_CONF/limits.conf > /etc/security/limits.conf ulimit -HSn 65535 echo "ulimit -HSn 65535" >> /etc/rc.local action "08 调整打开系统文件个数成功!(修改后重新登录生效)" /bin/true else action "08 调整打开系统文件个数已配置!" /bin/true fi sleep 1 } #09 防火墙iptables设置 closeIptables(){ /etc/init.d/iptables stop action "09 已关闭iptables" /bin/true } #10 selinux设置 initFirewall(){ if [ `cat /etc/selinux/config | grep -v '#' | grep SELINUX=` != 'SELINUX=disabled' ];then \cp /etc/selinux/config $BACK_CONF/config.`date +%F` sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0 /etc/init.d/iptables status grep SELINUX=disabled /etc/selinux/config action "10 已关闭selinux" /bin/true else action "10 selinux均已关闭" /bin/true fi setenforce 0 sleep 1 } #11 sshd设置 initSsh(){ cat > $ADJUST_CONF/sshd_config << EOF PORT $SSH_PORT Protocol 2 Compression yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile.ssh/authorized_keys PermitRootLogin yes UseDns no SyslogFacility AUTHPRIV PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS X11Forwarding no Subsystem sftp /usr/libexec/openssh/sftp-server EOF cmp $ADJUST_CONF/sshd_config /etc/ssh/sshd_config if [ $? -ne 0 ];then \cp /etc/ssh/sshd_config $BACK_CONF/sshd_config.`date +%F` cat $ADJUST_CONF/sshd_config > /etc/ssh/sshd_config egrep "UseDns|52113|PermitRootLogin|PeermitEmpPasswords" /etc/ssh/sshd_config /etc/init.d/sshd reload && action "11 ssh已配置完成!" /bin/true || action "11 ssh已配置完成!" /bin/false else action "11 ssh已配置完成!" /bin/true fi sleep 1 } #12 禁止ctrl+alt+del三键重启系统 init_safe(){ cp /etc/init/control-alt-delete.conf $BACK_CONF/control-alt-delete.conf.`date +F` sed -i 's#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#\#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#g' /etc/init/control-alt-delete.conf action "12 禁止ctrl+alt+del三键重启系统" /bin/true } #13 禁止IPv6 disableIPV6(){ if [ `cat /etc/modprobe.conf | grep "alias net-pf-10 off" | wc -l` -lt 1 ];then cp /etc/modprobe.conf $BACK_CONF/modprobe.conf.`date +%F` echo "alias net-pf-10 off" >> /etc/modprobe.conf echo "alias ipv6 off" >> /etc/modprobe.conf fi action $"13 禁止使用IPV6" /bin/true } #14 yum源配置 ConfigYum(){ echo "Config Yum CentOS-Base.repo" #\cp的作用是逃离别名 if [ ! -f "/etc/yum.repos.d/epel.repo" ];then \cp CentOS-Base.repo CentOS-Base.repo.bak.$(date +%F) ping -c 1 baidu.com > /dev/null [ ! $? -eq 0 ] && echo "Networking not configured -- exiting" && exit 1 rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 else echo "YUM源已进行过优化" fi } #15 基础服务 initService(){ echo "Close Nouseful Service" export LANG="en_US.UTF-8" for i in `chkconfig --list | grep 3:on | awk '{print $1}'`;do chkconfig --level 3 $i off ; done for i in cron syslog sshd;do chkconfig --level 3 $i on ; done export LANG="zh_CN.UTF-8" echo "Close Nouserful service ->OK" sleep 1 } #16 内核优化 optimizationKernel(){ echo " 优化系统内核------------>" \cp /etc/sysctl.conf $BACK_CONF/sysctl.conf.`date +%F` cat >> /etc/sysctl.conf <<EOF net.ipv4.tcp_timestamps = on net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_mem = 945000000 914000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.core_wmem_default = 8388608 net.ipv4.core_rmem_default = 8388608 net.ipv4.core_wmem_max = 16777216 net.ipv4.core_rmem_max = 16777216 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 net.ipv4.core.netdev_max_backlog = 32768 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_max_syn_backlog = 65536 net.ipv4.ip_local_port_range = 1024 65535 EOF /sbin/sysctl -p && action $"内核优化:" /bin/true || action $"内核优化:" /bin/false } installTool initHostName #initHostIp initZone #syncSystemTime #initI18n AddSAUser openFiles closeIptables initFirewall initSsh init_safe #disableIPV6 #optimizationKernel #ConfigYum #initService