| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | #!/bin/bash echo "这个是系统初始化脚本,请慎重运行!" input_fun() { OUTPUT_VAR=$1 INPUT_VAR= "" while [ -z $INPUT_VAR ]; do read -p "$OUTPUT_VAR" INPUT_VAR done echo $INPUT_VAR } input_again() { MYHOSTNAME=$(input_fun "please input the hostname:" ) DOMAINNAME=$(input_fun "please input the domainname:" ) CARD_TYPE=$(input_fun "please input card type(eth0):" ) IPADDR=$(input_fun "please input ip address(192.168.100.1):" ) NETMASK=$(input_fun "please input netmask(255.255.255.0):" ) GATEWAY=$(input_fun "please input gateway(192.168.100.1):" ) MYDNS1=$(input_fun "please input DNS1(114.114.114.114):" ) MYDNS2=$(input_fun "please input DNS2(8.8.4.4):" ) } input_again MAC=$( ifconfig $CARD_TYPE | grep "HWaddr" | awk -F[ " " ]+ '{print $5}' ) #SET COMPUTER NAME cat > /etc/sysconfig/network <<ENDF NETWORK= yes HOSTNAME=$MYHOSTNAME ENDF cat > /etc/sysconfig/network-scripts/ifcfg- $CARD_TYPE <<ENDF DEVICE=$CARD_TYPE BOOTPROTO=static HWADDR=$MAC NM_CONTROLLED= yes ONBOOT= yes TYPE=Ethernet IPV6INIT=no IPADDR=$IPADDR NETMASK=$NETMASK GATEWAY=$GATEWAY ENDF /etc/init .d /network restart cat > /etc/hosts <<ENDF 127.0.0.1 $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost $IPADDR $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost ENDF cat > /etc/resolv .conf <<ENDF domain $DOMAINNAME search $DOMAINNAME nameserver $MYDNS1 nameserver $MYDNS2 ENDF #关闭SEKINUX sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux setenforce 0 #修改文件打开数 echo "* soft nofile 66666" >> /etc/security/limits .conf echo "* hard nofile 66666" >> /etc/security/limits .conf #优化内核参数 cat >> /etc/sysctl .conf << ENDF net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65535 ENDF sysctl -p #关闭系统不用的服务 for server in `chkconfig --list | grep 3:on| awk '{ print $1}' ` do chkconfig --level 3 $server off done for server in crond network rsyslog sshd do chkconfig --level 3 $server on done #增加用户并sudo提权 user_add() { USERNAME=$(input_fun "please input new user name:" ) useradd $USERNAME passwd $USERNAME } user_add chmod +w /etc/sudoers echo "$USERNAME ALL=(ALL) ALL" >> /etc/sudoers chmod -w /etc/sudoers #设置时间时区同步 yum -y install ntpdate /usr/sbin/ntpdate time .nist.gov echo "*/5 * * * * root /usr/sbin/ntpdate time.nist.gov 1> /dev/null 2>&1" >> /var/spool/cron/root #配置SSHD sed -i '/^#Port/s/#Port 22/Port 65535/g' /etc/ssh/sshd_config sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config iptables -A INPUT -p tcp --dport 65535 -j ACCEPT /etc/init .d /sshd restart |