Copyright statement: This article is an original article by Shaon Puppet. Please indicate the original address for reprinting. Thank you very much. https://blog.csdn.net/wh211212/article/details/52817795
#! /bin/bash
#################################################
#################################################
#################################################
#################################################
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use root to initialization OS"
exit 1
fi
echo "+------------------------------------------------------------------------+"
echo "| To initialization the system for security and performance |"
echo "+------------------------------------------------------------------------+"
check_hosts()
{
hostname=hostname
if grep -Eqi '^127.0.0.1[[:space:]]*localhost' /etc/hosts; then
echo "Hosts: ok."
else
echo "127.0.0.1 localhost.localdomain $hostname" >> /etc/hosts
fi
ping -c1 www.aniu.tv
if [ $? -eq 0 ] ; then
echo "DNS...ok"
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
else
echo "DNS...fail"
echo -e "nameserver 8.8.8.8\nnameserver 114.114.114.114" > /etc/resolv.conf
fi
}
set_timezone()
{
echo "Setting timezone..."
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo "[+] Installing ntp..."
yum install ntpdate -y
/usr/sbin/ntpdate pool.ntp.org
echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1' > /var/spool/cron/root;chmod 600 /var/spool/cron/root
/sbin/service crond restart
}
update(){
yum -y update
yum -y install wget vim unzip openssl-devel gcc gcc-c++ sysstat iotop openssh-clients telnet lsof
echo "yum update && yum install common command ......... succeed."
}
selinux()
{
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo "disbale selinux ..................succeed."
}
#{
#}
limits_config()
{
cat >> /etc/security/limits.conf <<EOF
echo "ulimit -SHn 65535" >> /etc/rc.local
}
ulimit -n 8192
stop_server()
{
echo "stop not nessccery services!"
for server in chkconfig --list |grep 3:on|awk '{ print $1}'
do
chkconfig --level 3 $server off
done
for server in crond network rsyslog sshd lvm2-monitor sysstat netfs blk-availability udev-post
do
chkconfig --level 3 $server on
done
}
sshd_config(){
sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
/etc/init.d/sshd restart
echo "set sshd && restat sshd succedd!"
}
iptables(){
/etc/init.d/iptables stop
chkconfig --level 3 iptables off
echo "alias net-pf-10 off" >> /etc/modprobe.d/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.d/modprobe.conf
echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network
chkconfig --level 3 ip6tables off
/etc/init.d/ip6tables stop
echo "iptables is stop && ipv6 is disabled!"
}
other(){
sed -i 's/^id:.*$/id:3:initdefault:/' /etc/inittab
/sbin/init q
echo "TMOUT=7200" >> /etc/profile
sed -i 's/^HISTSIZE=.*$/HISTSIZE=1000/' /etc/profile
sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
sed -i 's/exec /sbin/shutdown -r now "Control-Alt-Delete pressed"/#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"/g' /etc/init/control-alt-delete.conf
source /etc/profile
}
delete_user()
{
echo "delete not use user"
echo ""
for user in adm lp sync shutdown halt uucp operator gopher
do userdel $user ; done
}
sysctl_add(){
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_synack_retries = 0
net.ipv4.tcp_max_syn_backlog = 20480
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 10
fs.file-max = 819200
net.core.somaxconn = 65536
net.core.rmem_max = 1024123000
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 165536
net.ipv4.ip_local_port_range = 10000 65535
EOF
sysctl -p
}
main(){
check_hosts
set_timezone
selinux
update
limits_config
stop_server
sshd_config
iptables
other
delete_user
sysctl_add
}
main
echo "+------------------------------------------------------------------------+"
echo "| To initialization system all completed !!! |"
echo "+------------------------------------------------------------------------+"
Recommended Posts