CentOS 6.5初始化优化脚本,centos6.5
CentOS 6.5初始化优化脚本,centos6.5
#!/bin/bash
echo"这个是系统初始化脚本,请慎重运行!"
input_fun()
{
OUTPUT_VAR=$1
INPUT_VAR=""
while[-z$INPUT_VAR];do
read-p"$OUTPUT_VAR"INPUT_VAR
done
echo$INPUT_VAR
}
input_again()
{
MYHOSTNAME=$(input_fun"pleaseinputthehostname:")
DOMAINNAME=$(input_fun"pleaseinputthedomainname:")
CARD_TYPE=$(input_fun"pleaseinputcardtype(eth0):")
IPADDR=$(input_fun"pleaseinputipaddress(192.168.100.1):")
NETMASK=$(input_fun"pleaseinputnetmask(255.255.255.0):")
GATEWAY=$(input_fun"pleaseinputgateway(192.168.100.1):")
MYDNS1=$(input_fun"pleaseinputDNS1(114.114.114.114):")
MYDNS2=$(input_fun"pleaseinputDNS2(8.8.4.4):")
}
input_again
MAC=$(ifconfig$CARD_TYPE|grep"HWaddr"|awk-F[""]+'{print$5}')
#SETCOMPUTERNAME
cat>/etc/sysconfig/network<<ENDF
NETWORK=yes
HOSTNAME=$MYHOSTNAME
ENDF
cat>/etc/sysconfig/network-scripts/ifcfg-$CARD_TYPE<<ENDF
DEVICE=$CARD_TYPE
BOOTPROTO=static
HWADDR=$MAC
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
IPADDR=$IPADDR
NETMASK=$NETMASK
GATEWAY=$GATEWAY
ENDF
/etc/init.d/networkrestart
cat>/etc/hosts<<ENDF
127.0.0.1$MYHOSTNAME$MYHOSTNAME.$DOMAINNAMElocalhost
$IPADDR$MYHOSTNAME$MYHOSTNAME.$DOMAINNAMElocalhost
ENDF
cat>/etc/resolv.conf<<ENDF
domain$DOMAINNAME
search$DOMAINNAME
nameserver$MYDNS1
nameserver$MYDNS2
ENDF
#关闭SEKINUX
sed-i's/SELINUX=enforcing/SELINUX=disabled/g'/etc/sysconfig/selinux
setenforce0
#修改文件打开数
echo"*softnofile66666">>/etc/security/limits.conf
echo"*hardnofile66666">>/etc/security/limits.conf
#优化内核参数
cat>>/etc/sysctl.conf<<ENDF
net.ipv4.tcp_max_syn_backlog=65536
net.core.netdev_max_backlog=32768
net.core.somaxconn=32768
net.core.wmem_default=8388608
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_tw_recycle=1
#net.ipv4.tcp_tw_len=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_mem=94500000915000000927000000
net.ipv4.tcp_max_orphans=3276800
net.ipv4.ip_local_port_range=102465535
ENDF
sysctl-p
#关闭系统不用的服务
forserverin`chkconfig--list|grep3:on|awk'{print$1}'`
do
chkconfig--level3$serveroff
done
forserverincrondnetworkrsyslogsshd
do
chkconfig--level3$serveron
done
#增加用户并sudo提权
user_add()
{
USERNAME=$(input_fun"pleaseinputnewusername:")
useradd$USERNAME
passwd$USERNAME
}
user_add
chmod+w/etc/sudoers
echo"$USERNAMEALL=(ALL)ALL">>/etc/sudoers
chmod-w/etc/sudoers
#设置时间时区同步
yum-yinstallntpdate
/usr/sbin/ntpdatetime.nist.gov
echo"*/5****root/usr/sbin/ntpdatetime.nist.gov1>/dev/null2>&1">>/var/spool/cron/root
#配置SSHD
sed-i'/^#Port/s/#Port22/Port65535/g'/etc/ssh/sshd_config
sed-i'/^#UseDNS/s/#UseDNSyes/UseDNSno/g'/etc/ssh/sshd_config
sed-i's/#PermitRootLoginyes/PermitRootLoginno/g'/etc/ssh/sshd_config
sed-i's/#PermitEmptyPasswordsno/PermitEmptyPasswordsno/g'/etc/ssh/sshd_config
iptables-AINPUT-ptcp--dport65535-jACCEPT
/etc/init.d/sshdrestart
评论暂时关闭