centos7初始化脚本
# init centos7 ./centos7-init.sh 主机名
# 检查是否为root用户,脚本必须在root权限下运行if [[ "$(whoami)" != "root" ]]; thenecho "please run this script as root !" >&2exit 1fiecho -e "\033[31m the script only Support CentOS_7 x86_64 \033[0m"echo -e "\033[31m system initialization script, Please Seriously. press ctrl+C to cancel \033[0m"
# 检查是否为64位系统,这个脚本只支持64位脚本platform=`uname -i`if [ $platform != "x86_64" ];thenecho "this script is only for 64bit Operating System !"exit 1fi
if [ "$1" == "" ];thenecho "The host name is empty."exit 1elsehostnamectl --static set-hostname $1hostnamectl set-hostname $1fi
cat << EOF+---------------------------------------+| your system is CentOS 7 x86_64 || start optimizing |+---------------------------------------+EOFsleep 1
# 安装必要支持工具及软件工具yum_update(){yum update -yyum install -y nmap unzip wget vim lsof xz net-tools iptables-services ntpdate ntp-doc psmisc}
# 设置时间同步 set timezone_time(){timedatectl set-timezone Asia/Shanghai/usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1/usr/sbin/hwclock --systohc/usr/sbin/hwclock -wcat > /var/spool/cron/root << EOF10 0 * * * /usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1* * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1EOFchmod 600 /var/spool/cron/root/sbin/service crond restartsleep 1}
# 修改文件打开数 set the file limitlimits_config(){cat > /etc/rc.d/rc.local << EOF
touch /var/lock/subsys/localulimit -SHn 1024000EOF
sed -i "/^ulimit -SHn.*/d" /etc/rc.d/rc.localecho "ulimit -SHn 1024000" >> /etc/rc.d/rc.local
sed -i "/^ulimit -s.*/d" /etc/profilesed -i "/^ulimit -c.*/d" /etc/profilesed -i "/^ulimit -SHn.*/d" /etc/profile
cat >> /etc/profile << EOFulimit -c unlimitedulimit -s unlimitedulimit -SHn 1024000EOF
source /etc/profileulimit -acat /etc/profile | grep ulimit
if [ ! -f "/etc/security/limits.conf.bak" ]; thencp /etc/security/limits.conf /etc/security/limits.conf.bakfi
cat > /etc/security/limits.conf << EOF* soft nofile 1024000* hard nofile 1024000* soft nproc 1024000* hard nproc 1024000hive - nofile 1024000hive - nproc 1024000EOF
if [ ! -f "/etc/security/limits.d/20-nproc.conf.bak" ]; thencp /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bakfi
cat > /etc/security/limits.d/20-nproc.conf << EOF* soft nproc 409600root soft nproc unlimitedEOF
sleep 1}
# 优化内核参数 tune kernel parametressysctl_config(){if [ ! -f "/etc/sysctl.conf.bak" ]; thencp /etc/sysctl.conf /etc/sysctl.conf.bakfi
#addcat > /etc/sysctl.conf << EOFnet.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_keepalive_time = 600net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl =15net.ipv4.tcp_retries1 = 3net.ipv4.tcp_retries2 = 5net.ipv4.tcp_fin_timeout = 10net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_syncookies = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_max_tw_buckets = 60000net.ipv4.tcp_max_orphans = 32768net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_wmem = 4096 16384 13107200net.ipv4.tcp_rmem = 4096 87380 17476000net.ipv4.ip_local_port_range = 1024 65000net.ipv4.ip_forward = 1net.ipv4.route.gc_timeout = 100net.core.somaxconn = 32768net.core.netdev_max_backlog = 32768net.nf_conntrack_max = 6553500net.netfilter.nf_conntrack_max = 6553500net.netfilter.nf_conntrack_tcp_timeout_established = 180vm.overcommit_memory = 1vm.swappiness = 1fs.file-max = 1024000EOF
#reload sysctl/sbin/sysctl -psleep 1}
# 设置UTF-8 LANG="zh_CN.UTF-8"LANG_config(){echo "LANG=\"en_US.UTF-8\"">/etc/locale.confsource /etc/locale.conf}
#关闭SELINUX disable selinuxselinux_config(){sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configsetenforce 0sleep 1}
#日志处理log_config(){setenforce 0systemctl start systemd-journaldsystemctl status systemd-journald}
# 关闭防火墙firewalld_config(){/usr/bin/systemctl stop firewalld.service/usr/bin/systemctl disable firewalld.service}
# SSH配置优化 set sshd_configsshd_config(){if [ ! -f "/etc/ssh/sshd_config.bak" ]; thencp /etc/ssh/sshd_config /etc/ssh/sshd_config.bakfi
cat >/etc/ssh/sshd_config<<EOFPort 22AddressFamily inetListenAddress 0.0.0.0Protocol 2HostKey /etc/ssh/ssh_host_rsa_keyHostKey /etc/ssh/ssh_host_ecdsa_keyHostKey /etc/ssh/ssh_host_ed25519_keySyslogFacility AUTHPRIVPermitRootLogin yesMaxAuthTries 6RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keysPasswordAuthentication yesChallengeResponseAuthentication noUsePAM yesUseDNS noX11Forwarding yesUsePrivilegeSeparation sandboxAcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGESAcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENTAcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGEAcceptEnv XMODIFIERSSubsystem sftp /usr/libexec/openssh/sftp-serverEOF/sbin/service sshd restart}
# 关闭ipv6 disable the ipv6ipv6_config(){echo "NETWORKING_IPV6=no">/etc/sysconfig/networkecho 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6echo "127.0.0.1 localhost localhost.localdomain">/etc/hosts#sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' /etc/sysconfig/network-scripts/ifcfg-enp0s8
for line in $(ls -lh /etc/sysconfig/network-scripts/ifcfg-* | awk -F '[ ]+' '{print $9}')doif [ -f $line ]thensed -i 's/IPV6INIT=yes/IPV6INIT=no/g' $lineecho $ifidone}
# 设置历史命令记录格式 historyhistory_config(){export HISTFILESIZE=10000000export HISTSIZE=1000000export PROMPT_COMMAND="history -a"export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "##export HISTTIMEFORMAT="{\"TIME\":\"%F %T\",\"HOSTNAME\":\"\$HOSTNAME\",\"LI\":\"\$(who -u am i 2>/dev/null| awk '{print \$NF}'|sed -e 's/[()]//g')\",\"LU\":\"\$(who am i|awk '{print \$1}')\",\"NU\":\"\${USER}\",\"CMD\":\""cat >>/etc/bashrc<<EOFalias vi='vim'HISTDIR='/var/log/command.log'if [ ! -f \$HISTDIR ];thentouch \$HISTDIRchmod 666 \$HISTDIRfiexport HISTTIMEFORMAT="{\"TIME\":\"%F %T\",\"IP\":\"\$(ip a | grep -E '192.168|172' | head -1 | awk '{print \$2}' | cut -d/ -f1)\",\"LI\":\"\$(who -u am i 2>/dev/null| awk '{print \$NF}'|sed -e 's/[()]//g')\",\"LU\":\"\$(who am i|awk '{print \$1}')\",\"NU\":\"\${USER}\",\"CMD\":\""export PROMPT_COMMAND='history 1|tail -1|sed "s/^[ ]\+[0-9]\+ //"|sed "s/$/\"}/">> /var/log/command.log'EOFsource /etc/bashrc}
# 服务优化设置service_config(){/usr/bin/systemctl enable NetworkManager-wait-online.service/usr/bin/systemctl start NetworkManager-wait-online.service/usr/bin/systemctl stop postfix.service/usr/bin/systemctl disable postfix.servicechmod +x /etc/rc.localchmod +x /etc/rc.d/rc.local#ls -l /etc/rc.d/rc.local}
# VIM设置vim_config(){cat > /root/.vimrc << EOFset history=1000
EOF
#autocmd InsertLeave * se cul#autocmd InsertLeave * se nocul#set nu#set bs=2#syntax on#set laststatus=2#set tabstop=4#set go=#set ruler#set showcmd#set cmdheight=1#hi CursorLine cterm=NONE ctermbg=blue ctermfg=white guibg=blue guifg=white#set hls#set cursorline#set ignorecase#set hlsearch#set incsearch#set helplang=cn}
# donedone_ok(){touch /var/log/init-okcat << EOF+-------------------------------------------------+| optimizer is done || it's recommond to restart this server ! || Please Reboot system |+-------------------------------------------------+EOF}
# mainmain(){yum_updatezone_timelimits_configsysctl_configLANG_configselinux_configlog_configfirewalld_configsshd_configipv6_confighistory_configservice_configvim_configdone_ok}main
评论