#!/bin/bash ################################################# # File Name: optimize-init_sys.sh # Author: Energy # Mail: admin@znix.top # Function: system optimize scripts ################################################# #optimization linux system . /etc/init.d/functions #change system directory: create seripts/software directory function change_dir(){ ShellDir="/server/scripts" SoftwareDir="/server/tools" mkdir -p $ShellDir &&\ mkdir -p $SoftwareDir } # input info verify function info_verify(){ read -p "Please make sure the information you entered (yes|no): " info case "$info" in y*|Y*) continue ;; n*|N*) exit 1 ;; esac } #change system hostname function change_hostname(){ read -p "Please input hostname: " HostName info_verify hostname $HostName &&\ sed -i "2s/=.*$/=$HostName/g" /etc/sysconfig/network &&\ chk_hosts=$(grep -o "\b$HostName\b" /etc/hosts) get_ip=$(ifconfig eth0|awk -F "[ :]+" 'NR==2 {print $4}') if [ -z $chk_hosts ] then echo "$get_ip $HostName" >>/etc/hosts else continue fi } #boot system optimize: setup chkconfig function change_chkconfig(){ Boot_options="$1" for boots in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "$Boot_options"` do chkconfig $boots off done } #setup system optimize: setup ulimit function change_ulimit(){ grep "* - nofile 65535" /etc/security/limits.conf >/dev/null 2>&1 if [ $? -ne 0 ] then echo '* - nofile 65535' >>/etc/security/limits.conf fi } #setup system optimize: setup sysctl function change_sysctl(){ cat /tmp/sysctl.conf >/etc/sysctl.conf &&\ modprobe bridge &>/dev/null &&\ sysctl -p &>/dev/null } #sshd software optimize: change sshd_conf function change_sshdfile(){ SSH_Port="port 22" SSH_ListenAddress=$(ifconfig eth0|awk -F "[ :]+" 'NR==2 {print $4}') SSH_PermitRootLogin="PermitRootLogin no" SSH_PermitEmptyPassword="PermitEmptyPasswords no" SSH_GSSAPI="GSSAPIAuthentication no" SSH_DNS="useDNS no" #sed -i -e "13s/.*/$SSH_Port/g" /etc/ssh/sshd_config #sed -i -e "15s/.*/ListenAddress $SSH_ListenAddress/g" /etc/ssh/sshd_config #sed -i -e "42s/.*/$SSH_PermitRootLogin/g" /etc/ssh/sshd_config #sed -i -e "65s/.*/$SSH_PermitEmptyPassword/g" /etc/ssh/sshd_config sed -i -e "81s/.*/$SSH_GSSAPI/g" /etc/ssh/sshd_config sed -i -e "122s/.*/$SSH_DNS/g" /etc/ssh/sshd_config } #selinux software optimize: change disable function change_selinux(){ sed -i 's#SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config &&\ setenforce 0 } #firewall software optimize: change stop function change_firewall(){ /etc/init.d/iptables stop >/dev/null 2>&1 } #crond software optimize: time synchronization function change_update(){ grep -i "#crond-id-001" /var/spool/cron/root >/dev/null 2>&1 if [ $? -ne 0 ] then echo '#crond-id-001:time sync by hq' >>/var/spool/cron/root echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1">>/var/spool/cron/root fi } #update yum info function update_yum(){ wget -q -O /etc/yum.repos.d/CentOS-Base.repo wget -q -O /etc/yum.repos.d/epel.repo } #change profile file info function change_profile(){ grep "PS1" /etc/profile >>/dev/null 2>&1 if [ $? -ne 0 ] then echo "PS1='\[\e[32;1m\][\u@\h \W]\\$ \[\e[0m\]'" >>/etc/profile fi grep "alias grep" /etc/profile >>/dev/null 2>&1 if [ $? -ne 0 ] then echo "alias grep='grep --color=auto'" >>/etc/profile echo "alias ll='ls -l --color=auto --time-style=long-iso'" >>/etc/profile fi source /etc/profile } function main(){ change_dir change_hostname change_chkconfig "crond|network|rsyslog|sshd|sysstat" change_ulimit change_sysctl change_sshdfile change_selinux change_firewall change_update update_yum change_profile } main action "system optimize complete" /bin/true
2.1 架构优化脚本内容
适用于 #centos6.x 系统
2.1.1 更改yum源mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup wget -O /etc/yum.repos.d/CentOS-Base.repo wget -O /etc/yum.repos.d/epel.repo
2.1.2 关闭selinuxsed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config grep SELINUX=disabled /etc/selinux/config setenforce 0 getenforce
2.1.3 关闭关防火墙/etc/init.d/iptables stop /etc/init.d/iptables stop chkconfig iptables off
2.1.4 精简开机自启动服务chkconfig |egrep -v "sshd|network|crond|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash export LANG=en chkconfig --list|grep 3:on
2.1.5 提权oldboy可以sudo(可选)useradd oldboy \cp /etc/sudoers /etc/sudoers.ori echo "oldboy ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers tail -1 /etc/sudoers visudo -c
2.1.6 中文字符集(不用做)cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori echo 'LANG="zh_CN.UTF-8"' >/etc/sysconfig/i18n source /etc/sysconfig/i18n echo $LANG
2.1.7 时间同步