脚本是我师傅刘松维护并且更新的。主要用于CentOS 5.x的装机后的优化。copy过来和大家分享。
#!/bin/env bash
#################################################################################
# WARNING - Read First Before Running This
# Running this script maybe HARMFUL to your system. Therefor, the user shall
# carefully read all of this script and bear the relevant risks by
# himself/herself. Running this script means the user accepting agreement above.
#################################################################################
################################################################################
# Centos Tweak script for server
# Licenced under GPLv3
# Writen by: leo <leo.ss.pku@gmail.com>
# Inspired by: yzhkpli@gmail.com
# Feed back:
################################################################################
################################################################################
# History:
# 2012-12-22:
# + add bash-completion.
# * Fixed a bug of adding noatime option for ext3.
# * Fixed a bug of disable env reset in sudoer.
# - remove sohu dag yum repository.
# 2011-7-11:
# + Disable reseting enviroment varirables while sudo.
# 2010-10-28:
# Fixed:
# Disable CentALT yum repo by default.
# Change running ntpdate from daily to weekly.
# Change default VIM coloscheme from elflord to delek.
# Fixed auto yes(-y) while install fail2ban by yum.
# Add:
# Add expandta & autoindent in /etc/vimrc.
# Add auto start fail2ban after install fail2ban.
# 2010-09-26:
# Fixed:
# A bug while generating /etc/yum.repo.d/dag-sohu.repo.
# Change this file to UTF8-NOBOM.
# Add:
# CentALT yum repository(/etc/yum.repo.d/centalt.repo) while the OS is RHEL/CentOS 5.
# 2010-09-11:
# Add:
# Install fail2ban to prevent password exhaustion attacking and set ban time as 12 hours.(default not effect. recommend uncomment if your server had public IP.)
# Fixed:
# Command not found bug when running by sudo.
# 2010-08-25:
# Add:
# Disable Ctrl+Alt+Del rebooting(thanks 181789871).(default not effect. uncommnet to take effect.)
# Add README file.
# 2010-08-18:
# Fixed:
# A bug while exporting path into /etc/bashrc caused by "\"(thanks 181789871).
# 2010-08-16:
# Add:
# Close the tty between second and sixth(thanks selboo).
# Increase default open file limits from 1024 to 65525.
# 2010-08-14:
# Fixed:
# Optimize code of disabling selinux(thanks huichrist)
# 2010-08-10:
# Fixed:
# Disable ius yum repository by default.
# 2010-08-09:
# Add:
# Tweak enviroment like PATH, LDFLAGS and LD_LIBRARY_PATH for easy using sudo.
# 2010-08-08:
# Add:
# Firstly check running this script as root.
# Disable gpgcheck and plugins for running fastly.
# Increase yum cache expire time from 1h to 24h.
# Turn off auto running fsck while days duration.
# Turn off writing file reading time (add noatime in /etc/fstab).
# Fixed:
# Change file name to centostweak.sh
# Change /etc/cron.daily/ntpdate with run mode(+x).
# 2010-08-04:
# Add:
# Install sudo. Enable wheel group to use nopasswrd sudo.
# 2010-08-02:
# Add:
# Install & config snmpd.
# Default iptables rules.
# Fixed:
# ntp package name from ntpdate.
# 2010-08-01:
# To avoid backup file overried, Change backup file name ended from ".origin" to ".%Y-%m-%d_%H-%M-%S".
# 2010-07-31:
# Modified to be used with CentOS 5.x Server and sohu mirrors.
# Removed some unuseful functions.
# Add functions for turnning unuseful service off while system start.
# Add functions for kernel & TCP parameters optimizing.
# 2010-06-06:
# Copied from
################################################################################
export PATH=$PATH:/bin:/sbin:/usr/sbin
# Require root to run this script.
if [[ "$(whoami)" != "root" ]]; then
echo "Please run this script as root." >&2
exit 1
fi
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
# 设置升级源
cd /etc/yum.repos.d/
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i -e 's/mirrorlist/#mirrorlist/' CentOS-Base.repo
sed -i -e 's/#baseurl/baseurl/' CentOS-Base.repo
sed -i -e 's/mirror.centos.org/mirrors.sohu.com/' CentOS-Base.repo
cp /etc/yum.conf /etc/yum.conf.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i 's/gpgcheck=1/gpgcheck=0/' /etc/yum.conf
sed -i 's/plugins=1/plugins=0/' /etc/yum.conf
sed -i 's/metadata_expire=1h/metadata_expire=24h/' /etc/yum.conf
# 添加dag@sohu源
## relver=`uname -r | awk -F. '{print $NF}'`
##echo -e "# Name: SOHU RPM Repository for Red Hat Enterprise – dag\n"\
##"# URL: RedHat/\n"\
##"[dag-sohu]\n"\
##"name = Red Hat Enterprise \$releasever – sohu.com – dag\n"\
##"baseurl = `uname -r | awk -F. '{print substr($NF,1,3)}'`/en/\$basearch/dag\n"\
##"enabled = 1\n"\
##"gpgcheck = 0" > /etc/yum.repos.d/dag-sohu.repo
# 添加epel@sohu源
echo -e "# Name: SOHU RPM Repository for Red Hat Enterprise – EPEL\n"\
"# URL: Fedora-epel/\n"\
"[epel-sohu]\n"\
"name = Fedora EPEL \$releasever - sohu.com\n"\
"baseurl = \$releasever/\$basearch\n"\
"enabled = 1\n"\
"gpgcheck = 0" > /etc/yum.repos.d/epel-sohu.repo
# 添加CentALT源
# 使用方法:--enablerepo=centalt
if [[ `uname -r | awk -F. '{print substr($NF,1,3)}'` == "el5" ]]; then
echo -e "[CentALT]\n"\
"name=CentALT Packages for Enterprise Linux 5 - \$basearch\n"\
"baseurl=http://centos.alt.ru/repository/centos/5/\$basearch/\n"\
"enabled=0\n"\
"gpgcheck=0" > /etc/yum.repos.d/centalt.repo
fi
# 添加ius源
# 使用方法:--enablerepo=ius,如yum install python26 --enablerepo=ius
echo -e "# Name: IUS RPM Repository for Red Hat Enterprise 5\n"\
"# URL: \n"\
"[ius]\n"\
"name = Red Hat Enterprise \$releasever – ius\n"\
"baseurl = \$releasever/\$basearch/\n"\
"enabled = 0\n"\
"gpgcheck = 0" > /etc/yum.repos.d/ius.repo
# 安装工具软件sysstat, ntp, snmpd, sudo
yum install sysstat ntp net-snmp sudo screen bash-completion -y
# 配置sudo
cp /etc/sudoers /etc/sudoers.`date +"%Y-%m-%d_%H-%M-%S"`
# 允许wheel组的系统用户通过无密码sudo方式行使root权限
sed -i -e '/NOPASSWD/s/^# //' /etc/sudoers
sed -i -e '/Defaults env_reset/s/env_reset/!env_reset/; /Defaults requiretty/s/requiretty/!requiretty/' /etc/sudoers
# 添加环境变量,保证sudo时不用绝对路径执行常用管理命令以及编译软件时能找到库文件
echo 'export PATH=$PATH:/sbin:/usr/sbin' >> /etc/bashrc
echo 'export LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib"' >> /etc/bashrc
echo 'export LD_LIBRARY_PATH="/usr/local/lib"' >> /etc/bashrc
echo 'source /etc/bash_completion' >> /etc/bashrc