-
Notifications
You must be signed in to change notification settings - Fork 0
/
system_boot.sh
executable file
·330 lines (284 loc) · 10.1 KB
/
system_boot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
#!/bin/bash
cat << EOF
+---------------------------------------------------------------------------+
| Initialize for the CentOS 6_installed. |
+---------------------------------------------------------------------------+
EOF
function format() {
#sleep 1
#echo -e "\033[42;37m ########### Finished ########### \033[0m\n"
echo -e "\033[32m Install Success!!!\033[0m\n"
}
##########################################################################
# Set time 时区/时间同步设置
echo "Set time."
#/bin/cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &> /dev/null
#yum -y install ntpdate &> /dev/null
#ntpdate 0.centos.pool.ntp.org &> /dev/null
#hwclock -w
format
##########################################################################
# Create Log 创建该脚本运行记录日志
echo "Create log file."
DATE1=`date +"%F %H:%M"`
LOG=/var/log/sysinitinfo.log
echo $DATE1 >> $LOG
echo "------------------------------------------" >> $LOG
format
###########################################################################
# Disabled Selinux 禁用Selinux
echo "Disabled SELinux."
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
format
###########################################################################
# Stop iptables 禁用iptables
echo "Stop iptables."
service iptables stop &> /dev/null
chkconfig --level 235 iptables off
format
###########################################################################
# Disable ipv6 禁用IPV6
echo "Disable ipv6."
cat << EOF > /etc/modprobe.conf
alias net-pf-10 off
alias ipv6 off
EOF
chkconfig --level 2235 ip6tables off
format
##########################################################################
#Set history commands 设置命令历史记录参数
echo "Set history commands."
sed -i 's/HISTSIZE=1000/HISTSIZE=100/' /etc/profile
sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
grep 'HISTFILESIZE' /etc/bashrc &>/dev/null
if [ $? -ne 0 ]
then
cat << EOF >> /etc/bashrc
HISTFILESIZE=4000
HISTSIZE=4000
HISTTIMEFORMAT='%F/%T'
EOF
fi
source /etc/bashrc
format
##########################################################################
# set vim
echo "Set Vim."
cat << EOF > ~/.vimrc
set number
set laststatus=2
set shiftwidth=4
set tabstop=4
set noexpandtab
set softtabstop=4
set cmdheight=3
set cursorline
set formatoptions=tcrqn
set encoding=utf-8
syntax on
colorscheme desert
color ron
set background=dark
set ruler
set rulerformat=%20(%2*%<%f%=\ %m%r\ %3l\ %c\ %p%%%)
set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [POS=%l,%v][%p%%]\ %{strftime(\"%d/%m/%y\ -\ %H:%M\")}
nmap z :x<cr>
nmap sp :set paste<cr>i
EOF
format
##########################################################################
# Epel 升级epel源
echo "Install epel"
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm &> /dev/null
sed -i "s/^#base/base/g" /etc/yum.repos.d/epel.repo
sed -i "s/^mirr/#mirr/g" /etc/yum.repos.d/epel.repo
format
##########################################################################
#Yum install Development tools 安装开发包组及必备软件
echo "Install Development tools(It will be a moment)"
yum groupinstall -y "Development tools" &> /dev/null
yum install -y bind-utils lrzsz wget gcc gcc-c++ vim htop openssl &>/dev/null
#yum groupinstall -y "Server Platform Development" &> /dev/null
#yum groupinstall -y "Desktop Platform Development" &> /dev/null
#yum groupinstall -y "chinese-support" &>/dev/null
format
##########################################################################
# Yum update bash and openssl 升级bash/openssl
echo "Update bash and openssl"
yum -y update bash openssl &> /dev/null
format
###########################################################################
# Set ssh 设置ssh登录策略
echo "Set sshd."
sed -i "s/^#PermitEmptyPasswords/PermitEmptyPasswords/" /etc/ssh/sshd_config
sed -i "s/^#LoginGraceTime 2m/LoginGraceTime 6m/" /etc/ssh/sshd_config
grep "UseDNS no" /etc/ssh/sshd_config &>/dev/null
if [ $? -ne 0 ]
then
echo "UseDNS no" >> /etc/ssh/sshd_config
fi
format
###########################################################################
# Set default init 3 设置系统默认初始化
echo "Default init 3."
sed -i 's/^id:5:initdefault:/id:3:initdefault:/' /etc/inittab
format
###########################################################################
# Stop Service 关闭不必要的服务
#echo "Some services are turned off now."
#for SER in rpcbind postfix portreserve certmonger mdmonitor blk-availability lvm2-monitor udev-post cups dhcpd firstboot gpm haldaemon hidd ip6tables ipsec isdn kudzu lpd mcstrans messagebus microcode_ctl netfs nfs nfslock nscd acpid anacron apmd atd auditd autofs avahi-daemon avahi-dnsconfd bluetooth cpuspeed pcscd portmap readahead_early restorecond rpcgssd rpcidmapd rstatd sendmail setroubleshoot snmpd sysstat xfs xinetd yppasswdd ypserv yum-updatesd
#do
# /sbin/chkconfig --list $SER &> /dev/null
# if [ $? -eq 0 ]
# then
# chkconfig --level 35 $SER off
# echo "$SER" >> $LOG
# fi
#done
###########################################################################
echo "Tunoff services."
for i in `ls /etc/rc3.d/S*`
do
servers=`echo $i|cut -c 15-`
echo $servers
case $servers in crond | irqbalance | microcode_ctl | network | random | postfix | sshd | rsyslog | local | smart | cpuspeed | mysqld | httpd | ntpd | php-fpm | nginx)
echo -e "\033[31m Base services, Skip!\033[0m"
;;
*)
echo -e "\033[31m change $servers to off\033[0m"
chkconfig --level 235 $servers off
service $servers stop
;;
esac
done
format
###########################################################################
# Del unnecessary users 删除不必要的用户
echo "Del unnecessary users."
for USERS in adm lp sync shutdown halt mail news uucp operator games gopher
do
grep $USERS /etc/passwd &>/dev/null
if [ $? -eq 0 ]
then
userdel $USERS &> /dev/null
fi
done
format
###########################################################################
# Del unnecessary groups 删除不必要的用户组
echo "Del unnecessary groups."
for GRP in adm lp mail news uucp games gopher mailnull floppy dip pppusers popusers slipusers daemon
do
grep $GRP /etc/group &> /dev/null
if [ $? -eq 0 ]
then
groupdel $GRP &> /dev/null
fi
done
format
###########################################################################
# Disabled reboot by keys ctlaltdelete 禁用ctlaltdelete重启功能
echo "Disabled reboot by keys ctlaltdelete"
sed -i 's/^exec/#exec/' /etc/init/control-alt-delete.conf
format
###########################################################################
# Set ulimit 设置文件句柄数
echo "Set ulimit 1000000"
cat << EOF > /etc/security/limits.conf
* soft nofile 1000000
* hard nofile 1000000
* soft nproc 102400
* hard nproc 102400
EOF
sed -i 's/102400/1000000/' /etc/security/limits.d/90-nproc.conf
format
###########################################################################
# Set login message 设置登录时显示的信息
echo "Set login message."
cat << EOF > /etc/issue
Welcome to access this System
EOF
cat << EOF > /etc/redhat-release
Welcome to access this System
EOF
cat << EOF > /etc/motd
Welcome to access this System
EOF
format
###########################################################################
# Record SUID and SGID files
DATE2=`date +"%F"`
echo "Record SUID and SGID files."
echo "SUID --- " > /var/log/SuSg_"$DATE2".log
find / -path '/proc' -prune -o -perm -4000 >> /var/log/SuSg_"$DATE2".log
echo "------------------------------------------------------ " >> /var/log/SuSg_"$DATE2".log
echo "SGID --- " >> /var/log/SuSg_"$DATE2".log
find / -path '/proc' -prune -o -perm -2000 >> /var/log/SuSg_"$DATE2".log
format
###########################################################################
# Disabled crontab send mail 禁用执行任务计划时向root发送邮件
echo "Disable crontab send mail."
sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab
sed -i 's/^mail\.\*/mail\.err/' /etc/rsyslog.conf
format
###########################################################################
# Set ntp client 设置时间服务客户端
echo "Set ntp client."
SED() {
cp -p /etc/ntp.conf /etc/ntp.conf.bak
sed -i '/^server/d' /etc/ntp.conf
sed -i '/^includefile/ i\server 0.centos.pool.ntp.org iburst' /etc/ntp.conf
sed -i '/0.centos.pool.ntp.org/ a\server 1.centos.pool.ntp.org iburst' /etc/ntp.conf
sed -i '/1.centos.pool.ntp.org/ a\server 2.centos.pool.ntp.org iburst' /etc/ntp.conf
sed -i '/2.centos.pool.ntp.org/ a\server 3.centos.pool.ntp.org iburst' /etc/ntp.conf
chkconfig --level 35 ntpd on &> /dev/null
}
rpm -q ntp &> /dev/null
if [ $? -eq 0 ]
then
SED
else
yum -y install ntp &> /dev/null
SED
fi
format
###########################################################################
# Set sysctl.conf 设置内核参数
echo "Set sysctl.conf"
#web应用中listen函数的backlog默认会将内核参数的net.core.somaxconn限制到128,而nginx定义的NGX_LISTEN_BACKLOG默认是511,所以必须调整,一般调整为2048
cat << EOF > /etc/sysctl.conf
net.core.somaxconn = 2048
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216
net.ipv4.tcp_mem = 786432 2097152 3145728
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 20000
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_orphans = 131072
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 26843545
EOF
#modprobe bridge > /dev/null
/sbin/sysctl -p > /dev/null
format
###########################################################################
# Done
#echo "System will reboot in 60s."
#shutdown -r 1: