系统初始化脚本和检查初始化结果脚本(centos7)
时间:2019-11-27
本文章向大家介绍系统初始化脚本和检查初始化结果脚本(centos7),主要包括系统初始化脚本和检查初始化结果脚本(centos7)使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。
系统初始化脚本
#!/bin/bash #Author:mcsiberiawolf #Time:2019-02-02 13:45:36 #Name:init_system.sh #Version:V1.0 #Description: init system of CentOS7. if [ "$UID" != "0" ]; then echo "Please run this script by root" exit 1 fi #### 1.安装 epel 源 mod_yum() { if [ -e /etc/yum.repos.d/CentOS-Base.repo ]; then cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.default yum install -y epel-release && yum clean all && yum makecache && yum -y update fi } #### 2. 关闭 selinux close_selinux() { # close selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # grep SELINUX=disabled /etc/selinux/config setenforce 0 &> /dev/null # getenforce } #### 3. 关闭 firewalld close_firewalld() { systemctl stop firewalld.service && systemctl disable firewalld.service } #### 4. 安装常用软件包 install_softwares() { # 安装常用软件包 if [ `rpm -qa vim lrzsz wget nmap nc tree curl tcpdump sysstat lsof net-tools ntpdate|wc -l` -lt 13 ]; then yum -y install vim lrzsz wget nmap nc tree curl tcpdump sysstat lsof net-tools ntpdate dos2unix fi # 安装开发者工具依赖包 yum groups install "Development Tools" -y } #### 5. 添加用户 adduser() { if [ `grep -w ylmf /etc/passwd|wc -l` -lt 1 ]; then useradd ylmf echo test |passwd --stdin test \cp /etc/sudoers /etc/sudoers.ori echo "test ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers tail -1 /etc/sudoers visudo -c &>/dev/null fi } #### 6. 配置时区 time_sync() { if [ `timedatectl status|grep -w "Asia/Shanghai"|wc -l ` -lt 1 ]; then timedatectl set-timezone Asia/Shanghai fi #cron=/etc/crontab #if [ `grep -w "ntpdate" $cron|wc -l` -lt 1 ]; then # echo '#time sync by mcsiberiawolf at 2019-02-02' >> $cron # echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1' >> $cron # systemctl restart crond.service # crontab -l #fi } #### 7. 配置环境变量 com_line_set() { if [ `egrep 'TMOUT|HISTSIZE|HISTFILESIZE' /etc/profile|wc -l` ]; then # 设置会话超时时间 echo 'export TMOUT=1800' >> /etc/profile # 历史命令输出记录行数 echo 'export HISTSIZE=1000' >> /etc/profile # 历史命令保存的记录总数 echo 'export HISTFILESIZE=1000' >> /etc/profile # 历史命令输出格式 echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile source /etc/profile fi } #### 8. 最大文件打开数(文件句柄) open_file_set() { if [ `grep 65535 /etc/security/limits.conf|wc -l` -lt 1 ]; then #echo '* - nofile 65535' >> /etc/security/limits.conf echo '* soft nofile 65535' >> /etc/security/limits.conf echo '* hard nofile 65535' >> /etc/security/limits.conf source /etc/security/limits.conf fi if [ `grep -w ulimit /etc/rc.local|wc -l` -lt 1 ]; then echo "ulimit -SHn 65535" >> /etc/rc.local source /etc/rc.local fi } #### 9. 系统内核优化 set_kernel() { config=/etc/sysctl.conf if [ `grep kernel_flag $config |wc -l` -lt 1 ]; then cat >>/etc/sysctl.conf<<-EOF # kernel_flag net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.route.gc_timeout = 20 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 94500000 915000000 927000000 #net.core.somaxconn = 262144 net.core.netdev_max_backlog = 262144 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.route.gc_timeout = 20 net.ipv4.ip_local_port_range = 10024 65535 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 94500000 915000000 927000000 fs.file-max = 65535 kernel.pid_max = 65536 net.ipv4.tcp_wmem = 4096 87380 8388608 net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_max_syn_backlog = 10240 net.core.netdev_max_backlog = 262144 #net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_max_tw_buckets = 36000 EOF sysctl -p fi } #### 10. 配置 SSH init_ssh() { \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +"%Y-%m-%d"` # sed -i 's%#Port 22%Port 25680%' /etc/ssh/sshd_config # sed -i 's%#PermitRootLogin yes%PermitRootLogin yes%' /etc/ssh/sshd_config sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sshd_config sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config systemctl restart sshd &> /dev/null } main() { mod_yum close_selinux close_firewalld install_softwares adduser time_sync com_line_set open_file_set set_kernel init_ssh } main
检查系统是否初始化完成
#!/bin/bash #Author:mcsiberiawolf #Time:2019-02-03 10:29:02 #Name:check_init_system.sh #Version:V1.0 #Description: 检查系统初始化是否配置成功. . /etc/init.d/functions if [ "$UID" != "0" ]; then echo "Please run this script by root." exit 1 fi . /etc/init.d/functions check_yum() { epel=/etc/yum.repos.d/epel.repo if [ -e $epel ]; then action "epel repository has been set success" /bin/true else action "epel repository has been set fail" /bin/false fi } check_selinux() { config=/etc/selinux/config if [ `grep "SELINUX=disabled" $config|wc -l` -ge 1 ]; then action "selinux has been set success" /bin/true else action "selinux has been set fail" /bin/false fi } check_user() { user=ylmf if [ `getent passwd $user|wc -l` -ge 1 ]; then action "user has exised" /bin/true else action "user has not exised" /bin/false fi } check_timezone() { if [ `timedatectl status | grep "Asia/Shanghai"|wc -l` -ge 1 ]; then action "Timezone has been set success" /bin/true else action "Timezone has been set fail" /bin/false fi } check_com_line_set() { config=/etc/profile if [`grep -E ^'TMOUT|HISTSIZE|HISTFILESIZE' $config|wc -l` -ge 3]; then action "$config has been set success" /bin/true else action "$config has been set fail" /bin/false fi } check_kernel() { config=/etc/sysctl.conf if [ `grep ^[a-z] $config | wc -l` -ge 60 ]; then action "kernel has been set success" /bin/true else action "kernel has been set fail " /bin/false fi } check_open_file() { config=/etc/security/limits.conf if [ `grep 65535 $config | wc -l` -ge 2 ]; then action "open file has been set success" /bin/true else action "open file has been set fail" /bin/false fi } check_ssh() { config=/etc/ssh/sshd_config if [ `grep -E ^'PermitRootLogin|PermitEmptyPasswords|UseDNS' $config| wc -l` -ge 3 ]; then action "ssh has been set success" /bin/true else action "ssh has been set fail" /bin/false fi } main() { check_yum check_selinux check_user check_timezone check_com_line_set check_kernel check_open_file check_ssh } main
转载地址:https://www.cnblogs.com/mcsiberiawolf/articles/10348818.html
原文地址:https://www.cnblogs.com/kindnull/p/11940355.html
- InfoPath中repeating section中赋值操作
- 百布(baibu.la)完成1.65亿B+轮融资
- 八大排序算法总结与java实现
- Angular企业级开发(5)-项目框架搭建
- 如何让nginx显示文件夹目录
- Facebook Graph API(2)--读取数据之picture
- 使用Dockerfile构建镜像-Docker for Web Developers(5)
- 2018年程序员的出路有哪些
- CSS魔法堂:不得不说的Containing Block
- Facebook Graph API(1)—介绍
- MongoDB学习系列(1)--入门介绍
- 2018年人工智能行业市场预测:市场规模有望突破200亿元大关
- Javascript对象的方法赋值
- CentOS挂载硬盘
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- 用PHP写PHP7扩展,超级简单对吧!
- python时间日期格式化和反格式化
- 无锁编程 - Double-checked Locking
- Java_环境搭建、变量的使用
- golang string和[]byte的对比
- PHP中使用Redis长连接笔记
- 从外部设置传入Go变量
- 图解elasticsearch的_source、_all、store和index
- Stream API
- Lambda表达式
- ES的Query、Filter、Metric、Bucketing使用详解
- Golang的单引号、双引号与反引号
- CentOS配置docker和docker-compose
- 给Linux增加swap内存
- 网鼎杯2018-Fakebook