#!/bin/bash #author:yuxiaoguang #date:2016/5/22 #使用yum -y update更新系統時不升級內核 yum -y update #刪除沒用的系統默認用戶(不能刪除postfix賬號,此用戶會影響到tar壓縮備份) userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher #刪除沒用的系統默認組 groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers groupdel popusers groupdel slipusers #鎖定用戶 passwd -l mail passwd -l nobody passwd -l ftp #用chattr命令防止系統中某個關鍵文件被修改,chattr -i可以恢復 chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/hosts chattr +i /etc/resolv.conf chattr +i /etc/fstab chattr +i /etc/sudoers #安裝系統必需軟件包 yum -y install make gcc-c++ cmake bison-devel ncurses-devel net-snmp sysstat dstat iotop lrzsz flex byacc libpcap libpcap-devel nfs-utils ntp zip unzip xz wget vim lsof bison openssh-clients #同步時間 ntpdate cn.pool.ntp.org hwclock --systohc echo -e "0 0 * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null" >> /var/spool/cron/root #系統服務 #chkconfig anacron off (禁用後會出現mysql初始化不成功) chkconfig auditd off chkconfig iptables on chkconfig ip6tables off chkconfig snmpd on chkconfig ntpd on chkconfig ntpdate on chkconfig cups off chkconfig acpid off chkconfig apmd off chkconfig atd off chkconfig autofs off chkconfig avahi-daemon off chkconfig bluetooth off chkconfig cpuspeed off chkconfig firstboot off chkconfig gpm off chkconfig haldaemon off chkconfig hidd off chkconfig hplip off chkconfig isdn off chkconfig lm_sensors off chkconfig messagebus off #關閉selinux sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config #更改系統最大進程數 cat >> /etc/security/limits.conf << EOF * soft nproc unlimited * hard nproc unlimited * soft nofile 65535 * hard nofile 65535 EOF #更改系統最大進程數 cat >> /etc/security/limits.d/90-nproc.conf << EOF * soft nproc unlimited * hard nproc unlimited * soft nofile 65535 * hard nofile 65535 EOF #可以實現詳細記錄登錄過系統的用戶、IP地址、shell命令以及詳細操作時間等,並將這些信息以文件的形式保存在一個安全的地方,以供系統審計和故障排查。 cat >> /etc/profile << EOF USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` HISTDIR=/usr/etc/.history if [ -z $USER_IP ] then USER_IP=`hostname` fi if [ ! -d $HISTDIR ] then mkdir -p $HISTDIR chmod 777 $HISTDIR fi if [ ! -d $HISTDIR/${LOGNAME} ] then mkdir -p $HISTDIR/${LOGNAME} chmod 300 $HISTDIR/${LOGNAME} fi export HISTSIZE=2000 DT=`date +%Y%m%d_%H%M%S` export HISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.history.$DT" export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] " chmod 600 $HISTDIR/${LOGNAME}/*.history* 2>/dev/null ulimit -SHn 65535 ulimit -SHu unlimited ulimit -SHd unlimited ulimit -SHm unlimited ulimit -SHs unlimited ulimit -SHt unlimited ulimit -SHv unlimited EOF #更改vi別名、更改默認顯示行號、顯示終端顏色 cat >> /etc/bashrc << EOF EXINIT='set nu showmode expandtab softtabstop=4 shiftwidth=4' export EXINIT EDITOR=vim export EDITOR alias vi='vim' PS1='\[\033[01;32m\][\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;31m\]\h \[\033[01;33m\]\w\[\033[01;32m\]]\$ \e[0m' EOF source /etc/bashrc #優化系統內核sysctl.conf modprobe bridge lsmod|grep bridge modprobe ip_conntrack cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 5 net.ipv4.tcp_max_tw_buckets = 20000 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_keepalive_time = 30 net.core.rmem_max = 8388608 net.core.rmem_default = 65536 net.core.wmem_max = 8388608 net.core.wmem_default = 65536 net.ipv4.tcp_mem = 8388608 8388608 8388608 net.ipv4.tcp_rmem = 4096 87380 8388608 net.ipv4.tcp_wmem = 4096 65536 8388608 vm.swappiness =5 EOF sysctl -p #隱藏服務器系統信息 mv /etc/issue /etc/issuebak mv /etc/issue.net /etc/issue.netbak #安裝htop cd /soft wget -c http://hisham.hm/htop/releases/1.0.3/htop-1.0.3.tar.gz tar zxvf htop-1.0.3.tar.gz cd htop-1.0.3 ./configure make && make install rm -rf /soft/htop-1.0.3 #安裝iftop cd /soft wget -c http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz tar zxvf iftop-0.17.tar.gz cd iftop-0.17 ./configure make && make install rm -rf /soft/iftop-0.17
Linux系統初始化腳本
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.