自動化5

151.sleep 1
152.###############################
153.cat >> /etc/sysctl.conf << endf  //優化內核參數調整
154.#michaelkang add 120724
155.net.ipv4.tcp_abort_on_overflow = 1
156.net.ipv4.tcp_syncookies = 1
157.net.ipv4.tcp_tw_reuse = 1
158.net.ipv4.tcp_tw_recycle = 1
159.net.ipv4.tcp_fin_timeout = 20
160.net.ipv4.tcp_retries1 = 2
161.net.ipv4.tcp_retries2 = 5
162.net.ipv4.tcp_max_orphans = 2000
163.net.ipv4.tcp_keepalive_time = 1200
164.net.ipv4.tcp_keepalive_intvl = 15
165.net.ipv4.tcp_keepalive_probes = 5
166.net.ipv4.tcp_syn_retries = 2
167.net.ipv4.tcp_synack_retries = 3
168.net.ipv4.tcp_max_syn_backlog = 8192
169.net.ipv4.tcp_max_tw_buckets = 5000
170.endf
171.sysctl -p
172.echo "Adjust the kernel parameters!......................OK!"
173.sleep 1
174.#############################################
175.for I in `ls /etc/rc3.d/S*` //關閉系統不需要的服務,其中S打頭的都是正在運行的服務,K打頭的是沒有運行的服務.
176.do
177.        STOP_SRV=`echo $I|cut -c 15-` //過濾服務名稱,從15個字符往後.
178.        echo $STOP_SRV
179.        case $STOP_SRV in
180.                local | cpuspeed | crond | irqbalance | microcode_ctl | xinetd | network | mon | partmon | messagebus| udev-post | sshd | rsyslog | syslog )
181.                echo "Base services, Skip!"
182.                ;;
183.                *)
184.                echo "change $STOP_SRV to off"
185.                chkconfig --level 235 $STOP_SRV off
186.                service $STOP_SRV stop
187.                ;;
188.        esac
189.done
190.echo "Close useless services.........................ok"
191.sleep 1
192.############################################## //系統一些安全密碼文件加鎖,不允許修改創建
193.chattr +i /etc/passwd  
194.chattr +i /etc/shadow  
195.chattr +i /etc/group  
196.chattr +i /etc/gshadow  
197.chattr +a /root/.bash_history  //root執行命令數據只運行添加
198.sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile //設置使用history命令只能查看10條命令
199.echo "The passwd shadow group gshadow is locked,if you use them,please use chattr -i!..............ok"
200.sleep 1
201.##############################################
202.cat >> /etc/hosts.allow << ENDF  //設置運行遠程使用ssh登錄的網段
203.sshd:192.168.100.0/255.255.255.0
204.ENDF
205.echo 'sshd:all' >>/etc/hosts.deny
206.echo "Allowd 192.168.100.0 to use ssh................ok "
207.############################################ //設置默認創建用戶密碼最大存活天數以及密碼長度
208.sed -i -e "s/PASS_MAX_DAYS.*$/PASS_MAX_DAYS  90/" -e "s/PASS_MIN_LEN.*$/PASS_MIN_LEN 8/"  /etc/login.defs  
209.echo "###################The script is stop!!####################"


發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章