shell学习二十八--centos7初始化脚本
2017-12-02 22:30
585 查看
#!/bin/bash
declare run_time_1=`date "+%Y.%m.%d-%H:%M:%S"`
if [[ "$(whoami)" != "root" ]]; then
echo "please run this script as root ." >&2
exit 1
fi
echo -e "\033[31m 这个是centos7系统初始化脚本,请慎重运行!Please continue to enter or ctrl+C to cancel \033[0m"
sleep 5
#hostname
hostname_config(){
HostName=$(echo "ip"-$(ip addr|grep inet|grep brd|grep scope|awk '{print $2}'|awk -F '/' '{print $1}'|sed 's/\./-/g'))
sed -i -e '/HOSTNAME/d' /etc/sysconfig/network
echo "HOSTNAME=$HostName" >>/etc/sysconfig/network
echo "127.0.0.1 $HostName" >> /etc/hosts
hostname $HostName
}
#configure yum source
yum_config(){
yum install wget epel-release -y
cd /etc/yum.repos.d/ && mkdir bak && mv -f *.repo bak/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
yum -y install iotop iftop net-tools lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel bash-completion lsof
}
#firewalld
firewalld_config(){
systemctl stop firewalld.service
systemctl disable firewalld.service
touch /etc/sysconfig/selinux.$run_time_1
cat /etc/sysconfig/selinux >> /etc/sysconfig/selinux.$run_time_1
echo "SELINUX=disabled">/etc/sysconfig/selinux
echo "SELINUXTYPE=targeted">>/etc/sysconfig/selinux
}
#system config
system_config(){
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
timedatectl set-local-rtc 1 && timedatectl set-timezone Asia/Shanghai
yum -y install chrony && systemctl start chronyd.service && systemctl enable chronyd.service
}
ulimit_config(){
echo "ulimit -SHn 102400" >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 102400
* hard nproc 102400
* soft stack 8192
* hard stack 8192
EOF
sed -i -e '/\*/d' /etc/security/limits.d/90-nproc.conf
echo "* soft nproc 300000" >>/etc/security/limits.d/90-nproc.conf
}
#set sysctl
sysctl_config(){
cp /etc/sysctl.conf /etc/sysctl.conf.$run_time_1
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}
#ssh
ssh_config(){
touch /etc/ssh/sshd_config.$run_time_1
cat /etc/ssh/sshd_config >> /etc/ssh/sshd_config.$run_time_1
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
sed -i 's%GSSAPIAuthentication yes%GSSAPIAuthentication no%' /etc/ssh/sshd_config
}
#ntp
ntp_config(){
ln -sf /usr/share/zoneinfo/posix/Asia/Shanghai /etc/localtime
service ntpd stop
chkconfig ntpd off
ntpdate time.windows.com
clock --systohc
cat >> /etc/cron.daily/ntp.sh <<'EOF'
#!/bin/bash
ntplog=/tmp/wmbak.log
ntpdate ntp.wumart.com 2>&1 >>$ntplog
clock --systohc
EOF
chmod 755 /etc/cron.daily/ntp.sh
}
#zabbix
zabbix_config(){
sed -i 's/^Defaults.*.requiretty/#Defaults requiretty/' /etc/sudoers
echo 'zabbix ALL=(root) NOPASSWD:/bin/netstat'>/etc/sudoers.d/zabbix
echo 'zabbix ALL=(root) NOPASSWD:/usr/sbin/ss'>>/etc/sudoers.d/zabbix
chmod 400 /etc/sudoers.d/zabbix
}
##Disable Transparent Huge Pages
other_config(){
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
cat << EOF >> /etc/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF
echo 1 > /proc/sys/vm/swappiness
}
main(){
hostname_config
yum_config
iptables_config
system_config
ulimit_config
sysctl_config
ssh_config
ntp_config
zabbix_config
other_config
}
main
declare run_time_1=`date "+%Y.%m.%d-%H:%M:%S"`
if [[ "$(whoami)" != "root" ]]; then
echo "please run this script as root ." >&2
exit 1
fi
echo -e "\033[31m 这个是centos7系统初始化脚本,请慎重运行!Please continue to enter or ctrl+C to cancel \033[0m"
sleep 5
#hostname
hostname_config(){
HostName=$(echo "ip"-$(ip addr|grep inet|grep brd|grep scope|awk '{print $2}'|awk -F '/' '{print $1}'|sed 's/\./-/g'))
sed -i -e '/HOSTNAME/d' /etc/sysconfig/network
echo "HOSTNAME=$HostName" >>/etc/sysconfig/network
echo "127.0.0.1 $HostName" >> /etc/hosts
hostname $HostName
}
#configure yum source
yum_config(){
yum install wget epel-release -y
cd /etc/yum.repos.d/ && mkdir bak && mv -f *.repo bak/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
yum -y install iotop iftop net-tools lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel bash-completion lsof
}
#firewalld
firewalld_config(){
systemctl stop firewalld.service
systemctl disable firewalld.service
touch /etc/sysconfig/selinux.$run_time_1
cat /etc/sysconfig/selinux >> /etc/sysconfig/selinux.$run_time_1
echo "SELINUX=disabled">/etc/sysconfig/selinux
echo "SELINUXTYPE=targeted">>/etc/sysconfig/selinux
}
#system config
system_config(){
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
timedatectl set-local-rtc 1 && timedatectl set-timezone Asia/Shanghai
yum -y install chrony && systemctl start chronyd.service && systemctl enable chronyd.service
}
ulimit_config(){
echo "ulimit -SHn 102400" >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 102400
* hard nproc 102400
* soft stack 8192
* hard stack 8192
EOF
sed -i -e '/\*/d' /etc/security/limits.d/90-nproc.conf
echo "* soft nproc 300000" >>/etc/security/limits.d/90-nproc.conf
}
#set sysctl
sysctl_config(){
cp /etc/sysctl.conf /etc/sysctl.conf.$run_time_1
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}
#ssh
ssh_config(){
touch /etc/ssh/sshd_config.$run_time_1
cat /etc/ssh/sshd_config >> /etc/ssh/sshd_config.$run_time_1
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
sed -i 's%GSSAPIAuthentication yes%GSSAPIAuthentication no%' /etc/ssh/sshd_config
}
#ntp
ntp_config(){
ln -sf /usr/share/zoneinfo/posix/Asia/Shanghai /etc/localtime
service ntpd stop
chkconfig ntpd off
ntpdate time.windows.com
clock --systohc
cat >> /etc/cron.daily/ntp.sh <<'EOF'
#!/bin/bash
ntplog=/tmp/wmbak.log
ntpdate ntp.wumart.com 2>&1 >>$ntplog
clock --systohc
EOF
chmod 755 /etc/cron.daily/ntp.sh
}
#zabbix
zabbix_config(){
sed -i 's/^Defaults.*.requiretty/#Defaults requiretty/' /etc/sudoers
echo 'zabbix ALL=(root) NOPASSWD:/bin/netstat'>/etc/sudoers.d/zabbix
echo 'zabbix ALL=(root) NOPASSWD:/usr/sbin/ss'>>/etc/sudoers.d/zabbix
chmod 400 /etc/sudoers.d/zabbix
}
##Disable Transparent Huge Pages
other_config(){
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
cat << EOF >> /etc/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF
echo 1 > /proc/sys/vm/swappiness
}
main(){
hostname_config
yum_config
iptables_config
system_config
ulimit_config
sysctl_config
ssh_config
ntp_config
zabbix_config
other_config
}
main
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 【Shell/Python】CentOS 6.X 系统初始化生产脚本 推荐
- 通过脚本案例学习shell(四) --- 通过脚本初始化并加固新安装的Linux系统 推荐
- Linux-Shell脚本编程-学习-5-Shell编程-使用结构化命令-if-then-else-elif
- 【Shell脚本学习1】Shell简介:什么是Shell,Shell命令的两种执行方式
- shell脚本学习总结
- Shell 脚本学习
- shell脚本语言学习笔记-3
- shell学习(一):统计文本行数脚本
- CentOS Linux自动备份文件到远程FTP服务器并删除指定日期前的备份Shell脚本
- shell脚本学习总结----watch+logrotate+syslog
- 第十二章 学习 shell脚本之前的基础知识
- shell脚本学习 五
- shell脚本的简单学习
- 【Shell】【学习笔记】Linux Shell脚本应用(十一)
- shell脚本编写学习三
- CentOS下mysql定时备份Shell脚本分享
- shell脚本学习笔记
- 菜鸟shell 脚本学习日记
- shell脚本学习--函数篇
- shell脚本 - 学习if语句和变量赋值