CentOS7 初始化脚本 1.0

  1 #!/bin/bash
  2 #################################################
  3 #  --Info
  4 #         Initialization CentOS 7.x script
  5 #################################################
  6 #   Auther: [email protected]
  7 #   Changelog:
  8 #   20180710   wanghui  initial create
  9 #################################################
 10 # Check if user is root
 11 #
 12 if [ $(id -u) != "0" ]; then
 13     echo "Error: You must be root to run this script, please use root to initialization OS."
 14     exit 1
 15 fi
 16
 17 echo "+------------------------------------------------------------------------+"
 18 echo "|       To initialization the system for security and performance        |"
 19 echo "+------------------------------------------------------------------------+"
 20
 21 # add yunwei user
 22 user_add()
 23 {
 24   # add yunwei for jumpserver
 25   id -u yunwei
 26   if [ $? -eq 0 ];then
 27     useradd -s /bin/bash -d /home/yunwei -m yunwei && echo password | passwd --stdin yunwei && echo "yunwei ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/yunwei
 28     else
 29     echo "yunwei user is exist."
 30   fi
 31 }
 32
 33 # update system & install pakeage
 34 system_update(){
 35     echo "*** Starting update system && install tools pakeage... ***"
 36     yum install epel-release -y && yum -y update
 37     yum clean all && yum makecache
 38     yum -y install rsync wget vim openssh-clients iftop htop iotop sysstat lsof telnet traceroute tree man iptraf lrzsz  net-tools dstat tree ntpdate dos2unix net-tools git egrep
 39     [ $? -eq 0 ] && echo "System upgrade && install pakeages complete."
 40 }
 41
 42 # Set timezone synchronization
 43 timezone_config()
 44 {
 45     echo "Setting timezone..."
 46     /usr/bin/timedatectl | grep "Asia/Shanghai"
 47     if [ $? -eq 0 ];then
 48        echo "System timezone is Asia/Shanghai."
 49        else
 50        timedatectl set-local-rtc 0 && timedatectl set-timezone Asia/Shanghai
 51     fi
 52     # config chrony
 53     yum -y install chrony && systemctl start chronyd.service && systemctl enable chronyd.service
 54     sed -i ‘$a 192.168.0.205 time.aniu.so‘ /etc/hosts
 55     sed -i ‘s/server 0.centos.pool.ntp.org iburst/server time.aniu.so iburst/g‘ /etc/chrony.conf
 56     [ $? -eq 0 ] && echo "Setting timezone && Sync network time complete."
 57 }
 58
 59 # disable selinux
 60 selinux_config()
 61 {
 62        sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config
 63        setenforce 0
 64        echo "Dsiable selinux complete."
 65 }
 66
 67 # ulimit comfig
 68 ulimit_config()
 69 {
 70 echo "Starting config ulimit..."
 71 cat >> /etc/security/limits.conf <<EOF
 72 * soft nproc 8192
 73 * hard nproc 8192
 74 * soft nofile 8192
 75 * hard nofile 8192
 76 EOF
 77
 78 [ $? -eq 0 ] && echo "Ulimit config complete!"
 79
 80 }
 81
 82 # sshd config
 83 sshd_config(){
 84     echo "Starting config sshd..."
 85     sed -i ‘/^#Port/s/#Port 22/Port 54077/g‘ /etc/ssh/sshd_config
 86     #sed -i "$ a\ListenAddress 0.0.0.0:21212\nListenAddress 0.0.0.0:22 " /etc/ssh/sshd_config
 87     sed -i ‘/^#UseDNS/s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_config
 88     systemctl restart sshd
 89     #sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/g‘ /etc/ssh/sshd_config
 90     #sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g‘ /etc/ssh/sshd_config
 91     [ $? -eq 0 ] && echo "SSH config complete."
 92 }
 93
 94 # firewalld config
 95 disable_firewalld(){
 96    echo "Starting disable firewalld..."
 97    rpm -qa | grep firewalld >> /dev/null
 98    if [ $? -eq 0 ];then
 99       systemctl stop firewalld  && systemctl disable firewalld
100       [ $? -eq 0 ] && echo "Dsiable firewalld complete."
101       else
102       echo "Firewalld not install."
103    fi
104 }
105
106 # vim config
107 vim_config() {
108     echo "Starting vim config..."
109     /usr/bin/egrep pastetoggle /etc/vimrc >> /dev/null
110     if [ $? -eq 0 ];then
111        echo "vim already config"
112        else
113        sed -i ‘$ a\set bg=dark\nset pastetoggle=<F9>‘ /etc/vimrc
114     fi
115
116 }
117
118 # sysctl config
119
120 config_sysctl() {
121     echo "Staring config sysctl..."
122     /usr/bin/cp -f /etc/sysctl.conf /etc/sysctl.conf.bak
123     cat > /etc/sysctl.conf << EOF
124 vm.swappiness = 0
125 vm.dirty_ratio = 80
126 vm.dirty_background_ratio = 5
127 fs.file-max = 2097152
128 fs.suid_dumpable = 0
129 net.core.somaxconn = 65535
130 net.core.netdev_max_backlog = 262144
131 net.core.optmem_max = 25165824
132 net.core.rmem_default = 31457280
133 net.core.rmem_max = 67108864
134 net.core.wmem_default = 31457280
135 net.ipv4.tcp_syncookies = 1
136 net.ipv4.conf.all.rp_filter = 1
137 net.ipv4.icmp_echo_ignore_all = 0
138 net.ipv4.icmp_echo_ignore_broadcasts = 0
139 net.ipv4.conf.all.log_martians = 1
140 net.ipv4.conf.all.accept_source_route = 0
141 net.ipv4.conf.all.accept_redirects = 0
142 EOF
143
144 # eg:https://www.vultr.com/docs/securing-and-hardening-the-centos-7-kernel-with-sysctl
145 # set kernel parameters work
146     /usr/sbin/sysctl -p
147     [ $? -eq 0 ] && echo "Sysctl config complete."
148 }
149
150 # ipv6 config
151 disable_ipv6() {
152     echo "Starting disable ipv6..."
153     sed -i ‘$ a\net.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1‘ /etc/sysctl.conf
154     sed -i ‘$ a\AddressFamily inet‘ /etc/ssh/sshd_config
155     systemctl restart sshd
156     /usr/sbin/sysctl -p
157 }
158
159 # password config
160 password_config() {
161     # /etc/login.defs
162     sed -i ‘s/PASS_MIN_LEN    5/PASS_MIN_LEN    8/g‘ /etc/login.defs
163     authconfig --passminlen=8 --update
164     authconfig --enablereqlower --update
165     [ $? -eq 0 ] && echo "Config password rule complete."
166 }
167
168 # disable no use service
169 disable_serivces() {
170     systemctl stop postfix && systemctl disable postfix
171     [ $? -eq 0 ] && echo "Disable postfix service complete."
172 }
173
174 #main function
175 main(){
176     user_add
177     system_update
178     timezone_config
179     selinux_config
180     ulimit_config
181     sshd_config
182     disable_firewalld
183     vim_config
184     config_sysctl
185     disable_ipv6
186     password_config
187     disable_serivces
188 }
189 # execute main functions
190 main
191 echo "+------------------------------------------------------------------------+"
192 echo "|            To initialization system all completed !!!                  |"
193 echo "+------------------------------------------------------------------------+"
194 ————————————————
195 版权声明:本文为CSDN博主「诸葛冰玄」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
196 原文链接:https://blog.csdn.net/embrace99999/article/details/81132443

#!/bin/bash##################################################  --Info#         Initialization CentOS 7.x script##################################################   Auther: [email protected]#   Changelog:#   20180710   wanghui  initial create################################################## Check if user is root#if [ $(id -u) != "0" ]; then    echo "Error: You must be root to run this script, please use root to initialization OS."    exit 1fi
echo "+------------------------------------------------------------------------+"echo "|       To initialization the system for security and performance        |"echo "+------------------------------------------------------------------------+"
# add yunwei useruser_add(){  # add yunwei for jumpserver  id -u yunwei  if [ $? -eq 0 ];then    useradd -s /bin/bash -d /home/yunwei -m yunwei && echo password | passwd --stdin yunwei && echo "yunwei ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/yunwei    else    echo "yunwei user is exist."  fi    }
# update system & install pakeagesystem_update(){    echo "*** Starting update system && install tools pakeage... ***"    yum install epel-release -y && yum -y update    yum clean all && yum makecache    yum -y install rsync wget vim openssh-clients iftop htop iotop sysstat lsof telnet traceroute tree man iptraf lrzsz  net-tools dstat tree ntpdate dos2unix net-tools git egrep    [ $? -eq 0 ] && echo "System upgrade && install pakeages complete."}
# Set timezone synchronizationtimezone_config(){    echo "Setting timezone..."    /usr/bin/timedatectl | grep "Asia/Shanghai"    if [ $? -eq 0 ];then       echo "System timezone is Asia/Shanghai."       else       timedatectl set-local-rtc 0 && timedatectl set-timezone Asia/Shanghai    fi     # config chrony    yum -y install chrony && systemctl start chronyd.service && systemctl enable chronyd.service    sed -i ‘$a 192.168.0.205 time.aniu.so‘ /etc/hosts    sed -i ‘s/server 0.centos.pool.ntp.org iburst/server time.aniu.so iburst/g‘ /etc/chrony.conf    [ $? -eq 0 ] && echo "Setting timezone && Sync network time complete."}
# disable selinuxselinux_config(){       sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config       setenforce 0       echo "Dsiable selinux complete."}
# ulimit comfigulimit_config(){echo "Starting config ulimit..."cat >> /etc/security/limits.conf <<EOF* soft nproc 8192* hard nproc 8192* soft nofile 8192* hard nofile 8192EOF
[ $? -eq 0 ] && echo "Ulimit config complete!"
}
# sshd configsshd_config(){    echo "Starting config sshd..."    sed -i ‘/^#Port/s/#Port 22/Port 54077/g‘ /etc/ssh/sshd_config    #sed -i "$ a\ListenAddress 0.0.0.0:21212\nListenAddress 0.0.0.0:22 " /etc/ssh/sshd_config    sed -i ‘/^#UseDNS/s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_config    systemctl restart sshd    #sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/g‘ /etc/ssh/sshd_config    #sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g‘ /etc/ssh/sshd_config    [ $? -eq 0 ] && echo "SSH config complete."}
# firewalld configdisable_firewalld(){   echo "Starting disable firewalld..."   rpm -qa | grep firewalld >> /dev/null   if [ $? -eq 0 ];then      systemctl stop firewalld  && systemctl disable firewalld      [ $? -eq 0 ] && echo "Dsiable firewalld complete."      else      echo "Firewalld not install."    fi}
# vim config vim_config() {    echo "Starting vim config..."    /usr/bin/egrep pastetoggle /etc/vimrc >> /dev/null     if [ $? -eq 0 ];then       echo "vim already config"       else       sed -i ‘$ a\set bg=dark\nset pastetoggle=<F9>‘ /etc/vimrc     fi
}
# sysctl config
config_sysctl() {    echo "Staring config sysctl..."    /usr/bin/cp -f /etc/sysctl.conf /etc/sysctl.conf.bak    cat > /etc/sysctl.conf << EOFvm.swappiness = 0vm.dirty_ratio = 80vm.dirty_background_ratio = 5fs.file-max = 2097152fs.suid_dumpable = 0net.core.somaxconn = 65535net.core.netdev_max_backlog = 262144net.core.optmem_max = 25165824net.core.rmem_default = 31457280net.core.rmem_max = 67108864net.core.wmem_default = 31457280net.ipv4.tcp_syncookies = 1net.ipv4.conf.all.rp_filter = 1net.ipv4.icmp_echo_ignore_all = 0net.ipv4.icmp_echo_ignore_broadcasts = 0net.ipv4.conf.all.log_martians = 1net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.all.accept_redirects = 0EOF
# eg:https://www.vultr.com/docs/securing-and-hardening-the-centos-7-kernel-with-sysctl# set kernel parameters work    /usr/sbin/sysctl -p    [ $? -eq 0 ] && echo "Sysctl config complete."}
# ipv6 configdisable_ipv6() {    echo "Starting disable ipv6..."    sed -i ‘$ a\net.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1‘ /etc/sysctl.conf    sed -i ‘$ a\AddressFamily inet‘ /etc/ssh/sshd_config    systemctl restart sshd    /usr/sbin/sysctl -p}
# password configpassword_config() {    # /etc/login.defs    sed -i ‘s/PASS_MIN_LEN    5/PASS_MIN_LEN    8/g‘ /etc/login.defs    authconfig --passminlen=8 --update    authconfig --enablereqlower --update    [ $? -eq 0 ] && echo "Config password rule complete."}
# disable no use servicedisable_serivces() {    systemctl stop postfix && systemctl disable postfix    [ $? -eq 0 ] && echo "Disable postfix service complete."}
#main functionmain(){    user_add    system_update    timezone_config    selinux_config    ulimit_config    sshd_config    disable_firewalld    vim_config    config_sysctl    disable_ipv6    password_config    disable_serivces}# execute main functionsmainecho "+------------------------------------------------------------------------+"echo "|            To initialization system all completed !!!                  |"echo "+------------------------------------------------------------------------+"————————————————版权声明:本文为CSDN博主「诸葛冰玄」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。原文链接:https://blog.csdn.net/embrace99999/article/details/81132443

原文地址:https://www.cnblogs.com/dinghailong128/p/12194933.html

时间: 2024-08-30 00:03:05

CentOS7 初始化脚本 1.0的相关文章

centos7初始化脚本

#!/bin/bash Author: guop centos7初始化脚本 PASSWD=passwordHOSTNAME=EIFMDNS1=119.29.29.29DNS2=223.5.5.5 cat << EOF+------------------------------------------------------------------+| ** Welcome to CentOS 7 System init ** |+-------------------------------

centos7 初始化脚本

#!/bin/bash # 时间: 2018-11-21 # 作者: HuYuan # 描述: CentOS 7 初始化脚本 # 加载配置文件 if [ -n "${1}" ];then /bin/sh ${1} fi # 可接受配置(shell 变量格式) # INIT_HOSTNAME 主机名, 默认为 localhost # INIT_NTPSERVER ntp 服务器, 默认为 ntp1.aliyun.com # INIT_DNS1 dns 服务器 # INIT_DNS2 #

centos7 系统初始化脚本

现在自己的本地虚拟机系统,直接安装的是centos7.2 mini版,安装完成发现好多东西都没有安装,所以写了一个简单的系统初始化脚本,让自己可以省一些力气,哈哈 人懒主要是. 下面贴出写的脚本,脚本里面有好多地方写的不是特别完善,希望大家给出意见,让我来完善它. #!/bin/bash function readme(){echo ==========编写一个关于centos7 最小化系统安装后 需要设置的东西 ==========echo ==========1.默认执行dhclient,获

linux系统监控工具汇总及几个小脚本 , 系统初始化脚本

重要性能监测工具:top.vmstat.w.uptime.ps.free.iostat.netstat./proc等 需要监视Linux服务器的性能?大多数Linux发行版都集成了一些监视工具.这些工具可以获取有关系统活动的信息的详细指标.通过这些工具,你可以发现产生系统性能问题可能存在原因.下面讨论的是一些最基本的命令,它涉及到系统分析和调试服务器等一些问题,如:1.    找出系统瓶颈问题.2.    磁盘 (储存) 瓶颈问题.3.    CPU和内存瓶颈问题.4.    网络瓶颈问题.#

centos 7 初始化脚本

#!/bin/bash # 时间: 2018-11-21 # 作者: HuYuan # 描述: CentOS 7 初始化脚本 # 加载配置文件 if [ -n "${1}" ];then /bin/sh ${1} fi # 可接受配置(shell 变量格式) # INIT_HOSTNAME 主机名, 默认为 localhost # INIT_NTPSERVER ntp 服务器, 默认为 ntp1.aliyun.com # INIT_DNS1 dns 服务器 # INIT_DNS2 #

CentOS7安装配置redis-3.0.0

清园 沉没的Atlantis CentOS7安装配置redis-3.0.0 一.安装必要包 yum install gcc 二.linux下安装 #下载 wget http://download.redis.io/releases/redis-3.0.0.tar.gz tar zxvf redis-3.0.0.tar.gz cd redis-3.0.0 #如果不加参数,linux下会报错 make MALLOC=libc  安装好之后,启动文件 #启动redis src/redis-server

linux系统最小化安装后的初始化脚本

作为运维人员,经常会初始化系统,系统在安装过程中基本都会选择最小化安装,这样安装好的系统里会缺少很多环境. 下面分享一个系统安装后的初始化脚本: #!/bin/bash #系统时最小化安装的,这里要安装系统的软件库yum groupinstall -y "development tools" #创建目录[ ! -d /server/tools ] && mkdir -p /server/tools[ ! -d /application ] && mkdi

Centos 初始化脚本

系统初始化脚本可以统一.自动配置,减少人力. 这里浅谈一下yum安装与源码编译安装,请各位不吝指正.我一直坚持yum安装,原因如下 一.安装方便,不需要再花精力考虑依赖问题 二.配置统一,方便后期维护,自动化等 三.方便升级 四.好吧,我是菜鸡,我承认了 唯有业务明确需要某新功能,才会使用源码安装.关于这点,和尘缘的观点类似,详见其博文 #!/bin/bash  #  #Change yum source  rpm -Uvh  http://dl.fedoraproject.org/pub/ep

Linux初始化脚本

以下脚本用于linux系统的初始化脚本,可以在服务器系统安装完毕之后立即执行.脚本结合各位大牛一些参数,已经在CentOS 5下通过. 使用方法:将其复制,保存为一个shell文件,比如init.sh.将其上传到linux服务器上,执行sh init.sh.建议大家在系统安装后立即执行. 脚本代码: #!/bin/bash # Configure yum source cd /tmp wget -c http://yum.baseurl.org/download/3.4/yum-3.4.3.ta