以下脚本用于linux系统的初始化脚本,可以在服务器系统安装完毕之后立即执行。脚本结合各位大牛一些参数,已经在CentOS 5下通过。
使用方法:将其复制,保存为一个shell文件,比如init.sh。将其上传到linux服务器上,执行sh init.sh。建议大家在系统安装后立即执行。
脚本代码:
#!/bin/bash
# Configure yum source
cd /tmp
wget -c http://yum.baseurl.org/download/3.4/yum-3.4.3.tar.gz
tar zxf yum-3.4.3.tar.gz
cd yum-3.4.3
./yummain.py install yum -y
cd ..
rm -rf yum-3.4.3*
sed -i ‘[email protected]^[email protected]#[email protected]‘ /etc/yum.conf
yum clean all
yum check-update
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo$(date +%m%d)
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo$(date +%m%d)
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo$(date +%m%d)
# Remove obsolete rpm package
if [ -z "$(cat /etc/redhat-release | grep ‘5\.‘)" ];then
yum -y groupremove "FTP Server" "Text-based Internet" "Windows File Server" "PostgreSQL Database" "News Server" "MySQL Database" "DNS Name Server" "Web Server" "Dialup Networking Support" "Mail Server" "Ruby" "Office/Productivity" "Sound and Video" "X Window System" "X Software Development" "Printing Support" "OpenFabrics Enterprise Distribution"
else
yum -y groupremove "FTP Server" "PostgreSQL Database client" "PostgreSQL Database server" "MySQL Database server" "MySQL Database client" "Web Server" "Office Suite and Productivity" "Ruby Support" "X Window System" "Printing client" "Desktop*"
fi
# Update rpm package
yum -y update
# Install dependencies package
yum -y install gcc gcc-c++ make autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel nss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool libtool-ltdl bison gd-devel vim-enhanced pcre-devel zip unzip sendmail
# chkconfig
chkconfig --list | awk ‘{print "chkconfig " $1 " off"}‘ > /tmp/chkconfiglist.sh;/bin/sh /tmp/chkconfiglist.sh;rm -rf /tmp/chkconfiglist.sh
chkconfig crond on
chkconfig irqbalance on
chkconfig network on
chkconfig sshd on
chkconfig rsyslog on #CentOS 6
chkconfig syslog on #CentOS/RHEL 5
chkconfig iptables on
chkconfig sendmail on
service sendmail restart
# /etc/hosts
[ "$(hostname -i)" != "127.0.0.1" ] && sed -i "[email protected]^127.0.0.1\(.*\)@127.0.0.1 `hostname` \[email protected]" /etc/hosts
# Close SELINUX
setenforce 0
sed -i ‘s/^SELINUX=.*$/SELINUX=disabled/‘ /etc/selinux/config
# initdefault
sed -i ‘s/^id:.*$/id:3:initdefault:/‘ /etc/inittab
/sbin/init q
# PS1
echo ‘PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"‘ >> /etc/profile
# Record command
sed -i ‘s/^HISTSIZE=.*$/HISTSIZE=100/‘ /etc/profile
echo "export PROMPT_COMMAND=‘{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp‘" >> /root/.bash_profile
# Wrong password five times locked 180s
sed -i ‘4a auth required pam_tally2.so deny=5 unlock_time=180‘ /etc/pam.d/system-auth
# alias vi
sed "[email protected] mv=.*@alias mv=‘mv -i‘\nalias [email protected]" /root/.bashrc
echo ‘syntax on‘ >> /etc/vimrc
# /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
echo "ulimit -SH 65535" >> /etc/rc.local
# /etc/sysctl.conf
sed -i ‘s/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g‘ /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
fs.file-max=65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
EOF
sysctl -p
if [ -z "$(cat /etc/redhat-release | grep ‘6\.‘)" ];then
sed -i ‘s/3:2345:respawn/#3:2345:respawn/g‘ /etc/inittab
sed -i ‘s/4:2345:respawn/#4:2345:respawn/g‘ /etc/inittab
sed -i ‘s/5:2345:respawn/#5:2345:respawn/g‘ /etc/inittab
sed -i ‘s/6:2345:respawn/#6:2345:respawn/g‘ /etc/inittab
sed -i ‘s/ca::ctrlaltdel/#ca::ctrlaltdel/g‘ /etc/inittab
sed -i ‘[email protected]=.*[email protected]="en_US.UTF-8"@g‘ /etc/sysconfig/i18n
else
sed -i ‘[email protected]^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@‘ /etc/sysconfig/init
sed -i ‘[email protected]^[email protected]#[email protected]‘ /etc/init/control-alt-delete.conf
fi
/sbin/init q
# Set timezone
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# Update time
/usr/sbin/ntpdate pool.ntp.org
echo ‘*/5 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1‘ > /var/spool/cron/root;chmod 600 /var/spool/cron/root
/sbin/service crond restart
# iptables
cat > /etc/sysconfig/iptables << EOF
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
EOF
/sbin/service iptables restart
source /etc/profile
###install tmux
mkdir tmux
cd tmux
wget -c http://cloud.github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
wget -c http://downloads.sourceforge.net/tmux/tmux-1.8.tar.gz
tar xzf libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable
./configure
make && make install
cd ../
tar xzf tmux-1.8.tar.gz
cd tmux-1.8
CFLAGS="-I/usr/local/include" LDFLAGS="-L//usr/local/lib" ./configure
make && make install
cd ../../
rm -rf tmux
if [ `getconf WORD_BIT` = ‘32‘ ] && [ `getconf LONG_BIT` = ‘64‘ ] ; then
ln -s /usr/local/lib/libevent-2.0.so.5 /usr/lib64/libevent-2.0.so.5
else
ln -s /usr/local/lib/libevent-2.0.so.5 /usr/lib/libevent-2.0.so.5
fi
###install htop
mkdir htop
cd htop
wget -c http://downloads.sourceforge.net/project/htop/htop/1.0.2/htop-1.0.2.tar.gz
tar xzf htop-1.0.2.tar.gz
cd htop-1.0.2
./configure
make && make install
cd ../../
rm -rf htop
Linux初始化脚本
时间: 2024-10-20 23:57:26