一键优化系统脚本 for centos6.x

#!/bin/bash

#set env

export LANG="en_US.UTF-8"

export PATH=$PATH:/bin/sbin:/usr/sbin

#whether root to running user

if [[ $(whoami) != root ]];then

echo "please su - root run the script."

fi

SERVICE=`which service`

CHKCONFIG=`which chkconfig`

. /etc/init.d/functions

#install packages

installTmout(){

echo "TMOUT 180" >> /etc/profile\

[ $? -eq 0 ] && action "TMOUT is ok" /bin/true || exit 1

}

installTool(){

yum -y install sysstat ntp net-snmp vmstat lrzsz rsync > /dev/vull 2>&1

[ $? -eq 0 ] && action "Tools is ok" /bin/true || exit 1

}

#update the system lang

initI18n(){

cat /etc/sysconfig/i18n > /etc/sysconfig/i18n.bak

echo "LANG="en_US.UTF-8"" >> /etc/sysconfig/i18n

source /etc/sysconfig/i18n

[ $? -eq 0 ] && action "LANG is ok" /bin/true || exit 1

sleep 1

}

#start iptables

initIptables(){

cat /etc/selinux/config > /etc/selinux/config.bak

setenforce 0

sleep 1

}

#close not need to service

initService(){

export LANG="en_US.UTF-8"

for i in `chkconfig --list | grep -i "3:on" | awk ‘{print $1}‘`;do chkconfig --level 3 $i off; done

for i in crond network rsyslog sshd;do chkconfig --level 3 $i on;done

[ $? -eq 0 ] && action "Service is ok" /bin/true || exit 1

sleep 1

}

#youhua for ssh

initSsh(){

cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.bak

sed -i ‘s/#Port 22/Port 22022/‘ /etc/ssh/sshd_config

sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/‘ /etc/ssh/sshd_config

sed -i ‘s/#UseDNS yes/UseDNS no/‘ /etc/ssh/sshd_config

/etc/init.d/sshd reload > /dev/null 2 >& 1

[ $? -eq 0 ] && action "Ssh is ok" /bin/true || exit 1

}

#sync time

syncSystemTime(){

ping www.baidu.com -c 1 > /dev/null 2 >& 1

if [ $? -eq 0 -a `grep pool.ntp.org /var/spool/cron/root | grep -v grep | wc -l` -lt 1 ]; then

echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com > /dev/null 2>&1" >> /var/spool/cron/root

[ $? -eq 0 ] && action "SystemTime is ok" /bin/true || exit 1

fi

}

#change file inode

openFiles(){

cat /etc/security/limits.conf > /etc/security/limits.conf.bak

echo "ulimit -HSn 65535" >> /etc/security/limits.conf

sysctl -p

[ $? -eq 0 ] && action "limit is ok" /bin/true || exi 1

sleep 1

}

#youhua kernel

openKernel(){

cat /etc/sysctl.conf > /etc/sysctl.conf.bak

cat >> /etc/sysctl.conf << EOF

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.ip_local_port_range = 102465000

net.ipv4.tcp_max_syn_backlog = 8192

net.ipv4.tcp_max_tw_buckets = 5000

net.ipv4.tcp_mem = 192000 300000 732000

net.ipv4.tcp_rmem = 51200 131072 204800

net.ipv4.tcp_wmem = 51200 131072 204800

net.ipv4.tcp_orphan_retries = 3

net.ipv4.tcp_syn_retries = 3

net.ipv4.tcp_synack_retries = 3

net.ipv4.tcp_retries2 = 5

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_max_orphans = 2000

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_keepalive_time = 20

net.ipv4.tcp_keepalive_intvl = 5

net.ipv4.tcp_keepalive_probes = 2

vm.dirty_expire_centisecs = 1500

vm.dirty_writeback_centisecs = 1000

vm.dirty_ratio = 20

vm.dirty_background_ratio = 100

vm.min_free_kbytes=409600

vm.vfs_cache_pressure=200

vm.swappiness = 40

EOF

/sbin/sysctl -p && action "kernel is ok" /bin/true || action "kernel is faile" /bin/false

sleep 1

}

#init_snmp

init_snmp(){

cat /etc/snmp/snmpd.conf > /etc/snmp/snmpd.conf.bak

sed -i ‘s/#view all/view all/‘ /etc/snmp/snmpd.conf

sed -i ‘s/#access MyROGroup/access MyROGroup/‘ /etc/snmp/snmpd.conf

${CHKCONFIG} snmpd on

${SERVICE} snmpd start

[ $? -eq 0 ] && action "snmpd is starting" /bin/true \

|| action "snmpd is faile" /bin/false

}

installTool

initI18n

initSelinux

initService

initSsh

syncSystemTime

openFiles

openKernel

init_snmp