#!/bin/bash
#:***********************************************
#:Program:centos6_init_shell
#:
#:Author:ylhb
#:
#:History:2016-08-24
#:
#:Version:3.0
#:***********************************************
cat <<EOF
+--------------------------------------------------------------+
| === Welcome to System init === |
+--------------------------------------------------------------+
EOF
DATE=`date +%Y_%m_%d:%H_%M_%S`
INIT_LOG="system_init_$DATE.log"
#1.del_user_group_config
USER=(adm lp shutdown halt uucp operator games gopher)
for i in `echo ${USER[*]}`
do
if grep -qs "$i" /etc/passwd;then
/usr/sbin/userdel $i
else
echo "$i is no exist"
fi
done
GROUP=(adm lp dip)
for ii in `echo ${GROUP[*]}`
do
if grep -qs "$ii" /etc/group;then
/usr/sbin/groupdel $ii
else
echo "$ii is no exist"
fi
done
if [ "$?" == "0" ];then
echo "$DATE [del_user_group_config] is [success]" >> /root/${INIT_LOG}
fi
#2.add_users_config
#指定UID,密码不能明文显示
/usr/sbin/useradd -u 1001 -m -G 10 ylhb
sed -i '/ylhb/s#\!\!#\$6\$bThzZvdb\$sJVzJ\.BKw11111111111111111111ty87MCdQ4co1111111NUjRlbEgboQAcpy3XMG80#g' /etc/shadow
USER1=(ylhb)
for yl in `echo ${USER1[*]}`
do
if grep -qs "$yl" /etc/passwd;then
echo "$DATE $yl is added success" >>/root/${INIT_LOG}
fi
done
#3.sudoer_config
sed -i 's/Defaults requiretty/#Defaults requiretty/g' /etc/sudoers
echo -e "User_Alias SYSADMINS = ylhb" >> /etc/sudoers
echo -e "SYSADMINS ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo "$DATE [sudoer_config] is [success]" >>/root/${INIT_LOG}
#4.limits_config
echo "* soft nofile 65535" >>/etc/security/limits.conf
echo "* hard nofile 65535" >>/etc/security/limits.conf
echo "* soft noproc 65535" >>/etc/security/limits.conf
echo "* hard noproc 65535" >>/etc/security/limits.conf
sed -i '/1024/s/1024/65535/g' /etc/security/limits.d/90-nproc.conf
echo "$DATE [limits_config] is [success]" >>/root/${INIT_LOG}
#5.sysctl_config
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 10240" >> /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 5000 65000 " >> /etc/sysctl.conf
sysctl -p
echo "$DATE [sysctl_config] is [success]" >>/root/${INIT_LOG}
#6.history_config
echo "export HISTSIZE=2000" >> /etc/profile
source /etc/profile
echo "$DATE [history_config] is [success]" >>/root/${INIT_LOG}
#7.pass_length and login count limit
sed -i '25s/99999/90/g' /etc/login.defs
sed -i '27s/5/8/g' /etc/login.defs
sed -i '5i auth required /lib64/security/pam_tally2.so deny=3 unlock_time=300' /etc/pam.d/system-auth
#8.disable_selinux_config
sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
echo "$DATE [disable_selinux_config] is [success]" >>/root/${INIT_LOG}
#9.ntp_config
ntp_config_count=`crontab -l | grep ntpdate|wc -l`
if [ ${ntp_config_count} -eq 0 ];then
cat<<EOF >>/var/spool/cron/root
*/5 * * * * /usr/sbin/ntpdate -s 1.1.1.1 >/dev/null 2>&1
EOF
fi
if [ $? = 0 ];then
echo "$DATE [ntp_config] is [success]" >>/root/${INIT_LOG}
fi
#10.maxlogins_config
echo "ylhb - maxlogins 5" >> /etc/security/limits.conf
echo "$DATE [maxlogins_config] is [success]" >>/root/${INIT_LOG}
#11.disbled_ipv6_config
cat >>/etc/modprobe.d/disableipv6.conf << EOF
alias net-pf-10 off
options ipv6 disable=1
EOF
echo "$DATE [disble_ipv6_config] is [success]" >>/root/${INIIT_LOG}
#12.character_config
cat >> /etc/sysconfig/i18n << EOF
LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
#13.disable_service_config
for i in auditd blk-availability ip6tables iptables lvm2-monitor netfs udev-post
do
chkconfig $i off
iptables -F
iptables -X
done
echo "$DATE [disable_service_config] is [success]" >>/root/${INIT_LOG}
#15.DNS config
MASK=`ifconfig | grep -w "inet" | grep -v 127.0.0.1|awk -F':' '{print $2}'|sed 's/ Bcast$//g'| awk -F'.' '{print $1"."$2}'`
echo $MASK
if [ $MASK = "1.1" -o $MASK = "1.2" ]
then
cat > /etc/resolv.conf << EOF
nameserver 1.1.1.1
nameserver 1.1.1.2
nameserver 1.1.1.3
EOF
else
:
fi
#16.sshd_config
sed "s/#Port 22/Port 22/g" /etc/ssh/sshd_config -i
sed "s/^#Protocol 2/Protocol 2/g" /etc/ssh/sshd_config -i
sed "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config -i
sed 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config -i
sed 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config -i
sed 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/ssh_config -i
/etc/init.d/sshd restart
echo "$DATE [sshd_config] is [success]" >>/root/${INIT_LOG}
#17.yum resource config
mv /etc/yum.repos.d/* /tmp/
wget -P /etc/yum.repos.d/ http://yum.xxx.xxx/{CentOS-Base.repo,epel.repo}
yum clean all
yum install vim gcc gcc-c++ openssl-devel python-devel lrzsz tree ftp telnet -y
read -p "Do you want to reboot the system?" want
case $want in
yes)
echo "reboot now!"
reboot
;;
no)
echo "init over!"
;;
*)
echo "please useage yes or no! thanks"
;;
esac
CentOS 6.5 最小化安装系统初始化脚本
最新推荐文章于 2020-10-15 17:08:50 发布