系统优化类

最新推荐文章于 2024-11-14 14:20:26 发布
最新推荐文章于 2024-11-14 14:20:26 发布
阅读量171 收藏
点赞数
文章标签: 运维 awk shell
原文链接:http://www.cnblogs.com/steven9898/p/11348775.html
版权

此脚本基于centos7和centos6编写:

仅供参考,切勿盲目复制执行

#!/bin/bash

PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
export PATH

Centos7=$(uname -a | grep "el7" | wc -l)
Centos6=$(uname -a | grep "el6" | wc -l)

if [ $Centos7 == 1 ];
then
   echo "System Centos 7 in reset kernel"
   /bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null
   if [ $? -eq 0 ];then
   	echo -e "\033[31m Selinux\033[0m  is already not running"
   else
   	/bin/sed -i  '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
   	setenforce 0 2>&1 >/dev/null
   	echo -e "\033[31m Selinux \033[0m is already  modify stop successful"
   fi
   
   ################# <关闭多余用户> ##########################
   
   userdel -r lp 2>&1 >/dev/null
   userdel -r sync 2>&1 >/dev/null
   userdel -r shutdown 2>&1 >/dev/null
   userdel -r halt 2>&1 >/dev/null
   userdel -r operator 2>&1 >/dev/null
   userdel -r games 2>&1 >/dev/null
   userdel -r gopher 2>&1 >/dev/null
   chmod +s /bin/netstat
   chmod 400 /etc/shadow
   ################# <系统内核安全> ##########################
   ipv4=$(grep "net.ipv4" /etc/sysctl.conf  | wc -l)
   if [ $ipv4 -lt 2 ];
   then
       echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
       echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf
       echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf
       echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf
       echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf
       echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf
       echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
       echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_mem = 131072  262144  524288" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_rmem = 8760  256960  4088000" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_wmem = 8760  256960  4088000" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
       echo "net.ipv4.ip_local_port_range = 1024  65000" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
       sysctl -p
   else
       echo "kernel already reset"
   fi
   hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow  | wc -l)
   if [ $hosts -ne 1 ];
   then
       echo "insert sshd allow"
       echo 'sshd:10.80.80.100:allow'  >> /etc/hosts.allow
   else
      echo "sshd already reset"
   fi

   ################## 《更改时区》###############################
   
   TZ=`timedatectl |grep Time|awk {'print $3'}`
   SH="Adsia/Shanghai"
   if [ $TZ == $SH ];then
   	echo -e  "\033[31m Timezone \033[0m is already "Asia/Shanghai""
   else 
   	rm -f /etc/localtime
   	cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
   	echo -e "\033[31m Timezone \033[0m is already modify "Asia/Shanghai""
   fi
   
   ################ <更改ssh端口和禁止root登录> #######################
   Net=$(netstat -tulnp|grep 22502 | wc -l)
   if [ $Net = 0 ];then
       cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
   	   sed -i '/Port 22/aPort 22502' /etc/ssh/sshd_config
   	   echo -e  "\033[31m SSH's port  22 is already modify to 22502\033[0m"
   	    sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
        sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config
        sed -i "/^#Subsystem/aSubsystem       sftp    internal-sftp" /etc/ssh/sshd_config
   	if [ $? -eq 0 ];then
   		systemctl restart sshd 2>&1 >/dev/null
   		echo -e "\033[31m SSH's service\033[0m has restart again"
   	fi
   else 
   	sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
        echo -e "\033[31m chage Use UseDns\033[0m"
   	PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2`
   	echo -e "ssh's port is \033[31m already modify $PORT\033[0m"
   fi
   ############## <登录密码相关设置> #######################################
   
   cp /etc/login.defs /etc/login.defs.bak
   sed -i '/^PASS_MAX_DAYS/s/[0-9]\{1,\}/99999/g' /etc/login.defs
   sed -i '/^PASS_MIN_DAYS/s/[0-9]\{1,\}/7/g' /etc/login.defs
   sed -i '/^PASS_MIN_LEN/s/[0-9]\{1,\}/12/g' /etc/login.defs
   sed -i '/^PASS_WARN_AGE/s/[0-9]\{1,\}/30/g' /etc/login.defs
   #########################################################################
   username=$(id kyeroot | grep "uid=0" | wc -l)
   if [ $username = 0 ];then
   	useradd kyeroot
   	echo "Aa+12345678" | passwd --stdin kyeroot
   	sed -i '/^kyeroot/s/[0-9]\{1,\}/0/g' /etc/passwd
   	sed -i '/^kyeroot/s/home\/kyeroot/root/g' /etc/passwd
        sed -i "/^root/s/bin/sbin/g" /etc/passwd
        sed -i "/^root/s/bash/nologin/g" /etc/passwd
        cp /etc/sudoers /etc/sudoers.bak
   	sed -i '/^root/akyeroot ALL=(ALL)   ALL' /etc/sudoers
   else
   	echo -e "\033[31m user kyeroot is exists\033[0m  or \033[31m password is wrong\033[0m"
   fi

   
   useradd kyeadmin 2>&1 >/dev/null
   d=$?
   if [ $d -eq 0 ];then
       echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null
   	echo -e "\033[31m create user kyeadmin successful \033[0m"
   	echo -e "\033[31m create user passwd successful \033[0m"
   else
   	echo -e "\033[31m user kyeadmin is exists\033[0m  or \033[31m password is wrong\033[0m"
   fi
   
   ############### <日志权限> #########################################
   chattr +a /var/log/messages
   if [ $? == "0" ];then
   	echo -e "\033[31m Already add "lsatrr +a"\033[0m  for "/var/log/messages" "
   else
   	echo -e "Add \033[31m "lsattr +a"\033[0m  is failed,please check it!"
   fi
   
   find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} \;
   echo -e "\033[31m modify "/var/log/*"\033[0m all files permission of "u-x,g-x,o-wx" successful"
chmod +x /etc/rc.local
null=$(grep "/dev/null" /etc/rc.local  |wc -l)
if [ $null = 0 ];
then
    echo "chmod 666 /dev/null" >> /etc/rc.local
else
   echo "already reset /dev/null"
fi

   ############## <修改文件句柄数> ###################################
   
   h=`ulimit -n`
   if [ $h -ne 65535 ];then
   
   	ulimit -n 65535
   	grep "* soft nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
   	i=$?   #判断“soft nofile 65536”是否存在
   	grep "* hard nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
   	j=$?   #判断“hard nofile 65536”是否存在
   	k=$[i+j] 
   	if [ $k -ne 0 ];then #同时判断“soft/hard nofile 65536”
   		cp /etc/security/limits.conf /etc/security/limits.conf.bak
   		echo "* soft nofile 65535" >> /etc/security/limits.conf
   		echo "* hard nofile 65535" >> /etc/security/limits.conf
   		echo -e "\033[31m default ulimit is $h\033[0m,now ulimit is already modify 65535"
   	else
   	echo -e "\033[31m "soft nofile 65535 and  hard nofile 65535"\033[0m is already configure,not to modify "
   	fi
   else 
   	echo -e "\033[31m default ulimit is 65535\033[0m,not modify"
   fi
   
   ############# <防止暴力破解,提高系统安全性> ################################
   
   grep "remember" /etc/pam.d/system-auth  2>&1 >/dev/null
   o=$?
   grep "unlock_time" /etc/pam.d/system-auth  2>&1 >/dev/null
   p=$?
   grep "pam_pwquality.so" /etc/pam.d/system-auth 2>&1 >/dev/null
   w=$?
   if [ $o -ne 0 ];then
        cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
   	sed  -i "/sha512/s/use_authtok/use_authtok remember=4/g" /etc/pam.d/system-auth ###表示禁止使用最近用过的4个密码(己使用过的密码会被保存在 /etc/security/opasswd 下面)
   	echo -e "Configure "use_authtok remember=4" for /etc/pam.d/system-auth successful"
   fi
   if [ $w -ne 0 ];then
   	sed -i "/pam_pwquality.so/s/local_users_only/minclass=3/g" /etc/pam.d/system-auth
   	echo -e "Configure "use_authtok remember=4" for /etc/pam.d/system-auth successful"
   fi
   if [ $p -eq 0 ];then
   	echo "auth required pam_tally2.so even_deny_root deny=5 unlock_time=1800" >> /etc/pam.d/system-auth 
   	echo -e "Configure "auth required pam_tally2.so even_deny_root deny=5 unlock_time=1800" for /etc/pam.d/system-auth successful"
   fi
   
   ################# <设置shell会话超时退出> ##################################
   
   n=`grep "TMOUT=" /etc/profile|cut -d "=" -f 2` #读取默认的超时的时间
   l=`grep "TMOUT" /etc/profile`
   if [ $? -ne 0 ];then   ##判断TMOUT没有设置过超时配置
        cp /etc/profile /etc/profile.bak
   	echo "TMOUT=300" >> /etc/profile
   	echo "export TMOUT" >> /etc/profile
   #	sed -i 's/^HISTSIZE=1000/HISTSIZE=30/g' /etc/profile
   	echo -e "\033[31m TMOUT \033[0m is already modify TMOUT=300"
   else               ##若是配置过超时命令,替换换默认超时时间
   	sed -i s/TMOUT=$n/TMOUT=300/g /etc/profile  #替换默认超时时间为180
   	echo -e  "\033[31m default TMOUT \033[0m is $n,TMOUT is already modify to 180s successful  " #获取默认超时时间
   #	echo "export TMOUT" >> /etc/profile
   fi
   
   ################# <禁止root ftp登录> #######################################
   
   systemctl status vsftpd 2>&1 >/dev/null
   if [ $? -eq 0 ];then
   	echo "root" >> /etc/vsftpd/ftpusers 
   	echo -e "\033[31m The ftp for root forbidden \033[0m successful"
   else
   	echo -e "\033[31m The vsftpd \033[0m service not exists,not need to forbidden"
   fi 
   
   ############### <登录警告语> #############################################
   
   grep "WARNING" /etc/motd 2>&1 >/dev/null
   if [ $? -ne 0 ];then
   	echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd
   	echo -e "\033[31m The motd \033[0m is add at /etc/motd successful"
   else 
   	echo -e "\033[31m The motd "WARNING" is exsits\033[0m,please check if need to modify again"
   fi
   

   ################ <设置允许能su到root的用户> #################################
   grep "SU_WHEEL_ONLY yes" /etc/login.defs && echo "Already set" || echo "SU_WHEEL_ONLY yes" >> /etc/login.defs

elif [ $Centos6 == 1 ]
then

   echo "System Centos 6 in reset kernel"
   ################ 《关闭selinux》############################################

   /bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null
   if [ $? -eq 0 ];then
   	echo -e "\033[31m Selinux\033[0m  is already not running"
   else
   	/bin/sed -i  '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
   	setenforce 0 2>&1 >/dev/null
   	echo -e "\033[31m Selinux \033[0m is already  modify stop successful"
   fi
   ################# <关闭多余用户> ##########################
   
   userdel -r lp 2>&1 >/dev/null
   userdel -r sync 2>&1 >/dev/null
   userdel -r shutdown 2>&1 >/dev/null
   userdel -r halt 2>&1 >/dev/null
   userdel -r operator 2>&1 >/dev/null
   userdel -r games 2>&1 >/dev/null
   chmod +s /bin/netstat
   chmod 400 /etc/shadow
   ################# <系统内核安全> ##########################
   ipv4=$(grep "net.ipv4" /etc/sysctl.conf  | wc -l)
   if [ $ipv4 -lt 2 ];
   then
       echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
       echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf
       echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf
       echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf
       echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf
       echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf
       echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
       echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_mem = 131072  262144  524288" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_rmem = 8760  256960  4088000" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_wmem = 8760  256960  4088000" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
       echo "net.ipv4.ip_local_port_range = 1024  65000" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf
       echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
       sysctl -p
   else
       echo "kernel already reset"
   fi
   hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow  | wc -l)
   if [ $hosts -ne 1 ];
   then
       echo "insert sshd allow"
       echo 'sshd:10.80.80.100:allow'  >> /etc/hosts.allow
   else
      echo "sshd already reset"
   fi
   ################ 《更改时区》##############################################
   
   /bin/grep "Asia/Shanghai" /etc/sysconfig/clock 2>&1 >/dev/null
   if [ $? -eq 0 ];then
   	echo -e  "\033[31m Timezone \033[0m is already "Asia/Shanghai""
   else 
   	rm -f /etc/localtime
   	cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
   	echo -e "\033[31m Timezone \033[0m is already modify "Asia/Shanghai""
   fi
   
   ###############《更改ssh端口和禁止root登录》##############################

   Net=$(netstat -tulnp|grep 22502 | wc -l)
   if [ $Net = 0 ];then
       cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
   	sed -i '/port 22/aport 22502' /etc/ssh/sshd_config
   	echo -e  "\033[31m SSH's port  22 is already modify to 22502\033[0m"
   	sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
        sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config
        sed -i "/^#Subsystem/aSubsystem       sftp    internal-sftp" /etc/ssh/sshd_config
   	if [ $? -eq 0 ];then
   		service sshd restart 2>&1 >/dev/null
   		echo -e "\033[31m SSH's service\033[0m has restart again"
   	fi
   else 
   	sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
        echo -e "\033[31m chage Use UseDns\033[0m"
   	PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2`
   	echo -e "ssh's port is \033[31m already modify $PORT\033[0m"
   fi
   ############### 《禁止组合键关机》#######################################
   
   /bin/grep ^exec /etc/init/control-alt-delete.conf 2>&1 >/dev/null
   a=$?    #判断是否关闭“exec /etc/init/control-alt-delete.conf”
   /bin/grep ^start /etc/init/control-alt-delete.conf 2>&1 >/dev/null
   b=$?    #判断是否关闭"start on control-alt-delete"
   c=$[a+b]
   if [ $c -eq 2 ];then
           echo -e "\033[31m "control-alt-delete" \033[0m modify is \033[31m failed \033[0m,or configure successful,please check it again"
   else
       cp  /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak
   	sed -i "/^start/s/start/#start/g" /etc/init/control-alt-delete.conf
   	sed -i "/^exec/s/exec/#exec/g" /etc/init/control-alt-delete.conf
   	echo -e "\033[31m “control-alt-delete”\033[0m is already modify stop successful"
   fi
   
   
   ############# 《登录密码相关设置》##############################
   cp /etc/login.defs /etc/login.defs.bak
   sed -i '/^PASS_MAX_DAYS/s/[0-9]\{1,\}/90/g' /etc/login.defs
   sed -i '/^PASS_MIN_DAYS/s/[0-9]\{1,\}/7/g' /etc/login.defs
   sed -i '/^PASS_MIN_LEN/s/[0-9]\{1,\}/12/g' /etc/login.defs
   sed -i '/^PASS_WARN_AGE/s/[0-9]\{1,\}/30/g' /etc/login.defs
   
   ############## 《新建用户》############################################
   #u=`grep "^kyeroot" /etc/passwd | wc -l`
      username=$(id kyeroot | grep "uid=0" | wc -l)
      if [ $username = 0 ];then
      	useradd kyeroot
      	echo "Aa+12345678" | passwd --stdin kyeroot
      	sed -i '/^kyeroot/s/[0-9]\{1,\}/0/g' /etc/passwd
      	sed -i '/^kyeroot/s/home\/kyeroot/root/g' /etc/passwd
           sed -i "/^root/s/bin/sbin/g" /etc/passwd
           sed -i "/^root/s/bash/nologin/g" /etc/passwd
           cp /etc/sudoers /etc/sudoers.bak
      	sed -i '/^root/akyeroot ALL=(ALL)   ALL' /etc/sudoers
      else
      	echo -e "\033[31m user kyeroot is exists\033[0m  or \033[31m password is wrong\033[0m"
      fi
   
      
      useradd kyeadmin 2>&1 >/dev/null
      d=$?
      if [ $d -eq 0 ];then
          echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null
      	echo -e "\033[31m create user kyeadmin successful \033[0m"
      	echo -e "\033[31m create user passwd successful \033[0m"
      else
      	echo -e "\033[31m user kyeadmin is exists\033[0m  or \033[31m password is wrong\033[0m"
      fi
   ############# 《日志权限》############################################
   
   chattr +a /var/log/messages
   if [ $? == "0" ];then
   	echo -e "\033[31m Already add "lsatrr +a"\033[0m  for "/var/log/messages" "
   else
   	echo -e "Add \033[31m "lsattr +a"\033[0m  is failed,please check it!"
   fi
   
   find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} \;
   echo -e "\033[31m modify "/var/log/*"\033[0m all files permission of "u-x,g-x,o-wx" successful"
   
   chmod +x /etc/rc.local
   null=$(grep "/dev/null" /etc/rc.local  |wc -l)
   if [ $null = 0 ];
   then
       echo "chmod 666 /dev/null" >> /etc/rc.local
   else
      echo "already reset /dev/null"
   fi
   ############# 《修改文件句柄数》######################################
   h=`ulimit -n`
   if [ $h -ne 65535 ];then
   	ulimit -n 65535
   	grep "* soft nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
   	i=$?   #判断“soft nofile 65536”是否存在
   	grep "* hard nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
   	j=$?   #判断“hard nofile 65536”是否存在
   	k=$[i+j] 
   	if [ $k -ne 0 ];then #同时判断“soft/hard nofile 65536”
   	    cp /etc/security/limits.conf /etc/security/limits.conf.bak
   		echo "* soft nofile 65535" >> /etc/security/limits.conf
   		echo "* hard nofile 65535" >> /etc/security/limits.conf
   		echo -e "\033[31m default ulimit is $h\033[0m,now ulimit is already modify 65535"
   	else
   	echo -e "\033[31m "soft nofile 65535 and  hard nofile 65535"\033[0m is already configure,not to modify "
   	fi
   else 
   	echo -e "\033[31m default ulimit is 65535\033[0m,not modify"
   fi
   
   
   ############## 《防止暴力破解,提高系统安全性》######################
   
   grep "remember" /etc/pam.d/system-auth  2>&1 >/dev/null
   o=$?
   p=`grep "unlock_time" /etc/pam.d/system-auth | wc -l`
   if [ $o -ne 0 ];then
       cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
   	sed  -i "/sha512/s/use_authtok/use_authtok remember=4/g" /etc/pam.d/system-auth ###表示禁止使用最近用过的4个密码(己使用过的密码会被保存在 /etc/security/opasswd 下面)
   fi
   if [ $p -lt 1 ];then
   	echo "auth    required        pam_tally2.so even_deny_root deny=5 unlock_time=1800" >> /etc/pam.d/system-auth 
   fi
   
   ############## 《设置shell会话超时退出》############################
   
   n=`grep "TMOUT=" /etc/profile|cut -d "=" -f 2` #读取默认的超时的时间
   l=`grep "TMOUT" /etc/profile`
   if [ $? -ne 0 ];then   ##判断TMOUT没有设置过超时配置
   	cp /etc/profile /etc/profile.bak
   	echo "TMOUT=300" >> /etc/profile
   	echo "export TMOUT" >> /etc/profile
   #	sed -i 's/^HISTSIZE=1000/HISTSIZE=30/g' /etc/profile
   	echo -e "\033[31m TMOUT \033[0m is already modify TMOUT=300"
   else               ##若是配置过超时命令,替换换默认超时时间
   	sed -i s/TMOUT=$n/TMOUT=300/g /etc/profile  #替换默认超时时间为180
   	echo -e  "\033[31m default TMOUT \033[0m is $n,TMOUT is already modify to 180s successful  " #获取默认超时时间
   #	echo "export TMOUT" >> /etc/profile
   fi
   
   ############## 《禁止root ftp登录》################################
   
   if [ -f /etc/vsftpd/ftpusers ];then
           p=`grep 'root' /etc/vsftpd/ftpusers | wc -l`
           if [ $p -eq 0 ];then
               cp  /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers.bak
               echo "root" >> /etc/vsftpd/ftpusers
               echo -e "\033[31m The ftp for root forbidden \033[0m successful or\033[31m ftp's service not exsits \033[0m"
           else
               echo -e "\033[31m The vsftpd \033[0m service not exists or Have been modified"
           fi
   
   else
           echo -e "\033[31m The vsftpd \033[0m service not exists or Have been modified"
   fi
   
   ################ 《登录警告语》###################################
   
   grep "WARNING" /etc/motd 2>&1 >/dev/null
   if [ $? -ne 0 ];then
       cp  /etc/motd /etc/motd.bak 
   	echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd
   	echo -e "\033[31m The motd \033[0m is add at /etc/motd successful"
   else 
   	echo -e "\033[31m The motd "WARNING" is exsits\033[0m,please check if need to modify again"
   fi
   
   
   ############## 《关闭telnet》####################################
   
   y=`chkconfig --list|grep telnet |awk '{print $2}'`
   m=`chkconfig --list|grep telnet `
   if [ $? -ne 0 ];then
   	echo -e "\033[31m The telnet \033[0m is not exsits"
   else
      	if [ $y == "on" ];then
   		chkconfig telnet off
   		echo -e "\033[31m The telnet \033[0m is stop sucessful"
   	else
   		echo -e "\033[31m The telnet\033[0m is already stop "
   	fi
   fi

else
   echo "cache System version"
fi

 

转载于:https://www.cnblogs.com/steven9898/p/11348775.html

baihuang8062
关注
变电站Unix操作系统数据文件优化管理系统的开发与设计
01-27
针对湖北电网500 kV变电站已出现的多次不同厂家Unix系统监控服务器设备,由于磁盘空间满而造成频繁重启或无法进入操作系统,以及监控数据无法刷新的现象。文中开发与设计了基于原监控系统的数据文件优化管理系统,...
星语win7系统优化软件v1.5星语系统优化中文绿色免费版
08-07
星语系统优化Win7开发在Windows7下,当然以前的XP、Vista也一样能支持。不管是在个人电脑、公司电脑、网吧电脑,都适用的优化系统软件,提供了全面...主要包含三大为开机加速、系统优化和痕迹清理。能快捷的识别不
S02-ssh无密钥登陆
weixin_34208185的博客
10-16 846
2019独角兽企业重金招聘Python工程师标准>>> ...
用ssh时 提示WARNING:
丁一鸣的CSDN
10-01 2031
用ssh时 提示WARNING: POSSIBLE DNS SPOOFING DETECTED!处理方法 (2011-04-25 10:53:25)转载▼1、起因:远程连接某一台Linux服务器A,然后又通过A来ssh连接另一台服务器B时发生2、PUTTY返回提示信息如下:user:/$ ssh xxx.xxx.xxx.xxx @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
057-跳板机的shell小脚本
weixin_34175509的博客
10-18 446
2019独角兽企业重金招聘Python工程师标准>>> ...
ssh/scp 使不提示 All activities are monitored and reported.
六位元素
06-15 4845
All activities are monitored and reported.
nginx --反向代理配置文件
weixin_30922589的博客
06-12 241
配置文件如下图 server { listen 8080; server_name 0.0.0.0;//这里可以配置相应域名 root /www/facei; index index.html index.htm; access_log /var/log/nginx/facei.access.log; er...
系统优化
xingjia001的博客
06-24 127
1、分库分表 2、加缓存 3、并发编程 4、异步 5、加服务器 6、服务拆分
[实战]Router configuration for TP ROOM
weixin_34081595的博客
03-08 126
Router configuration for TP目标: 让外网可以访问FTP server [10.1.1.2] /Telnet(这里为了方便测试,使用telnet),中间跨了2个 Router++++CNSO-TP01 configuration +++++conf tservice timestamps debug datetime localtime show-t...
人脸识别的“肮脏小秘密”:数百万张未经同意的在线照片被窃取
52AI人工智能
03-15 1768
People’s faces are being used without their permission, in order to power technolog...
Linux复习-系统管理(权限优化、备份策略、RAID、资源查看、启动流程、系统优化
09-24
Linux复习-系统管理(权限优化、备份策略、RAID、资源查看、启动流程、系统优化
Openshift 如何更新访问控制机
11-13 328
OPenshift 安装的时候会指定用于访问集群的访问机, 比如PC1的ssh key 为key1, 那key1会配置到集群的ISO中, 那后如果PC1重新装OS 或者想换成其他的电脑是, key1 可以为变成key2.1. 新的访问机上把key 生成一下: ssh-keygen -t rsa -C 'xx@xx.com'保存key: cat /root/.ssh/id_rsa.pub。把/root/.ssh/id_rsa.pub 中的key 修改到这个yaml中。
lubuntu24.04使用vm-tools
kfepiza的博客
11-11 821
Open-VM-Tools是一个旨在提升VMware虚拟化平台操作系统性能的开源软件套件。它通过提供无缝桌面体验、虚拟磁盘驱动、复制粘贴、拖放、网络时间同步和虚拟打印等功能,增强了虚拟机的效率和用户体验。作为开源项目,它具有高透明度和安全性,支持自定义和扩展,并由活跃的开源社区支持。
ks8 本地化部署 F5-TTS
陈锐的技术笔记
11-13 718
此外,F5-TTS 还创新性地引入了推理时的 Sway Sampling 策略,这一策略可以在推理阶段优先处理早期的流步骤,从而提高生成语音与输入文本的对齐效果。在 LibriSpeech-PC 数据集上,该模型的字错误率(WER)达到了2.42,并且在推理时的实时因子(RTF)为0.15,显著优于之前的扩散模型 E2TTS,后者在处理速度和鲁棒性上存在短板。传统的 TTS 模型往往需要进行复杂的持续时间建模、音素对齐和专门的文本编码,这些都增加了合成过程的复杂性。继续TSS的启动,进入pod 输入命令。
虚拟机安装Ubuntu 24.04服务器版(命令行版)
weixin_42173947的博客
11-13 775
这个是专门用于服务器使用的,没有GUI,常用软件安装,见虚拟机安装Ubuntu 24.04及其常用软件(2024.7)_ubuntu24.04-CSDN博客这里只记录独特的安装步骤。
记录一次C盘存储空间被异常占用的排查
最新发布
ajax_beijing_java的博客
11-14 74
解决方案:开始一直认为是程序往C盘里面写入了文件,才导致c盘的存储一直在增加,但是之前服务是部署在云下的。从来是没有出现过磁盘被占用的现象。于是,找到了镜像同事,镜像同事反馈这个2019的镜像是老镜像,他们替换了新的镜像。服务器也暂时使用了2016的镜像,做成2016的系统。发现c盘被占用空间的问题不再出现。场景:运维同事发现一台windows server 2019的服务器,本来部署的是大屏业务,但是不知道为啥,总是能发现c盘莫名其妙的生成一些日志信息。后来竟然慢慢将c盘给占满了。导致服务无法正常使用。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值