Linux系统初始化*参数初始化(脚本)
1. 系统环境初始化
2. 系统参数初始化
1. 系统环境初始化
点击(此处)折叠或打开
- #!/bin/bash
- #configure yum source
- cat>/etc/yum.repos.d/rhel64.repo<<EOF
- [Server]
- name=Red Hat Enterprise Linux Server
- baseurl=ftp://192.168.8.125/yumfile/Server/
- enabled=1
- gpgcheck=0
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
- EOF
-
- yum clean all
- yum list|grep \"kde-i18n-Chinese.noarch\"
- echo \"yum source has been configured\"
-
- #install chinese rpm
- yum install -y kde-i18n-Chinese.noarch
-
- #disable selinux
- sed -i \'s/SELINUX=enforcing/SELINUX=disabled/g\' /etc/sysconfig/selinux
- grep SELINUX= /etc/sysconfig/selinux
- echo \"disable selinux success\"
-
- #set initdefault
- sed -i \'s/id:5:initdefault:/id:3:initdefault:/g\' /etc/inittab
- grep initdefault /etc/inittab
- echo \"initdefault set to 3\"
-
-
- #set ntp & get into crontab
- /usr/sbin/ntpdate 192.168.1.15
- hwclock -w
- echo \"0 1 * * * root /usr/sbin/ntpdate 172.26.1.15 && /sbin/hwclock -w\" >> cron.txt
- crontab cron.txt
- rm -f cron.txt
- date
- echo \"set ntp success\"
-
- #configure DNS & disable NetworkManager
- service NetworkManager stop
- chkconfig NetworkManager off
- echo \"nameserver 172.26.1.20\" >> /etc/resolv.conf
- sed -i \'s/#UseDNS yes/UseDNS no/g\' /etc/ssh/sshd_config
- sed -i \'s/#GSSAPIAuthentication no/GSSAPIAuthentication no/g\' /etc/ssh/sshd_config
- sed -i \'s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g\' /etc/ssh/sshd_config
- service sshd restart
- grep GSSAPIAuthentication /etc/ssh/sshd_config; grep DNS /etc/ssh/sshd_config
- echo \"DNS configure successful,service network restarting...\"
- service network restart
-
- #add user mwuser
- cat>mwuser.sh<<EOF
- mwuser_pwd=mwuser
- logop_pwd=Sinolife2012
- groupadd -g 3000 mwgrp
- groupadd -g 3001 loggrp
- useradd -u 3000 -g mwgrp -G loggrp mwuser
- useradd -u 3001 -g loggrp logop
- (sleep 1 ; echo ${mwuser_pwd} ;sleep 1; echo ${mwuser_pwd})|passwd mwuser
- (sleep 1 ; echo ${logop_pwd} ;sleep 1; echo ${logop_pwd})|passwd logop
- if [ ! -d \"/mwbase\" ] ;then
- mkdir /mwbase
- fi
-
- if [ ! -d \"/mwbase/applogs/rtlog\" ];then
- mkdir -p /mwbase/applogs/rtlog
- fi
-
- if [ ! -d \"/mwbase/applogs/archlog\" ];then
- mkdir -p /mwbase/applogs/archlog
- fi
-
- chown -R mwuser:mwgrp /mwbase
- chmod -R 755 /mwbase
- chown -R mwuser:loggrp /mwbase/applogs
- chmod -R 2750 /mwbase/applogs
- EOF
- sh mwuser.sh
- echo \"user mwuser established\"
-
- #chkconfig list
- #chkconfig off
- chkconfig NetworkManager --levels 2345 off
- chkconfig abrt-ccpp --levels 2345 off
- chkconfig abrtd --levels 2345 off
- chkconfig acpid --levels 2345 off
- chkconfig certmonger --levels 2345 off
- chkconfig cgconfig --levels 2345 off
- chkconfig cgred --levels 2345 off
- chkconfig cpuspeed --levels 2345 off
- chkconfig cups --levels 2345 off
- chkconfig dnsmasq --levels 2345 off
- chkconfig firstboot --levels 2345 off
- chkconfig ip6tables --levels 2345 off
- chkconfig iptables --levels 2345 off
- chkconfig kdump --levels 2345 off
- chkconfig mdmonitor --levels 2345 off
- chkconfig netconsole --levels 2345 off
- chkconfig netfs --levels 2345 off
- chkconfig nfs --levels 2345 off
- chkconfig nfslock --levels 2345 off
- chkconfig ntpd --levels 2345 off
- chkconfig ntpdate --levels 2345 off
- chkconfig numad --levels 2345 off
- chkconfig oddjobd --levels 2345 off
- chkconfig portreserve --levels 2345 off
- chkconfig postfix --levels 2345 off
- chkconfig quota_nld --levels 2345 off
- chkconfig rdisc --levels 2345 off
- chkconfig restorecond --levels 2345 off
- chkconfig rhnsd --levels 2345 off
- chkconfig rhsmcertd --levels 2345 off
- chkconfig rngd --levels 2345 off
- chkconfig rpcgssd --levels 2345 off
- chkconfig rpcidmapd --levels 2345 off
- chkconfig rpcsvcgssd --levels 2345 off
- chkconfig saslauthd --levels 2345 off
- chkconfig smartd --levels 2345 off
- chkconfig sssd --levels 2345 off
- chkconfig wdaemon --levels 2345 off
- chkconfig winbind --levels 2345 off
- chkconfig wpa_supplicant --levels 2345 off
- chkconfig ypbind --levels 2345 off
-
- #chkconfig on
- chkconfig --levels 2345 atd on
- chkconfig --levels 2345 auditd on
- chkconfig --levels 2345 crond on
- chkconfig --levels 2345 psacct on
- chkconfig --levels 2345 rsyslog on
- chkconfig --levels 2345 sshd on
- chkconfig --levels 2345 network on
2. 系统参数初始化
点击(此处)折叠或打开
- #!/bin/sh
- #set -x
- #修改sysctl-conf文件
- function edit_sysctl_conf()
- {
- param_name=$1
- param_value=$2
- conf_file=\"/etc/sysctl.conf\"
- value_count=$(echo ${param_value}|awk \'{print NF}\')
- if [ \"${value_count}\" -eq \"1\" ] ; then
- old_line=$(grep \"^${param_name}[[:space:]]*=[[:space:]]*[0-9]\\+\" ${conf_file})
- if [ -n \"${old_line}\" ] ; then
- file_value=$(echo ${old_line} |sed \'s/ //g\'| cut -d= -f2)
- if [ ${param_value} -gt $file_value ] ; then
- new_line=\"${param_name} = ${param_value}\"
- sed -ie \"s/^${param_name}\\(.*\\)$/${new_line}/g\" ${conf_file}
- sed -i \"/^${param_name}/i #${old_line}\" ${conf_file}
- fi
- else
- echo \"\" >> ${conf_file}
- echo \"${param_name} = ${param_value}\" >> ${conf_file}
- fi
- cur_value=$( /sbin/sysctl -n ${param_name} |sed \'s/ //g\')
- if [ ${param_value} -gt ${cur_value} ] ; then
- if ! /sbin/sysctl -w ${param_name}=\"${param_value}\" ; then
- echo \"/sbin/sysctl failed to set ${param_name} = ${param_value}\"
- fi
- fi
- fi
- if [ \"${value_count}\" -gt \"1\" ] ; then
- declare -a cur_values
- declare -a file_values
- declare -a new_values
- local cur_value
- local file_value
- old_line=$(sed -ne \"/^${param_name}/p\" ${conf_file})
- line_value=$(echo ${old_line}| cut -d= -f2)
- for (( i=0;i<${value_count};i++ )) ;do
- cur_values[$i]=$(/sbin/sysctl -n \"${param_name}\"| awk \"{print \\$(($i+1))}\")
- new_values[$i]=$( echo $param_value|awk \"{print \\$(($i+1))}\" )
- done
- if [ ! -z \"${line_value}\" ] ; then
- for (( i=0;i<${value_count};i++ )) ;do
- file_values[$i]=$( echo $line_value| awk \"{print \\$(($i+1))}\")
- done
- fi
- for (( i=0;i<${value_count};i++ )) ;do
- if [ ${new_values[$i]} -gt ${cur_values[$i]} ] ; then
- cur_values[$i]=${new_values[$i]}
- flag_cur=\"true\"
- fi
- if test -z \"$line_value\" || test ${new_values[$i]} -gt ${file_values[$i]} ; then
- file_values[$i]=${new_values[$i]}
- flag_file=\"true\"
- fi
- done
- if [ \"$flag_cur\" == \"true\" ] ; then
- for (( i=0;i<${value_count};i++ )) ;do
- cur_value=\"${cur_value}${cur_values[$i]} \"
- done
- if ! /sbin/sysctl -w ${param_name}=\"${cur_value}\" ; then
- echo \"/sbin/sysctl failed to set ${param_name} \"
- fi
- fi
- if [ \"$flag_file\" == \"true\" ] ; then
- for (( i=0;i<${value_count};i++ )) ;do
- file_value=\"${file_value}${file_values[$i]} \"
- done
- new_line=\"${param_name} = ${file_value}\"
- if [ -z \"${old_line}\" ] ; then
- echo \"\" >> ${conf_file}
- echo $new_line >> ${conf_file}
- else
- sed -ie \"s/^${param_name}\\(.*\\)$/${new_line}/g\" ${conf_file}
- sed -i \"/^${param_name}/i #${old_line}\" ${conf_file}
- fi
- fi
- fi
- }
-
- #修改limits_conf文件
- function edit_limits_conf()
- {
- limit_domain=$1
- limit_type=$2
- limit_item=$3
- limit_value=$4
- conf_file=\"/etc/security/limits.conf\"
- old_line=$( grep \"^${limit_domain}[[:space:]]\\+${limit_type}[[:space:]]\\+${limit_item}[[:space:]]\\+\" ${conf_file})
- if [ -n \"${old_line}\" ] ; then
- file_value=$( echo ${old_line}| awk \'{print $4}\')
- if [ \"${file_value}\" != \"unlimited\" ]; then
- if [ $limit_value -gt ${file_value} ] ; then
- new_line=\"${limit_domain} ${limit_type} ${limit_item} ${limit_value}\"
- sed -ie \"s/^${limit_domain}[[:space:]]\\+${limit_type}[[:space:]]\\+${limit_item}[[:space:]]\\(.*\\)$/${new_line}/g\" ${conf_file}
- sed -i \"/^${limit_domain}[[:space:]]\\+${limit_type}[[:space:]]\\+${limit_item}[[:space:]]/i #${old_line}\" ${conf_file}
- fi
- fi
- else
- new_line=\"${limit_domain} ${limit_type} ${limit_item} ${limit_value}\"
- sed -ie \"/^# End of file/i ${new_line}\" ${conf_file}
- fi
-
- }
-
- #修改muser_coredump文件
- function enable_muser_coredump()
- {
- profile=\"/etc/profile.d/mwuser-profile.sh\"
- if [ ! -e \"$profile\" ]; then
- echo \"if [ \\\"\\$LOGNAME\\\" = \\\"mwuser\\\" ] ; then \" >> ${profile}
- echo \" ulimit -S -c unlimited > /dev/null 2>&1 \" >> ${profile}
- echo \"fi\" >> ${profile}
- fi
- }
-
- #edit_sysctl_conf \"kernel.shmmax\" \"68719476738\"
- #edit_sysctl_conf \"kernel.shmmni\" \"4096\"
- #edit_sysctl_conf \"kernel.shmall\" \"2097152\"
- #edit_sysctl_conf \"kernel.sem\" \"250 32000 100 128\"
- edit_sysctl_conf \"net.core.rmem_default\" \"16777216\"
- edit_sysctl_conf \"net.core.wmem_default\" \"16777216\"
- edit_sysctl_conf \"net.core.rmem_max\" \"16777216\"
- edit_sysctl_conf \"net.core.wmem_max\" \"16777216\"
- edit_sysctl_conf \"net.ipv4.tcp_rmem\" \"4096 87380 16777216\"
- edit_sysctl_conf \"net.ipv4.tcp_wmem\" \"4096 65536 16777216\"
- edit_sysctl_conf \"net.ipv4.ip_local_port_range\" \"50000 65500\"
- edit_sysctl_conf \"net.ipv4.tcp_fin_timeout\" \"30\"
- edit_sysctl_conf \"fs.file-max\" \"6815744\"
- #edit_sysctl_conf \"fs.aio-max-size\" \"\"
- #edit_sysctl_conf \"fs.aio-max-nr\" \"1048576\"
-
-
- edit_limits_conf \"mwuser\" \"soft\" \"nproc\" \"2047\"
- edit_limits_conf \"mwuser\" \"hard\" \"nproc\" \"16384\"
- edit_limits_conf \"mwuser\" \"hard\" \"nofile\" \"16384\"
- edit_limits_conf \"mwuser\" \"soft\" \"nofile\" \"8192\"
- edit_limits_conf \"mwuser\" \"hard\" \"core\" \"unlimited\"
-
- enable_muser_coredump
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29500582/viewspace-1291948/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/29500582/viewspace-1291948/