#!/bin/bash #系统环境基本配置SOE l_dir=$(dirname $0) date=$(date "+%Y%m%d") ############ 1. 设置系统为文本模式启动 ########### function settextmod(){ if ! cat /etc/inittab | grep "id:3" &> /dev/null ; then sed -i s/id:.:/id:3:/g /etc/inittab echo -e "Set system to TEXT mod .../t/t/tOK" else echo -e "System is already TEXT mod .../t/tOK" fi } ############ 2. 创建核心数据目录 ############### function mkdir_key_dirs() { mkdir -p /data/script /data/logs /data/backup /data/apps/ /data/tmp /data/tools chmod 777 /data/tmp /data/tools echo -e "Make key diractory ... /t/t/tOK" } ############ 3.修改文件句柄数 ############## function filehandles() { cat /etc/security/limits.conf | grep "^#" > /tmp/limits.conf cat /tmp/limits.conf > /etc/security/limits.conf echo ' * soft nofile 8192 * hard nofile 8192 ' >> /etc/security/limits.conf echo -e "Set file handle ... /t/t/tOK" } ########### 4.增加root计划任务:时间同步 ########### function rsynctime() { if ping -c 2 -w 5 10.26.5.240 &> /dev/null; then IP=10.26.5.240 else IP=time-a.nist.gov fi echo "*/15 * * * * /usr/sbin/ntpdate $IP;/sbin/clock -w" > /tmp/crontab.tmp if ! crontab -l &> /dev/null; then crontab /tmp/crontab.tmp else if crontab -l | grep ntpdate &> /dev/null; then crontab -l | grep -v ntpdate >> /tmp/crontab.tmp else crontab -l >> /tmp/crontab.tmp fi crontab /tmp/crontab.tmp fi echo -e "Set time sync ... /t/t/tOK" } ########### 5.设置sshd_config ############# function setsshd() { #/usr/sbin/useradd -c "$date by root" -g 100 -m -s /bin/bash -p '$1$5X1KHUd.$KdIR6daISZ0LDKEFRtnMr0' if_fanbaoliang &> /dev/null echo -e "Add user if_fanbaoliang ... /t/t/t/tOK" cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$date echo ' Port 22 Protocol 2 LogLevel INFO SyslogFacility AUTHPRIV LoginGraceTime 30 PermitRootLogin yes AllowUsers jiangjianbo if_* xj_* sy_* root StrictModes yes PermitEmptyPasswords no PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes UseDNS no AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL X11Forwarding yes MaxStartups 3:50:10 Subsystem sftp /usr/libexec/openssh/sftp-server ' > /etc/ssh/sshd_config /etc/init.d/sshd restart &> /dev/null echo -e "Set sshd_config ... /t/t/tOK" } ############ 6.关闭不常用服务 ############## function offservice() { service="sendmail cups bluetooth ip6tables" for S in $(echo $service); do chkconfig $S off done echo -e "Set $service off ... /t/tOK" } ############# 7. 关闭IPV6 ############## function offipv6() { echo 'alias net-pf-10 off' >> /etc/modprobe.conf cat /etc/sysconfig/network | grep -v -i "NETWORKING_IPV6" > /tmp/network cat /tmp/network > /etc/sysconfig/network echo 'NETWORKING_IPV6=no' >> /etc/sysconfig/network echo -e "Set ipv6 off ... /t/t/tOK" } ############# 8. 关闭Selinux ############## function offselinux() { sed -i s/SELINUX/=enforcing/SELINUX/=disabled/g /etc/selinux/config echo -e "Set Selinux disabled ... /t/tOK" } ############# 9.设置DNS解析 ############## function setdns() { echo 'nameserver 8.8.8.8 nameserver 8.8.4.4' > /etc/resolv.conf echo -e "Set DNS ... /t/t/t/tOK" } ## 10.设置PATH变量 function setpath() { if ! cat /etc/profile | grep 'export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/data/apps/php/bin:/data/apps/apache2/bin:/data/apps/apache/bin:/data/apps/mysql/bin'; then echo 'export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/data/apps/php/bin:/data/apps/apache2/bin:/data/apps/apache/bin:/data/apps/mysql/bin' >> /etc/profile fi echo -e "Set PATH ... /t/t/t/tOK" } ############## 不需要设置的,用#注释即可############# settextmod ## 设置系统启动模式为"文本"方式 mkdir_key_dirs ## 创建基本服务目录 filehandles ## 修改文件句柄数为8192 rsynctime ## 设置时间同步 setsshd ## 默认添加了if_fanbaoilang用户 offservice ## 关掉不常用服务(可修改自订增加) offipv6 ## 关掉IPV6 offselinux ## 关掉SElinux setdns ## 设置DNS解析 setpath ## 设置用户 PATH 路径 ##################################################### echo -e "You need to reboot system to make settings done !/n"