Centos7系统配置优化

最新推荐文章于 2023-05-01 09:30:00 发布

Echo^?

最新推荐文章于 2023-05-01 09:30:00 发布

阅读量246

点赞数

文章标签： linux centos

本文链接：https://blog.csdn.net/m0_69287945/article/details/124561102

版权

#!/bin/bash
#centos7系统优化

# 关闭selinux
if [ `getenforce` = "Enforcing" ]
then
    # 临时关闭selinux
    setenforce 0
	if [ $? = 0 -a `getenforce` = "Permissive" ]
	then		
		echo -e "\033[32m selinux状态是：`getenforce` 临时关闭selinux成功 \033[0m"
	fi	
	# 永久关闭selinux
	sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
	if [ $? = 0 -a `egrep -v "#|^$|SELINUXTYPE" /etc/selinux/config |awk -F"=" '{print $2}'` = "disabled" ]
	then
		echo -e "\033[32m `egrep -v "#|^$|SELINUXTYPE" /etc/selinux/config` 永久关闭selinux成功 \033[0m"
	fi
elif [ `getenforce` = "Permissive" ]
then
    echo -e "\033[33m selinux已临时关闭 \033[0m"
elif [ `getenforce` = "Disabled" ]
then
    echo -e "\033[33m selinux已永久关闭 \033[0m"
else
    echo -e "\033[41;37m selinux状态异常 \033[0m"
fi

# 关闭防火墙
if [ `systemctl status firewalld |grep Active |awk '{print $3}'|cut -d '(' -f2|cut -d ')' -f1` = "running" ]
then
    # 临时关闭防火墙
    systemctl stop firewalld	
	if [ $? = 0 ]
    then
    	echo -e "\033[32m 临时关闭防火墙成功 \033[0m"
    else
    	echo -e "\033[41;37m 临时关闭防火墙失败 \033[0m"
    fi
	# 永久关闭防火墙
    systemctl disable firewalld	
	if [ $? = 0 ]
    then
    	echo -e "\033[32m 永久关闭防火墙成功 \033[0m"
    else
    	echo -e "\033[41;37m 永久关闭防火墙失败 \033[0m"
    fi
elif [ `systemctl status firewalld |grep Active |awk '{print $3}'|cut -d '(' -f2|cut -d ')' -f1` = "dead" ]
then
    echo -e "\033[33m 防火墙已关闭 \033[0m"
else
    echo -e "\033[41;37m 防火墙状态异常 \033[0m"
fi
systemctl stop firewalld

#清理防火墙规则
iptables -F
if [ $? = 0 ]
then
	echo -e "\033[32m 清理防火墙规则成功 \033[0m"
else
	echo -e "\033[41;37m 清理防火墙规则失败 \033[0m"
fi

# 隐藏系统版本
if [ `cat /etc/issue |wc -l` -ne 0 ]
then
    cat /dev/null > /etc/issue
    if [ $? = 0 ]
    then
    	echo -e "\033[32m 隐藏系统版本成功 \033[0m"
    else
    	echo -e "\033[41;37m 隐藏系统版本失败 \033[0m"
    fi
else
    echo -e "\033[33m 系统版本已隐藏 \033[0m"
fi

#安装所需软件
for i in ntpdate net-tools lsof
do
	rpm -q $i
	if [ $? -ne 0 ]
	then		
		yum -y install ntpdate net-tools lsof
	else
		echo -e "\033[33m $i软件已安装 \033[0m"
	fi
done

# 加大打开文件数的限制
if [ `cat /etc/security/limits.conf |grep "soft nofile" |wc -l` = 0 ]
then
    echo "* soft nofile 65535" >> /etc/security/limits.conf
    if [ $? = 0 ]
    then
    	echo -e "\033[32m soft nofile设置成功 \033[0m"
    else
    	echo -e "\033[41;37m soft nofile设置失败 \033[0m"
    fi
else
    echo -e "\033[41;37m soft nofile已设置 \033[0m"
fi

if [ `cat /etc/security/limits.conf |grep "hard nofile" |wc -l` = 0 ]
then
    echo "* hard nofile 65535" >> /etc/security/limits.conf
    if [ $? = 0 ]
    then
    	echo -e "\033[32m hard nofile设置成功 \033[0m"
    else
    	echo -e "\033[41;37m hard nofile设置失败 \033[0m"
    fi
else
    echo -e "\033[41;37m hard nofile已设置 \033[0m"
fi

#更改时区
if [ `timedatectl status |grep Time |awk '{print $3}'` = "America/New_York" ]
then
	echo -e "\033[33m 你当前的时区是：`timedatectl status |grep Time |awk '{print $3}'` \033[0m"
	timedatectl set-timezone Asia/Shanghai
	echo -e "\033[32m 时区已设置为Asia/Shanghai \033[0m"
else
	echo -e "\033[41;37m 你当前的时区是：`timedatectl status |grep Time |awk '{print $3}'` \033[0m"
fi

已整理成脚本，需要的可以直接下载后保存成.sh文件就可以用了。欢迎交流指正！