一键初始化,解决一切不纯洁服务器
#!/usr/bin/bash
#
#
#关闭防火墙及selinux
firewalld(){
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i '7s/enforcing/disable/' /etc/selinux/config
echo "firewalld和selinux 已关闭"
}
#对服务器进行时间日期校准
date_cab(){
yum -y install ntpdate > /dev/null
ntpdate -s pool.ntp.org
echo "时间校准中请等待"
}
#更换为国内的yum源
#!/usr/bin/bash
yum_change(){
mv /etc/yum.repos.d/* /dev/null
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo > /dev/null
yum clean all > /dev/null
yum makecache >/dev/null
yum -y install epel-release >/dev/null
echo "更换yum源中请等待"
}
#添加默认普通用户
user(){
useradd other
echo "默认用户othert已添,为了账户安全请自行修改密码"
}
#提权-禁止root
nologin(){
echo "other ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
sed -i '38cPermitRootLogin no' /etc/ssh/sshd_config
echo "other用户提权完成,root远程登陆已禁止"
}
# dns配置
dns(){
yum -y install net-tools > /dev/null
geteway=`route -n |grep 'UG' |awk '{print $2}'|head -1`
echo "nameserver $geteway" >> /etc/resolv.conf
echo "DNS 服务配置已完成"
}
#安装基础服务
systemctl_install(){
yum -y install lsof > /dev/null
echo "基础服务安装中,请等待"
}
#内核参数调优
kentel(){
cat <<-EOF >> /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
EOF
cat <<-EOF >> /etc/sysctl.conf
net.ipv4.tcp_syncookies= 1
net.ipv4.tcp_tw_reuse= 1
net.ipv4.tcp_tw_recycle= 1
net.ipv4.tcp_fin_timeout= 30
EOF
sysctl -p
echo "调优完成"
}
firewalld
date_cab
user
nologin
dns
systemctl_install
kentel
679
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
