服务器初始化脚本,可以参考一下。

#!/bin/env bash

 

exportPATH=$PATH:/bin:/sbin:/usr/sbin

# Require root to run thisscript.      判断当前用户是否为root

if [[ "$(whoami)"!= "root" ]]; then

  echo "Please run this script asroot." >&2

  exit 1

fi

 

SERVICE=`which service`

CHKCONFIG=`which chkconfig`

 

#10分钟网络对时一次

crontab -l >>/tmp/crontab2.tmp

echo '*/10 * * * *(/usr/sbin/ntpdate ntp.abc.local;/usr/sbin/hwclock -w) >>/var/log/ntpdate.log 2>&1' >> /tmp/crontab2.tmp

crontab /tmp/crontab2.tmp

rm /tmp/crontab2.tmp

 

#设置shell控制台颜色、调整VIM编辑器设置

echo 'exportPS1="\[\e[36;1m\]\u@\[\e[31;1m\]\h\[\e[32;1m\]\w\[\e[33;1m\]\\$\[\e[0m\]"'>> /etc/profile

sed -i "8 s/^/aliasvi='vim'/" /root/.bashrc

cat>/root/.vimrc<<EOF

syntax on

set expandtab

set shiftwidth=4

set softtabstop=4

set tabstop=4

EOF

 

#禁用SELINUX

cp /etc/sysconfig/selinux/etc/sysconfig/selinux.`date +"%Y-%m-%d_%H-%M-%S"`

sed -i'/SELINUX/s/\(enforcing\|permissive\)/disabled/' /etc/sysconfig/selinux

 

#关闭IPV6

cp /etc/modprobe.conf/etc/modprobe.conf.`date +"%Y-%m-%d_%H-%M-%S"`

echo "alias net-pf-10off" >> /etc/modprobe.conf

echo "alias ipv6off" >> /etc/modprobe.conf

echo "options ipv6disable=1" >> /etc/modprobe.conf

 

#修改SSH设置,取消不必要的功能

cp /etc/ssh/sshd_config/etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"`

sed -i '/GSSAPI/{s/yes/no/g};/UseDNS/ {s/.*/UseDNS no/};/^SyslogFacility/{s/AUTHPRIV/local5/g}' /etc/ssh/sshd_config

sed -i'/StrictHostKeyChecking/ {s/.*/StrictHostKeyChecking no/}' /etc/ssh/ssh_config

sed -i '$ a\# save sshdmessages also to sshd.log \nlocal5.* \t\t\t\t\t\t /var/log/sshd.log'  /etc/syslog.conf

#导入it部分发、管理机的ssh公钥

mkdir -p  /root/.ssh

echo 'ssh-yc2EAAAABIwAAAttssddddrwwewGok0HTeFeYtpZ7F19cQBaozlNEMy5LTO1Nra11g+ZOXrTZIiRRZh+LylwnD4ugF0x2gSKxsChP93VjBnCdnhYYjlI3W8ziMQmqUktMwKF5Pvlbmvvj81pkeNrvFx2ouS815d2K2O7M/BkfUTENK1Dz3EK2QIxdNTAZn/HW2tgiUIWTj9ZhNFnEPyGn2LMo/+X1tfuUdGfsSWWgEQSkrwjfbx22LLEGa8ZM/ostdh4qXnFsDHf5inUXBupddddddddjMXiQ==root@fenfa'>>/root/.ssh/authorized_keys

/etc/init.d/sshd reload

 

#关闭蓝牙、打印机等系统服务

SERVICES="acpid atdauditd avahi-daemon bluetooth cpuspeed cups cpuspeed firstboot hidd ip6tablesiptables isdn mcstrans messagebus pcscd yum-updatesd  sendmail "

for service in $SERVICES

do

    ${CHKCONFIG} $service off

    ${SERVICE} $service stop

done

 

#调整系统网络设置、TCP优化等

mv /etc/sysctl.conf /etc/sysctl.conf.`date+"%Y-%m-%d_%H-%M-%S"`

echo -e"kernel.core_uses_pid = 1\n"\

"kernel.panic= 6\n"\

"fs.file-max= 980000\n"\

"kernel.msgmnb =65536\n"\

"kernel.msgmax =65536\n"\

"kernel.shmmax =68719476736\n"\

"kernel.shmall =4294967296\n"\

"kernel.sysrq =0\n"\

"net.core.netdev_max_backlog= 262144\n"\

"net.core.rmem_default= 8388608\n"\

"net.core.rmem_max =16777216\n"\

"net.core.somaxconn =262144\n"\

"net.core.wmem_default= 8388608\n"\

"net.core.wmem_max =16777216\n"\

"net.ipv4.conf.default.rp_filter= 1\n"\

"net.ipv4.conf.default.accept_source_route= 0\n"\

"net.ipv4.ip_forward =0\n"\

"net.ipv4.ip_local_port_range= 1024 65000\n"\

"net.ipv4.tcp_fin_timeout= 10\n"\

"net.ipv4.tcp_keepalive_time= 600\n"\

"net.ipv4.tcp_max_orphans= 3276800\n"\

"net.ipv4.tcp_max_syn_backlog= 262144\n"\

"net.ipv4.tcp_max_tw_buckets= 180000\n"\

"net.ipv4.tcp_sack =1\n"\

"net.ipv4.tcp_syn_retries= 1\n"\

"net.ipv4.tcp_synack_retries= 1\n"\

"net.ipv4.tcp_syncookies= 0\n"\

"net.ipv4.tcp_timestamps= 0\n"\

"net.ipv4.tcp_tw_recycle= 1\n"\

"net.ipv4.tcp_tw_reuse= 1\n"\

"net.ipv4.tcp_window_scaling= 1\n"\

"net.ipv4.tcp_mem =94500000 915000000 927000000\n"\

"net.ipv4.tcp_rmem =4096    87380   16777216\n"\

"net.ipv4.tcp_wmem =4096    16384   16777216\n" > /etc/sysctl.conf

sysctl -p

 

#修改系统进程打开文件的最大数目

cp/etc/security/limits.conf /etc/security/limits.conf.`date+"%Y-%m-%d_%H-%M-%S"`

sed -i '/# End offile/i\*\t\t-\tnofile\t\t65535' /etc/security/limits.conf

 

#取消ctrl+alt+del键的重启功能

cp /etc/inittab/etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`

sed -i"s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -rnow/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab

/sbin/init q