Centos7简单初始化脚本

#!/bin/bash

#################

#################

. ./check_os.sh

if [ $(id -u) != "0" ] ; then

   printf "Error:You must be root to run this script!\n"

   exit 1

fi

[ "${CentOS_ver}" == '7' ] && [ "$(systemctl is-active NetworkManager.service)" == "inactive" ]

#关闭selinux

  setenforce 0

  sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config

#修改yum源地址

yum install -y wget curl

wget  http://mirrors.aliyun.com/repo/Centos-7.repo

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_back

mv Centos-7.repo  /etc/yum.repos.d/CentOS-Base.repo

yum clean all 

yum makecache 

yum update 

#命令别名

cat > /etc/profile.d/alias.sh << EOF

HISTSIZE=10000

PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\\\$ "

HISTTIMEFORMAT="%F %T \$(whoami) "

alias l='ls -AFhlt'

alias lh='l | head'

alias vi=vim

GREP_OPTIONS="--color=auto"

alias grep='grep --color'

alias egrep='egrep --color'

alias fgrep='fgrep --color'

EOF

#删除无效用户

groupdel adm

groupdel lp

groupdel games

userdel adm

userdel lp

userdel shutdown

userdel operator

userdel games

userdel uucp

#修改limits.conf

cat >> /etc/security/limits.conf <<EOF

# End of file

* soft nproc 1000000

* hard nproc 1000000

* soft nofile 1000000

* hard nofile 1000000

EOF

## set ulimit

echo "ulimit -HSn 65536" >> /etc/profile

#初始化系统时区

rm -rf /etc/localtime

ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# /etc/sysctl.conf

[ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk}

cat > /etc/sysctl.conf << EOF

fs.file-max=1000000

net.ipv4.tcp_max_tw_buckets = 6000

net.ipv4.tcp_sack = 1

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_rmem = 4096 87380 4194304

net.ipv4.tcp_wmem = 4096 16384 4194304

net.ipv4.tcp_max_syn_backlog = 65535

net.core.netdev_max_backlog = 32768

net.core.somaxconn = 32768

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_timestamps = 1

net.ipv4.tcp_fin_timeout = 10

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_syncookies = 1

#net.ipv4.tcp_tw_len = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_max_orphans = 3276800

net.ipv4.ip_local_port_range = 1024 65000

net.nf_conntrack_max = 6553500

net.netfilter.nf_conntrack_max = 6553500

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_established = 3600

EOF

sysctl -p

#安装一些依赖包

yum -y install sysstat ntp net-snmp lrzsz rsync >/dev/null 2>&1

apt-get -y install vim ntpdate locales >/dev/null 2>&1

echo "Installation system tools.------->OK"

#更新时间

ntpdate cn.pool.ntp.org >/dev/null 2>&1

#停止无用的服务

 #/etc/init.d/exim4 stop >/dev/null 2>&1

 #/etc/init.d/nfs-common stop >/dev/null 2>&1

 #/etc/init.d/portmap stop >/dev/null 2>&1

##

 #systemctl  stop portmap >/dev/null 2>&1

 #systemctl  stop exim4 >/dev/null 2>&1

 #systemctl  stop nfs-common >/dev/null 2>&1

 #chkconfig --del exim4 && chkconfig exim4 off >/dev/null 2>&1

 #chkconfig --del portmap && chkconfig exim4 off >/dev/null 2>&1

 #chkconfig --del nfs-common  && chkconfig exim4 off >/dev/null 2>&1

#设置回话自动超时

echo "export TMOUT=300">>/etc/profile

#设置登陆提示

echo "nginx_111" > /etc/issue 

echo "nginx_111" > /etc/redhat-release 

echo "本机仅限本公司员工使用  否则追究法律责任" >/etc/motd 

#安装SendEmail发送邮件

wget http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.56.tar.gz

tar xf sendEmail-v1.56.tar.gz

mv sendEmail-v1.56 /data/soft/

#安装chkrootkit命令检测

yum install -y chkrootkit

cat > /data/sh/chkrootkit_everydays.sh <<EOF

#!/bin/bash

#-------------------------------------------------------------------------

#application:   检查linux是否被cc的工具，监控命令是否被替换

#Filename:    chkrootkit_everyday.sh

#crontab:     */5 * * * *  chkrootkit_everyday.sh

#------------------------------------------------------------------------

TIME="`date +%Y%m%d%H%M`"

/usr/sbin/chkrootkit -n > /data/sh/.chkrootkitLog/.chkrootkit_$TIME.log

if [ "`grep 'INFECTED' /data/sh/.chkrootkitLog/.chkrootkit_$TIME.log`" != "" ];then

echo "Dangerous"

EMAIL='/data/soft/sendEmail-v1.56/sendEmail'

FEMAIL="hz7726@163.com" #发件邮箱

MAILP="PASSWD"

MAILSMTP="smtp.163.com" #发件邮箱的SMTP

MAILT="hz7726@163.com,.......,...." #收件邮箱

MAILmessage=" server command change ERROR"

$EMAIL -q -f $FEMAIL -t $MAILT -u "您服务器有人登录修改命令,请使用chkrootkit来检测" -m "$MAILmessage" -s $MAILSMTP -o message-charset=utf-8 -xu $FEMAIL -xp $MAILP -o tls=no

else

echo "OK"

fi

EOF

#写入crontab -e

(crontab -l;echo "*/5 * * * *  /data/sh/chkrootkit_everyday.sh  >/dev/null 2>&1") | crontab

root@centos-mysql01:/data/sh# cat check_os.sh 

#!/bin/bash

#######################

######################

#判断系统版本

if [ -e /etc/redhat-release ]; then

  OS=CentOS

   [ ! -e "$(which lsb_release 2>/dev/null)" ] && { yum -y install redhat-lsb-core; clear; }

  system_ver=$(lsb_release -sr | awk -F. '{print $1}')

elif [ -n "$(grep 'bian' /etc/issue)" -o "$(lsb_release -is 2>/dev/null)" == "Debian" ]; then

  OS=Debian

  [ ! -e "$(which lsb_release 2>/dev/null)" ] && { apt-get -y update; apt-get -y install lsb-release; clear; }

 system_ver=$(lsb_release -sr | awk -F. '{print $1}')

elif [ -n "$(grep 'Ubuntu' /etc/issue)" -o "$(lsb_release -is 2>/dev/null)" == "Ubuntu" -o -n "$(grep 'Linux Mint' /etc/issue)" ]; then

  OS=Ubuntu

 Ubuntu_ver=$(lsb_release -sr | awk -F. '{print $1}')

else

  echo "${CFAILURE}Does not support this OS, Please contact the author! ${CEND}"

  kill -9 $$

fi

THREAD=$(grep 'processor' /proc/cpuinfo | sort -u | wc -l)

debian和ubunt的后续再写吧 

转载于:https://blog.51cto.com/9025736/2329447