最近看了下公司之前的CentOS6的开机配置脚本,简单调整了下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
#!/bin/bash
#created by molewan
#set env
export
PATH=$PATH:
/bin
:
/sbin
:
/usr/sbin
hostname
=$1
if
[ $UID !=
"0"
];
then
echo
"Please run as root"
exit
1
fi
Usage(){
echo
$
"USAGRE:/bin/bash $0 hostname"
exit
1
}
if
[
"$#"
-
ne
"1"
];
then
Usage
fi
#define cmd var
SERVICE=`
which
service`
CHKCONFIG=`
which
chkconfig`
function
mod_yum(){
ping
-c 2 -w 2 mirrors.aliyun.com >
/dev/null
2>&1
if
[ $? -
eq
0 ];
then
wget -O
/etc/yum
.repos.d
/CentOS-Base
.repo http:
//mirrors
.aliyun.com
/repo/Centos-6
.repo
wget -O
/etc/yum
.repos.d
/epel
.repo http:
//mirrors
.aliyun.com
/repo/epel-6
.repo
yum
install
-y vim
lsof
telnet lrzsz wget openssh-clients unix2dos dos2unix gcc gcc-c++ openssl-devel openssl-perl
bc
yum clean all
else
echo
"your must check network"
exit
1
fi
}
function
disable_selinux(){
sed
-i
's/SELINUX=enforcing/SELINUX=disabled/g'
/etc/sysconfig/selinux
setenforce 0 >
/dev/null
2>$1
}
function
disable_iptables(){
/sbin/iptables
-F &&
/sbin/iptables
-X &&
/sbin/iptables
-Z
/etc/init
.d
/iptables
save
/etc/init
.d
/iptables
stop && chkconfig iptables off
}
function
least_service(){
export
LANG=en
chkconfig|
awk
'{print "chkconfig",$1,"off"}'
|
bash
chkconfig|
egrep
"crond|sshd|network|rsyslog|sysstat"
|
awk
'{print "chkconfig",$1,"on"}'
|
bash
}
function
charset(){
cp
/etc/sysconfig/i18n
/etc/sysconfig/i18n
.bak
echo
'LANG="zh_CN.UTF-8"'
>
/etc/sysconfig/i18n
source
/etc/sysconfig/i18n
}
function
ntp_time_sync(){
ntpdate -u 202.120.2.101 && hwclock -w >
/dev/null
2>&1
echo
"05 23 * * * /usr/sbin/ntpdate -u 202.120.2.101"
>>
/var/spool/cron/root
}
function
com_line_set(){
if
[ `
egrep
"TMOUT|HISTSIZE|ISTFILESIZE"
/etc/profile
|
wc
-l` -lt 3 ]
then
echo
'export TMOUT=300'
>>
/etc/profile
echo
'export HISTSIZE=5'
>>
/etc/profile
echo
'export HISTFILESIZE=5'
>>
/etc/profile
source
/etc/profile
fi
}
function
open_file_set(){
if
[ `
grep
65535
/etc/security/limits
.conf|
wc
-l` -lt 1]
then
echo
'*-nofile65535'
>>
/etc/security/limits
.conf
tail
-1
/etc/security/limits
.conf
fi
}
function
set_kernel(){
cat
>>
/etc/sysctl
.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_resue = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
EOF
sysctl -p
}
function
set_sercurity_limits.conf(){
echo
' '
>>
/etc/security/limits
.conf
echo
'* soft nofile 65535'
>>
/etc/security/limits
.conf
echo
'* hard nofile 65535'
>>
/etc/security/limits
.conf
echo
'* soft nproc 65535'
>>
/etc/security/limits
.conf
echo
'* hard nproc 65535'
>>
/etc/security/limits
.conf
}
function
set_ssh(){
sed
-i
'/#Port 22/Port 5272/g'
/etc/sysconfig/sshd_config
sed
-i
'/#UseDNS yes/a\UseDNS no'
/etc/ssh/sshd_config
sed
-i
's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g'
/etc/ssh/sshd_config
sed
-i
's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g'
/etc/ssh/sshd_config
/etc/init
.d
/sshd
reload
}
function
set_hostname(){
echo
'NETWORKING=yes'
>>
/etc/sysconfig/network
echo
"HOSTNAME=${hostname}"
>>
/etc/sysconfig/network
}
function
ctrl_alt_del_deny(){
sed
-i
's/start on control-alt-delete/#start on control-alt-delete/g'
/etc/init/control-alt-delete
.conf
}
function
shutdown_ipv6(){
echo
'alias net-pf-10 off'
>>
/etc/modprobe
.d
/dist
.conf
echo
'alias ipv6 off'
>>
/etc/modprobe
.d
/dist
.conf
}
function
alter_bootmenu_time(){
sed
-i
'/timeout=5/d'
/boot/grub/menu
.lst
sed
-i
'/default/a\timeout=1'
/boot/grub/menu
.lst
}
main(){
mod_yum
disable_selinux
disable_iptables
least_service
charset
ntp_time_sync
com_line_set
open_file_set
set_kernel
set_sercurity_limits.conf
set_ssh
set_hostname
ctrl_alt_del_deny
shutdown_ipv6
alter_bootmenu_time
}
main
|
本文转自 冰冻vs西瓜 51CTO博客,原文链接:http://blog.51cto.com/molewan/1956057,如需转载请自行联系原作者