#!/bin/bash
######the system first start configuretion #####for install
####copy right by donglei##############
#1、配置sysctl
mv /etc/sysctl.conf /etc/sysctl.bak
echo "############################the new config for sysctl ###########
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kern.maxfiles = 65536
kern.maxfilesperproc = 32768
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_max = 262144
net.inet.udp.checksum = 1
net.inet.tcp.syncookies = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_intvl = 2
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
chmod 644 /etc/sysctl.conf
#2、配置ipv6
echo "##########ipv6-disabled###########
alias net-pf-10 off
alias ipv6 off" >> /etc/modprobe.d/dist.conf
echo "##############ipv6-disabled#########
NETWORKING_IPV6=no" >> /etc/sysconfig/network
/sbin/chkconfig ip6tables off
#3、配置系统时钟
echo "##############system_clock###########
01 * * * * root ntpdate 172.17.1.150; hwclock --systohc" >>/etc/crontab
#4、配置bash环境,每次命令行显示当前位置和时间,当前仅仅针对root设置
echo "export PS1=' 33[1;33mH 33[1;34m[w] 33[1;35mD{%D %T}
[ 33[1;36m]u@pts/l [ 33[00m]$ '" >> /root/.bashrc
#5、配置系统服务启动项
for i in `ls /etc/rc3.d/S*`
do
servi=`echo $i|cut -c 15-`
case $servi in
cpuspeed | crond | irqbalance | microcode_ctl | sendmail)
;;
*)
echo "change $servi to off" >>./log.log
chkconfig $servi off
service $servi stop
;;
esac
done
#6、配置系统默认语言环境
mv /etc/sysconfig/i18n /etc/sysconfig/i18n.bak
echo "#########set new language by admin#######
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16" " >/etc/sysconfig/i18n
chmod 644 /etc/sysconfig/i18n
#7、配置selinux
sed -i -e 's/^SELINUX=.*/LANG="SELINUX=disabled/' -e 's/^SELINUXTYPE=.*/SELINUXTYPE=disabled/' /etc/sysconfig/selinux
#8、关闭iptables
service iptables stop
chkconfig iptables off
#9、配置root用户不能直接登录系统
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
grep -Ev '^$|^#' /etc/ssh/sshd_config.bak >/etc/ssh/sshd_config
chmod 600 /etc/ssh/sshd_config
sed /PermitRootLogin/d /etc/ssh/sshd_config
sed /ClientAliveCountMax/d /etc/ssh/sshd_config
echo "######ssh security config#######
PermitRootLogin no
ClientAliveCountMax 10 " >>/etc/ssh/sshd_config
service sshd restart
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
