#!/bin/bash
#调试模式
#set -e
#1.创建目录存放软件,脚本,软件压缩包
Create_Directory(){
mkdir -p /server/{tools,scripts,tmp}
}
#2.修改命令提示符颜色
Cmd_Color(){
echo 'PS1="\[\e[1;32m\][\u@\h \W]\\$\[\e[0m\]"' >> ~/.bashrc
source ~/.bashrc
}
#3.配置主机域名解析
Resolve_Host(){
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
}
#4.配置yum缓存保留本地
Cache_Yum(){
sed -i '/keepcache/c keepcache=1' /etc/yum.conf
}
#5.精简开机自启动服务,这个需要优先配置,在这个之后在配置单独想启动的服务
#Opt_Service(){
#systemctl list-unit-files |grep enable|egrep -v "sshd.service|crond.service|sysstat|rsyslog|NetworkManager.service|irqbalance|autovt|getty"|awk '{print "systemctl disable",$1}'|bash
#}
Opt_Service(){
systemctl stop firewalld
systemctl disable firewalld
systemctl stop postfix
systemctl disable postfix
iptables -F
}
#6.更新yum源为阿里云
Yum_Update(){
curl -s -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean metadata
yum makecache
}
#7.安装常用软件
Install_Package(){
yum install bash-completion vim-enhanced net-tools finger tree lrzsz chrony wget curl git sysstat psmisc mailx nmap tcpdump -y
}
#8.安装防火墙软件,可选
Install_security_Package(){
yum install ipvsadm ipset iptables iptables-services conntrack -y
}
#9.安装xmanager图形化管理, 配合xshell, 可选
Install_Xshell(){
yum install xorg-x11-xauth -y
sed -i '/AddressFamily/c AddressFamily inet' /etc/ssh/sshd_config
sed -i '/ListenAddress 0.0.0.0/c ListenAddress 0.0.0.0' /etc/ssh/sshd_config
}
#10.配置时间同步, 如果内网配置了时间服务器, 改为内网地址, 启动时间同步服务
Time_Sync(){
sed -i '2a server ntp1.aliyun.com iburst' /etc/chrony.conf
sed -i '3a server ntp3.aliyun.com iburst' /etc/chrony.conf
systemctl start chronyd
systemctl enable chronyd
}
#11.关闭selinux
Disable_Selinux(){
sed -i '/SELINUX=/cSELINUX=disabled' /etc/selinux/config
setenforce 0
}
#12.设置 sls 普通用户提权操作, 可选优化
Add_User(){
useradd dawn
echo Ad1234 | passwd --stdin dawn
\cp /etc/sudoers /etc/sudoers.bak
echo "sls ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
}
#13.设置操作历史记录, 设置文件保存用户操作历史记录
Set_History(){
sed -i 's/^HISTSIZE=1000/HISTSIZE=50000/' /etc/profile
if grep -q 'HISTTIMEFORMAT' /etc/profile;then
sed -i 's/^HISTTIMEFORMAT=.*$/HISTTIMEFORMAT="%F %T "/' /etc/profile
else
echo 'HISTTIMEFORMAT="%F %T "' >> /etc/profile
fi
echo 'HISTFILESIZE=50000' >> /etc/porfile
source /etc/profile
}
#14.会话超时时间, 1800秒不操作, 退出终端, 可选操作
Ssh_Timeout(){
echo 'export TMOUT=1800' >> /etc/profile
source /etc/profile
}
#15.加大文件描述符, 必选
Ulimit_File(){
cat > /etc/security/limits.d/20-nproc-nofile.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
ulimit -SHn 65535
}
#16.内核优化
Opt_Core(){
cat > /etc/sysctl.d/init.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0 # 尽量不使用 swap 空间,只有当系统 OOM 时才允许使用它
vm.overcommit_memory=1 # 不检查物理内存是否够用
vm.panic_on_oom=0 # 开启 OOM
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/init.conf
}
#17.关闭IPv6
Disable_Ipv6(){
cat > /etc/sysctl.d/disable-ipv6.conf <<EOF
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
EOF
sysctl -p /etc/sysctl.d/disable-ipv6.conf
}
#18.SSH远程连接优化,可选, 禁止root远程连接, 修改默认端口, 监听指定端口
Opt_Ssh(){
\cp /etc/ssh/sshd_config{,.bak}
sed -i '17s/.*/Port ^C012/g' /etc/ssh/sshd_config
sed -i '19s/.*/ListenAddress 172.16.1.13/g' /etc/ssh/sshd_config
sed -i '38s/.*/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i '64s/.*/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i '79c GSSAPIAuthentication no' /etc/ssh/sshd_config
sed -i '115s/.*/UseDNS no/g' /etc/ssh/sshd_config
systemctl restart sshd
}
#19.关闭定时任务发送邮件, 默认邮件地址
Disable_Cronmail(){
sed -i 's/^MAILTO=.*/MAILTO=""/' /etc/crontab
}
#20.系统默认编辑器改为VIM
Vim_Path(){
echo export EDITOR=vim >> /etc/profile.d/vi.sh
}
#21.修改VIM工具tab键跳跃4空格
Vim_Tab(){
cat > /root/.vimrc <<EOF
set tabstop=4
EOF
}
#22.修改日志轮询时间,默认是一个3-22随机时间,由corn控制
Cron_Logrotate(){
chmod -x /etc/cron.daily/cron_logrotate
cat > /var/spool/cron/root << EOF
#01-指定时间进行日志切割,切割的日志文件使用方式配置文件/etc/logrotate.d
01 00 * * * /usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf &>/dev/null
EOF
}
#一共20个优化使用了15个,不想优化的可以注释掉
main(){
Create_Directory
Cmd_Color
Cache_Yum
Opt_Service
Yum_Update
Install_Package
Install_Xshell
Time_Sync
Disable_Selinux
Ulimit_File
Opt_Core
Disable_Ipv6
Disable_Cronmail
Vim_Path
Vim_Tab
Cron_Logrotate
}
main
355
01-08
“相关推荐”对你有帮助么?
-
非常没帮助 -
没帮助 -
一般 -
有帮助 -
非常有帮助
提交
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
