喜欢 · 再关注
再小的努力乘以365都很明显。
1#!/bin/bash 2# Date: 2018-6-8 3#version:1.2 4#实现功能:一键系统优化15项脚本,适用于Centos6.x 5################################################ 6#Source function library. 7. /etc/init.d/functions 8#date 9DATE=`date +"%y-%m-%d %H:%M:%S"` 10#ip 11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 ` 12#hostname 13HOSTNAME=`hostname -s` 14#user 15USER=`whoami` 16#disk_check 17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'` 18#cpu_average_check 19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'` 20#set LANG 21export LANG=zh_CN.UTF-8 22#Require root to run this script. 23uid=`id | cut -d\( -f1 | cut -d= -f2` 24if [ $uid -ne 0 ];then 25 action "Please run this script as root." /bin/false 26 exit 1 27fi 28#"stty erase ^H" 29\cp /root/.bash_profile /root/.bash_profile_$(date +%F) 30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l` 31if [ $erase -lt 1 ];then 32 echo "stty erase ^H" >>/root/.bash_profile 33 source /root/.bash_profile 34fi 35#Config Yum CentOS-Bases.repo and save Yum file 36configYum(){ 37echo "================更新为国内YUM源==================" 38 cd /etc/yum.repos.d/ 39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F) 40 ping -c 1 mirrors.aliyun.com >/dev/null 41 if [ $? -eq 0 ];then 42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 43 else 44 echo "无法连接网络。" 45 exit $? 46 fi 47echo "==============保存YUM源文件======================" 48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf 49grep keepcache /etc/yum.conf 50sleep 5 51action "配置国内YUM完成" /bin/true 52echo "=================================================" 53echo "" 54 sleep 2 55} 56#Charset zh_CN.UTF-8 57initI18n(){ 58echo "================更改为中文字符集=================" 59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F) 60>/etc/sysconfig/i18n 61cat >>/etc/sysconfig/i18n<<EOF 62LANG="zh_CN.UTF-8" 63#LANG="en_US.UTF-8" 64SYSFONT="latarcyrheb-sun16" 65EOF 66 source /etc/sysconfig/i18n 67 echo '#cat /etc/sysconfig/i18n' 68 grep LANG /etc/sysconfig/i18n 69action "更改字符集zh_CN.UTF-8完成" /bin/true 70echo "=================================================" 71echo "" 72 sleep 2 73} 74#Close Selinux and Iptables 75initFirewall(){ 76echo "============禁用SELINUX及关闭防火墙==============" 77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F) 78 /etc/init.d/iptables stop 79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 80 setenforce 0 81 /etc/init.d/iptables status 82 echo '#grep SELINUX=disabled /etc/selinux/config ' 83 grep SELINUX=disabled /etc/selinux/config 84 echo '#getenforce ' 85 getenforce 86action "禁用selinux及关闭防火墙完成" /bin/true 87echo "=================================================" 88echo "" 89 sleep 2 90} 91#Init Auto Startup Service 92initService(){ 93echo "===============精简开机自启动====================" 94 export LANG="en_US.UTF-8" 95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done 96 for B in rsyslog network sshd crond;do chkconfig $B on;done 97 echo '+--------which services on---------+' 98 chkconfig --list |grep 3:on 99 echo '+----------------------------------+'100 export LANG="zh_CN.UTF-8"101action "精简开机自启动完成" /bin/true102echo "================================================="103echo ""104 sleep 2105}106#Removal system and kernel version login before the screen display107initRemoval(){108echo "======去除系统及内核版本登录前的屏幕显示======="109#must use root user run scripts110if 111 [ $UID -ne 0 ];then112 echo This script must use the root user ! ! ! 113 sleep 2114 exit 0115fi116 >/etc/redhat-release117 >/etc/issue118action "去除系统及内核版本登录前的屏幕显示" /bin/true119echo "================================================="120echo ""121 sleep 2122}123#Change sshd default port and prohibit user root remote login.124initSsh(){125echo "========修改ssh默认端口禁用root远程登录=========="126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config131 echo '+-------modify the sshd_config-------+'132 echo 'Port 52113'133 echo 'PermitEmptyPasswords no'134 echo 'PermitRootLogin no'135 echo 'UseDNS no'136 echo '+------------------------------------+'137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false138echo "================================================="139echo ""140 sleep 2141}142#time sync143syncSysTime(){144echo "================配置时间同步====================="145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`147 if [ $NTPDATE -eq 0 ];then148 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root149 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root150 fi151 echo '#crontab -l' 152 crontab -l153action "配置时间同步完成" /bin/true154echo "================================================="155echo ""156 sleep 2157}158#install tools159initTools(){160 echo "#####安装系统补装工具(选择最小化安装minimal)#####"161 ping -c 2 mirrors.aliyun.com162 sleep 2163 yum install tree nmap sysstat lrzsz dos2unix -y164 sleep 2165 rpm -qa tree nmap sysstat lrzsz dos2unix166 sleep 2167action "安装系统补装工具(选择最小化安装minimal)" /bin/true168echo "================================================="169echo ""170 sleep 2171}172#add user and give sudoers173addUser(){174echo "===================新建用户======================"175#add user176while true177do 178 read -p "请输入新用户名:" name179 NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`180 if [ ${#name} -eq 0 ];then181 echo "用户名不能为空,请重新输入。"182 continue183 elif [ $NAME -eq 1 ];then184 echo "用户名已存在,请重新输入。"185 continue186 fi187useradd $name188break189done190#create password191while true192do193 read -p "为 $name 创建一个密码:" pass1194 if [ ${#pass1} -eq 0 ];then195 echo "密码不能为空,请重新输入。"196 continue197 fi198 read -p "请再次输入密码:" pass2199 if [ "$pass1" != "$pass2" ];then200 echo "两次密码输入不相同,请重新输入。"201 continue202 fi203echo "$pass2" |passwd --stdin $name204break205done206sleep 1207#add visudo208echo "#####add visudo#####"209\cp /etc/sudoers /etc/sudoers.$(date +%F)210SUDO=`grep -w "$name" /etc/sudoers |wc -l`211if [ $SUDO -eq 0 ];then212 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers213 echo '#tail -1 /etc/sudoers'214 grep -w "$name" /etc/sudoers215 sleep 1216fi217action "创建用户$name并将其加入visudo完成" /bin/true218echo "================================================="219echo ""220sleep 2221}222#Adjust the file descriptor(limits.conf)223initLimits(){224echo "===============加大文件描述符===================="225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`226 if [ $LIMIT -eq 0 ];then227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)228 echo '* - nofile 65535'>>/etc/security/limits.conf229 fi230 echo '#tail -1 /etc/security/limits.conf'231 tail -1 /etc/security/limits.conf232 ulimit -HSn 65535233 echo '#ulimit -n'234 ulimit -n235action "配置文件描述符为65535" /bin/true236echo "================================================="237echo ""238sleep 2239}240#set ssh241initSsh(){242echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config245service sshd restart246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true247echo "================================================="248echo ""249sleep 2250}251#set the control-alt-delete to guard against the miSUSE252initRestart(){253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true255echo "================================================="256echo ""257sleep 2258}259#Optimizing the system kernel260initSysctl(){261echo "================优化内核参数====================="262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`263if [ $SYSCTL -lt 10 ];then264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)265cat >>/etc/sysctl.conf<<EOF266net.ipv4.tcp_fin_timeout = 2267net.ipv4.tcp_tw_reuse = 1268net.ipv4.tcp_tw_recycle = 1269net.ipv4.tcp_syncookies = 1270net.ipv4.tcp_keepalive_time = 600271net.ipv4.ip_local_port_range = 4000 65000272net.ipv4.tcp_max_syn_backlog = 16384273net.ipv4.tcp_max_tw_buckets = 36000274net.ipv4.route.gc_timeout = 100275net.ipv4.tcp_syn_retries = 1276net.ipv4.tcp_synack_retries = 1277net.core.somaxconn = 16384278net.core.netdev_max_backlog = 16384279net.ipv4.tcp_max_orphans = 16384280net.netfilter.nf_conntrack_max = 25000000281net.netfilter.nf_conntrack_tcp_timeout_established = 180282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120285EOF286fi287 \cp /etc/rc.local /etc/rc.local.$(date +%F) 288 modprobe nf_conntrack289 echo "modprobe nf_conntrack">> /etc/rc.local290 modprobe bridge291 echo "modprobe bridge">> /etc/rc.local292 sysctl -p 293action "内核调优完成" /bin/true294echo "================================================="295echo ""296 sleep 2297}298#setting history and login timeout299initHistory(){300echo "======设置默认历史记录数和连接超时时间======"301echo "TMOUT=300" >>/etc/profile302echo "HISTSIZE=5" >>/etc/profile303echo "HISTFILESIZE=5" >>/etc/profile304tail -3 /etc/profile305source /etc/profile306action "设置默认历史记录数和连接超时时间" /bin/true307echo "================================================="308echo ""309sleep 2310}311#chattr file system312initChattr(){313echo "======锁定关键文件系统======"314chattr +i /etc/passwd315chattr +i /etc/inittab316chattr +i /etc/group317chattr +i /etc/shadow318chattr +i /etc/gshadow319/bin/mv /usr/bin/chattr /usr/bin/lock320action "锁定关键文件系统" /bin/true321echo "================================================="322echo ""323sleep 2324}325#menu2326menu2(){327while true328do329clear330cat <<EOF331----------------------------------------332|****Please Enter Your Choice:[0-15]****|333----------------------------------------334(1) 新建一个用户并将其加入visudo335(2) 配置为国内YUM源镜像和保存YUM源文件336(3) 配置中文字符集337(4) 禁用SELINUX及关闭防火墙338(5) 精简开机自启动339(6) 去除系统及内核版本登录前的屏幕显示340(7) 修改ssh默认端口及禁用root远程登录341(8) 设置时间同步342(9) 安装系统补装工具(选择最小化安装minimal)343(10) 加大文件描述符344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启346(13) 系统内核调优347(14) 设置默认历史记录数和连接超时时间348(15) 锁定关键文件系统349(0) 返回上一级菜单350EOF351read -p "Please enter your Choice[0-15]: " input2352case "$input2" in353 0)354 clear355 break 356 ;;357 1)358 addUser359 ;;360 2)361 configYum362 ;;363 3)364 initI18n365 ;;366 4)367 initFirewall368 ;;369 5)370 initService371 ;;372 6)373 initRemoval374 ;;375 7)376 initSsh377 ;;378 8)379 syncSysTime380 ;;381 9)382 initTools383 ;;384 10)385 initLimits386 ;;387 11)388 initSsh389 ;;390 12)391 initRestart392 ;;393 13)394 initSysctl395 ;;396 14)397 initHistory398 ;;399 15)400 initChattr401 ;;402 *) echo "----------------------------------"403 echo "| Warning!!! |"404 echo "| Please Enter Right Choice! |"405 echo "----------------------------------"406 for i in `seq -w 3 -1 1`407 do 408 echo -ne "\b\b$i";409 sleep 1;410 done411 clear412esac413done414}415#initTools416#menu417while true418do419clear420echo "========================================"421echo ' Linux Optimization ' 422echo "========================================"423cat << EOF424|-----------System Infomation-----------425| DATE :$DATE426| HOSTNAME :$HOSTNAME427| USER :$USER428| IP :$IPADDR429| DISK_USED :$DISK_SDA430| CPU_AVERAGE:$cpu_uptime431----------------------------------------432|****Please Enter Your Choice:[1-3]****|433----------------------------------------434(1) 一键优化435(2) 自定义优化436(3) 退出437EOF438#choice439read -p "Please enter your choice[0-3]: " input1440case "$input1" in4411) 442 addUser443 configYum444 initI18n445 initFirewall446 initService447 initRemoval448 initSsh449 syncSysTime450 initTools451 initLimits452 initSsh453 initRestart454 initSysctl455 initHistory456 initChattr457 ;;4582)459 menu2460 ;;4613) 462 clear 463 break464 ;;465*) 466 echo "----------------------------------"467 echo "| Warning!!! |"468 echo "| Please Enter Right Choice! |"469 echo "----------------------------------"470 for i in `seq -w 3 -1 1`471 do472 echo -ne "\b\b$i";473 sleep 1;474 done475 clear476esac 477done
推荐阅读
钟 意 请 长 按 ➜
