shell 一鍵優化系統(centos7)腳本

!/bin/bash

#########################################################

Created Time: Tue Aug 7 01:29:09 2018

version:1.0 by:kingle Mail: kingle122@vip.qq.com

基于oldboy書籍優化編寫

實現功能:一鍵系統優化15項腳本,適用于Centos7.x

#########################################################

Source function library.

. /etc/init.d/functions

date

DATE=date +"%y-%m-%d %H:%M:%S"

ip

IPADDR=grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-br0|cut -d= -f 2

hostname

HOSTNAME=hostname -s

user

USER=whoami

disk_check

DISK_SDA=df -h |grep -w "/" |awk '{print $5}'

cpu_average_check

cpu_uptime=cat /proc/loadavg|awk '{print $1,$2,$3}'

set LANG

export LANG=zh_CN.UTF-8

Require root to run this script.

uid=id | cut -d\( -f1 | cut -d= -f2
if [ $uid -ne 0 ];then
action "Please run this script as root." /bin/false
exit 1
fi

"stty erase ^H"

\cp /root/.bash_profile /root/.bash_profile_(date +%F) erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l` if [erase -lt 1 ];then
echo "stty erase ^H" >>/root/.bash_profile
source /root/.bash_profile
fi

Config Yum CentOS-Bases.repo and save Yum file

configYum(){
echo "================更新為國內YUM源=================="
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo.(date +%F) ping -c 1 mirrors.aliyun.com >/dev/null if [? -eq 0 ];then
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
else
echo "無法連接網絡。"
exit $?
fi
echo "==============保存YUM源文件======================"
sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
grep keepcache /etc/yum.conf
sleep 5
action "配置國內YUM完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Charset zh_CN.UTF-8

initI18n(){
echo "================更改為中文字符集================="
\cp /etc/locale.conf /etc/locale.conf.$(date +%F)

/etc/locale.conf
cat >>/etc/locale.conf<<EOF
LANG="zh_CN.UTF-8"

LANG="en_US.UTF-8"

SYSFONT="latarcyrheb-sun16"
EOF
source /etc/locale.conf
echo '#cat /etc/locale.conf'
grep LANG /etc/locale.conf
action "更改字符集zh_CN.UTF-8完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Close Selinux and Iptables

initFirewall(){
echo "============禁用SELINUX及關閉防火墻=============="
\cp /etc/selinux/config /etc/selinux/config.$(date +%F)
service firewalld stop
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo '#grep SELINUX=disabled /etc/selinux/config '
grep SELINUX=disabled /etc/selinux/config
echo '#getenforce '
getenforce
action "禁用selinux及關閉防火墻完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Init Auto Startup Service

initService(){
echo "===============精簡開機自啟動===================="
export LANG="en_US.UTF-8"
for A in chkconfig --list |grep 3:on |awk '{print $1}';do chkconfig A off;done for B in rsyslog network sshd crond sysstat;do chkconfigB on;done
echo '+--------which services on---------+'
chkconfig --list |grep 3:on
echo '+----------------------------------+'
export LANG="zh_CN.UTF-8"
action "精簡開機自啟動完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Removal system and kernel version login before the screen display

initRemoval(){
echo "======去除系統及內核版本登錄前的屏幕顯示======="

must use root user run scripts

if
[ $UID -ne 0 ];then
echo This script must use the root user ! ! !
sleep 2
exit 0
fi
>/etc/redhat-release
>/etc/issue
action "去除系統及內核版本登錄前的屏幕顯示" /bin/true
echo "================================================="
echo ""
sleep 2
}

Change sshd default port and prohibit user root remote login.

initSsh(){
echo "========修改ssh默認端口禁用root遠程登錄=========="
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.(date +%F) sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config sed -i 's/^GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
echo '+-------modify the sshd_config-------+'
echo 'Port 52113'
echo 'PermitEmptyPasswords no'
echo 'PermitRootLogin no'
echo 'UseDNS no'
echo '+------------------------------------+'
service sshd restart && action "修改ssh默認參數完成" /bin/true || action "修改ssh參數失敗" /bin/false
echo "================================================="
echo ""
sleep 2
}

time sync

syncSysTime(){
echo "================配置時間同步====================="
\cp /var/spool/cron/root /var/spool/cron/root.(date +%F) 2>/dev/null NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l` if [NTPDATE -eq 0 ];then
echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >> /var/spool/cron/root
fi
echo '#crontab -l'
crontab -l
action "配置時間同步完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

install tools

initTools(){
echo "#####安裝升級系統補裝工具及重要工具升級(選擇最小化安裝minimal)#####"
ping -c 2 mirrors.aliyun.com
sleep 2
yum install tree nmap sysstat lrzsz dos2unix wget git -y
sleep 2
rpm -qa tree nmap sysstat lrzsz dos2unix
sleep 2
yum install openssl openssh bash -y
sleep 2
action "安裝升級系統補裝工具及重要工具升級(選擇最小化安裝minimal)" /bin/true
echo "================================================="
echo ""
sleep 2
}

add user and give sudoers

addUser(){
echo "===================新建用戶======================"

add user

while true
do
read -p "請輸入新用戶名:" name
NAME=awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l
if [ {#name} -eq 0 ];then echo "用戶名不能為空,請重新輸入。" continue elif [NAME -eq 1 ];then
echo "用戶名已存在,請重新輸入。"
continue
fi
useradd $name
break
done

create password

while true
do
read -p "為 name 創建一個密碼:" pass1 if [{#pass1} -eq 0 ];then
echo "密碼不能為空,請重新輸入。"
continue
fi
read -p "請再次輸入密碼:" pass2
if [ "pass1" != "pass2" ];then
echo "兩次密碼輸入不相同,請重新輸入。"
continue
fi
echo "pass2" |passwd --stdinname
break
done
sleep 1

add visudo

echo "#####add visudo#####"
\cp /etc/sudoers /etc/sudoers.(date +%F) SUDO=`grep -w "name" /etc/sudoers |wc -l`
if [ SUDO -eq 0 ];then echo "name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
echo '#tail -1 /etc/sudoers'
grep -w "name" /etc/sudoers sleep 1 fi action "創建用戶name并將其加入visudo完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Adjust the file descriptor(limits.conf)

initLimits(){
echo "===============加大文件描述符===================="
LIMIT=grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l
if [ LIMIT -eq 0 ];then \cp /etc/security/limits.conf /etc/security/limits.conf.(date +%F)
echo '* - nofile 65535'>>/etc/security/limits.conf
fi
echo '#tail -1 /etc/security/limits.conf'
tail -1 /etc/security/limits.conf
ulimit -HSn 65535
echo '#ulimit -n'
ulimit -n
action "配置文件描述符為65535" /bin/true
echo "================================================="
echo ""
sleep 2
}

set the control-alt-delete to guard against the miSUSE

initRestart(){
sed -i 's#exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
action "將ctrl alt delete鍵進行屏蔽,防止誤操作的時候服務器重啟" /bin/true
echo "================================================="
echo ""
sleep 2
}

Optimizing the system kernel

initSysctl(){
echo "================優化內核參數====================="
SYSCTL=grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l
if [ SYSCTL -lt 10 ];then \cp /etc/sysctl.conf /etc/sysctl.conf.(date +%F)
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
\cp /etc/rc.local /etc/rc.local.$(date +%F)
modprobe nf_conntrack
echo "modprobe nf_conntrack">> /etc/rc.local
modprobe bridge
echo "modprobe bridge">> /etc/rc.local
sysctl -p
action "內核調優完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

setting history and login timeout

initHistory(){
echo "======設置默認歷史記錄數和連接超時時間======"
echo "TMOUT=300" >>/etc/profile
echo "HISTSIZE=100" >>/etc/profile
echo "HISTFILESIZE=100" >>/etc/profile
tail -3 /etc/profile
source /etc/profile
action "設置默認歷史記錄數和連接超時時間" /bin/true
echo "================================================="
echo ""
sleep 2
}

chattr file system

initChattr(){
echo "======鎖定關鍵文件系統======"
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
/bin/mv /usr/bin/chattr /usr/bin/lock
action "鎖定關鍵文件系統" /bin/true
echo "================================================="
echo ""
sleep 2
}
del_file(){
echo "======定時清理郵件任務======"
[ -f /server/scripts/ ] || mkdir -p /server/scripts/
echo "find /var/spool/postfix/maildrop/ -type f|xargs rm -f" >/server/scripts/del_file.sh
echo '#this is del mail task by kingle at 2018-8-8' >>/var/spool/cron/root
echo "*/1 * * * * /bin/bash /server/scripts/del_file.sh &>/dev/null" >>/var/spool/cron/root
echo "================================================="
echo ""
sleep 2
}
hide_info(){
echo "======!!隱藏系統信息!!======"
echo "======此項注意不要自己忘記了那就沒救了======"
echo "======不建議使用======"
Version_information=cat /etc/issue|grep "CentOS"

/etc/issue
/etc/issue.net
if [ cat /etc/issue|grep cent|wc -l -eq 0 -a cat /etc/issue|grep cent|wc -l -eq 0 ];then
echo "======清除成功====="
else
/etc/issue
/etc/issue.net
fi
echo "$Version_information"
echo "=====認準本系統版本======"
sleep 10
echo "================================================="
}
grub_md5(){
echo "======grub_md5加密======"
echo "======命令行輸入:/sbin/grub-md5-crypt 進行交互式加密======"
echo "把密碼寫入/etc/grub.conf 格式:password --MD5 密碼"
echo ""
sleep 10
}

menu2

menu2(){
while true
do
clear
cat <<EOF


|****Please Enter Your Choice:[0-15]****|

(1) 新建一個用戶并將其加入visudo
(2) 配置為國內YUM源鏡像和保存YUM源文件
(3) 配置中文字符集
(4) 禁用SELINUX及關閉防火墻
(5) 精簡開機自啟動
(6) 去除系統及內核版本登錄前的屏幕顯示
(7) 修改ssh默認端口及禁用root遠程登錄
(8) 設置時間同步
(9) 安裝系統補裝工具(選擇最小化安裝minimal)
(10) 加大文件描述符
(11) 禁用GSSAPI來認證,也禁用DNS反向解析,加快SSH登陸速度
(12) 將ctrl alt delete鍵進行屏蔽,防止誤操作的時候服務器重啟
(13) 系統內核調優
(14) 設置默認歷史記錄數和連接超時時間
(15) 鎖定關鍵文件系統
(16) 定時清理郵件任務
(17) 隱藏系統信息
(18) grub_md5加密
(0) 返回上一級菜單

EOF
read -p "Please enter your Choice[0-15]: " input2
case "$input2" in

clear
break
;;

addUser
;;

configYum
;;

initI18n
;;

initFirewall
;;

initService
;;

initRemoval
;;

initSsh
;;

syncSysTime
;;

initTools
;;

initLimits
;;

initRestart
;;

initSysctl
;;

initHistory
;;

initChattr
;;

del_file
;;

hide_info
;;

grub_md5
;;
*) echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Choice! |"
echo "----------------------------------"
for i in seq -w 3 -1 1
do
echo -ne "\b\b$i";
sleep 1;
done
clear
esac
done
}

initTools

menu

while true
do
clear
echo "========================================"
echo ' Linux Optimization '
echo "========================================"
cat << EOF
|-----------System Infomation-----------
| DATE :DATE | HOSTNAME :HOSTNAME
| USER :USER | IP :IPADDR
| DISK_USED :DISK_SDA | CPU_AVERAGE:cpu_uptime


|****Please Enter Your Choice:[1-3]****|

(1) 一鍵優化
(2) 自定義優化
(3) 退出
EOF

choice

read -p "Please enter your choice[0-3]: " input1
case "$input1" in

addUser
configYum
initI18n
initFirewall
initService
initRemoval
initSsh
syncSysTime
initTools
initLimits
initRestart
initSysctl
initHistory
initChattr
;;

menu2
;;

clear
break
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Choice! |"
echo "----------------------------------"
for i in seq -w 3 -1 1
do
echo -ne "\b\b$i";
sleep 1;
done
clear
esac
done

最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容

  • ##修改yum源,關閉selinux,關閉防火墻,關閉不必要的開機服務,添加用戶,設置默認字符集UTF8 ##時間...
    SkTj閱讀 805評論 0 1
  • #!/bin/bash #set env export PATH=$PATH:/bin:/sbin:/usr/sb...
    SkTj閱讀 825評論 0 0
  • 系統巡檢腳本:Version 2016.08.09 ############################ 系統...
    NamasAmitabha閱讀 1,347評論 0 0
  • 本腳本是centos 6系統初始化腳本,參考網上已有腳本,以模塊化的形式呈現,可以按照需要方便注釋掉不需要的模塊。...
    think_lonely閱讀 261評論 0 3
  • 一、用戶帳號和環境……………………………………………………………. 2 二、系統訪問認證和授權…………………………...
    大福技術閱讀 5,999評論 0 5