标签:linux-shell
关闭系统不必要的服务;关闭selinux,关闭iptables;关闭ctrl+alt+del重启;设置ssh端口,关闭DNS解析;设置系统最大文件描述符;设置系统关键文件权限;配置安装ntp;安装vim;配置安装阿里云yum源和epel源;
#!/bin/bash
#written by mofansheng@2015-11-03#system optimization script#The fllow apply to CentOS 6.x. /etc/init.d/functionsfunction check_ok(){ if [ $? -eq 0 ] then echo "" continue else echo "pls check error" exit fi}cat<<EOF-----------------------------------------------------------------------| system optimization |-----------------------------------------------------------------------EOF#close unimportant system servicesecho "===Close unimportant system services,it will take serval mintinues==="for s in `chkconfig --list|grep 3:on|awk ‘{print $1}‘|grep -Ev "crond|sshd|sysstat|rsyslog|network"`do chkconfig $s offdonecheck_okaction "Close unimportant system services" /bin/true#close selinuxecho "===close SELINUX==="if [ `getenforce` != "Disabled" ]then sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config echo "selinux is disabled,you must reboot!"else action "SELINUX is closed" /bin/trueficheck_okaction "Close SELINUX" /bin/true#close ctrl+alt+delmv /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak#close iptablesecho "===close iptables==="iptables-save >/etc/sysconfig/iptables_$(date +%s)iptables -Fservice iptables savecheck_okaction "iptables is closed" /bin/true#set ulimitecho "ulimit -SHn 65535" >>/etc/rc.local#set SSHsed -i ‘s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_configsed -i ‘s/#Port 22/Port 65500/g‘ /etc/ssh/sshd_configservice sshd restart#set system files permissionchmod 600 /etc/passwdchmod 600 /etc/groupchmod 600 /etc/shadowchmod 600 /etc/gshadow#set ntpyum install ntpdate -yntpdate ntp.fudan.edu.cnecho "* 3 * * * /usr/sbin/ntpdate ntp.fudan.edu.cn >/dev/null 2>&1" >>/etc/crontabservice crond restartcheck_okaction "ntpdate is installed and add in crontab" /bin/true#set vimecho "===install vim,it will take serval mintinues==="yum install vim-enhanced -y &>/dev/nullalias vi=vimecho "alias vi=vim" >>/root/.bashrccheck_okaction "vim is installed" /bin/true#set yum reposecho "===update yum repos,it will take serval mintinues==="yum install wget -ymv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bakwget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo &>/dev/nullwget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/nullyum clean all &>/dev/nullyum makecache &>/dev/nullcheck_okaction "yum repos update is ok" /bin/true本文出自 “IT屌丝” 博客,请务必保留此出处http://68686789.blog.51cto.com/10438688/1712628
关闭系统不必要的服务;关闭selinux,关闭iptables
标签:linux-shell
原文地址:http://68686789.blog.51cto.com/10438688/1712628
