标签:please require version 服务器安全 system
#/bin/sh
#############################################################
#auther:qiruyi
#date:2016-08-05
#system:centos6.5
#version:1.0
#set env //设置环境变量
#Source function library.
. /etc/init.d/functions
export PATH=$PATH:/bin:/sbin:/usr/sbin
#require root to run this script. //使用root用户
if [[ "$(whoami)" != "root" ]]; then
echo "please su root to run this script"
fi
#Modify the system yum source //修改系统Yum源
initYum() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Modify the system yum source. ------+
+--------------------------------------------------------------+
EOF
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo.ori.$(date +%F) // \cp则是告诉shell不要去查alias,直接执行原本的cp
ping -c 1 baidu.com >/dev/null
[ ! $? -eq 0 ] && echo $"Networking not configured - exiting" && exit 1 // [ ! $? -eq 0 ]指上一条命令的执行状态, 0就是正常
wget --quiet -o /dev/null http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
\cp CentOS-Base-sohu.repo CentOS-Base.repo
echo "Modify the system yum source.------->OK"
sleep 3
}
#Set the character encoding //设置字符编码
initI18n() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Set the character encoding. ------+
+--------------------------------------------------------------+
EOF
echo "#set LANG="zh_cn.gb18030""
\cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
sed -i ‘s#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#‘ /etc/sysconfig/i18n //sed ‘s/原字符串/替换字符串/‘
source /etc/sysconfig/i18n
grep LANG /etc/sysconfig/i18n
echo "Set the character encoding.------->OK"
sleep 3
}
#Close the firewall and Selinux //关闭防火墙和Selinux
initFirewall() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Close the firewall and Selinux. ------+
+--------------------------------------------------------------+
EOF
\cp /etc/selinux/config /etc/selinux/config.`date +"%Y-%m-%d_%H-%M-%S"`
/etc/init.d/iptables stop
chkconfig iptables off
sed -i ‘s/SELINUX=enable/SELINUX=disabled/‘ /etc/selinux/config
setenforce 0
/etc/init.d/iptables status
grep SELINUX=disabled /etc/selinux/config
echo "Close the firewall and Selinux.------->OK"
sleep 3
}
#Close unnecessary system service //关闭不必要系统服务
initService() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Close unnecessary system service . ------+
+--------------------------------------------------------------+
EOF
export LANG="en_US.UTF-8"
for i in `chkconfig --list |grep 3:on|awk ‘{print $1}‘`;do chkconfig --level 3 $i off;done
for i in crond network sshd syslog;do chkconfig --level 3 $i on;done
export LANG="zh_CN.GB18030"
echo "Close unnecessary system service.------>OK"
sleep 3
}
#Disable ctrlaltdel three key to reboot system //禁止ctrl+alt+del三个键重启系统
initSafe() {
cat << EOF
+--------------------------------------------------------------+
+-- Welcome to Disable ctrlaltdel three key to reboot system.--+
+--------------------------------------------------------------+
EOF
\cp /etc/inittab /etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i "s/ca::ctrlaltdel:\/sbin/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin/shutdown -t3 -r now/" /etc/inittab
/sbin/init q
echo "Disable ctrlaltdel three key to reboot system.------>OK"
sleep 3
}
#Adjust the number of open files //调整系统打开文件数
initOpenFiles() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Adjust the number of open files. ------+
+--------------------------------------------------------------+
EOF
\cp /etc/security/limits.conf /etc/security/limits.conf.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i ‘ /# End of file/i\*\t\t-\tnofile\t\t65535‘ /etc/security/limits.conf
ulimit -HSn 65535
echo "ulimit -HSn 65535" >> /etc/rc.local
echo "Adjust the number of open files.------>OK"
sleep 3
}
#Set system time synchronization //设置系统同步时间
initSysTime() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Set system time synchronization. ------+
+--------------------------------------------------------------+
EOF
yum -y install ntp >>/dev/null 2>&1
ntpdate time.windows.com
echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >>/var/spool/cron/root
echo "Set system time synchronization.------>OK"
sleep 3
}
#Optimization of system kernel //优化系统内核
initKernel() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Optimization of system kernel. ------+
+--------------------------------------------------------------+
EOF
\cp /etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"`
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 87380 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
echo "Optimization of system kernel.------>OK"
sleep 3
}
#Installation system tools //安装系统工具
initTool() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Installation system tools. ------+
+------ <sysstat ntp net-snmp lrzsz rsync> ------+
+--------------------------------------------------------------+
EOF
yum -y install sysstat ntp net-snmp lrzsz rsync >/dev/null 2>&1
echo "Installation system tools.------->OK"
sleep 3
}
#Prohibit the use of IPV6 //禁止使用IPV6
initIPV6() {
cat << EOF
+--------------------------------------------------------------+
+------ Welcome to Prohibit the use of IPV6. ------+
+--------------------------------------------------------------+
EOF
\cp /etc/modprobe.conf /etc/modprobe.conf.`date +"%Y-%m-%d_%H-%M-%S"`
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "Prohibit the use of IPV6.------>OK"
sleep 3
}
AStr="修改系统Yum源,设置字符编码,关闭防火墙和Selinux,关闭不必要系统服务"
BStr="禁止Ctrl+Alt+Del三个键重启系统"
CStr="调整系统打开文件数"
DStr="设置系统同步时间"
EStr="优化系统内核"
FStr="安装系统工具"
GStr="禁止使用IPV6"
HStr="一键初始化"
echo "+--------------------------------------------------------------+"
echo "+-----------------欢迎对系统进行初始化安全设置!---------------+"
echo "A:${AStr}"
echo "B:${BStr}"
echo "C:${CStr}"
echo "D:${DStr}"
echo "E:${EStr}"
echo "F:${FStr}"
echo "G:${GStr}"
echo "H:${HStr}"
echo "+--------------------------------------------------------------+"
echo "注意:如果没有选择初始化选项,20秒后将自动选择一键初始化安装!"
echo "+--------------------------------------------------------------+"
option="-1"
read -n1 -t20 -p "请选择初始化选项【A-C-D-E-F-G-H】:" option
flag1=$(echo $option|egrep "\-1"|wc -l)
flag2=$(echo $option|egrep "[A-Ja-H]"|wc -l)
if [ $flag1 -eq 1 ];then
option="K"
elif [ $flag2 -ne 1 ];then
echo -e "\n\n请重新运行脚本,输入从A--->H的字母!"
exit 1
fi
echo -e "\n你选择的选项是:$option\n"
echo "5秒之后开始安装 ......"
sleep 5
case $option in
A|a)
initYum
initI18n
initFirewall
initService
;;
B|b)
initSafe
;;
C|c)
initOpenFiles
;;
D|d)
initSysTime
;;
E|e)
initKernel
;;
F|f)
initTool
;;
G|g)
initIPV6
;;
H|h)
initYum
initI18n
initFirewall
initService
initSafe
initOpenFiles
initSysTime
initKernel
initTool
initIPV6
;;
*)
echo "请输入从A--->H的字母,谢谢!"
exit
;;
esac
标签:please require version 服务器安全 system
原文地址:http://21024.blog.51cto.com/11024/1834760
