#!/bin/bash
#by authors Mox
#Email 827897564@qq.com
#
#--变量
err_echo(){
echo -e "\\033[31m[Error]: $1 \\033[0m"
exit 1
}
info_echo(){
echo -e "\\033[32m [Info]: $1 \\033[0m"
}
warn_echo(){
echo -e "\\033[33m [Warning]: $1 \\033[0m"
}
check_exit(){
if [ $? -ne 0 ]; then
err_echo "$1"
exit 1
fi
}
SSH_PORT=15300
LOGIN_USER=login_user
LOGIN_PASSWD=login_user
#用户登录失败锁定阀值
LOGIN_FAILD=3
LOCK_TIME=30
cat << EOF
+--------------------------------------------------------------+
| === Welcome to CentOS 6.x System init ===" |
+--------------------------------------------------------------+
EOF
info_echo "start check system vertion"
sv=`grep "CentOS" /etc/issue|awk ‘{print $1}‘`
cv=`uname -r | awk -F. ‘{print $NF}‘`
if [ $sv != CentOS ] && [ $cv != x86_64 ] ;then
erro_echo "no CentOS or no x86_64 system !!! exit...."
exit 7
fi
#添加epel外部yum扩展源
info_echo "add epel rpm sours..."
cd /usr/local/src
wget http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
#安装gcc基础库文件以及sysstat工具
info_echo "install gcc gcc-c++ unzip unzip vim wget...."
yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat vim wget
info_echo "install ntpd..."
#配置ntpdate自动对时
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab
ntpdate ntp.api.bz
service crond restart
#配置文件的ulimit值
info_echo "config ulimit..."
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 60000
* hard nofile 65535
EOF
info_echo "disabled control-alt-delete..."
#禁用control-alt-delete组合键以防止误操作
sed -i ‘s@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@‘ /etc/inittab
#关闭SElinux
info_echo "disable Selinux..."
sed -i ‘s@SELINUX=enforcing@SELINUX=disabled@‘ /etc/selinux/config
#ssh服务配置优化
info_echo "backup sshd config..."
cp -f /etc/ssh/sshd_config /etc/ssh/sshd_config.back
info_echo "deny root login..."
sed -i ‘/#PermitRootLogin/a\PermitRootLogin no‘ /etc/ssh/sshd_config
info_echo "set ssh port $SSH_PORT"
sed -i "/#Port 22/a\ Port $SSH_PORT" /etc/ssh/sshd_config
info_echo "enable port $SSH_PORT"
iptables -I INPUT -p tcp -m state --state NEW --dport $SSH_PORT -j ACCEPT
sed -i ‘s@#UseDNS yes@UseDNS no@‘ /etc/ssh/sshd_config
service sshd restart
#增加登录用户
info_echo "add login user..."
useradd $LOGIN_USER
echo $LOGIN_USER | passwd --stdin $LOGIN_USER
#禁用ipv6地址
info_echo "disabled ipv6..."
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "install ipv6 /bin/true" >> /etc/modprobe.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network
sed -i ‘s@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@‘ /etc/sysconfig/network
chkconfig ip6tables off
#vim基础语法优化
info_echo "vim optimized..."
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
#停用系统中不必要的服务
info_echo "optimized auto start servcie..."
chkconfig auditd off
chkconfig postfix off
chkconfig ip6tables off
chkconfig mdmonitor off
#设置用户登录失败锁定阀值,锁定时间
info_echo "set login faild lock time..."
cp -p /etc/pam.d/sshd /etc/pam.d/sshd.back
sed -i "/#%PAM-1.0/a\ auth required pam_tally2.so deny=$LOGIN_FAILD unlock_time=$LOCK_TIME even_deny_root root_unlock_time=$LOCK_TIME" /etc/pam.d/sshd
#查看错误登录次数
#pam_tally2 –u USER
#解锁命令
#pam_tally2 -u USER --reset
#设置bash保留的历史命令数目
info_echo "set bash history command amount..."
cp -p /etc/profile /etc/profile.back
sed -i "s/HISTSIZE=1000/HISTSIZE=5/" /etc/profile
info_echo "init OK @@!!"
#重启服务器
#reboot本文出自 “左手右手” 博客,请务必保留此出处http://mofeihu.blog.51cto.com/1825994/1840798
原文地址:http://mofeihu.blog.51cto.com/1825994/1840798
