标签:firewalld sshd_config sysctl.conf 字符集 时间时区 更新yum源
##服务器初始化环境
#()更新yum源,并添加必要系统工具
#()修改时区&&设置系统时间(ntpdate时间同步服务)
#()修改字符集zh_CN.UTF-8
#()关闭selinux
#()内核优化sysctl.conf && 调整文件描述符ulimit(即单个进程的最大文件打开数)
#()清空history历史记录
#()安装denyhosts.service防爆破服务,指定IP设置/etc/hosts.allow白名单
#()创建transfor用户,并设置密码
#()修改防火墙配置文件(开放指定IP的ssh登录)
#()修改/etc/ssh/sshd_config文件(开放密钥登录,UseDNS,GSSAPIAuthentication,GSSAPICleanupCredentials)
#()配置密钥,添加跳板机
#更新yum源,并添加必要系统工具
mkdir -p /server/src /server/logs cd /server/src rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum -y install net-tools net-snmp wget iftop htop telnet git vim rpm -qa |grep -E "snmp|wget|iftop|htop|git|telnet|vim|release" >>/server/logs/sys-install.log
#修改时区&&设置时间
date >>/server/logs/sys-install.log ntpdate time-a.nist.gov date >>/server/logs/sys-install.log echo "00 */10 * * * ntpdate time-a.nist.gov >/dev/null 2>&1" >> /var/spool/cron/root crontab -l >>/server/logs/sys-install.log rm /etc/localtime -f ln -s /usr/share/zoneinfo/UTC /etc/localtime date >>/server/logs/sys-install.log
#修改系统字符集zh_CN.UTF-8
echo $LANG >>/server/logs/sys-install.log sed -i ‘s/en/zh_CN.UTF-8/g‘ /etc/locale.conf source /etc/locale.conf echo $LANG >>/server/logs/sys-install.log #临时修改系统字符集 #LANG=zh_CN.UTF-8
#内核优化sysctl.conf && 调整文件描述符ulimit(即单个进程的最大文件打开数)
cp /etc/sysctl.conf /etc/sysctl.conf.bak`date +%F` echo "net.ipv4.ip_local_port_range = 1024 65535 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 net.ipv4.tcp_fin_timeout = 10 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_window_scaling = 0 net.ipv4.tcp_sack = 0 net.core.netdev_max_backlog = 65535 net.ipv4.tcp_no_metrics_save = 1 net.core.somaxconn = 65535 net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2" >/etc/sysctl.conf sysctl -p >>/server/logs/sys-install.log sysctl -w net.ipv4.route.flush=1 echo "ulimit -HSn 65536" >> /etc/rc.local echo "ulimit -HSn 65536" >> /root/.bash_profile ulimit -HSn 65535 ulimit -n >>/server/logs/sys-install.log
#关闭selinux
getenforce >>/server/logs/sys-install.log setenforce 0 getenforce >>/server/logs/sys-install.log cp /etc/sysconfig/selinux /etc/sysconfig/selinux.bak`date +%F` sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/sysconfig/selinux cat /etc/sysconfig/selinux >>/server/logs/sys-install.log
#清空会话历史记录
echo "unset HISTFILE" >>~/.bashrc cat ~/.bashrc >>/server/logs/sys-install.log
#安装denyhosts.service防爆破服务
yum -y install denyhosts.noarch systemctl enable denyhosts.service systemctl start denyhosts.service systemctl status denyhosts.service cp /etc/hosts.allow /etc/hosts.allow.bak`date +%F` echo "sshd:122.x.x.2/29" >>/etc/hosts.allow cat !$ >>/server/logs/sys-install.log cat /etc/hosts.deny >>/server/logs/sys-install.log
#调整防火墙
echo "<?xml version=‘1.0‘ encoding=‘utf-8‘?> <zone> <short>ssh</short> <description>ssh.</description> #fortress-new <source address=‘122.x.x.2/29‘/> #vpn70 <source address=‘45.x.x.70‘/> <service name=‘ssh‘/> </zone>" >/etc/firewalld/zones/ssh.xml firewall-cmd --reload firewall-cmd --list-all-zones >>/server/logs/sys-install.log #放开防火墙http:80服务 #cp /etc/firewalld/zones/public.xml /etc/firewalld/zones/public.xml.bak`date +%F` #sed -i ‘s#</zone># <service name="http"/>\n</zone>#g‘ /etc/firewalld/zones/public.xml #firewall-cmd --reload #firewall-cmd --list-all >>/server/logs/sys-install.log
#调整sshd_config文件
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak`date +%F` #sed -i ‘s/^PasswordAuthentication yes/PasswordAuthentication no/g‘ /etc/ssh/sshd_config sed -ir ‘s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_config sed -i ‘s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g‘ /etc/ssh/sshd_config sed -ir ‘s/#RSAAuthentication yes/RSAAuthentication yes/g‘ /etc/ssh/sshd_config sed -ir ‘s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g‘ /etc/ssh/sshd_config grep -E "GSSAPIAuthentication|PasswordAuthentication|UseDNS|PubkeyAuthentication|RSAAuthentication" /etc/ssh/sshd_config >>/server/logs/sys-install.log
#创建transfor用户 & 创建密码
useradd transfor echo "transfor" |passwd transfor --stdin grep transfor /etc/passwd >>/server/logs/sys-install.log su - transfor exit
#创建密钥
#添加跳板机
标签:firewalld sshd_config sysctl.conf 字符集 时间时区 更新yum源
原文地址:http://jschu.blog.51cto.com/5594807/1850862
