标签:linux 优化
#!/bin/bash ############################################################## # File Name: /var/www/html/ks_config/optimization.sh # Version: V1.0 # Author: ersa ma # Organization: http://iersa.blog.51cto.com/ # Created Time : 2016-11-14 22:26:08 # Description: Linux system initialization # E.g: /bin/sh optimization.sh 172.16.1.41 ############################################################## . /etc/init.d/functions if [ $# -ne 1 ];then Msg "Please enter the ip address passed to the script!" exit -1 fi ipaddr=$1 # Defined result function function Msg(){ if [ $? -eq 0 ];then action "$1" /bin/true else action "$1" /bin/false fi } # Defined Time Synchronization Functions function Time(){ echo "#time sync by ersa at $(date +%F)" >>/var/spool/cron/root echo ‘*/5 * * * * /usr/sbin/ntpdate time.nist.gov &>/dev/null‘ >>/var/spool/cron/root Msg "Time Synchronization" } # Defined IP function function ConfigIP(){ #Suffix=`ifconfig eth1|awk -F "[ .]+" ‘NR==2 {print $6}‘` Suffix=`echo $ipaddr |awk -F "." ‘{print $4}‘` cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none USERCTL=no IPV6INIT=no IPADDR=10.0.0.$Suffix NETMASK=255.255.255.0 DNS2=223.5.5.5 GATEWAY=10.0.0.2 DNS1=10.0.0.2 NAME="System eth0" EOF Msg "config eth0" cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF DEVICE=eth1 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none USERCTL=no IPV6INIT=no IPADDR=172.16.1.$Suffix NETMASK=255.255.255.0 DNS2=223.5.5.5 GATEWAY=10.0.0.2 DNS1=10.0.0.2 NAME="System eth1" EOF Msg "config eth1" } #Defined cloned after internet optimization Function function ClonedNetworkOpti() { sed -i ‘/UUID/d;/HWADDR/d‘ /etc/sysconfig/network-scripts/ifcfg-eth* >/etc/udev/rules.d/70-persistent-net.rules Msg "Clone online optimization" } # Defined Yum source Functions function UpdateYumSource(){ YumDir=/etc/yum.repos.d repoDir=http://mirrors.aliyun.com/repo/Centos-6.repo epelDir=http://mirrors.aliyun.com/repo/epel-6.repo [ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori} #wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null && #wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null && wget -O $YumDir/CentOS-Base.repo $repoDir &>/dev/null && wget -O $YumDir/epel.repo $epelDir &>/dev/null && #清空yum缓存,建立yum缓存 yum clean all && yum makecache && #然后使用如下命令将系统更新到最新 # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* #导入签名KEY到RPM # yum upgrade -y #更新系统内核到最新 Msg "YUM source" } #Install the base package (tree nmap sysstat lrzsz telnet dos2unix) function InstallBasePackage() { yum install -y tree nmap sysstat lrzsz dos2unix telnet &>/dev/null && Msg "Base packages" } #Lock critical file systems() function LockCriticalFile() { chattr +i /etc/passwd && chattr +i /etc/inittab && chattr +i /etc/group && chattr +i /etc/shadow && chattr +i /etc/gshadow && Msg "Lock files" } # Defined Hide the system version number Functions function HideVersion(){ [ -f "/etc/issue" ] && >/etc/issue Msg "Hide issue" [ -f "/etc/issue.net" ] && > /etc/issue.net Msg "Hide issue.net" } # Defined OPEN FILES Functions function openfiles(){ [ -f "/etc/security/limits.conf" ] && { echo ‘* - nofile 65535‘ >> /etc/security/limits.conf Msg "open files" } } #Defined Stop iptables Functions function StopIptables() { [ -f "/etc/init.d/iptables" ] && { /etc/init.d/iptables stop chkconfig iptables off Msg "stop iptables" } } #Defined Close SELinux Functions function CloseSELinux(){ [ -f "/etc/selinux/config" ] && { sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config setenforce 0 Msg "Close SELinux" } } #Defined Modify the remote login configuration on the SSH server function ModifySSHConfig(){ [ -f "/etc/ssh/sshd_config" ] && { cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori sed ‘13i Port 52113\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no‘ /etc/ssh/sshd_config /etc/init.d/sshd reload Msg "Modify ssh config" } } #Kernel parameter optimization function KernelParameterOpti() { cat >>/etc/sysctl.conf <<EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time =600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 #以下参数是对iptables防火墙的优化,防火墙不开会有提示,可以忽略不理 net.ipv4.ip_conntrack_max = 25000000 net.ipv4.netfilter.ip_conntrack_max = 25000000 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180 net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120 net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60 net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120 EOF #使配置文件生效 sysctl –p &>/dev/null && Msg "Kernel parameter optimization" } # Defined System Startup Services Functions function boot(){ for oldboy in `chkconfig --list|grep "3:on"|awk ‘{print $1}‘|grep -vE "crond|network|rsyslog|sshd|sysstat"` do chkconfig $oldboy off done Msg "BOOT config" } # Defined main Functions function main(){ ConfigIP ClonedNetworkOpti Time UpdateYumSource InstallBasePackage CloseSELinux StopIptables openfiles boot KernelParameterOpti HideVersion LockCriticalFile } main
标签:linux 优化
原文地址:http://iersa.blog.51cto.com/9257603/1884567