标签:脚本
最近看了下公司之前的CentOS6的开机配置脚本,简单调整了下:
#!/bin/bash #created by molewan #set env export PATH=$PATH:/bin:/sbin:/usr/sbin hostname=$1 if [ $UID != "0" ];then echo "Please run as root" exit 1 fi Usage(){ echo $"USAGRE:/bin/bash $0 hostname" exit 1 } if [ "$#" -ne "1" ];then Usage fi #define cmd var SERVICE=`which service` CHKCONFIG=`which chkconfig` function mod_yum(){ ping -c 2 -w 2 mirrors.aliyun.com >/dev/null 2>&1 if [ $? -eq 0 ];then wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo yum install -y vim lsof telnet lrzsz wget openssh-clients unix2dos dos2unix gcc gcc-c++ openssl-devel openssl-perl bc yum clean all else echo "your must check network" exit 1 fi } function disable_selinux(){ sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/sysconfig/selinux setenforce 0 >/dev/null 2>$1 } function disable_iptables(){ /sbin/iptables -F && /sbin/iptables -X && /sbin/iptables -Z /etc/init.d/iptables save /etc/init.d/iptables stop && chkconfig iptables off } function least_service(){ export LANG=en chkconfig|awk ‘{print "chkconfig",$1,"off"}‘|bash chkconfig|egrep "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"on"}‘|bash } function charset(){ cp /etc/sysconfig/i18n /etc/sysconfig/i18n.bak echo ‘LANG="zh_CN.UTF-8"‘>/etc/sysconfig/i18n source /etc/sysconfig/i18n } function ntp_time_sync(){ ntpdate -u 202.120.2.101 && hwclock -w >/dev/null 2>&1 echo "05 23 * * * /usr/sbin/ntpdate -u 202.120.2.101">>/var/spool/cron/root } function com_line_set(){ if [ `egrep "TMOUT|HISTSIZE|ISTFILESIZE" /etc/profile|wc -l` -lt 3 ] then echo ‘export TMOUT=300‘>>/etc/profile echo ‘export HISTSIZE=5‘>>/etc/profile echo ‘export HISTFILESIZE=5‘>>/etc/profile source /etc/profile fi } function open_file_set(){ if [ `grep 65535 /etc/security/limits.conf|wc -l` -lt 1] then echo ‘*-nofile65535‘>>/etc/security/limits.conf tail -1 /etc/security/limits.conf fi } function set_kernel(){ cat >>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_resue = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.tcp_rmem = 4096 87380 8388608 net.ipv4.tcp_wmem = 4096 87380 8388608 EOF sysctl -p } function set_sercurity_limits.conf(){ echo ‘ ‘ >> /etc/security/limits.conf echo ‘* soft nofile 65535‘ >> /etc/security/limits.conf echo ‘* hard nofile 65535‘ >> /etc/security/limits.conf echo ‘* soft nproc 65535‘ >> /etc/security/limits.conf echo ‘* hard nproc 65535‘ >> /etc/security/limits.conf } function set_ssh(){ sed -i ‘/#Port 22/Port 5272/g‘ /etc/sysconfig/sshd_config sed -i ‘/#UseDNS yes/a\UseDNS no‘ /etc/ssh/sshd_config sed -i ‘s/#GSSAPIAuthentication no/GSSAPIAuthentication no/g‘ /etc/ssh/sshd_config sed -i ‘s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g‘ /etc/ssh/sshd_config /etc/init.d/sshd reload } function set_hostname(){ echo ‘NETWORKING=yes‘ >> /etc/sysconfig/network echo "HOSTNAME=${hostname}" >> /etc/sysconfig/network } function ctrl_alt_del_deny(){ sed -i ‘s/start on control-alt-delete/#start on control-alt-delete/g‘ /etc/init/control-alt-delete.conf } function shutdown_ipv6(){ echo ‘alias net-pf-10 off‘ >> /etc/modprobe.d/dist.conf echo ‘alias ipv6 off‘ >> /etc/modprobe.d/dist.conf } function alter_bootmenu_time(){ sed -i ‘/timeout=5/d‘ /boot/grub/menu.lst sed -i ‘/default/a\timeout=1‘ /boot/grub/menu.lst } main(){ mod_yum disable_selinux disable_iptables least_service charset ntp_time_sync com_line_set open_file_set set_kernel set_sercurity_limits.conf set_ssh set_hostname ctrl_alt_del_deny shutdown_ipv6 alter_bootmenu_time } main
本文出自 “冰冻vs西瓜” 博客,请务必保留此出处http://molewan.blog.51cto.com/287340/1956057
标签:脚本
原文地址:http://molewan.blog.51cto.com/287340/1956057