标签:log file amp crontab top dev use yum源 UI
1、在了解shell函数之前,先来了解Linux中别名的作用
函数就类似于别名的作用,简单的说函数就是将程序相同的代码块组合起来,并为其取一个名字(函数名),在需要调用的地方写上函数名即可,注意这点和Python里面的函数不一样,Python里面函数钓鱼用需要函数名+小括号,而shell函数只需名字即可
2、shell函数语法
function 函数名() {
指令...
return n
}
function可以不写
3、shell函数脚本--开发优化系统脚本
系统优化思路如下
1、安装系统时精简安装包
2、配置国内高速的yum源
3、禁用开机不需要的启动服务
4、优化系统内核参数 /etc/sysctl.conf
5、增加系统文件描述符
6、禁止root远程登录,修改ssh端口,配置ssh加速
7、有外网ip地址的配置防火墙,仅放行需要开启的服务,关闭selinux
8、配置服务器时间同步
9、初始化用户配置普通用户sudo权限
10、修改系统字符集等
[root@lamp01 scripts]# cat sys.sh #!/bin/bash #no.1 if [ $UID != 0 ];then echo "pls run this scripts must by root." fi . /etc/init.d/functions #no.2 check_yum(){ Base=/etc/yum.repos.d/CentOS-Base.repo if [ `grep aliyun $Base|wc -l` -ge 1 ];then action "$Base config" /bin/true else action "$Base config" /bin/false fi } #no.3 check_selinux(){ config=/etc/selinux/config if [ `grep "SELINUX=disabled" $config|wc -l ` -ge 1 ];then action "$config config" /bin/true else action "$config config" /bin/false fi } #no.4 close_iptables(){ /etc/init.d/iptables stop chkconfig iptables off } #no.5 check_service(){ export LANG=en if [ `chkconfig|grep 3:on|egrep "crond|sshd|network|rsyslog|sysstat"|wc -l` -eq 5 ] then action "sys service init" /bin/true else action "sys service init" /bin/false fi #no.6 adduser(){ if [ $(grep -w martin123 /etc/passwd|wc -l) -lt 1 ];then useradd martin123 echo 123456|passwd --stdin martin123 \cp /etc/sudoers /etc/sudoers.ori echo "martin123 ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers visudo -c &>/dev/null fi } #no.7 charset(){ cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori echo ‘LANG="zh_CN.UTF-8"‘ >/etc/sysconfig/i18n source /etc/sysconfig/i18n } #no.8 time_sync(){ cron=/var/spool/cron/root if [ `grep -w "ntpdate" $cron|wc -l` -lt 1 ];then echo ‘#time sync by martin‘ >>$cron echo ‘*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1‘ >>$cron #crontab -l fi } #no.9 line_set(){ if [ `egrep "TMOUT|HISTSIZE|HISTFILESIZE" /etc/profile|wc -l` -lt 3 ];then echo ‘export TMOUT=300‘ >>/etc/profile echo ‘export HISTSIZE=5‘ >>/etc/profile echo ‘export HISTFILESIZE=5‘ >>/etc/profile . /etc/profile fi } #no.10 check_open_file(){ limits=/etc/security/limits.conf if [ `grep 65535 $limits|wc -l` -eq 1 ] then action "$limits" /bin/true else action "$limits" /bin/false fi #no.11 kernet_set(){ if [ `grep kernel_flag /etc/sysctl.conf|wc -l` -lt 1 ] then cat >>/etc/sysctl.conf<<EOF #kernel_flag net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 EOF sysctl -p fi } #no.12 init_ssh(){ \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"` #sed -i ‘s%#Port 22%Port 49721%‘ /etc/ssh/sshd_config sed -i ‘s%#PermitRootLogin yes%PermitRootLogin no%‘ /etc/ssh/sshd_config sed -i ‘s%#PermitEmptyPasswords no%PermitEmptyPasswords no%‘ /etc/ssh/sshd_config sed -i ‘s%#UseDNS yes%UseDNS no%‘ /etc/ssh/sshd_config /etc/init.d/sshd reload &>/dev/null } #no.13 update_linux(){ if [ `rpm -qa lrzsz nmap tree dos2unix nc|wc -l` -le 3 ];then yum install lrzsz nmap tree dos2unix nc -y fi } main(){ check_yum check_selinux check_service check_open_file adduser line_set init_ssh update_linux kernet_set charset time_sync close_iptables } main
标签:log file amp crontab top dev use yum源 UI
原文地址:https://www.cnblogs.com/hellojackyleon/p/9005055.html