#!/bin/bash ################################################# # --Info # Initialization CentOS 7.x script ################################################# # Auther: shaonbean@qq.com # Changelog: # 20180710 wanghui initial create # 20190820 jiangyin update ################################################# # set parameter Password="password" # Check if user is root # if [ $(id -u) != "0" ]; then echo "Error: You must be root to run this script, please use root to initialization OS." exit 1 fi echo "+------------------------------------------------------------------------+" echo "| To initialization the system for security and performance |" echo "+------------------------------------------------------------------------+" # add yunwei user user_add() { # personal user id -u jy if [ $? -ne 0 ];then useradd -s /bin/bash -d /home/jy -m jy && echo $Password | passwd --stdin jy && echo "jy ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/jy else echo "user jy is already exist." fi } # delete useless user and group user_del() { userdel -r adm userdel -r lp userdel -r games userdel -r ftp groupdel adm groupdel lp groupdel games groupdel video groupdel ftp } # update system & install pakeage system_update(){ nameserver=`grep nameserver /etc/resolv.conf | wc -l` if [ $nameserver -ge 1 ];then echo nameserver is exist. else echo add nameserver in /etc/resolv.conf echo "nameserver 114.114.114.114" >>/etc/resolv.conf fi echo "*** Starting update system && install tools pakeage... ***" yum install epel-release -y && yum -y update yum clean all && yum makecache yum -y install vim openssh-clients iftop iotop sysstat lsof telnet traceroute tree man net-tools dstat ntpdate git egrep [ $? -eq 0 ] && echo "System upgrade && install pakeages complete." } # Set timezone synchronization timezone_config() { echo "Setting timezone..." /usr/bin/timedatectl | grep "Asia/Shanghai" if [ $? -eq 0 ];then echo "System timezone is Asia/Shanghai." else timedatectl set-local-rtc 0 && timedatectl set-timezone Asia/Shanghai fi # config chrony yum -y install chrony sed -i '$a 192.168.0.205 time.aniu.so' /etc/hosts sed -i 's/server 0.centos.pool.ntp.org iburst/server time.aniu.so iburst/g' /etc/chrony.conf systemctl start chronyd.service && systemctl enable chronyd.service [ $? -eq 0 ] && echo "Setting timezone && Sync network time complete." } # disable selinux selinux_config() { sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 echo "Dsiable selinux complete." } # ulimit comfig ulimit_config() { echo "Starting config ulimit..." cat >> /etc/security/limits.conf <<EOF * soft nproc 8192 * hard nproc 8192 * soft nofile 8192 * hard nofile 8192 EOF ulimit -n 8192 [ $? -eq 0 ] && echo "Ulimit config complete!" } # sshd config sshd_config(){ echo "Starting config sshd..." sed -i '/^#Port/s/#Port 22/Port 54077/g' /etc/ssh/sshd_config sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config #if you do not want to allow root login,please open below #sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config systemctl restart sshd [ $? -eq 0 ] && echo "SSH config complete." } # firewalld config disable_firewalld(){ echo "Starting disable firewalld..." rpm -qa | grep firewalld >> /dev/null if [ $? -eq 0 ];then systemctl stop firewalld && systemctl disable firewalld [ $? -eq 0 ] && echo "Disable firewalld complete." else echo "Firewalld not install." fi } # vim config vim_config() { echo "Starting vim config..." /usr/bin/egrep pastetoggle /etc/vimrc >> /dev/null if [ $? -eq 0 ];then echo "vim already config" else # sed -i '$ aset bg=dark set pastetoggle=<F9>' /etc/vimrc sed -i '$ aset bg=dark' /etc/vimrc fi } # sysctl config config_sysctl() { echo "Staring config sysctl..." /usr/bin/cp -f /etc/sysctl.conf /etc/sysctl.conf.bak cat > /etc/sysctl.conf << EOF vm.swappiness = 0 vm.dirty_ratio = 20 vm.dirty_background_ratio = 5 fs.suid_dumpable = 0 net.core.somaxconn = 65535 net.core.netdev_max_backlog = 262144 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_max_tw_buckets = 8000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.conf.all.rp_filter = 1 EOF /usr/sbin/sysctl -p [ $? -eq 0 ] && echo "Sysctl config complete." } # ipv6 config disable_ipv6() { echo "Starting disable ipv6..." sed -i '$ a et.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1' /etc/sysctl.conf sed -i '$ aAddressFamily inet' /etc/ssh/sshd_config systemctl restart sshd /usr/sbin/sysctl -p } # password config password_config() { # /etc/login.defs /etc/security/pwquality.conf sed -i 's/PASS_MIN_LEN 5/PASS_MIN_LEN 8/g' /etc/login.defs authconfig --passminlen=8 --update #at least 8 character authconfig --passminclass=2 --update #at least 2 kinds of Character class authconfig --enablereqlower --update #at least 1 Lowercase letter authconfig --enablerequpper --update #at least 1 Capital letter [ $? -eq 0 ] && echo "Config password rule complete." } # disable no use service disable_serivces() { systemctl stop postfix && systemctl disable postfix [ $? -eq 0 ] && echo "Disable postfix service complete." } #main function main(){ user_add user_del system_update timezone_config selinux_config ulimit_config sshd_config disable_firewalld vim_config config_sysctl disable_ipv6 password_config disable_serivces } # execute main functions main echo "+------------------------------------------------------------------------+" echo "| To initialization system all completed !!! |" echo "+------------------------------------------------------------------------+" ———————————————— 版权声明:本文为CSDN博主「诸葛冰玄」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。 原文链接:https://blog.csdn.net/embrace99999/article/details/100096797