zoukankan      html  css  js  c++  java

  • [ 脚本 ] RHEL6.x 及Centos6.x 初始化脚本

    #!/bin/bash

# check network 
echo "-------------check Network-------------"
ping -c 1 -t 1 mirrors.aliyun.com >/dev/null 2>&1
if [[ $? == 2 ]]; then
    echo "nameserver 61.134.1.4
nameserver 218.30.19.40" > /etc/resolv.conf
fi
ping -c 1 -t 1 www.baidu.com >/dev/null 2>&1
if [[ $? == 2 ]]; then
    echo "Network err!"
    exit
else
    echo "Network OK."
fi

# set hostname
IP=$(ifconfig  | grep cas | awk -F '[ :]+' '{print $4}')
sed -i "s/localhost.localdomain/$IP/g" /etc/sysconfig/network
hostname $IP
# update yum

echo "-------------update Yum-------------"
rm -rf /etc/yum.repos.d/* && curl http://mirrors.aliyun.com/repo/Centos-6.repo > /etc/yum.repos.d/CentOS-Base.repo
sed -i 's/$releasever/6/g' /etc/yum.repos.d/CentOS-Base.repo  # 如果是centos系统,请删除本行。
yum clean all && yum makecache
yum install -y ntp vim 

if [ -f /usr/sbin/ntpdate ];then
    /usr/sbin/ntpdate tiger.sina.com.cn
    /sbin/hwclock -w
else
    echo "ntpdate can't found !"
    exit 
fi
echo "* 3 * * * /usr/sbin/ntpdate tiger.sina.com.cn > /dev/null 2>&1" >> /etc/crontab
/etc/init.d/crond restart

# set ulimit

echo "-------------set ulimit-------------"
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*               soft    nproc           65535
*               hard    nproc           65535
*               soft    nofile          65535
*               hard    nofile          65535
EOF

# set sysctl

echo "-------------set sysctl-------------"
cat >> /etc/sysctl.conf << EOF
fs.file-max = 655350
net.ipv4.ip_local_port_range = 1024 65500
net.ipv4.tcp_max_tw_buckets = 1500
net.ipv4.tcp_max_syn_backlog = 1500
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 120
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 2000
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"

# disable ipv6

echo "-------------disable ipv6-------------"
echo "alias net-pf-10 off" >> /etc/modprobe.d/ipv6off.conf
echo "alias ipv6 off" >> /etc/modprobe.d/ipv6off.conf
/sbin/chkconfig --level 35 ip6tables off
echo "ipv6 is disabled!"

# set ssh
echo "-------------set ssh-------------"
SSH_PORT=50000

sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
sed -i "s/#MaxAuthTries 6/MaxAuthTries 6/" /etc/ssh/sshd_config
sed -i  "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
service sshd restart

# set iptables 
echo "-------------set iptables-------------"
cat > /etc/sysconfig/iptables << EOF
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 2200,80 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 50000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
EOF
#/etc/init.d/iptables restart
echo "----------------------finished-------------------------"
read -p 'reboot? (y/n): ' yn
if [ $yn == 'y' -o $yn == 'Y' ];then
   reboot
else 
   exit
fi

    PS: 执行本脚本后,ssh端口修改为50000

  • 相关阅读:
    2020-2021-1 20201217《信息安全专业导论》第十一周学习总结
    python模拟进程状态
    博客文章汇总
    20201225 张晓平《信息安全专业导论》第十三周学习总结
    网站设计
    gpg
    20201225 张晓平《信息安全专业导论》第十二周学习总结
    wire shark
    ssh
    成绩调节
  • 原文地址:https://www.cnblogs.com/hukey/p/5317791.html
Copyright © 2011-2022 走看看