zoukankan      html  css  js  c++  java

  • shell基础优化脚本

      1 #!/bin/bash
  2 #########################################################
  3 #Created Time: Tue Aug  7 01:29:09 2018                 #
  4 #version:1.0    by:kingle    Mail: kingle122@vip.qq.com #
  5 #基于oldboy书籍优化编写                                    #
  6 #实现功能:一键系统优化15项脚本,适用于Centos6.x               #
  7 #########################################################
  8 #Source function library.
  9 . /etc/init.d/functions
 10 #date
 11 DATE=`date +"%y-%m-%d %H:%M:%S"`
 12 #ip
 13 IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
 14 #hostname
 15 HOSTNAME=`hostname -s`
 16 #user
 17 USER=`whoami`
 18 #disk_check
 19 DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
 20 #cpu_average_check
 21 cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
 22 #set LANG
 23 export LANG=zh_CN.UTF-8
 24 #Require root to run this script.
 25 uid=`id | cut -d( -f1 | cut -d= -f2`
 26 if [ $uid -ne 0 ];then
 27   action "Please run this script as root." /bin/false
 28   exit 1
 29 fi
 30 #"stty erase ^H"
 31 cp /root/.bash_profile  /root/.bash_profile_$(date +%F)
 32 erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
 33 if [ $erase -lt 1 ];then
 34     echo "stty erase ^H" >>/root/.bash_profile
 35     source /root/.bash_profile
 36 fi
 37 #Config Yum CentOS-Bases.repo and save Yum file
 38 configYum(){
 39 echo "================更新为国内YUM源=================="
 40   cd /etc/yum.repos.d/
 41   cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
 42   ping -c 1 mirrors.aliyun.com >/dev/null
 43   if [ $? -eq 0 ];then
 44   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
 45   else
 46     echo "无法连接网络。"
 47     exit $?
 48   fi
 49 echo "==============保存YUM源文件======================"
 50 sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf     
 51 grep keepcache /etc/yum.conf
 52 sleep 5
 53 action "配置国内YUM完成"  /bin/true
 54 echo "================================================="
 55 echo ""
 56   sleep 2
 57 }
 58 #Charset zh_CN.UTF-8
 59 initI18n(){
 60 echo "================更改为中文字符集================="
 61   cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
 62 >/etc/sysconfig/i18n
 63 cat >>/etc/sysconfig/i18n<<EOF
 64 LANG="zh_CN.UTF-8"
 65 #LANG="en_US.UTF-8"
 66 SYSFONT="latarcyrheb-sun16"
 67 EOF
 68   source /etc/sysconfig/i18n
 69   echo '#cat /etc/sysconfig/i18n'
 70   grep LANG /etc/sysconfig/i18n
 71 action "更改字符集zh_CN.UTF-8完成" /bin/true
 72 echo "================================================="
 73 echo ""
 74   sleep 2
 75 }
 76 #Close Selinux and Iptables
 77 initFirewall(){
 78 echo "============禁用SELINUX及关闭防火墙=============="
 79   cp /etc/selinux/config /etc/selinux/config.$(date +%F)
 80   /etc/init.d/iptables stop
 81   sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
 82   setenforce 0
 83   /etc/init.d/iptables status
 84   echo '#grep SELINUX=disabled /etc/selinux/config ' 
 85   grep SELINUX=disabled /etc/selinux/config 
 86   echo '#getenforce '
 87   getenforce 
 88 action "禁用selinux及关闭防火墙完成" /bin/true
 89 echo "================================================="
 90 echo ""
 91   sleep 2
 92 }
 93 #Init Auto Startup Service
 94 initService(){
 95 echo "===============精简开机自启动===================="
 96   export LANG="en_US.UTF-8"
 97   for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
 98   for B in rsyslog network sshd crond sysstat;do chkconfig $B on;done
 99   echo '+--------which services on---------+'
100   chkconfig --list |grep 3:on
101   echo '+----------------------------------+'
102   export LANG="zh_CN.UTF-8"
103 action "精简开机自启动完成" /bin/true
104 echo "================================================="
105 echo ""
106   sleep 2
107 }
108 #Removal system and kernel version login before the screen display
109 initRemoval(){
110 echo "======去除系统及内核版本登录前的屏幕显示======="
111 #must use root user run scripts
112 if    
113    [ $UID -ne 0 ];then
114    echo This script must use the root user ! ! ! 
115    sleep 2
116    exit 0
117 fi
118     >/etc/redhat-release
119     >/etc/issue
120 action "去除系统及内核版本登录前的屏幕显示" /bin/true
121 echo "================================================="
122 echo ""
123   sleep 2
124 }
125 #Change sshd default port and prohibit user root remote login.
126 initSsh(){
127 echo "========修改ssh默认端口禁用root远程登录=========="
128   cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
129   sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
130   sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
131   sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
132   sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
133   echo '+-------modify the sshd_config-------+'
134   echo 'Port 52113'
135   echo 'PermitEmptyPasswords no'
136   echo 'PermitRootLogin no'
137   echo 'UseDNS no'
138   echo '+------------------------------------+'
139   /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
140 echo "================================================="
141 echo ""
142   sleep 2
143 }
144 #time sync
145 syncSysTime(){
146 echo "================配置时间同步====================="
147   cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
148   NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
149   if [ $NTPDATE -eq 0 ];then
150     echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
151     echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com &>/dev/null" >> /var/spool/cron/root
152   fi
153   echo '#crontab -l'  
154   crontab -l
155 action "配置时间同步完成" /bin/true
156 echo "================================================="
157 echo ""
158   sleep 2
159 }
160 #install tools
161 initTools(){
162     echo "#####安装升级系统补装工具及重要工具升级(选择最小化安装minimal)#####"
163     ping -c 2 mirrors.aliyun.com
164     sleep 2
165     yum install tree nmap sysstat lrzsz dos2unix -y
166     sleep 2
167     rpm -qa tree nmap sysstat lrzsz dos2unix
168     sleep 2
169     yum install openssl openssh bash -y
170     sleep 2
171 action "安装升级系统补装工具及重要工具升级(选择最小化安装minimal)" /bin/true
172 echo "================================================="
173 echo ""
174   sleep 2
175 }
176 #add user and give sudoers
177 addUser(){
178 echo "===================新建用户======================"
179 #add user
180 while true
181 do  
182     read -p "请输入新用户名:" name
183     NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
184     if [ ${#name} -eq 0 ];then
185        echo "用户名不能为空,请重新输入。"
186        continue
187     elif [ $NAME -eq 1 ];then
188        echo "用户名已存在,请重新输入。"
189        continue
190     fi
191 useradd $name
192 break
193 done
194 #create password
195 while true
196 do
197     read -p "为 $name 创建一个密码:" pass1
198     if [ ${#pass1} -eq 0 ];then
199        echo "密码不能为空,请重新输入。"
200        continue
201     fi
202     read -p "请再次输入密码:" pass2
203     if [ "$pass1" != "$pass2" ];then
204        echo "两次密码输入不相同,请重新输入。"
205        continue
206     fi
207 echo "$pass2" |passwd --stdin $name
208 break
209 done
210 sleep 1
211 #add visudo
212 echo "#####add visudo#####"
213 cp /etc/sudoers /etc/sudoers.$(date +%F)
214 SUDO=`grep -w "$name" /etc/sudoers |wc -l`
215 if [ $SUDO -eq 0 ];then
216     echo "$name  ALL=(ALL)       NOPASSWD: ALL" >>/etc/sudoers
217     echo '#tail -1 /etc/sudoers'
218     grep -w "$name" /etc/sudoers
219     sleep 1
220 fi
221 action "创建用户$name并将其加入visudo完成"  /bin/true
222 echo "================================================="
223 echo ""
224 sleep 2
225 }
226 #Adjust the file descriptor(limits.conf)
227 initLimits(){
228 echo "===============加大文件描述符===================="
229   LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
230   if [ $LIMIT -eq 0 ];then
231   cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
232   echo '*                  -        nofile         65535'>>/etc/security/limits.conf
233   fi
234   echo '#tail -1 /etc/security/limits.conf'
235   tail -1 /etc/security/limits.conf
236   ulimit -HSn 65535
237   echo '#ulimit -n'
238   ulimit -n
239 action "配置文件描述符为65535" /bin/true
240 echo "================================================="
241 echo ""
242 sleep 2
243 }
244 #set ssh
245 initSsh(){
246 echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
247 sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
248 sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
249 service sshd restart
250 action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
251 echo "================================================="
252 echo ""
253 sleep 2
254 }
255 #set the control-alt-delete to guard against the miSUSE
256 initRestart(){
257 sed -i 's#exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
258 action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
259 echo "================================================="
260 echo ""
261 sleep 2
262 }
263 #Optimizing the system kernel
264 initSysctl(){
265 echo "================优化内核参数====================="
266 SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
267 if [ $SYSCTL -lt 10 ];then
268 cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
269 cat >>/etc/sysctl.conf<<EOF
270 net.ipv4.tcp_fin_timeout = 2
271 net.ipv4.tcp_tw_reuse = 1
272 net.ipv4.tcp_tw_recycle = 1
273 net.ipv4.tcp_syncookies = 1
274 net.ipv4.tcp_keepalive_time = 600
275 net.ipv4.ip_local_port_range = 4000 65000
276 net.ipv4.tcp_max_syn_backlog = 16384
277 net.ipv4.tcp_max_tw_buckets = 36000
278 net.ipv4.route.gc_timeout = 100
279 net.ipv4.tcp_syn_retries = 1
280 net.ipv4.tcp_synack_retries = 1
281 net.core.somaxconn = 16384
282 net.core.netdev_max_backlog = 16384
283 net.ipv4.tcp_max_orphans = 16384
284 net.netfilter.nf_conntrack_max = 25000000
285 net.netfilter.nf_conntrack_tcp_timeout_established = 180
286 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
287 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
288 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
289 EOF
290 fi
291   cp /etc/rc.local /etc/rc.local.$(date +%F)  
292   modprobe nf_conntrack
293   echo "modprobe nf_conntrack">> /etc/rc.local
294   modprobe bridge
295   echo "modprobe bridge">> /etc/rc.local
296   sysctl -p  
297 action "内核调优完成" /bin/true
298 echo "================================================="
299 echo ""
300   sleep 2
301 }
302 #setting history and login timeout
303 initHistory(){
304 echo "======设置默认历史记录数和连接超时时间======"
305 echo "TMOUT=300" >>/etc/profile
306 echo "HISTSIZE=5" >>/etc/profile
307 echo "HISTFILESIZE=5" >>/etc/profile
308 tail -3 /etc/profile
309 source /etc/profile
310 action "设置默认历史记录数和连接超时时间" /bin/true
311 echo "================================================="
312 echo ""
313 sleep 2
314 }
315 #chattr file system
316 initChattr(){
317 echo "======锁定关键文件系统======"
318 chattr +i /etc/passwd
319 chattr +i /etc/inittab
320 chattr +i /etc/group
321 chattr +i /etc/shadow
322 chattr +i /etc/gshadow
323 /bin/mv /usr/bin/chattr /usr/bin/lock
324 action "锁定关键文件系统" /bin/true
325 echo "================================================="
326 echo ""
327 sleep 2
328 }
329 del_file(){
330 echo "======定时清理邮件任务======"
331 [ -f /server/scripts/ ] || mkdir -p /server/scripts/
332 echo "find /var/spool/postfix/maildrop/ -type f|xargs rm -f" >/server/scripts/del_file.sh
333 echo '#this is del mail task by kingle at 2018-8-8' >>/var/spool/cron/root
334 echo "*/1 * * * * /bin/bash /server/scripts/del_file.sh &>/dev/null" >>/var/spool/cron/root
335 echo "================================================="
336 echo ""
337 sleep 2
338 }
339 hide_info(){
340 echo "======!!隐藏系统信息!!======"    
341 echo "======此项注意不要自己忘记了那就没救了======"
342 echo "======不建议使用======"
343 Version_information=`cat /etc/issue|grep "CentOS"`
344 >/etc/issue 
345 >/etc/issue.net
346 if [ `cat /etc/issue|grep cent|wc -l` -eq 0 -a `cat /etc/issue|grep cent|wc -l` -eq 0 ];then
347 echo "======清除成功====="
348 else
349 >/etc/issue 
350 >/etc/issue.net
351 fi
352 echo "$Version_information"
353 echo "=====认准本系统版本======"
354 sleep 10
355 echo "================================================="
356 }
357 grub_md5(){
358 echo "======grub_md5加密======"
359 echo "======命令行输入:/sbin/grub-md5-crypt 进行交互式加密======"
360 echo "把密码写入/etc/grub.conf 格式:password --MD5 密码"
361 echo ""
362 sleep 10
363 }
364 ban_ping(){
365     #内网可以ping 其他不能ping 这个由于自己也要ping测试不一定要设置
366 echo '#内网可以ping 其他不能ping 这个由于自己也要ping测试不一定要设置'
367 echo 'iptables -t filter -I INPUT -p icmp --icmp-type 8 -i eth0 -s 10.0.0.0/24 -j ACCEPT'
368 sleep 10
369 }
370 
371 #menu2
372 menu2(){
373 while true
374 do
375 clear
376 cat <<EOF
377 ----------------------------------------
378 |****Please Enter Your Choice:[0-15]****|
379 ----------------------------------------
380 (1)  新建一个用户并将其加入visudo
381 (2)  配置为国内YUM源镜像和保存YUM源文件
382 (3)  配置中文字符集
383 (4)  禁用SELINUX及关闭防火墙
384 (5)  精简开机自启动
385 (6)  去除系统及内核版本登录前的屏幕显示
386 (7)  修改ssh默认端口及禁用root远程登录
387 (8)  设置时间同步
388 (9)  安装系统补装工具(选择最小化安装minimal)
389 (10) 加大文件描述符
390 (11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
391 (12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
392 (13) 系统内核调优
393 (14) 设置默认历史记录数和连接超时时间
394 (15) 锁定关键文件系统
395 (16) 定时清理邮件任务
396 (17) 隐藏系统信息
397 (18) grub_md5加密
398 (19) ban_ping
399 (0) 返回上一级菜单
400 
401 EOF
402 read -p "Please enter your Choice[0-15]: " input2
403 case "$input2" in
404   0)
405   clear
406   break 
407   ;;
408   1)
409   addUser
410   ;;
411   2)
412   configYum
413   ;;
414   3)
415   initI18n
416   ;;
417   4)
418   initFirewall
419   ;;
420   5)
421   initService
422   ;;
423   6)
424   initRemoval
425   ;;
426   7)
427   initSsh
428   ;;
429   8)
430   syncSysTime
431   ;;
432   9)
433   initTools
434   ;;
435   10)
436   initLimits
437   ;;
438   11)
439   initSsh
440   ;;
441   12)
442   initRestart
443   ;;
444   13)
445   initSysctl
446   ;;
447   14)
448   initHistory
449   ;;
450   15)
451   initChattr
452   ;;
453   16)
454   del_file
455   ;;
456   17)
457   hide_info
458   ;;
459   18)
460   grub_md5
461   ;;
462   19)
463   ban_ping
464   ;;
465   *) echo "----------------------------------"
466      echo "|          Warning!!!            |"
467      echo "|   Please Enter Right Choice!   |"
468      echo "----------------------------------"
469      for i in `seq -w 3 -1 1`
470        do 
471          echo -ne "$i";
472   sleep 1;
473      done
474      clear
475 esac
476 done
477 }
478 #initTools
479 #menu
480 while true
481 do
482 clear
483 echo "========================================"
484 echo '          Linux Optimization            '   
485 echo "========================================"
486 cat << EOF
487 |-----------System Infomation-----------
488 | DATE       :$DATE
489 | HOSTNAME   :$HOSTNAME
490 | USER       :$USER
491 | IP         :$IPADDR
492 | DISK_USED  :$DISK_SDA
493 | CPU_AVERAGE:$cpu_uptime
494 ----------------------------------------
495 |****Please Enter Your Choice:[1-3]****|
496 ----------------------------------------
497 (1) 一键优化
498 (2) 自定义优化
499 (3) 退出
500 EOF
501 #choice
502 read -p "Please enter your choice[0-3]: " input1
503 case "$input1" in
504 1) 
505   addUser
506   configYum
507   initI18n
508   initFirewall
509   initService
510   initRemoval
511   initSsh
512   syncSysTime
513   initTools
514   initLimits
515   initSsh
516   initRestart
517   initSysctl
518   initHistory
519   initChattr
520   ;;
521 2)
522   menu2
523   ;;
524 3) 
525   clear 
526   break
527   ;;
528 *)   
529   echo "----------------------------------"
530   echo "|          Warning!!!            |"
531   echo "|   Please Enter Right Choice!   |"
532   echo "----------------------------------"
533   for i in `seq -w 3 -1 1`
534       do
535         echo -ne "$i";
536         sleep 1;
537   done
538   clear
539 esac  
540 done

    --- 借鉴于各路大神---

    ----致谢----
  • 相关阅读:
    解决uc浏览器不支持vw单位的方法
    调整网页适应移动端设备
    鼠标滚轮事件
    Sublime Text 3 快捷键总结(拿走)
    HTML+CSS图文排版
    焦点轮播图(一)
    前端各种库的在线引入地址
    HTML表格的基本操作
    23 服务的绑定启动Demo3
    23 服务的启动Demo2
  • 原文地址:https://www.cnblogs.com/kingle-study/p/9431049.html
Copyright © 2011-2022 走看看