zoukankan      html  css  js  c++  java

  • 适用于Centos6.x系统的15项优化脚本

      1#!/bin/bash
  2# Date: 2018-6-8
  3#version:1.2
  4#实现功能:一键系统优化15项脚本,适用于Centos6.x
  5################################################
  6#Source function library.
  7. /etc/init.d/functions
  8#date
  9DATE=`date +"%y-%m-%d %H:%M:%S"`
 10#ip
 11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
 12#hostname
 13HOSTNAME=`hostname -s`
 14#user
 15USER=`whoami`
 16#disk_check
 17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
 18#cpu_average_check
 19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
 20#set LANG
 21export LANG=zh_CN.UTF-8
 22#Require root to run this script.
 23uid=`id | cut -d( -f1 | cut -d= -f2`
 24if [ $uid -ne 0 ];then
 25  action "Please run this script as root." /bin/false
 26  exit 1
 27fi
 28#"stty erase ^H"
 29cp /root/.bash_profile  /root/.bash_profile_$(date +%F)
 30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
 31if [ $erase -lt 1 ];then
 32    echo "stty erase ^H" >>/root/.bash_profile
 33    source /root/.bash_profile
 34fi
 35#Config Yum CentOS-Bases.repo and save Yum file
 36configYum(){
 37echo "================更新为国内YUM源=================="
 38  cd /etc/yum.repos.d/
 39  cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
 40  ping -c 1 mirrors.aliyun.com >/dev/null
 41  if [ $? -eq 0 ];then
 42  wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
 43  else
 44    echo "无法连接网络。"
 45    exit $?
 46  fi
 47echo "==============保存YUM源文件======================"
 48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf     
 49grep keepcache /etc/yum.conf
 50sleep 5
 51action "配置国内YUM完成"  /bin/true
 52echo "================================================="
 53echo ""
 54  sleep 2
 55}
 56#Charset zh_CN.UTF-8
 57initI18n(){
 58echo "================更改为中文字符集================="
 59  cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
 60>/etc/sysconfig/i18n
 61cat >>/etc/sysconfig/i18n<<EOF
 62LANG="zh_CN.UTF-8"
 63#LANG="en_US.UTF-8"
 64SYSFONT="latarcyrheb-sun16"
 65EOF
 66  source /etc/sysconfig/i18n
 67  echo '#cat /etc/sysconfig/i18n'
 68  grep LANG /etc/sysconfig/i18n
 69action "更改字符集zh_CN.UTF-8完成" /bin/true
 70echo "================================================="
 71echo ""
 72  sleep 2
 73}
 74#Close Selinux and Iptables
 75initFirewall(){
 76echo "============禁用SELINUX及关闭防火墙=============="
 77  cp /etc/selinux/config /etc/selinux/config.$(date +%F)
 78  /etc/init.d/iptables stop
 79  sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
 80  setenforce 0
 81  /etc/init.d/iptables status
 82  echo '#grep SELINUX=disabled /etc/selinux/config ' 
 83  grep SELINUX=disabled /etc/selinux/config 
 84  echo '#getenforce '
 85  getenforce 
 86action "禁用selinux及关闭防火墙完成" /bin/true
 87echo "================================================="
 88echo ""
 89  sleep 2
 90}
 91#Init Auto Startup Service
 92initService(){
 93echo "===============精简开机自启动===================="
 94  export LANG="en_US.UTF-8"
 95  for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
 96  for B in rsyslog network sshd crond;do chkconfig $B on;done
 97  echo '+--------which services on---------+'
 98  chkconfig --list |grep 3:on
 99  echo '+----------------------------------+'
100  export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo "================================================="
103echo ""
104  sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo "======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if    
111   [ $UID -ne 0 ];then
112   echo This script must use the root user ! ! ! 
113   sleep 2
114   exit 0
115fi
116    >/etc/redhat-release
117    >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo "================================================="
120echo ""
121  sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo "========修改ssh默认端口禁用root远程登录=========="
126  cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127  sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128  sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129  sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130  sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131  echo '+-------modify the sshd_config-------+'
132  echo 'Port 52113'
133  echo 'PermitEmptyPasswords no'
134  echo 'PermitRootLogin no'
135  echo 'UseDNS no'
136  echo '+------------------------------------+'
137  /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo "================================================="
139echo ""
140  sleep 2
141}
142#time sync
143syncSysTime(){
144echo "================配置时间同步====================="
145  cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146  NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147  if [ $NTPDATE -eq 0 ];then
148    echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149    echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150  fi
151  echo '#crontab -l'  
152  crontab -l
153action "配置时间同步完成" /bin/true
154echo "================================================="
155echo ""
156  sleep 2
157}
158#install tools
159initTools(){
160    echo "#####安装系统补装工具(选择最小化安装minimal)#####"
161    ping -c 2 mirrors.aliyun.com
162    sleep 2
163    yum install tree nmap sysstat lrzsz dos2unix -y
164    sleep 2
165    rpm -qa tree nmap sysstat lrzsz dos2unix
166    sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo "================================================="
169echo ""
170  sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo "===================新建用户======================"
175#add user
176while true
177do  
178    read -p "请输入新用户名:" name
179    NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180    if [ ${#name} -eq 0 ];then
181       echo "用户名不能为空,请重新输入。"
182       continue
183    elif [ $NAME -eq 1 ];then
184       echo "用户名已存在,请重新输入。"
185       continue
186    fi
187useradd $name
188break
189done
190#create password
191while true
192do
193    read -p "为 $name 创建一个密码:" pass1
194    if [ ${#pass1} -eq 0 ];then
195       echo "密码不能为空,请重新输入。"
196       continue
197    fi
198    read -p "请再次输入密码:" pass2
199    if [ "$pass1" != "$pass2" ];then
200       echo "两次密码输入不相同,请重新输入。"
201       continue
202    fi
203echo "$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo "#####add visudo#####"
209cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212    echo "$name  ALL=(ALL)       NOPASSWD: ALL" >>/etc/sudoers
213    echo '#tail -1 /etc/sudoers'
214    grep -w "$name" /etc/sudoers
215    sleep 1
216fi
217action "创建用户$name并将其加入visudo完成"  /bin/true
218echo "================================================="
219echo ""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo "===============加大文件描述符===================="
225  LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226  if [ $LIMIT -eq 0 ];then
227  cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228  echo '*                  -        nofile         65535'>>/etc/security/limits.conf
229  fi
230  echo '#tail -1 /etc/security/limits.conf'
231  tail -1 /etc/security/limits.conf
232  ulimit -HSn 65535
233  echo '#ulimit -n'
234  ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo "================================================="
237echo ""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo "================================================="
248echo ""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo "================================================="
256echo ""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo "================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287  cp /etc/rc.local /etc/rc.local.$(date +%F)  
288  modprobe nf_conntrack
289  echo "modprobe nf_conntrack">> /etc/rc.local
290  modprobe bridge
291  echo "modprobe bridge">> /etc/rc.local
292  sysctl -p  
293action "内核调优完成" /bin/true
294echo "================================================="
295echo ""
296  sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo "======设置默认历史记录数和连接超时时间======"
301echo "TMOUT=300" >>/etc/profile
302echo "HISTSIZE=5" >>/etc/profile
303echo "HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo "================================================="
308echo ""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo "======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo "================================================="
322echo ""
323sleep 2
324}
325#menu2
326menu2(){
327while true
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1)  新建一个用户并将其加入visudo
335(2)  配置为国内YUM源镜像和保存YUM源文件
336(3)  配置中文字符集
337(4)  禁用SELINUX及关闭防火墙
338(5)  精简开机自启动
339(6)  去除系统及内核版本登录前的屏幕显示
340(7)  修改ssh默认端口及禁用root远程登录
341(8)  设置时间同步
342(9)  安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case "$input2" in
353  0)
354  clear
355  break 
356  ;;
357  1)
358  addUser
359  ;;
360  2)
361  configYum
362  ;;
363  3)
364  initI18n
365  ;;
366  4)
367  initFirewall
368  ;;
369  5)
370  initService
371  ;;
372  6)
373  initRemoval
374  ;;
375  7)
376  initSsh
377  ;;
378  8)
379  syncSysTime
380  ;;
381  9)
382  initTools
383  ;;
384  10)
385  initLimits
386  ;;
387  11)
388  initSsh
389  ;;
390  12)
391  initRestart
392  ;;
393  13)
394  initSysctl
395  ;;
396  14)
397  initHistory
398  ;;
399  15)
400  initChattr
401  ;;
402  *) echo "----------------------------------"
403     echo "|          Warning!!!            |"
404     echo "|   Please Enter Right Choice!   |"
405     echo "----------------------------------"
406     for i in `seq -w 3 -1 1`
407       do 
408         echo -ne "$i";
409  sleep 1;
410     done
411     clear
412esac
413done
414}
415#initTools
416#menu
417while true
418do
419clear
420echo "========================================"
421echo '          Linux Optimization            '   
422echo "========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE       :$DATE
426| HOSTNAME   :$HOSTNAME
427| USER       :$USER
428| IP         :$IPADDR
429| DISK_USED  :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case "$input1" in
4411) 
442  addUser
443  configYum
444  initI18n
445  initFirewall
446  initService
447  initRemoval
448  initSsh
449  syncSysTime
450  initTools
451  initLimits
452  initSsh
453  initRestart
454  initSysctl
455  initHistory
456  initChattr
457  ;;
4582)
459  menu2
460  ;;
4613) 
462  clear 
463  break
464  ;;
465*)   
466  echo "----------------------------------"
467  echo "|          Warning!!!            |"
468  echo "|   Please Enter Right Choice!   |"
469  echo "----------------------------------"
470  for i in `seq -w 3 -1 1`
471      do
472        echo -ne "$i";
473        sleep 1;
474  done
475  clear
476esac  
477done

      

     1#!/bin/bash
     2# Date: 2018-6-8
     3#version:1.2
     4#实现功能:一键系统优化15项脚本,适用于Centos6.x
     5################################################
     6#Source function library.
     7. /etc/init.d/functions
     8#date
     9DATE=`date +"%y-%m-%d %H:%M:%S"`
    10#ip
    11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
    12#hostname
    13HOSTNAME=`hostname -s`
    14#user
    15USER=`whoami`
    16#disk_check
    17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
    18#cpu_average_check
    19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
    20#set LANG
    21export LANG=zh_CN.UTF-8
    22#Require root to run this script.
    23uid=`id | cut -d( -f1 | cut -d= -f2`
    24if [ $uid -ne 0 ];then
    25  action "Please run this script as root." /bin/false
    26  exit 1
    27fi
    28#"stty erase ^H"
    29cp /root/.bash_profile  /root/.bash_profile_$(date +%F)
    30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
    31if [ $erase -lt 1 ];then
    32    echo"stty erase ^H" >>/root/.bash_profile
    33    source /root/.bash_profile
    34fi
    35#Config Yum CentOS-Bases.repo and save Yum file
    36configYum(){
    37echo"================更新为国内YUM源=================="
    38  cd /etc/yum.repos.d/
    39  cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
    40  ping -c 1 mirrors.aliyun.com >/dev/null
    41  if [ $? -eq 0 ];then
    42  wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
    43  else
    44    echo"无法连接网络。"
    45    exit $?
    46  fi
    47echo"==============保存YUM源文件======================"
    48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf    
    49grep keepcache /etc/yum.conf
    50sleep 5
    51action "配置国内YUM完成"  /bin/true
    52echo"================================================="
    53echo""
    54  sleep 2
    55}
    56#Charset zh_CN.UTF-8
    57initI18n(){
    58echo"================更改为中文字符集================="
    59  cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
    60>/etc/sysconfig/i18n
    61cat >>/etc/sysconfig/i18n<<EOF
    62LANG="zh_CN.UTF-8"
    63#LANG="en_US.UTF-8"
    64SYSFONT="latarcyrheb-sun16"
    65EOF
    66  source /etc/sysconfig/i18n
    67  echo'#cat /etc/sysconfig/i18n'
    68  grep LANG /etc/sysconfig/i18n
    69action "更改字符集zh_CN.UTF-8完成" /bin/true
    70echo"================================================="
    71echo""
    72  sleep 2
    73}
    74#Close Selinux and Iptables
    75initFirewall(){
    76echo"============禁用SELINUX及关闭防火墙=============="
    77  cp /etc/selinux/config /etc/selinux/config.$(date +%F)
    78  /etc/init.d/iptables stop
    79  sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    80  setenforce 0
    81  /etc/init.d/iptables status
    82  echo'#grep SELINUX=disabled /etc/selinux/config '
    83  grep SELINUX=disabled /etc/selinux/config
    84  echo'#getenforce '
    85  getenforce
    86action "禁用selinux及关闭防火墙完成" /bin/true
    87echo"================================================="
    88echo""
    89  sleep 2
    90}
    91#Init Auto Startup Service
    92initService(){
    93echo"===============精简开机自启动===================="
    94  export LANG="en_US.UTF-8"
    95  for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
    96  for B in rsyslog network sshd crond;do chkconfig $B on;done
    97  echo'+--------which services on---------+'
    98  chkconfig --list |grep 3:on
    99  echo'+----------------------------------+'
    100  export LANG="zh_CN.UTF-8"
    101action "精简开机自启动完成" /bin/true
    102echo"================================================="
    103echo""
    104  sleep 2
    105}
    106#Removal system and kernel version login before the screen display
    107initRemoval(){
    108echo"======去除系统及内核版本登录前的屏幕显示======="
    109#must use root user run scripts
    110if    
    111   [ $UID -ne 0 ];then
    112   echo This script must use the root user ! ! !
    113   sleep 2
    114   exit 0
    115fi
    116    >/etc/redhat-release
    117    >/etc/issue
    118action "去除系统及内核版本登录前的屏幕显示" /bin/true
    119echo"================================================="
    120echo""
    121  sleep 2
    122}
    123#Change sshd default port and prohibit user root remote login.
    124initSsh(){
    125echo"========修改ssh默认端口禁用root远程登录=========="
    126  cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
    127  sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
    128  sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
    129  sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
    130  sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
    131  echo'+-------modify the sshd_config-------+'
    132  echo'Port 52113'
    133  echo'PermitEmptyPasswords no'
    134  echo'PermitRootLogin no'
    135  echo'UseDNS no'
    136  echo'+------------------------------------+'
    137  /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
    138echo"================================================="
    139echo""
    140  sleep 2
    141}
    142#time sync
    143syncSysTime(){
    144echo"================配置时间同步====================="
    145  cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
    146  NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
    147  if [ $NTPDATE -eq 0 ];then
    148    echo"#times sync by lee at $(date +%F)" >>/var/spool/cron/root
    149    echo"*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
    150  fi
    151  echo'#crontab -l'  
    152  crontab -l
    153action "配置时间同步完成" /bin/true
    154echo"================================================="
    155echo""
    156  sleep 2
    157}
    158#install tools
    159initTools(){
    160    echo"#####安装系统补装工具(选择最小化安装minimal)#####"
    161    ping -c 2 mirrors.aliyun.com
    162    sleep 2
    163    yum install tree nmap sysstat lrzsz dos2unix -y
    164    sleep 2
    165    rpm -qa tree nmap sysstat lrzsz dos2unix
    166    sleep 2
    167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
    168echo"================================================="
    169echo""
    170  sleep 2
    171}
    172#add user and give sudoers
    173addUser(){
    174echo"===================新建用户======================"
    175#add user
    176whiletrue
    177do  
    178    read -p "请输入新用户名:" name
    179    NAME=`awk -F':''{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
    180    if [ ${#name} -eq 0 ];then
    181       echo"用户名不能为空,请重新输入。"
    182       continue
    183    elif [ $NAME -eq 1 ];then
    184       echo"用户名已存在,请重新输入。"
    185       continue
    186    fi
    187useradd $name
    188break
    189done
    190#create password
    191whiletrue
    192do
    193    read -p "为 $name 创建一个密码:" pass1
    194    if [ ${#pass1} -eq 0 ];then
    195       echo"密码不能为空,请重新输入。"
    196       continue
    197    fi
    198    read -p "请再次输入密码:" pass2
    199    if [ "$pass1" != "$pass2" ];then
    200       echo"两次密码输入不相同,请重新输入。"
    201       continue
    202    fi
    203echo"$pass2" |passwd --stdin $name
    204break
    205done
    206sleep 1
    207#add visudo
    208echo"#####add visudo#####"
    209cp /etc/sudoers /etc/sudoers.$(date +%F)
    210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
    211if [ $SUDO -eq 0 ];then
    212    echo"$name  ALL=(ALL)       NOPASSWD: ALL" >>/etc/sudoers
    213    echo'#tail -1 /etc/sudoers'
    214    grep -w "$name" /etc/sudoers
    215    sleep 1
    216fi
    217action "创建用户$name并将其加入visudo完成"  /bin/true
    218echo"================================================="
    219echo""
    220sleep 2
    221}
    222#Adjust the file descriptor(limits.conf)
    223initLimits(){
    224echo"===============加大文件描述符===================="
    225  LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
    226  if [ $LIMIT -eq 0 ];then
    227  cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
    228  echo'*                  -        nofile         65535'>>/etc/security/limits.conf
    229  fi
    230  echo'#tail -1 /etc/security/limits.conf'
    231  tail -1 /etc/security/limits.conf
    232  ulimit -HSn 65535
    233  echo'#ulimit -n'
    234  ulimit -n
    235action "配置文件描述符为65535" /bin/true
    236echo"================================================="
    237echo""
    238sleep 2
    239}
    240#set ssh
    241initSsh(){
    242echo"======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
    243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
    244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
    245service sshd restart
    246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
    247echo"================================================="
    248echo""
    249sleep 2
    250}
    251#set the control-alt-delete to guard against the miSUSE
    252initRestart(){
    253sed -i 's#exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
    254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
    255echo"================================================="
    256echo""
    257sleep 2
    258}
    259#Optimizing the system kernel
    260initSysctl(){
    261echo"================优化内核参数====================="
    262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
    263if [ $SYSCTL -lt 10 ];then
    264cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
    265cat >>/etc/sysctl.conf<<EOF
    266net.ipv4.tcp_fin_timeout = 2
    267net.ipv4.tcp_tw_reuse = 1
    268net.ipv4.tcp_tw_recycle = 1
    269net.ipv4.tcp_syncookies = 1
    270net.ipv4.tcp_keepalive_time = 600
    271net.ipv4.ip_local_port_range = 4000 65000
    272net.ipv4.tcp_max_syn_backlog = 16384
    273net.ipv4.tcp_max_tw_buckets = 36000
    274net.ipv4.route.gc_timeout = 100
    275net.ipv4.tcp_syn_retries = 1
    276net.ipv4.tcp_synack_retries = 1
    277net.core.somaxconn = 16384
    278net.core.netdev_max_backlog = 16384
    279net.ipv4.tcp_max_orphans = 16384
    280net.netfilter.nf_conntrack_max = 25000000
    281net.netfilter.nf_conntrack_tcp_timeout_established = 180
    282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
    283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
    284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
    285EOF
    286fi
    287  cp /etc/rc.local /etc/rc.local.$(date +%F)  
    288  modprobe nf_conntrack
    289  echo"modprobe nf_conntrack">> /etc/rc.local
    290  modprobe bridge
    291  echo"modprobe bridge">> /etc/rc.local
    292  sysctl -p  
    293action "内核调优完成" /bin/true
    294echo"================================================="
    295echo""
    296  sleep 2
    297}
    298#setting history and login timeout
    299initHistory(){
    300echo"======设置默认历史记录数和连接超时时间======"
    301echo"TMOUT=300" >>/etc/profile
    302echo"HISTSIZE=5" >>/etc/profile
    303echo"HISTFILESIZE=5" >>/etc/profile
    304tail -3 /etc/profile
    305source /etc/profile
    306action "设置默认历史记录数和连接超时时间" /bin/true
    307echo"================================================="
    308echo""
    309sleep 2
    310}
    311#chattr file system
    312initChattr(){
    313echo"======锁定关键文件系统======"
    314chattr +i /etc/passwd
    315chattr +i /etc/inittab
    316chattr +i /etc/group
    317chattr +i /etc/shadow
    318chattr +i /etc/gshadow
    319/bin/mv /usr/bin/chattr /usr/bin/lock
    320action "锁定关键文件系统" /bin/true
    321echo"================================================="
    322echo""
    323sleep 2
    324}
    325#menu2
    326menu2(){
    327whiletrue
    328do
    329clear
    330cat <<EOF
    331----------------------------------------
    332|****Please Enter Your Choice:[0-15]****|
    333----------------------------------------
    334(1)  新建一个用户并将其加入visudo
    335(2)  配置为国内YUM源镜像和保存YUM源文件
    336(3)  配置中文字符集
    337(4)  禁用SELINUX及关闭防火墙
    338(5)  精简开机自启动
    339(6)  去除系统及内核版本登录前的屏幕显示
    340(7)  修改ssh默认端口及禁用root远程登录
    341(8)  设置时间同步
    342(9)  安装系统补装工具(选择最小化安装minimal)
    343(10) 加大文件描述符
    344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
    345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
    346(13) 系统内核调优
    347(14) 设置默认历史记录数和连接超时时间
    348(15) 锁定关键文件系统
    349(0) 返回上一级菜单
    350EOF
    351read -p "Please enter your Choice[0-15]: " input2
    352case"$input2"in
    353  0)
    354  clear
    355  break
    356  ;;
    357  1)
    358  addUser
    359  ;;
    360  2)
    361  configYum
    362  ;;
    363  3)
    364  initI18n
    365  ;;
    366  4)
    367  initFirewall
    368  ;;
    369  5)
    370  initService
    371  ;;
    372  6)
    373  initRemoval
    374  ;;
    375  7)
    376  initSsh
    377  ;;
    378  8)
    379  syncSysTime
    380  ;;
    381  9)
    382  initTools
    383  ;;
    384  10)
    385  initLimits
    386  ;;
    387  11)
    388  initSsh
    389  ;;
    390  12)
    391  initRestart
    392  ;;
    393  13)
    394  initSysctl
    395  ;;
    396  14)
    397  initHistory
    398  ;;
    399  15)
    400  initChattr
    401  ;;
    402  *) echo"----------------------------------"
    403     echo"|          Warning!!!            |"
    404     echo"|   Please Enter Right Choice!   |"
    405     echo"----------------------------------"
    406     for i in `seq -w 3 -1 1`
    407       do
    408         echo -ne "$i";
    409  sleep 1;
    410     done
    411     clear
    412esac
    413done
    414}
    415#initTools
    416#menu
    417whiletrue
    418do
    419clear
    420echo"========================================"
    421echo'          Linux Optimization            '  
    422echo"========================================"
    423cat << EOF
    424|-----------System Infomation-----------
    425| DATE       :$DATE
    426| HOSTNAME   :$HOSTNAME
    427| USER       :$USER
    428| IP         :$IPADDR
    429| DISK_USED  :$DISK_SDA
    430| CPU_AVERAGE:$cpu_uptime
    431----------------------------------------
    432|****Please Enter Your Choice:[1-3]****|
    433----------------------------------------
    434(1) 一键优化
    435(2) 自定义优化
    436(3) 退出
    437EOF
    438#choice
    439read -p "Please enter your choice[0-3]: " input1
    440case"$input1"in
    4411)
    442  addUser
    443  configYum
    444  initI18n
    445  initFirewall
    446  initService
    447  initRemoval
    448  initSsh
    449  syncSysTime
    450  initTools
    451  initLimits
    452  initSsh
    453  initRestart
    454  initSysctl
    455  initHistory
    456  initChattr
    457  ;;
    4582)
    459  menu2
    460  ;;
    4613)
    462  clear
    463  break
    464  ;;
    465*)  
    466  echo"----------------------------------"
    467  echo"|          Warning!!!            |"
    468  echo"|   Please Enter Right Choice!   |"
    469  echo"----------------------------------"
    470  for i in `seq -w 3 -1 1`
    471      do
    472        echo -ne "$i";
    473        sleep 1;
    474  done
    475  clear
    476esac  
    477done
  • 相关阅读:
    SQL手工注入方法
    Python + Django 网站平台搭建之- 初识 (一)
    最新版Idea2019.3.4/2020.1完美破解
    使用 Guns 自动生成 SpringBoot + LayUI 的后台管理系统
    SpringBoot+Layui后台管理系统
    国内Maven中央仓库推荐 速度最快最好的Maven仓
    git 下载失败 中断了 继续下 怎么配置参数
    mysql 创建与授权
    jboot-admin
    自动生文器
  • 原文地址:https://www.cnblogs.com/kuku0223/p/9428517.html
Copyright © 2011-2022 走看看