zoukankan      html  css  js  c++  java
  • CentOS系统初始化---不断更新中

    注意EOF不能有空格tab键

    #get os version 
    release=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release))
    #
    #configure yum base source  and epel source
    cd /etc/yum.repos.d/
    test -d /etc/yum.repos.d/bak || mkdir /etc/yum.repos.d/bak
    mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
    if [ $release == 6 ];then
            curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
            wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
    fi
    if [ $release == 7 ];then
            curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
            wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    fi
    yum clean all
    yum makecache
    
    #install base rpm package
    yum -y install nc git vim iftop iotop dstat tcpdump 
    yum -y install ipmitool bind-libs bind-utils
    yum -y install libselinux-python ntpdate 
    yum -y tree nmap sysstat lrzsz dos2unix unix2dos
    
    #update rpm package and kernel 
    #yum update
    #rm -rf /etc/yum.repos.d/CentOS*
    
    #vim优化
    cat >>/etc/vimrc<<EOF
    set ic 
    set ai 
    EOF
    
    #alias 
    cat >>/etc/bashrc<<EOF
    alias grep='grep --color=auto'
    alias ll='ls -l --time-style=long-iso'
    alias iptable='iptables -L -n --line-number'
    EOF
    
    #update ulimit configure 
    if [ $release == 6 ];then
    	test -f /etc/security/limits.d/90-nproc.conf && rm -rf /etc/security/limits.d/90-nproc.conf && touch  /etc/security/limits.d/90-nproc.conf
    fi 
    if [ $release == 7 ];then
    	test -f /etc/security/limits.d/20-nproc.conf && rm -rf /etc/security/limits.d/20-nproc.conf && touch  /etc/security/limits.d/20-nproc.conf
    fi 
    >/etc/security/limits.conf 
    cat >> /etc/security/limits.conf <<EOF
    *	soft	nproc 	65535
    *	hard	nproc	65535
    *	soft 	nofile 	65535
    *	hard 	nofile 	65535
    EOF
    
    #set timezone 
    test -f /etc/localtime && rm -rf /etc/localtime 
    ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 
    
    #set LANG
    if [ $release == 6 ];then
    	sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
    fi
    if [ $release == 7 ];then
    	sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/locale.conf 
    fi
    
    #uptime time 
    if [ $release == 6 ];then
    	/usr/sbin/ntpdate -b ntp1.aliyun.com
    	grep -q ntpdate /var/spool/cron/root
    	if [ $? -ne 0 ];then
    		echo "*	* * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >>/var/spool/cron/root
    		chmod 600 /var/spool/cron/root
    	fi 
    	/etc/init.d/crond restart
    fi 
    if [ $release == 7 ];then
    yum -y install chrony
    >/etc/chrony.conf 
    cat >>/etc/chrony.conf <<EOF
    server ntp1.aliyun.com iburst 
    server ntp2.aliyun.com iburst 
    stratumweight 0 
    driftfile /var/lib/chrony/drift 
    rtcsync 
    makestep 10 3 
    bindcmdaddress 127.0.0.1 
    bindcmdaddress ::1 
    keyfile /etc/chrony.keys  
    generatecommandkey 
    noclientlog 
    logchange 0.5
    logdir /var/log/chrony 
    EOF
    systemctl restart chronyd 
    systemctl enable chronyd 
    fi 
    
    #clean iptables default rules 
    if [ $release == 6 ];then
    	/sbin/iptables -F 
    	/etc/inti.d/iptables save 
    	chkconfig ip6tables off 
    fi 
    if [ $release == 7 ];then
    	systemctl disable firewalld 
    	systemctl stop firewalld
    fi 
    
    #disable unused service 
    chkconfig auditd off 
    
    #disable ipv6 
    cd /etc/modprobe.d/ && touch ipv6.conf 
    >/etc/modprobe.d/ipv6.conf 
    cat >>/etc/modprobe.d/ipv6.conf<<EOF
    alias net-pf-10 off
    alias ipv6 off
    EOF
    
    #disable selinux 
    setenforce 0 
    sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config 
    
    #update record command 
    sed -i 's/^HISTSIZE=.*$/HISTSIZE=100000/' /etc/profile 
    grep -q 'HISTTIMEFORMAT' /etc/profile 
    if [ $? -eq 0 ];then 
    	sed -i 's/HISTTIMEFORMAT=.*$/HISTTIMEFORMAT="%F %T "/' /etc/profile 
    else 
    	echo 'HISTTIMEFORMAT="%F %T "' >> /etc/profile 
    fi 
    source /etc/profile
    #set dns 
    >/etc/resolv.conf 
    cat >> /etc/resolv.conf <<EOF
    nameserver 114.114.114.114 
    EOF
    
    #ssh优化
    sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
    sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
    
    
    #内核优化
    sed -i 's/net.ipv4.tcp_syncookies.*/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf 
    cat >>/etc/sysctl.conf <<EOF
    kernel.core_uses_pid=1 
    kernel.core_pattern=/tmp/core-%e-%p
    fs.suid_dumpable=2 
    net.ipv4.tcp_tw_reuse=1
    net.ipv4.tcp_tw_recycle=0
    net.ipv4.tcp_timestamps=1 
    EOF
    sysctl -p 
    
  • 相关阅读:
    .netcore返回HellowWorld四种方式(管道配置,管道扩展方法,中间件,IStartupFilter 使用中间件的升级扩展)
    Mysql分页大数据量查询优化
    swagger发布本地的调试的时候没事,发布服务器提示500 : {"Message":"出现错误。"}
    DBeaver的使用(impala和数据库)
    mysql远程连接问题
    java+thymeleaf-layout-dialect+thymeleaf的使用
    springboot+thyemeleaf+swagger项目的创建和问题的解决
    ffmpeg实践
    Camera.main
    python双曲线拟合
  • 原文地址:https://www.cnblogs.com/lovelinux199075/p/9107461.html
Copyright © 2011-2022 走看看