基础优化脚本
1 #!/bin/bash 2 3 # 基础优化脚本 4 5 # no.0 mirrors and epel change 开始可能没有wget命令 6 yum install -y wget 7 /bin/mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.ori 8 /usr/bin/wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 9 10 /usr/bin/wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo 11 12 # no.1 close selinux 13 /bin/cp /etc/selinux/config /etc/selinux/config.ori 14 /bin/sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config 15 setenforce 0 # current environment effect 16 17 # no.2 close iptables CentOS 7.x默认使用的是firewall作为防火墙 18 # yum install -y firewalld firewall-config # 已默认安装firewalld 19 systemctl stop firewalld.service #停止firewall 20 systemctl disable firewalld.service #禁止firewall开机启动 21 22 yum install -y iptables-services # 安装 iptables 23 systemctl stop iptables.service 24 systemctl disable iptables.service 25 26 # no.3 boot server optimize 27 systemctl enable ntpd.service 28 systemctl start ntpd.service 29 30 # no.4 user get root authority 31 userAdd=zhang 32 /bin/cp /etc/sudoers /etc/sudoers.ori 33 /usr/sbin/useradd ${userAdd} && /bin/echo '123456' | /usr/bin/passwd --stdin ${userAdd} > /dev/null 2>&1 34 /bin/echo "" >> /etc/sudoers 35 /bin/echo "# user zhang get root authority" >> /etc/sudoers 36 /bin/echo "zhang ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers 37 38 # no.5 show zh_CN.UTF-8 就是用 en_US.UTF-8 不要修改 39 # /bin/cp /etc/locale.conf /etc/locale.conf.ori 40 # /bin/sed -i 's#en_US.UTF-8#zh_CN.UTF-8#g' /etc/locale.conf 41 # . /etc/locale.conf 42 43 # no.6 time synchronization 44 yum install -y ntp 45 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 46 /bin/echo "# time sync by zhangliang at $(date +%F)" >> /var/spool/cron/root 47 /bin/echo '*/10 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >> /var/spool/cron/root 48 49 # no.7 command line save set 50 # /bin/cp /etc/profile /etc/profile.ori 51 # /bin/echo "# command line save set by zhangliang at $(date +%F)" >> /etc/profile 52 # /bin/echo 'export TMOUT=600' >> /etc/profile 53 # /bin/echo 'export HISTSIZE=50' >> /etc/profile 54 # /bin/echo 'export HISTFILESIZE=50' >> /etc/profile 55 56 # no.8 alias color set 57 /bin/cp /etc/profile /etc/profile_zhang_$(date +%Y%m%d%H%M%S).bak 58 /bin/cp /etc/bashrc /etc/bashrc_zhang_$(date +%Y%m%d%H%M%S).bak 59 60 /bin/echo '' >> /etc/bashrc 61 /bin/echo '# grep color' >> /etc/bashrc 62 /bin/echo "alias grep='grep --color=auto'" >> /etc/bashrc 63 /bin/echo "alias egrep='grep -E --color=auto'" >> /etc/bashrc 64 65 /bin/echo "alias cp='cp -i'" >> /etc/bashrc 66 /bin/echo "alias l.='ls -d .* --color=auto'" >> /etc/bashrc 67 /bin/echo "alias ll='ls -l --color=auto'" >> /etc/bashrc 68 /bin/echo "alias ls='ls --color=auto'" >> /etc/bashrc 69 /bin/echo "alias mv='mv -i'" >> /etc/bashrc 70 /bin/echo "alias rm='rm -i'" >> /etc/bashrc 71 72 /bin/echo '' >> /etc/bashrc 73 /bin/echo 'export HISTTIMEFORMAT="%F %T $(whoami) "' >> /etc/bashrc 74 /bin/echo "export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[\`pwd\`]"$msg"; }'" >> /etc/bashrc 75 # export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' 76 source /etc/bashrc 77 78 # no.9 limits.conf 79 /bin/cp /etc/security/limits.conf /etc/security/limits.conf.ori 80 /bin/echo "* soft nofile 131070" >> /etc/security/limits.conf 81 /bin/echo "* hard nofile 131070" >> /etc/security/limits.conf 82 83 # no.10 kernel optimize 84 /bin/cp /etc/sysctl.conf /etc/sysctl.conf.ori 85 /bin/cat >> /etc/sysctl.conf << EOF 86 ### optimization by zhangliang $(date +%F) 87 net.ipv4.tcp_syn_retries = 1 88 net.ipv4.tcp_synack_retries = 1 89 net.ipv4.tcp_keepalive_time = 600 90 net.ipv4.tcp_keepalive_probes = 3 91 net.ipv4.tcp_keepalive_intvl =15 92 net.ipv4.tcp_retries2 = 5 93 net.ipv4.tcp_fin_timeout = 2 94 net.ipv4.tcp_max_tw_buckets = 36000 95 net.ipv4.tcp_tw_recycle = 1 96 net.ipv4.tcp_tw_reuse = 1 97 net.ipv4.tcp_max_orphans = 32768 98 net.ipv4.tcp_syncookies = 1 99 net.ipv4.tcp_max_syn_backlog = 16384 100 net.ipv4.tcp_wmem = 8192 131072 16777216 101 net.ipv4.tcp_rmem = 32768 131072 16777216 102 net.ipv4.tcp_mem = 786432 1048576 1572864 103 net.ipv4.ip_local_port_range = 1024 65000 104 net.core.somaxconn = 16384 105 net.core.netdev_max_backlog = 16384 106 EOF 107 108 /sbin/sysctl -p 109 110 # no.11 timing clear system mail 111 /bin/mkdir /server/scripts/ -p 112 /bin/echo "# timing clear system mail" >>/server/scripts/del_mail_file.sh 113 /bin/echo '/bin/find /var/spool/postfix/maildrop/ -type f | xargs -I{} /bin/rm -f {}' >> /server/scripts/del_mail_file.sh 114 /bin/echo "" >> /var/spool/cron/root 115 /bin/echo '# delete mail file by zhangliang at $(date +%F)' >> /var/spool/cron/root 116 /bin/echo '00 00 * * 6 /bin/sh /server/scripts/del_mail_file.sh >/dev/null 2>&1' >> /var/spool/cron/root 117 118 # no.12 hide system version info 119 /bin/cp /etc/issue /etc/issue.ori 120 /bin/cp /etc/issue.net /etc/issue.net.ori 121 > /etc/issue 122 > /etc/issue.net 123 124 /bin/echo "" >> /etc/motd 125 /bin/echo 'Welcome You Login' >> /etc/motd 126 /bin/echo "" >> /etc/motd 127 128 # no.13 SSH optimize 129 /bin/cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori 130 /bin/cat >> /etc/ssh/sshd_config << EOF 131 ##### by zhangliang # $(date +%F)## 132 # Port 52113 133 PermitRootLogin no 134 PermitEmptyPasswords no 135 UseDNS no 136 GSSAPIAuthentication no 137 ##### by zhangliang # $(date +%F)## 138 EOF 139 140 systemctl restart sshd.service 141 142 # no.14 install necessary software 143 /usr/bin/yum install -y bash-completion # systemctl tab 补全 144 /usr/bin/yum install -y pcre pcre-devel 145 /usr/bin/yum install -y openssl openssl-devel 146 /usr/bin/yum install -y nfs-utils rpcbind 147 /usr/bin/yum install -y lrzsz sysstat nmap tree telnet dos2unix nc vim