#!/bin/bash
#==========================================================================
# FILE: Init.sh
#
# DESCRIPTION: This script is used to install usual libs,
# close unnecessary services,optimize kernel parameters and so on
#
# REVISION: 1.0
#==========================================================================
set -o nounset # Treat unset variables as an error
# VARIABLES DEFINED
# SRV_ON="acpid crond iptables kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion"
SRV_ON="acpid crond kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion"
SRV_TEMP="/tmp/chkconfig_list.tmp"
INSTALL_LIBS="gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel libxslt-devel libevent-devel libtool-ltdl bison libtool vim-enhanced salt-minion"
DONE="e[0;32m�33[1mdonee[m"
# check os version
platform=`uname -i`
if [ $platform != "x86_64" ];then
echo "this script is only for 64bit Operating System!"
exit 1
fi
cat << EOF
+---------------------------------------+
| your system is CentOS 6 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF
# add the third-party epel repo
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# lock user
passwd -l dbus
passwd -l vcsa
passwd -l games
passwd -l nobody
passwd -l avahi
passwd -l haldaemon
passwd -l gopher
passwd -l ftp
passwd -l mailnull
passwd -l pcap
passwd -l mail
passwd -l shutdown
passwd -l halt
passwd -l uucp
passwd -l operator
passwd -l sync
passwd -l adm
passwd -l lp
# install usual libs
yum -y install ${INSTALL_LIBS} 1>/dev/null
echo -e "Install the usual libs ${DONE}."
#echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root
sed -i 's/#master: salt/master: salt.enai.corp/' /etc/salt/minion
service salt-minion restart
# directory path
mkdir -p /data/scripts/shell
# set static route
# mount share
# set the file limit
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
# set ssh
sed -i 's/#Port 22/Port 28290/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart
# tune kernel parametres
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
EOF
/sbin/sysctl -p
# stop some crontab
mkdir /etc/cron.daily.bak
mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak
# close all services and set necessary services on
chkconfig --list | awk '{print $1}' > ${SRV_TEMP}
# close all services
while read SERVICE
do
chkconfig --level 345 ${SERVICE} off 1>/dev/null
done < ${SRV_TEMP}
# open necessary services
for SRVS in ${SRV_ON}
do
if [ -e /etc/init.d/${SRVS} ]
then
chkconfig --level 345 ${SRVS} on 1>/dev/null
else
echo -e "Service ${SRVS} is e[0;31m�33[1mnot exitse[m."
fi
done
# disable the ipv6
cat > /etc/modprobe.d/ipv6.conf << EOFI
alias net-pf-10 off
options ipv6 disable=1
EOFI
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
cat << EOF
+-------------------------------------------------+
| optimizer is done |
| it's recommond to restart this server ! |
+-------------------------------------------------+
EOF
# init done,and reboot system
echo -e "Do you want to e[0;31m�33[1mreboote[m system now? [Y/N]: "
read REPLY
case $REPLY in
Y|y)
echo "The system will reboot now ..."
shutdown -r now
;;
N|n)
echo "You must reboot later..."
source /etc/profile
;;
*)
echo "You must input [Y/N]."
source /etc/profile
;;
esac
====
cat > /etc/resolv.conf <<EOFD
nameserver 10.19.177.116
nameserver 10.19.31.157
nameserver 114.114.114.114
EOFD
106.75.32.81
hostname u04rdp01.yaya.corp
sed -i 's#HOSTNAME=10-19-22-157##HOSTNAME=u04rdp01.yaya.corp#g' /etc/sysconfig/network
sed -i 's##HOSTNAME=u04rdp01.yaya.corp#g' /etc/sysconfig/network