centos_6.7_系统初始化

 #!/bin/bash
 #****************************************************************#
 # ScriptName: acfuninit.sh
 # version 1.1
 # Author: *****
 # Create Date: 2015-7-31
 # Modify Author:******
 # Modify Date: 2015-12-23
 # Function: acfun CentOS 6.7 init shell (use on kickstart)
 #***************************************************************#
 # 设置颜色参数
 GC="33[1;32m"
 BC="33[1;34m"
 RC="33[1;31m"
 EC="33[0m"
 __detect_result() {
     if [ $? -eq 0 ]; then
         echo -e "${GC}[  OK  ]${EC}"
         echo ""
     else
         echo -e "${RC}[FAILED]${EC}"
         echo ""
     fi
 }
 # 关闭图形界面
 clear;echo -en "${BC}Linux X11 is disabled...    ${EC}";sleep 1
 sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
 __detect_result
 # SSH 配置
 echo -en "${BC}SSH is config...    ${EC}";sleep 1
 sed -i 's/#ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config
 sed -i 's/#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
 sed -i 's/#Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config
 sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
 rm -fr /root/.ssh/ 2>/dev/null
 __detect_result
 # 添加系统管理员组
 echo -en "${BC}group & user is created...  ${EC}";sleep 1
 getent group xxadmin > /dev/null || groupadd -g 1000 xxadmin 2>/dev/null
 if [ $(grep -c "%xxadmin" /etc/sudoers) == 0 ]; then 
     echo "%xxadmin   ALL=(ALL)  NOPASSWD: ALL" >> /etc/sudoers
 fi
 if [ $(grep -c "hostkeeper" /etc/passwd) == 0 ]; then
     useradd -u 1000 -g xxadmin -p '123456' -c "hostkeeper user" hostkeeper
 fi
 mkdir /home/hostkeeper/.ssh/ && echo 'ssh-rsa ********************************************
 -----END RSA PRIVATE KEY-----' > /home/hostkeeper/.ssh/id_rsa && chown -R hostkeeper:xxadmin /home/hostkeeper/.ssh && chmod 400 /home/hostkeeper/.ssh/*
 __detect_result
 # 字符编码设置为 UTF-8
 echo -en "${BC}LANG is en_US.UTF8...    ${EC}";sleep 1
 sed -i 's/LANG=.*/LANG="en_US.UTF-8"/g' /etc/sysconfig/i18n
 __detect_result
 # 清空 iptables 规则
 echo -en "${BC}iptables is optimize...    ${EC}";sleep 1
 iptables='/etc/sysconfig/iptables'
 if [ ! -f ${iptables} ] || [ $(grep -c '-F' ${iptables}) == 0 ]; then
     sed -i 's/-A FORWARD -j REJECT --reject-with icmp-host-prohibited/-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-F/g' $iptables
 fi
 __detect_result
 # 关闭 SElinux
 echo -en "${BC}Selinux is disabled...    ${EC}";sleep 1
 if [ $(getenforce) != 'Diabled' ]; then
     sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
     sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 fi
 __detect_result
 # 配置 VIM
 #echo -en "${BC}vimrc is config...    ${EC}";sleep 1
 #echo "set paste" >> /etc/vimrc
 #echo "filetype on" >> /etc/vimrc
 #
 #__detect_result
 # 配置 security bash
 echo -en "${BC}acfun_bashenv.sh is config...    ${EC}";sleep 1
 cat > /etc/profile.d/acfun_bashenv.sh <<EOF
 # for security set
 alias chgrp='chgrp --preserve-root'
 alias chown='chown --preserve-root'
 alias chmod='chmod --preserve-root'
 alias rm='rm -i --preserve-root'
 # for history set
 HISTTIMEFORMAT='[%F %T] '
 HISTSIZE=2000
 # set vim set
 export EDITOR=vim
 alias vi='vim'
 EOF
 __detect_result
 # 配置 limit.conf
 echo -en "${BC}limits.conf is optimize...    ${EC}";sleep 1
 login='/etc/pam.d/login'
 if [ $(grep -c "pam_limits.so" ${login}) == 0 ]; then
     echo "session    required     pam_limits.so" >> ${login}
 fi
 limits='/etc/security/limits.conf'
 if [ $(grep -c "* soft nofile 655360" ${limits}) == 0 ]; then
     echo "* soft nofile 655360" >> ${limits}
     echo "* hard nofile 655360" >> ${limits}
     echo "* soft nproc  131072" >> ${limits}
     echo "* hard nproc  131072" >> ${limits}
     echo "# End of file" >> ${limits}
 fi
 nproc='/etc/security/limits.d/90-nproc.conf'
 if [ ! -f ${nproc} ] || [ $(grep -c 'nproc' ${nproc}) == 0 ];then
     echo '* soft nproc 131072' >> ${nproc}
 else
     sed -i 's/*.*soft.*nproc.*/*          soft    nproc     131072/g' ${nproc}
 fi
 __detect_result
 # 配置 sysctl.conf
 #echo -en "${BC}sysctl.conf is optimize...    ${EC}";sleep 1
 #sysctl='/etc/sysctl.conf'
 #if [ $(grep -c "net.ipv4.tcp_syncookies = 0" ${sysctl}) == 0 ]; then
 # {
 #    sed -i 's/net.ipv4.tcp_syncookies = 1/net.ipv4.tcp_syncookies = 0/g' ${sysctl}
 #    echo "net.ipv4.conf.all.arp_ignore = 1" >> ${sysctl}
 #    echo "net.ipv4.conf.all.arp_announce = 2" >> ${sysctl}
 #    echo "net.ipv4.conf.lo.arp_ignore = 1" >> ${sysctl}
 #    echo "net.ipv4.conf.lo.arp_announce = 2" >> ${sysctl}
 #    echo "net.core.rmem_default = 262144" >> ${sysctl}
 #    echo "net.core.wmem_default = 262144" >> ${sysctl}
 #    echo "net.core.netdev_max_backlog = 10000" >> ${sysctl}
 #    echo "net.core.rmem_max = 16777216" >> ${sysctl}
 #    echo "net.core.wmem_max = 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_rmem = 8192 87380 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_wmem = 8192 65536 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_mem = 8388608 12582912 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_max_syn_backlog = 4096" >> ${sysctl}
 #    echo "net.ipv4.tcp_synack_retries = 2" >> ${sysctl}
 #    echo "net.nf_conntrack_max = 8553600" >> ${sysctl}
 #    echo "net.netfilter.nf_conntrack_max = 8553600" >> ${sysctl}
 #    echo "net.netfilter.nf_conntrack_tcp_timeout_established = 60" >> ${sysctl}
 #}
 #fi
 #__detect_result
 # 建立数据目录
 echo -en "${BC}data file is create...    ${EC}";sleep 1
 mkdir -p /opt/logs
 mkdir -p /opt/package
 mkdir -p /opt/javaserver
 mkdir -p /opt/data/mysqldata
 mkdir -p /opt/data/redis
 mkdir -p /opt/data/zookeeper
 mkdir -p /opt/script
 mkdir -p /opt/backup
 __detect_result
 # 搭建rsync服务
 echo -e "${BC}create rsync server...    ${EC}";sleep 1
 touch /etc/rsyncd.conf
 if [ $(grep -c "rsync" /etc/rsyncd.conf) == 0 ]; then
 cat > /etc/rsyncd.conf <<EOF
 uid = root
 gid = root
 use chroot = no
 max connections = 10
 strict modes = yes
 pid file = /var/run/rsyncd.pid
 lock file = /var/run/rsync.lock
 log file = /opt/logs/rsyncd.log
 EOF
 fi 
 if [ $(grep -c "/usr/bin/rsync --daemon" /etc/rc.local) == 0 ]; then 
     echo '/usr/bin/rsync --daemon' >> /etc/rc.local
 fi
 /usr/bin/rsync --daemon
 __detect_result
 # 安装java服务
 echo -e "${BC}install oracle java...    ${EC}";sleep 1
 wget -P /tmp/ --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.rpm
 rpm -ivh /tmp/jdk-8u45-linux-x64.rpm
 echo "" >>/etc/profile
 echo "# java jdk config" >> /etc/profile
 echo "JAVA_HOME=/usr/java/jdk1.8.0_45" >> /etc/profile
 echo "PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH" >> /etc/profile
 echo "CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib/rt.jar" >> /etc/profile
 echo "export JAVA_HOME PATH CLASSPATH" >> /etc/profile
 source /etc/profile
 __detect_result
 # 关闭服务
 echo -e "${BC}services is optimize...    ${EC}";sleep 1
 chkconfig --level 35 abrt-ccpp off 2>/dev/null
 chkconfig --level 35 abrtd off 2>/dev/null
 chkconfig --level 35 acpid off 2>/dev/null
 chkconfig --level 35 atd off 2>/dev/null
 chkconfig --level 35 certmonger off 2>/dev/null
 chkconfig --level 35 cpuspeed off 2>/dev/null
 chkconfig --level 35 cups off 2>/dev/null
 chkconfig --level 35 mcelogd off 2>/dev/null
 chkconfig --level 35 mdmonitor off 2>/dev/null
 chkconfig --level 35 nfslock off 2>/dev/null
 chkconfig --level 35 ip6tables off 2>/dev/null
 chkconfig --level 35 postfix off 2>/dev/null
 service abrt-ccpp stop 2>/dev/null
 service abrtd stop 2>/dev/null
 service acpid stop 2>/dev/null
 service atd stop 2>/dev/null
 service certmonger stop 2>/dev/null
 service cpuspeed stop 2>/dev/null
 service cups stop 2>/dev/null
 service mcelogd stop 2>/dev/null
 service mdmonitor stop 2>/dev/null
 service nfslock stop 2>/dev/null
 service ip6tables stop 2>/dev/null
 service postfix stop 2>/dev/null
 __detect_result
 # 添加 yum 软件源
 echo -en "${BC}yum source is install...    ${EC}";sleep 1
 rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 yum install yum-priorities -y
 epel='/etc/yum.repos.d/epel.repo'
 if [ $(grep -c "priority=10" ${epel}) == 0 ]; then
     sed -i 's/enabled = 1/enabled = 1
priority = 10/g' ${epel}
 fi
 __detect_result
 # YUM 安装相关服务
 echo -e "${BC}packages is installed...    ${EC}";sleep 1
 yum -e 0 -d 0 -y -q install iftop iotop ipmitool wget telnet vim xinetd dmidecode redhat-lsb ntp openssl bash man gcc gcc-c++ make sysstat nc lrzsz parted mtr iptraf strace 2>/dev/null
 __detect_result
 # 初始安装关闭DHCP引导
 echo -e "${BC}DHCP BOOT is disabled...    ${EC}";sleep 1
 ipmitool -I open chassis bootdev disk options=persistent,efiboot
 __detect_result
 echo "system init finished!"
 echo ""
 echo "reboot after 1 minutes!"
 shutdown -r +1