黑帽联盟
标题:
linux系统环境一键优化脚本
[打印本页]
作者:
定位
时间:
2016-11-13 07:56
标题:
linux系统环境一键优化脚本
#
!/bin/bash
#set env
export PATH=$PATH:/bin:/sbin:/usr/sbin
export LANG="zh_CN.GB18030"
#require root to run this script.
if [[ "$(whoami)" != "root" ]];then
echo "Please run this script as root." >&2
exit 1
fi
#define cmd var
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
#Source function library
. /etc/init.d/functions
#Config Yum CentOs-Base.repo
Config_Yum() {
echo "Config Yum CentOS-Base.repo."
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo.cbh.$(date +%F)
ping -c 1 baidu.com > /dev/null
[ ! $? -eq 0 ] && echo $"Networking not configured - exiting" && exit 1
wget --quiet -o /dev/null
http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
\cp CentOS-Base-sohu.repo CentOS-Base.repo
}
#Install Chinese Packages
installTool() {
echo "sysstat ntp net-snmp lrzsz rsync"
yum -y install sysstat ntp net-snmp rsync >/dev/null 2>&1
}
#Charset GB18030
initI18n() {
echo "#set LANG="zh_cn.gb18030""
\cp /etc/sysconfig/i18n /etc/sysconfig/i18n..$(date +%F)
sed -i 's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#' /etc/sysconfig/i18n
source /etc/sysconfig/i18ni
grep LANG /etc/sysconfig/i18n
sleep 1
}
#Close Selinux and Iptables
initFirewall() {
echo "#Close Selinux and Iptables"
cp /etc/selinux/config /etc/selinux/config.`date +"%Y-%m-%d-%H-%M-%S"`
/etc/init.d/iptables stop
sed -i 's/SELINUX=enable/SELINUX=disable/' /etc/selinux/config
setenforce 0
/etc/init.d/iptables status
grep SELINUX=disable /etc/selinux/config
echo "Close selinux->OK and iptables->OK"
sleep 1
}
#InitService() {
echo "Close Nouseful Service"
export LANG="en_US.UTF-8"
for cbh in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $cbh off;done
for cbh in crond network syslog sscbh;do chkconfig --level 3 $cbh on;done
export cbh="zh_CN.GB18030"
echo "关闭不需要服务->OK"
sleep 1
}
initSsh() {
echo "#------sshConfig 修改ssh默认登录端口,禁止root登录------#"
\cp /etc/ssh/sscbh_config /etc/ssh/sscbh_config.`date +"%Y-%m-%d_%H-%M-%M-%S"`
sed -i 's%#Port 22%Port 52113%' /etc/ssh/sscbh_config
sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sscbh_config
sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sscbh_config
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sscbh_config
/etc/init.d/sscbh reload && action $"修改ssh默认登录端口,禁止root登录:" /bin/true|| action $"修改ssh默认登录端口,禁止root登录:" /bin/false
}
AddUser() {
echo "#------添加为系统用户------#"
datetmp=`date +"%Y-%m-%d-%H-%M-%S"`
\cp /etc/sudoers /etc/sudoers.${datetmp}
saUserArr=(cbh cbh1 cbh2)
groupadd -g 888 sa
for ((i=0;i<${#saUserArr[@]};i++))
do
#添加用户
useradd -g sa -u 88${i} ${saUserArr[$i]}
#设置密码
echo "${saUserArr[$i]} 123"|passwd ${saUserArr[$i]} --stdin
#设置sudo权限
[ $(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD: ALL" /etc/sudoers|wc -l) -le 0 ] && echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
[ `grep "\%sa"|grep -v grep | wc -l` -ne 1 ] &&\
echo "%sa ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
done
/usr/sbin/visudo -c
[ $? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers && echo $"Sudoers not configured - exiting" && exit 1
action $"用户添加成功-->OK" /bin/true
}
#设置系统同步时间----------------------------------------------------
syncSystemTime() {
#同步时间
if [ `grep pool.ntp.org /var/spool/cron/root|grep -v grep | wc -l` -lt 1 ];then
echo "*/5 * * * * /usr/sbin/ntpdate cn.pool,ntp.org >/dev/null 2>&1" >> /var/spool/cron/root
fi
}
#调整打开文件数
openFiles() {
echo "------调整最大打开系统文件个数65535个------"
\cp /etc/security/limits.conf /etc/security/limits.conf.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i '/# End of file/i\*\t\t-\tnofile\t\t65535' /etc/security/limits.conf
ulimit -HSn 65535
echo "调整最大打开系统文件个数成功!(修改后重新登录生效)"
sleep 1
}
#优化系统内核------------------------------------------------#
optimizationKernel() {
echo "优化系统内核---->"
\cp /etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"`
cat >> /etc/sysctl.conf<<EOF
net.ipv4.tcp_timestamps = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_men = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p && action $"内核优化:" /bin/true||action $"内核优化:" /bin/false
}
#-------------------------------------------------------------#
init_safe() {
echo "---------禁止ctrl+alt+del三个键重启系统---------"
cp /etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
/sbin/init q
[ $? -eq 0 ] && action $"禁止ctrl+alt+del三个键重启系统:" /bintrue||action $"禁止ctrl+alt+del三个键重启系统:" /bin/false
}
以上是优化的脚本,我们可以通过case语句去调用里面的函数,去执行它,就能达到优化系统的效果
欢迎光临 黑帽联盟 (https://bbs.cnblackhat.com/)
Powered by Discuz! X2.5