linux系统环境一键优化脚本

定位

#!/bin/bash

#set env
export PATH=$PATH:/bin:/sbin:/usr/sbin

export LANG="zh_CN.GB18030"

#require root to run this script.
if [[ "$(whoami)" != "root" ]];then
    echo "Please run this script as root." >&2
    exit 1
fi

#define cmd var
SERVICE=`which service`
CHKCONFIG=`which chkconfig`

#Source function library
. /etc/init.d/functions

#Config Yum CentOs-Base.repo
Config_Yum() {
    echo "Config Yum CentOS-Base.repo."
    cd /etc/yum.repos.d/
    \cp CentOS-Base.repo CentOS-Base.repo.cbh.$(date +%F)
    ping -c 1 baidu.com > /dev/null
    [ ! $? -eq 0 ] && echo $"Networking not configured - exiting" && exit 1
    wget --quiet -o /dev/null http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
    \cp CentOS-Base-sohu.repo CentOS-Base.repo
}

#Install Chinese Packages
installTool() {
    echo "sysstat ntp net-snmp lrzsz rsync"
    yum -y install sysstat ntp net-snmp rsync >/dev/null 2>&1
}

#Charset GB18030
initI18n() {
    echo "#set LANG="zh_cn.gb18030""
    \cp /etc/sysconfig/i18n /etc/sysconfig/i18n..$(date +%F)
    sed -i 's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#' /etc/sysconfig/i18n
    source /etc/sysconfig/i18ni
    grep LANG /etc/sysconfig/i18n
    sleep 1
}

#Close Selinux and Iptables
initFirewall() {
    echo "#Close Selinux and Iptables"
    cp /etc/selinux/config /etc/selinux/config.`date +"%Y-%m-%d-%H-%M-%S"`
    /etc/init.d/iptables stop
    sed -i 's/SELINUX=enable/SELINUX=disable/' /etc/selinux/config
    setenforce 0
    /etc/init.d/iptables status
    grep SELINUX=disable /etc/selinux/config
    echo "Close selinux->OK and iptables->OK"
    sleep 1
}

#InitService() {
    echo "Close Nouseful Service"
    export LANG="en_US.UTF-8"
    for cbh in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $cbh off;done
    for cbh in crond network syslog sscbh;do chkconfig --level 3 $cbh on;done
    export cbh="zh_CN.GB18030"
    echo "关闭不需要服务->OK"
    sleep 1
}

initSsh() {
    echo "#------sshConfig 修改ssh默认登录端口，禁止root登录------#"
    \cp /etc/ssh/sscbh_config /etc/ssh/sscbh_config.`date +"%Y-%m-%d_%H-%M-%M-%S"`
    sed -i 's%#Port 22%Port 52113%' /etc/ssh/sscbh_config
    sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sscbh_config
    sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sscbh_config
    sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sscbh_config
    /etc/init.d/sscbh reload && action $"修改ssh默认登录端口，禁止root登录：" /bin/true|| action $"修改ssh默认登录端口，禁止root登录：" /bin/false
}

AddUser() {
    echo "#------添加为系统用户------#"
    datetmp=`date +"%Y-%m-%d-%H-%M-%S"`
    \cp /etc/sudoers /etc/sudoers.${datetmp}
    saUserArr=(cbh cbh1 cbh2)
    groupadd -g 888 sa
    for ((i=0;i<${#saUserArr[@]};i++))
    do
        #添加用户
        useradd -g sa -u 88${i} ${saUserArr[$i]}
        #设置密码
        echo "${saUserArr[$i]} 123"|passwd ${saUserArr[$i]} --stdin
        #设置sudo权限
        [ $(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD: ALL" /etc/sudoers|wc -l) -le 0 ] && echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
        [ `grep "\%sa"|grep -v grep | wc -l` -ne 1 ] &&\
        echo "%sa    ALL=(ALL)    NOPASSWD: ALL" >>/etc/sudoers
    done
     /usr/sbin/visudo -c
    [ $? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers && echo $"Sudoers not configured - exiting" && exit 1
    action $"用户添加成功-->OK" /bin/true
}

#设置系统同步时间----------------------------------------------------
syncSystemTime() {
    #同步时间
    if [ `grep pool.ntp.org /var/spool/cron/root|grep -v grep | wc -l` -lt 1 ];then
    echo "*/5 * * * * /usr/sbin/ntpdate cn.pool,ntp.org >/dev/null 2>&1" >> /var/spool/cron/root
    fi
}

#调整打开文件数
openFiles() {
    echo "------调整最大打开系统文件个数65535个------"
    \cp /etc/security/limits.conf /etc/security/limits.conf.`date +"%Y-%m-%d_%H-%M-%S"`
    sed -i '/# End of file/i\*\t\t-\tnofile\t\t65535' /etc/security/limits.conf
    ulimit -HSn 65535
    echo "调整最大打开系统文件个数成功！（修改后重新登录生效）"
    sleep 1
}

#优化系统内核------------------------------------------------#
optimizationKernel() {
    echo "优化系统内核---->"
    \cp /etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"`
    cat >> /etc/sysctl.conf<<EOF
    net.ipv4.tcp_timestamps = 2
    net.ipv4.tcp_synack_retries = 2
    net.ipv4.tcp_syn_retries = 2
    net.ipv4.tcp_men = 94500000 915000000 927000000
    net.ipv4.tcp_max_orphans = 3276800
    net.core.wmem_default = 8388608
    net.core.rmem_default = 8388608
    net.core.rmem_max = 16777216
    net.core.wmem_max = 16777216
    net.ipv4.tcp_rmem = 4096 87380 16777216
    net.ipv4.tcp_wmem = 4096 65536 16777216
    net.core.netdev_max_backlog = 32768
    net.core.somaxconn = 32768
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_fin_timeout = 1
    net.ipv4.tcp_keepalive_time = 600
    net.ipv4.tcp_max_syn_backlog = 65536
    net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p && action $"内核优化：" /bin/true||action $"内核优化：" /bin/false
}

#-------------------------------------------------------------#
init_safe() {
    echo "---------禁止ctrl+alt+del三个键重启系统---------"
    cp /etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`
    sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
    /sbin/init q
    [ $? -eq 0 ] && action $"禁止ctrl+alt+del三个键重启系统：" /bintrue||action $"禁止ctrl+alt+del三个键重启系统：" /bin/false
}



以上是优化的脚本，我们可以通过case语句去调用里面的函数，去执行它，就能达到优化系统的效果