CentOS系统初始化脚本(适合CentOS 6.X和CentOS 7.X系列)
CentOS系统初始化脚本(适合CentOS 6.X和CentOS 7.X系列)
作为运维人员,经常会初始化系统,系统在安装过程中基本都会选择最小化安装,这样安装好的系统里会缺少很多环境。系统初始化脚本是刚安装完操作系统之后运行的脚本,主要功能是将系统环境进行优化,并更改常用设置,统一系统环境配置,其他版本可能存在差异,可以自行修改。
#!/usr/bin/env bash
source /etc/init.d/functions
System_Version=$(awk -F. '{print $1}' /etc/redhat-release |awk '{print $NF}')
Software="lrzsz openssh-server ntp ntpdate cmake gcc gcc-c++ zlib zlib-devel openssl openssl-devel pcre pcre-devel curl rsync gd perl sysstat man mtr openssl-perl subversion nscd"
# 检查脚本运行用户是否为Root
if [[ $(id -u) != 0 ]];then
echo -e "\033[31mError! You must be root to run this script! \033[0m"
exit 1
fi
function set_config_yum () {
# 配置系统使用163yum源
if [[ ${System_Version} -eq 7 ]];then
yum -y install wget
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
yum clean all
yum makecache
else
#yum -y install wget
#mkdir -p /etc/yum.repos.d/bak
#mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
#yum clean all
#yum makecache
# 由于 6 版本停止维护,所以上面的不能使用了
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-6.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's/http/https/g' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's/$releasever/6.9/g' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's/centos/centos-vault/g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all && yum makecache
fi
}
function set_install_soft (){
# 安装epel源
yum -y install epel-release
# 安装bash命令tab自动补全组件
yum -y install bash-completion
# 安装vim编辑器
yum -y install vim screen lrzsz tree psmisc
# 安装压缩解压工具
yum -y install zip unzip bzip2 gdisk
# 安装网络及性能监控工具
yum -y install telnet net-tools sysstat iftop lsof iotop htop dstat
# 安装源码编译工具及开发组件
yum -y install ${Software}
# 禁用不需要的服务
systemctl stop postfix.service
systemctl disable postfix
systemctl disable auditd
systemctl disable kdump
# 设置系统默认编辑器为vim
# grep -qw "vim" /etc/profile
# [ $? -ne 0 ] && echo "alias vi=vim" >>/etc/profile
# source /etc/profile >/dev/null
}
function set_config_user (){
# 删除无效用户
userdel adm
userdel lp
userdel shutdown
userdel operator
userdel games
userdel uucp
# 删除无效用户组
groupdel adm
groupdel lp
groupdel games
}
function set_config_open_file () {
# 修改ulimit参数
cp /etc/security/limits.conf /etc/security/limits.conf.bak
cat >>/etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
echo "ulimit -SHn 65535" >> /etc/profile
echo "ulimit -SHn 65535" >> /etc/rc.local
}
function set_config_ntp (){
# 配置时区及时间同步
if [ "`cat /etc/crontab | grep ntpdate`" = "" ]; then
echo "10 * * * * root /usr/sbin/ntpdate cn.pool.ntp.org >> /var/log/ntpdate.log" >> /etc/crontab
fi
rm -rf /etc/localtime
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate cn.pool.ntp.org && hwclock -w
}
function set_config_sshd (){
# 配置SSH
sed -i "s/\#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
}
function set_close_iptables (){
# 配置Selinux、Iptables(Firewalld)
if [ ${System_Version} -eq 7 ];then
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
setenforce 0
else
/etc/init.d/iptables stop
chkconfig iptables off
sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
setenforce 0
fi
}
function set_config_passwd (){
# 设置密码最小过期天数
# sed -i "/PASS_MIN_DAYS/s/0/80/" /etc/login.defs
# 设置密码最小长度
sed -i "/PASS_MIN_LEN/s/5/12/" /etc/login.defs
}
System_Value="net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.core.netdev_max_baklog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_baklog = 65536
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_fin_timeout = 120
net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535
net.nf_conntrack_max = 16404388
net.netfilter.nf_conntrack_tcp_timeout_established = 10800
net.ipv4.tcp_max_tw_buckets = 30000
fs.file-max = 655350
kernel.sysrq = 0"
function set_config_kernel (){
# 配置内核参数
Sysctl_File="/etc/sysctl.conf"
if [ ${System_Version} -eq 6 ];then
/etc/init.d/sshd restart
if [ ! -f ${Sysctl_File} ];then
touch ${Sysctl_File}
fi
if [ $(grep -wc "net.ipv4.tcp_max_tw_buckets" ${Sysctl_File}) -eq 0 ];then
echo "${System_Value}" >${Sysctl_File}
/sbin/sysctl -p
fi
else
systemctl restart sshd.service
if [ ! -f ${Sysctl_File} ];then
touch ${Sysctl_File}
fi
if [ $(grep -wc "net.ipv4.tcp_max_tw_buckets" ${Sysctl_File}) -eq 0 ];then
echo "${System_Value}" >${Sysctl_File}
/sbin/sysctl -p
fi
fi
}
function main (){
set_config_yum
set_install_soft
set_config_user
set_config_open_file
set_config_ntp
set_config_sshd
set_close_iptables
set_config_passwd
set_config_kernel
}
mainLast updated