shell基礎優化腳本

時間 2019-11-26
標籤 shell 基礎優化腳本欄目 Unix 简体版
原文原文鏈接
  1 #!/bin/bash
  2 #########################################################
  3 #Created Time: Tue Aug  7 01:29:09 2018                 #
  4 #version:1.0    by：kingle    Mail: kingle122@vip.qq.com #
  5 #基於oldboy書籍優化編寫                                    #
  6 #實現功能：一鍵系統優化15項腳本，適用於Centos6.x               #
  7 #########################################################
  8 #Source function library.
  9 . /etc/init.d/functions
 10 #date
 11 DATE=`date +"%y-%m-%d %H:%M:%S"`
 12 #ip
 13 IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
 14 #hostname
 15 HOSTNAME=`hostname -s`
 16 #user
 17 USER=`whoami`
 18 #disk_check
 19 DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
 20 #cpu_average_check
 21 cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
 22 #set LANG
 23 export LANG=zh_CN.UTF-8
 24 #Require root to run this script.
 25 uid=`id | cut -d\( -f1 | cut -d= -f2`
 26 if [ $uid -ne 0 ];then
 27   action "Please run this script as root." /bin/false
 28   exit 1
 29 fi
 30 #"stty erase ^H"
 31 \cp /root/.bash_profile  /root/.bash_profile_$(date +%F)
 32 erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
 33 if [ $erase -lt 1 ];then
 34     echo "stty erase ^H" >>/root/.bash_profile
 35     source /root/.bash_profile
 36 fi
 37 #Config Yum CentOS-Bases.repo and save Yum file
 38 configYum(){
 39 echo "================更新爲國內YUM源=================="
 40   cd /etc/yum.repos.d/
 41   \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
 42   ping -c 1 mirrors.aliyun.com >/dev/null
 43   if [ $? -eq 0 ];then
 44   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
 45   else
 46     echo "沒法鏈接網絡。"
 47     exit $?
 48   fi
 49 echo "==============保存YUM源文件======================"
 50 sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf     
 51 grep keepcache /etc/yum.conf
 52 sleep 5
 53 action "配置國內YUM完成"  /bin/true
 54 echo "================================================="
 55 echo ""
 56   sleep 2
 57 }
 58 #Charset zh_CN.UTF-8
 59 initI18n(){
 60 echo "================更改成中文字符集================="
 61   \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
 62 >/etc/sysconfig/i18n
 63 cat >>/etc/sysconfig/i18n<<EOF
 64 LANG="zh_CN.UTF-8"
 65 #LANG="en_US.UTF-8"
 66 SYSFONT="latarcyrheb-sun16"
 67 EOF
 68   source /etc/sysconfig/i18n
 69   echo '#cat /etc/sysconfig/i18n'
 70   grep LANG /etc/sysconfig/i18n
 71 action "更改字符集zh_CN.UTF-8完成" /bin/true
 72 echo "================================================="
 73 echo ""
 74   sleep 2
 75 }
 76 #Close Selinux and Iptables
 77 initFirewall(){
 78 echo "============禁用SELINUX及關閉防火牆=============="
 79   \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
 80   /etc/init.d/iptables stop
 81   sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
 82   setenforce 0
 83   /etc/init.d/iptables status
 84   echo '#grep SELINUX=disabled /etc/selinux/config ' 
 85   grep SELINUX=disabled /etc/selinux/config 
 86   echo '#getenforce '
 87   getenforce 
 88 action "禁用selinux及關閉防火牆完成" /bin/true
 89 echo "================================================="
 90 echo ""
 91   sleep 2
 92 }
 93 #Init Auto Startup Service
 94 initService(){
 95 echo "===============精簡開機自啓動===================="
 96   export LANG="en_US.UTF-8"
 97   for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
 98   for B in rsyslog network sshd crond sysstat;do chkconfig $B on;done
 99   echo '+--------which services on---------+'
100   chkconfig --list |grep 3:on
101   echo '+----------------------------------+'
102   export LANG="zh_CN.UTF-8"
103 action "精簡開機自啓動完成" /bin/true
104 echo "================================================="
105 echo ""
106   sleep 2
107 }
108 #Removal system and kernel version login before the screen display
109 initRemoval(){
110 echo "======去除系統及內核版本登陸前的屏幕顯示======="
111 #must use root user run scripts
112 if    
113    [ $UID -ne 0 ];then
114    echo This script must use the root user ! ! ! 
115    sleep 2
116    exit 0
117 fi
118     >/etc/redhat-release
119     >/etc/issue
120 action "去除系統及內核版本登陸前的屏幕顯示" /bin/true
121 echo "================================================="
122 echo ""
123   sleep 2
124 }
125 #Change sshd default port and prohibit user root remote login.
126 initSsh(){
127 echo "========修改ssh默認端口禁用root遠程登陸=========="
128   \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
129   sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
130   sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
131   sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
132   sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
133   echo '+-------modify the sshd_config-------+'
134   echo 'Port 52113'
135   echo 'PermitEmptyPasswords no'
136   echo 'PermitRootLogin no'
137   echo 'UseDNS no'
138   echo '+------------------------------------+'
139   /etc/init.d/sshd reload && action "修改ssh默認參數完成" /bin/true || action "修改ssh參數失敗" /bin/false
140 echo "================================================="
141 echo ""
142   sleep 2
143 }
144 #time sync
145 syncSysTime(){
146 echo "================配置時間同步====================="
147   \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
148   NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
149   if [ $NTPDATE -eq 0 ];then
150     echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
151     echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com &>/dev/null" >> /var/spool/cron/root
152   fi
153   echo '#crontab -l'  
154   crontab -l
155 action "配置時間同步完成" /bin/true
156 echo "================================================="
157 echo ""
158   sleep 2
159 }
160 #install tools
161 initTools(){
162     echo "#####安裝升級系統補裝工具及重要工具升級(選擇最小化安裝minimal)#####"
163     ping -c 2 mirrors.aliyun.com
164     sleep 2
165     yum install tree nmap sysstat lrzsz dos2unix -y
166     sleep 2
167     rpm -qa tree nmap sysstat lrzsz dos2unix
168     sleep 2
169     yum install openssl openssh bash -y
170     sleep 2
171 action "安裝升級系統補裝工具及重要工具升級(選擇最小化安裝minimal)" /bin/true
172 echo "================================================="
173 echo ""
174   sleep 2
175 }
176 #add user and give sudoers
177 addUser(){
178 echo "===================新建用戶======================"
179 #add user
180 while true
181 do  
182     read -p "請輸入新用戶名:" name
183     NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
184     if [ ${#name} -eq 0 ];then
185        echo "用戶名不能爲空，請從新輸入。"
186        continue
187     elif [ $NAME -eq 1 ];then
188        echo "用戶名已存在，請從新輸入。"
189        continue
190     fi
191 useradd $name
192 break
193 done
194 #create password
195 while true
196 do
197     read -p "爲 $name 建立一個密碼:" pass1
198     if [ ${#pass1} -eq 0 ];then
199        echo "密碼不能爲空，請從新輸入。"
200        continue
201     fi
202     read -p "請再次輸入密碼:" pass2
203     if [ "$pass1" != "$pass2" ];then
204        echo "兩次密碼輸入不相同，請從新輸入。"
205        continue
206     fi
207 echo "$pass2" |passwd --stdin $name
208 break
209 done
210 sleep 1
211 #add visudo
212 echo "#####add visudo#####"
213 \cp /etc/sudoers /etc/sudoers.$(date +%F)
214 SUDO=`grep -w "$name" /etc/sudoers |wc -l`
215 if [ $SUDO -eq 0 ];then
216     echo "$name  ALL=(ALL)       NOPASSWD: ALL" >>/etc/sudoers
217     echo '#tail -1 /etc/sudoers'
218     grep -w "$name" /etc/sudoers
219     sleep 1
220 fi
221 action "建立用戶$name並將其加入visudo完成"  /bin/true
222 echo "================================================="
223 echo ""
224 sleep 2
225 }
226 #Adjust the file descriptor(limits.conf)
227 initLimits(){
228 echo "===============加大文件描述符===================="
229   LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
230   if [ $LIMIT -eq 0 ];then
231   \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
232   echo '*                  -        nofile         65535'>>/etc/security/limits.conf
233   fi
234   echo '#tail -1 /etc/security/limits.conf'
235   tail -1 /etc/security/limits.conf
236   ulimit -HSn 65535
237   echo '#ulimit -n'
238   ulimit -n
239 action "配置文件描述符爲65535" /bin/true
240 echo "================================================="
241 echo ""
242 sleep 2
243 }
244 #set ssh
245 initSsh(){
246 echo "======禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度======="
247 sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
248 sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
249 service sshd restart
250 action "禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度" /bin/true
251 echo "================================================="
252 echo ""
253 sleep 2
254 }
255 #set the control-alt-delete to guard against the miSUSE
256 initRestart(){
257 sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
258 action "將ctrl alt delete鍵進行屏蔽，防止誤操做的時候服務器重啓" /bin/true
259 echo "================================================="
260 echo ""
261 sleep 2
262 }
263 #Optimizing the system kernel
264 initSysctl(){
265 echo "================優化內核參數====================="
266 SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
267 if [ $SYSCTL -lt 10 ];then
268 \cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
269 cat >>/etc/sysctl.conf<<EOF
270 net.ipv4.tcp_fin_timeout = 2
271 net.ipv4.tcp_tw_reuse = 1
272 net.ipv4.tcp_tw_recycle = 1
273 net.ipv4.tcp_syncookies = 1
274 net.ipv4.tcp_keepalive_time = 600
275 net.ipv4.ip_local_port_range = 4000 65000
276 net.ipv4.tcp_max_syn_backlog = 16384
277 net.ipv4.tcp_max_tw_buckets = 36000
278 net.ipv4.route.gc_timeout = 100
279 net.ipv4.tcp_syn_retries = 1
280 net.ipv4.tcp_synack_retries = 1
281 net.core.somaxconn = 16384
282 net.core.netdev_max_backlog = 16384
283 net.ipv4.tcp_max_orphans = 16384
284 net.netfilter.nf_conntrack_max = 25000000
285 net.netfilter.nf_conntrack_tcp_timeout_established = 180
286 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
287 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
288 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
289 EOF
290 fi
291   \cp /etc/rc.local /etc/rc.local.$(date +%F)  
292   modprobe nf_conntrack
293   echo "modprobe nf_conntrack">> /etc/rc.local
294   modprobe bridge
295   echo "modprobe bridge">> /etc/rc.local
296   sysctl -p  
297 action "內核調優完成" /bin/true
298 echo "================================================="
299 echo ""
300   sleep 2
301 }
302 #setting history and login timeout
303 initHistory(){
304 echo "======設置默認歷史記錄數和鏈接超時時間======"
305 echo "TMOUT=300" >>/etc/profile
306 echo "HISTSIZE=5" >>/etc/profile
307 echo "HISTFILESIZE=5" >>/etc/profile
308 tail -3 /etc/profile
309 source /etc/profile
310 action "設置默認歷史記錄數和鏈接超時時間" /bin/true
311 echo "================================================="
312 echo ""
313 sleep 2
314 }
315 #chattr file system
316 initChattr(){
317 echo "======鎖定關鍵文件系統======"
318 chattr +i /etc/passwd
319 chattr +i /etc/inittab
320 chattr +i /etc/group
321 chattr +i /etc/shadow
322 chattr +i /etc/gshadow
323 /bin/mv /usr/bin/chattr /usr/bin/lock
324 action "鎖定關鍵文件系統" /bin/true
325 echo "================================================="
326 echo ""
327 sleep 2
328 }
329 del_file(){
330 echo "======定時清理郵件任務======"
331 [ -f /server/scripts/ ] || mkdir -p /server/scripts/
332 echo "find /var/spool/postfix/maildrop/ -type f|xargs rm -f" >/server/scripts/del_file.sh
333 echo '#this is del mail task by kingle at 2018-8-8' >>/var/spool/cron/root
334 echo "*/1 * * * * /bin/bash /server/scripts/del_file.sh &>/dev/null" >>/var/spool/cron/root
335 echo "================================================="
336 echo ""
337 sleep 2
338 }
339 hide_info(){
340 echo "======！！隱藏系統信息！！======"    
341 echo "======此項注意不要本身忘記了那就沒救了======"
342 echo "======不建議使用======"
343 Version_information=`cat /etc/issue|grep "CentOS"`
344 >/etc/issue 
345 >/etc/issue.net
346 if [ `cat /etc/issue|grep cent|wc -l` -eq 0 -a `cat /etc/issue|grep cent|wc -l` -eq 0 ];then
347 echo "======清除成功====="
348 else
349 >/etc/issue 
350 >/etc/issue.net
351 fi
352 echo "$Version_information"
353 echo "=====認準本系統版本======"
354 sleep 10
355 echo "================================================="
356 }
357 grub_md5(){
358 echo "======grub_md5加密======"
359 echo "======命令行輸入：/sbin/grub-md5-crypt 進行交互式加密======"
360 echo "把密碼寫入/etc/grub.conf 格式：password --MD5 密碼"
361 echo ""
362 sleep 10
363 }
364 ban_ping(){
365     #內網能夠ping 其餘不能ping 這個因爲本身也要ping測試不必定要設置
366 echo '#內網能夠ping 其餘不能ping 這個因爲本身也要ping測試不必定要設置'
367 echo 'iptables -t filter -I INPUT -p icmp --icmp-type 8 -i eth0 -s 10.0.0.0/24 -j ACCEPT'
368 sleep 10
369 }
370 
371 #menu2
372 menu2(){
373 while true
374 do
375 clear
376 cat <<EOF
377 ----------------------------------------
378 |****Please Enter Your Choice:[0-15]****|
379 ----------------------------------------
380 (1)  新建一個用戶並將其加入visudo
381 (2)  配置爲國內YUM源鏡像和保存YUM源文件
382 (3)  配置中文字符集
383 (4)  禁用SELINUX及關閉防火牆
384 (5)  精簡開機自啓動
385 (6)  去除系統及內核版本登陸前的屏幕顯示
386 (7)  修改ssh默認端口及禁用root遠程登陸
387 (8)  設置時間同步
388 (9)  安裝系統補裝工具(選擇最小化安裝minimal)
389 (10) 加大文件描述符
390 (11) 禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度
391 (12) 將ctrl alt delete鍵進行屏蔽，防止誤操做的時候服務器重啓
392 (13) 系統內核調優
393 (14) 設置默認歷史記錄數和鏈接超時時間
394 (15) 鎖定關鍵文件系統
395 (16) 定時清理郵件任務
396 (17) 隱藏系統信息
397 (18) grub_md5加密
398 (19) ban_ping
399 (0) 返回上一級菜單
400 
401 EOF
402 read -p "Please enter your Choice[0-15]: " input2
403 case "$input2" in
404   0)
405   clear
406   break 
407   ;;
408   1)
409   addUser
410   ;;
411   2)
412   configYum
413   ;;
414   3)
415   initI18n
416   ;;
417   4)
418   initFirewall
419   ;;
420   5)
421   initService
422   ;;
423   6)
424   initRemoval
425   ;;
426   7)
427   initSsh
428   ;;
429   8)
430   syncSysTime
431   ;;
432   9)
433   initTools
434   ;;
435   10)
436   initLimits
437   ;;
438   11)
439   initSsh
440   ;;
441   12)
442   initRestart
443   ;;
444   13)
445   initSysctl
446   ;;
447   14)
448   initHistory
449   ;;
450   15)
451   initChattr
452   ;;
453   16)
454   del_file
455   ;;
456   17)
457   hide_info
458   ;;
459   18)
460   grub_md5
461   ;;
462   19)
463   ban_ping
464   ;;
465   *) echo "----------------------------------"
466      echo "|          Warning!!!            |"
467      echo "|   Please Enter Right Choice!   |"
468      echo "----------------------------------"
469      for i in `seq -w 3 -1 1`
470        do 
471          echo -ne "\b\b$i";
472   sleep 1;
473      done
474      clear
475 esac
476 done
477 }
478 #initTools
479 #menu
480 while true
481 do
482 clear
483 echo "========================================"
484 echo '          Linux Optimization            '   
485 echo "========================================"
486 cat << EOF
487 |-----------System Infomation-----------
488 | DATE       :$DATE
489 | HOSTNAME   :$HOSTNAME
490 | USER       :$USER
491 | IP         :$IPADDR
492 | DISK_USED  :$DISK_SDA
493 | CPU_AVERAGE:$cpu_uptime
494 ----------------------------------------
495 |****Please Enter Your Choice:[1-3]****|
496 ----------------------------------------
497 (1) 一鍵優化
498 (2) 自定義優化
499 (3) 退出
500 EOF
501 #choice
502 read -p "Please enter your choice[0-3]: " input1
503 case "$input1" in
504 1) 
505   addUser
506   configYum
507   initI18n
508   initFirewall
509   initService
510   initRemoval
511   initSsh
512   syncSysTime
513   initTools
514   initLimits
515   initSsh
516   initRestart
517   initSysctl
518   initHistory
519   initChattr
520   ;;
521 2)
522   menu2
523   ;;
524 3) 
525   clear 
526   break
527   ;;
528 *)   
529   echo "----------------------------------"
530   echo "|          Warning!!!            |"
531   echo "|   Please Enter Right Choice!   |"
532   echo "----------------------------------"
533   for i in `seq -w 3 -1 1`
534       do
535         echo -ne "\b\b$i";
536         sleep 1;
537   done
538   clear
539 esac  
540 done