一鍵系統優化15項腳本

一鍵系統優化15項腳本，適用於Centos6.x

 

按 Ctrl+C 複製代碼

#!/bin/sh ################################################ #Author:nulige # qqinfo:790827253 # Date: 2017-6-8 #version:1.2 #實現功能：一鍵系統優化15項腳本，適用於Centos6.x ################################################ #Source function library. . /etc/init.d/functions #date DATE=`date +"%y-%m-%d %H:%M:%S"` #ip IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 ` #hostname HOSTNAME=`hostname -s` #user USER=`whoami` #disk_check DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'` #cpu_average_check cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'` #set LANG export LANG=zh_CN.UTF-8 #Require root to run this script. uid=`id | cut -d\( -f1 | cut -d= -f2` if [ $uid -ne 0 ];then action "Please run this script as root." /bin/false exit 1 fi #"stty erase ^H" \cp /root/.bash_profile /root/.bash_profile_$(date +%F) erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l` if [ $erase -lt 1 ];then echo "stty erase ^H" >>/root/.bash_profile source /root/.bash_profile fi #Config Yum CentOS-Bases.repo and save Yum file configYum(){ echo "================更新爲國內YUM源==================" cd /etc/yum.repos.d/ \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F) ping -c 1 mirrors.aliyun.com >/dev/null if [ $? -eq 0 ];then wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo else echo "沒法鏈接網絡。" exit $? fi echo "==============保存YUM源文件======================" sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf grep keepcache /etc/yum.conf sleep 5 action "配置國內YUM完成" /bin/true echo "=================================================" echo "" sleep 2 } #Charset zh_CN.UTF-8 initI18n(){ echo "================更改成中文字符集=================" \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F) >/etc/sysconfig/i18n cat >>/etc/sysconfig/i18n<<EOF LANG="zh_CN.UTF-8" #LANG="en_US.UTF-8" SYSFONT="latarcyrheb-sun16" EOF source /etc/sysconfig/i18n echo '#cat /etc/sysconfig/i18n' grep LANG /etc/sysconfig/i18n action "更改字符集zh_CN.UTF-8完成" /bin/true echo "=================================================" echo "" sleep 2 } #Close Selinux and Iptables initFirewall(){ echo "============禁用SELINUX及關閉防火牆==============" \cp /etc/selinux/config /etc/selinux/config.$(date +%F) /etc/init.d/iptables stop sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 /etc/init.d/iptables status echo '#grep SELINUX=disabled /etc/selinux/config ' grep SELINUX=disabled /etc/selinux/config echo '#getenforce ' getenforce action "禁用selinux及關閉防火牆完成" /bin/true echo "=================================================" echo "" sleep 2 } #Init Auto Startup Service initService(){ echo "===============精簡開機自啓動====================" export LANG="en_US.UTF-8" for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done for B in rsyslog network sshd crond;do chkconfig $B on;done echo '+--------which services on---------+' chkconfig --list |grep 3:on echo '+----------------------------------+' export LANG="zh_CN.UTF-8" action "精簡開機自啓動完成" /bin/true echo "=================================================" echo "" sleep 2 } #Removal system and kernel version login before the screen display initRemoval(){ echo "======去除系統及內核版本登陸前的屏幕顯示=======" #must use root user run scripts if [ $UID -ne 0 ];then echo This script must use the root user ! ! ! sleep 2 exit 0 fi >/etc/redhat-release >/etc/issue action "去除系統及內核版本登陸前的屏幕顯示" /bin/true echo "=================================================" echo "" sleep 2 } #Change sshd default port and prohibit user root remote login. initSsh(){ echo "========修改ssh默認端口禁用root遠程登陸==========" \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F) sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config echo '+-------modify the sshd_config-------+' echo 'Port 52113' echo 'PermitEmptyPasswords no' echo 'PermitRootLogin no' echo 'UseDNS no' echo '+------------------------------------+' /etc/init.d/sshd reload && action "修改ssh默認參數完成" /bin/true || action "修改ssh參數失敗" /bin/false echo "=================================================" echo "" sleep 2 } #time sync syncSysTime(){ echo "================配置時間同步=====================" \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l` if [ $NTPDATE -eq 0 ];then echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root fi echo '#crontab -l' crontab -l action "配置時間同步完成" /bin/true echo "=================================================" echo "" sleep 2 } #install tools initTools(){ echo "#####安裝系統補裝工具(選擇最小化安裝minimal)#####" ping -c 2 mirrors.aliyun.com sleep 2 yum install tree nmap sysstat lrzsz dos2unix -y sleep 2 rpm -qa tree nmap sysstat lrzsz dos2unix sleep 2 action "安裝系統補裝工具(選擇最小化安裝minimal)" /bin/true echo "=================================================" echo "" sleep 2 } #add user and give sudoers addUser(){ echo "===================新建用戶======================" #add user while true do read -p "請輸入新用戶名:" name NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l` if [ ${#name} -eq 0 ];then echo "用戶名不能爲空，請從新輸入。" continue elif [ $NAME -eq 1 ];then echo "用戶名已存在，請從新輸入。" continue fi useradd $name break done #create password while true do read -p "爲 $name 建立一個密碼:" pass1 if [ ${#pass1} -eq 0 ];then echo "密碼不能爲空，請從新輸入。" continue fi read -p "請再次輸入密碼:" pass2 if [ "$pass1" != "$pass2" ];then echo "兩次密碼輸入不相同，請從新輸入。" continue fi echo "$pass2" |passwd --stdin $name break done sleep 1 #add visudo echo "#####add visudo#####" \cp /etc/sudoers /etc/sudoers.$(date +%F) SUDO=`grep -w "$name" /etc/sudoers |wc -l` if [ $SUDO -eq 0 ];then echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers echo '#tail -1 /etc/sudoers' grep -w "$name" /etc/sudoers sleep 1 fi action "建立用戶$name並將其加入visudo完成" /bin/true echo "=================================================" echo "" sleep 2 } #Adjust the file descriptor(limits.conf) initLimits(){ echo "===============加大文件描述符====================" LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l` if [ $LIMIT -eq 0 ];then \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F) echo '* - nofile 65535'>>/etc/security/limits.conf fi echo '#tail -1 /etc/security/limits.conf' tail -1 /etc/security/limits.conf ulimit -HSn 65535 echo '#ulimit -n' ulimit -n action "配置文件描述符爲65535" /bin/true echo "=================================================" echo "" sleep 2 } #set ssh initSsh(){ echo "======禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度=======" sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config service sshd restart action "禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度" /bin/true echo "=================================================" echo "" sleep 2 } #set the control-alt-delete to guard against the miSUSE initRestart(){ sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf action "將ctrl alt delete鍵進行屏蔽，防止誤操做的時候服務器重啓" /bin/true echo "=================================================" echo "" sleep 2 } #Optimizing the system kernel initSysctl(){ echo "================優化內核參數=====================" SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l` if [ $SYSCTL -lt 10 ];then \cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F) cat >>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 EOF fi \cp /etc/rc.local /etc/rc.local.$(date +%F) modprobe nf_conntrack echo "modprobe nf_conntrack">> /etc/rc.local modprobe bridge echo "modprobe bridge">> /etc/rc.local sysctl -p action "內核調優完成" /bin/true echo "=================================================" echo "" sleep 2 } #setting history and login timeout initHistory(){ echo "======設置默認歷史記錄數和鏈接超時時間======" echo "TMOUT=300" >>/etc/profile echo "HISTSIZE=5" >>/etc/profile echo "HISTFILESIZE=5" >>/etc/profile tail -3 /etc/profile source /etc/profile action "設置默認歷史記錄數和鏈接超時時間" /bin/true echo "=================================================" echo "" sleep 2 } #chattr file system initChattr(){ echo "======鎖定關鍵文件系統======" chattr +i /etc/passwd chattr +i /etc/inittab chattr +i /etc/group chattr +i /etc/shadow chattr +i /etc/gshadow /bin/mv /usr/bin/chattr /usr/bin/lock action "鎖定關鍵文件系統" /bin/true echo "=================================================" echo "" sleep 2 } #menu2 menu2(){ while true do clear cat <<EOF ---------------------------------------- |****Please Enter Your Choice:[0-15]****| ---------------------------------------- (1) 新建一個用戶並將其加入visudo (2) 配置爲國內YUM源鏡像和保存YUM源文件 (3) 配置中文字符集 (4) 禁用SELINUX及關閉防火牆 (5) 精簡開機自啓動 (6) 去除系統及內核版本登陸前的屏幕顯示 (7) 修改ssh默認端口及禁用root遠程登陸 (8) 設置時間同步 (9) 安裝系統補裝工具(選擇最小化安裝minimal) (10) 加大文件描述符 (11) 禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度 (12) 將ctrl alt delete鍵進行屏蔽，防止誤操做的時候服務器重啓 (13) 系統內核調優 (14) 設置默認歷史記錄數和鏈接超時時間 (15) 鎖定關鍵文件系統 (0) 返回上一級菜單 EOF read -p "Please enter your Choice[0-15]: " input2 case "$input2" in 0) clear break ;; 1) addUser ;; 2) configYum ;; 3) initI18n ;; 4) initFirewall ;; 5) initService ;; 6) initRemoval ;; 7) initSsh ;; 8) syncSysTime ;; 9) initTools ;; 10) initLimits ;; 11) initSsh ;; 12) initRestart ;; 13) initSysctl ;; 14) initHistory ;; 15) initChattr ;; *) echo "----------------------------------" echo "| Warning!!! |" echo "| Please Enter Right Choice! |" echo "----------------------------------" for i in `seq -w 3 -1 1` do echo -ne "\b\b$i"; sleep 1; done clear esac done } #initTools #menu while true do clear echo "========================================" echo ' Linux Optimization ' echo "========================================" cat << EOF |-----------System Infomation----------- | DATE :$DATE | HOSTNAME :$HOSTNAME | USER :$USER | IP :$IPADDR | DISK_USED :$DISK_SDA | CPU_AVERAGE:$cpu_uptime ---------------------------------------- |****Please Enter Your Choice:[1-3]****| ---------------------------------------- (1) 一鍵優化 (2) 自定義優化 (3) 退出 EOF #choice read -p "Please enter your choice[0-3]: " input1 case "$input1" in 1) addUser configYum initI18n initFirewall initService initRemoval initSsh syncSysTime initTools initLimits initSsh initRestart initSysctl initHistory initChattr ;; 2) menu2 ;; 3) clear break ;; *) echo "----------------------------------" echo "| Warning!!! |" echo "| Please Enter Right Choice! |" echo "----------------------------------" for i in `seq -w 3 -1 1` do echo -ne "\b\b$i"; sleep 1; done clear esac done

按 Ctrl+C 複製代碼

 

#!/bin/sh
################################################
#Author:nulige
# qqinfo:790827253
# Date: 2015-6-8
#version:1.2
#實現功能：一鍵系統優化15項腳本，適用於Centos6.x
################################################
 
#Source function library.
 
. /etc/init.d/functions
 
#date
DATE=`date +"%y-%m-%d %H:%M:%S"`
#ip
IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
#hostname
HOSTNAME=`hostname -s`
#user
USER=`whoami`
#disk_check
DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
#cpu_average_check
cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
 
#set LANG
export LANG=zh_CN.UTF-8
 
#Require root to run this script.
uid=`id | cut -d\( -f1 | cut -d= -f2`
if [ $uid -ne 0 ];then
  action "Please run this script as root." /bin/false
  exit 1
fi

#"stty erase ^H"
\cp /root/.bash_profile  /root/.bash_profile_$(date +%F)
erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
if [ $erase -lt 1 ];then
    echo "stty erase ^H" >>/root/.bash_profile
    source /root/.bash_profile
fi

#Config Yum CentOS-Bases.repo and save Yum file
configYum(){
echo "================更新爲國內YUM源=================="
  cd /etc/yum.repos.d/
  \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
  ping -c 1 mirrors.aliyun.com >/dev/null
  if [ $? -eq 0 ];then
  wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
  else
    echo "沒法鏈接網絡。"
    exit $?
  fi

echo "==============保存YUM源文件======================"
sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf    
grep keepcache /etc/yum.conf
sleep 5

action "配置國內YUM完成"  /bin/true
echo "================================================="
echo ""
  sleep 2
}
 
#Charset zh_CN.UTF-8
initI18n(){
echo "================更改成中文字符集================="
  \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
>/etc/sysconfig/i18n
cat >>/etc/sysconfig/i18n<<EOF
LANG="zh_CN.UTF-8"
#LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
  source /etc/sysconfig/i18n
  echo '#cat /etc/sysconfig/i18n'
  grep LANG /etc/sysconfig/i18n
action "更改字符集zh_CN.UTF-8完成" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#Close Selinux and Iptables
initFirewall(){
echo "============禁用SELINUX及關閉防火牆=============="
  \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
  /etc/init.d/iptables stop
  sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
  setenforce 0
  /etc/init.d/iptables status
  echo '#grep SELINUX=disabled /etc/selinux/config '
  grep SELINUX=disabled /etc/selinux/config
  echo '#getenforce '
  getenforce
action "禁用selinux及關閉防火牆完成" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#Init Auto Startup Service
initService(){
echo "===============精簡開機自啓動===================="
  export LANG="en_US.UTF-8"
  for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
  for B in rsyslog network sshd crond;do chkconfig $B on;done
  echo '+--------which services on---------+'
  chkconfig --list |grep 3:on
  echo '+----------------------------------+'
  export LANG="zh_CN.UTF-8"
action "精簡開機自啓動完成" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#Removal system and kernel version login before the screen display
initRemoval(){
echo "======去除系統及內核版本登陸前的屏幕顯示======="
#must use root user run scripts
if   
   [ $UID -ne 0 ];then
   echo This script must use the root user ! ! !
   sleep 2
   exit 0
fi
    >/etc/redhat-release
    >/etc/issue
action "去除系統及內核版本登陸前的屏幕顯示" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#Change sshd default port and prohibit user root remote login.
initSsh(){
echo "========修改ssh默認端口禁用root遠程登陸=========="
  \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
  sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
  sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
  sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
  sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
  echo '+-------modify the sshd_config-------+'
  echo 'Port 52113'
  echo 'PermitEmptyPasswords no'
  echo 'PermitRootLogin no'
  echo 'UseDNS no'
  echo '+------------------------------------+'
  /etc/init.d/sshd reload && action "修改ssh默認參數完成" /bin/true || action "修改ssh參數失敗" /bin/false
echo "================================================="
echo ""
  sleep 2
}

#time sync
syncSysTime(){
echo "================配置時間同步====================="
  \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
  NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
  if [ $NTPDATE -eq 0 ];then
    echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
    echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
  fi
  echo '#crontab -l' 
  crontab -l
action "配置時間同步完成" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#install tools
initTools(){
    echo "#####安裝系統補裝工具(選擇最小化安裝minimal)#####"
    ping -c 2 mirrors.aliyun.com
    sleep 2
    yum install tree nmap sysstat lrzsz dos2unix -y
    sleep 2
    rpm -qa tree nmap sysstat lrzsz dos2unix
    sleep 2
action "安裝系統補裝工具(選擇最小化安裝minimal)" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#add user and give sudoers
addUser(){
echo "===================新建用戶======================"
#add user
while true
do 
    read -p "請輸入新用戶名:" name
    NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
    if [ ${#name} -eq 0 ];then
       echo "用戶名不能爲空，請從新輸入。"
       continue
    elif [ $NAME -eq 1 ];then
       echo "用戶名已存在，請從新輸入。"
       continue
    fi
useradd $name
break
done
#create password
while true
do
    read -p "爲 $name 建立一個密碼:" pass1
    if [ ${#pass1} -eq 0 ];then
       echo "密碼不能爲空，請從新輸入。"
       continue
    fi
    read -p "請再次輸入密碼:" pass2
    if [ "$pass1" != "$pass2" ];then
       echo "兩次密碼輸入不相同，請從新輸入。"
       continue
    fi
echo "$pass2" |passwd --stdin $name
break
done
sleep 1

#add visudo
echo "#####add visudo#####"
\cp /etc/sudoers /etc/sudoers.$(date +%F)
SUDO=`grep -w "$name" /etc/sudoers |wc -l`
if [ $SUDO -eq 0 ];then
    echo "$name  ALL=(ALL)       NOPASSWD: ALL" >>/etc/sudoers
    echo '#tail -1 /etc/sudoers'
    grep -w "$name" /etc/sudoers
    sleep 1
fi
action "建立用戶$name並將其加入visudo完成"  /bin/true
echo "================================================="
echo ""
sleep 2
}
 
#Adjust the file descriptor(limits.conf)
initLimits(){
echo "===============加大文件描述符===================="
  LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
  if [ $LIMIT -eq 0 ];then
  \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
  echo '*                  -        nofile         65535'>>/etc/security/limits.conf
  fi
  echo '#tail -1 /etc/security/limits.conf'
  tail -1 /etc/security/limits.conf
  ulimit -HSn 65535
  echo '#ulimit -n'
  ulimit -n
action "配置文件描述符爲65535" /bin/true
echo "================================================="
echo ""
sleep 2
}

#set ssh
initSsh(){
echo "======禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度======="
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
service sshd restart
action "禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度" /bin/true
echo "================================================="
echo ""
sleep 2
}

#set the control-alt-delete to guard against the miSUSE
initRestart(){
sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
action "將ctrl alt delete鍵進行屏蔽，防止誤操做的時候服務器重啓" /bin/true
echo "================================================="
echo ""
sleep 2
}

#Optimizing the system kernel
initSysctl(){
echo "================優化內核參數====================="
SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
if [ $SYSCTL -lt 10 ];then
\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
  \cp /etc/rc.local /etc/rc.local.$(date +%F) 
  modprobe nf_conntrack
  echo "modprobe nf_conntrack">> /etc/rc.local
  modprobe bridge
  echo "modprobe bridge">> /etc/rc.local
  sysctl -p 
action "內核調優完成" /bin/true
echo "================================================="
echo ""
  sleep 2
}

#setting history and login timeout
initHistory(){
echo "======設置默認歷史記錄數和鏈接超時時間======"
echo "TMOUT=300" >>/etc/profile
echo "HISTSIZE=5" >>/etc/profile
echo "HISTFILESIZE=5" >>/etc/profile
tail -3 /etc/profile
source /etc/profile
action "設置默認歷史記錄數和鏈接超時時間" /bin/true
echo "================================================="
echo ""
sleep 2
}

#chattr file system
initChattr(){
echo "======鎖定關鍵文件系統======"
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
/bin/mv /usr/bin/chattr /usr/bin/lock
action "鎖定關鍵文件系統" /bin/true
echo "================================================="
echo ""
sleep 2
}

#menu2 menu2(){ while true do clear cat <<EOF ---------------------------------------- |****Please Enter Your Choice:[0-15]****| ---------------------------------------- (1)  新建一個用戶並將其加入visudo (2)  配置爲國內YUM源鏡像和保存YUM源文件 (3)  配置中文字符集 (4)  禁用SELINUX及關閉防火牆 (5)  精簡開機自啓動 (6)  去除系統及內核版本登陸前的屏幕顯示 (7)  修改ssh默認端口及禁用root遠程登陸 (8)  設置時間同步 (9)  安裝系統補裝工具(選擇最小化安裝minimal) (10) 加大文件描述符 (11) 禁用GSSAPI來認證，也禁用DNS反向解析，加快SSH登錄速度 (12) 將ctrl alt delete鍵進行屏蔽，防止誤操做的時候服務器重啓 (13) 系統內核調優 (14) 設置默認歷史記錄數和鏈接超時時間 (15) 鎖定關鍵文件系統 (0) 返回上一級菜單 EOF read -p "Please enter your Choice[0-15]: " input2 case "$input2" in   0)   clear   break   ;;   1)   addUser   ;;   2)   configYum   ;;   3)   initI18n   ;;   4)   initFirewall   ;;   5)   initService   ;;   6)   initRemoval   ;;   7)   initSsh   ;;   8)   syncSysTime   ;;   9)   initTools   ;;   10)   initLimits   ;;   11)   initSsh   ;;   12)   initRestart   ;;   13)   initSysctl   ;;   14)   initHistory   ;;   15)   initChattr   ;;   *) echo "----------------------------------"      echo "|          Warning!!!            |"      echo "|   Please Enter Right Choice!   |"      echo "----------------------------------"      for i in `seq -w 3 -1 1`        do          echo -ne "\b\b$i";   sleep 1;      done      clear esac done } #initTools #menu while true do clear echo "========================================" echo '          Linux Optimization            '   echo "========================================" cat << EOF |-----------System Infomation----------- | DATE       :$DATE | HOSTNAME   :$HOSTNAME | USER       :$USER | IP         :$IPADDR | DISK_USED  :$DISK_SDA | CPU_AVERAGE:$cpu_uptime ---------------------------------------- |****Please Enter Your Choice:[1-3]****| ---------------------------------------- (1) 一鍵優化 (2) 自定義優化 (3) 退出 EOF #choice read -p "Please enter your choice[0-3]: " input1   case "$input1" in 1)   addUser   configYum   initI18n   initFirewall   initService   initRemoval   initSsh   syncSysTime   initTools   initLimits   initSsh   initRestart   initSysctl   initHistory   initChattr   ;;   2)   menu2   ;; 3)   clear   break   ;; *)     echo "----------------------------------"   echo "|          Warning!!!            |"   echo "|   Please Enter Right Choice!   |"   echo "----------------------------------"   for i in `seq -w 3 -1 1`       do         echo -ne "\b\b$i";         sleep 1;   done   clear esac  done