linux系統初始化配置腳本分享
這個腳本是我借鑑某大神的腳本改寫的(實際上是赤裸裸的拿來用了),功能主要是實現系統自定義配置,搭建原始的linux環境模板,分享給你們,順便分享個小訣竅:
python
複製代碼後,請使用"notepad++"或其它編輯器打開此文檔, "alt+0"將函數摺疊後方便查閱 。linux
插句話,這個方法我是從雪松大神的[python實例手冊] [shell實例手冊]學到的,感謝他們的共享精神,一直在維護這兩個手冊的更新, 分享下着兩個手冊的地址:nginx
[python實例手冊] [shell實例手冊] [LazyManage運維批量管理(shell/python兩個版本)]git
網盤更新下載地址: http://pan.baidu.com/s/1sjsFrmXgithub
github更新下載地址: https://github.com/liquanzhou/ops_docshell
下面就是個人腳本,能夠給運維小夥伴借鑑成框架,本身寫腳本時能夠在這個基礎上改哦,建議你們不要拿來就用,這個腳本中還有些不健全的地方,歡迎你們來找茬.centos
#!/bin/sh
#####################################################################################
#auther:gushao
#time:2015-5-11
#system: centos 6.5
#系統基礎優化腳本,適用於xenserver虛擬機
#####################################################################################
#set env
#export PATH=$PATH:/bin:/sbin:/usr/sbin
#PATH沒有配置且爲空,纔對其配置
#本版本適用於centos 6.5
#####################################################################################
#申明環境變量
export PATH=${PATH:-/bin:/sbin:/usr/sbin}
export LANG="zh_CN.UTF-8"
#Source funtion library.
. /etc/init.d/functions
#Require root to run this script
if [[ "$(whoami)" != 'root' ]];then
echo "please run this script as root" > $2
exit 1
fi
#define cmd var
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
#####################################################################################
#申明環境變量
BACK_CONF=/root/back_conf
ADJUST_CONF=/root/adjust_conf
test -d $BACK_CONF || mkdir -p $BACK_CONF
test -d $ADJUST_CONF || mkdir -p $ADJUST_CONF
#####################################################################################
#申明設置變量
SSH_PORT=22
#saUserArr=(oldboy oldboy1 oldboy2)
saUserArr=nginx
saUserPass=nginx
hostNameTmp=tomcat04.qhfax
ip=your_IP
IP_GATWAY=your_gatway_ip
#####################################################################################
#01 軟件準備
installTool(){
echo '"Development tools" "Chinese Support" '
yum -y groupinstall 'Development tools' 'Chinese Support' > /dev/null
yum -y update > /dev/null
action "01 軟件更新成功" /bin/true
yum install wget -y
}
#02 主機域名設置
initHostName(){
\cp /etc/hosts $BACK_CONF/hosts.$(date +%F)
echo "$ip $hostNameTmp" >> /etc/hosts
#使hostname生效
hostname $hostNameTmp
action "02 主機名稱設置成功!" /bin/true
}
#03 IP設置
initHostIP(){
cat > $ADJUST_CONF/ifcfg-eth0 << EOF
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=$ip
NETMASK="255.255.255.0"
GATEWAY=${IP_GATWAY}
EOF
sed -i "s/HOSTNAME=/HOSTNAME=$hostNameTMP/" /etc/sysconfig/network
\cp /etc/sysconfig/network-scripts/ifcfg-eth0 $BACK_CONF/ifcfg-eth0.$(date +%F)
cat $ADJUST_CONF/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0
if [ `cat /etc/hosts | grep $hostNameTmp | wc -l` -lt 1 ];then
echo "$ip $hostNameTmp" >> /etc/hosts
fi
#使IP生效
/etc/init.d/network reload
action "03 IP地址設置成功!" /bin/true
}
#04 設置正確的時區
initZone(){
if [ 'ZONE="Asia/Shanghai' == `cat /etc/sysconfig/clock` ];then
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'ZONE="Asia/Shanghai"' > /etc/sysconfig/clock
fi
action "04 時區已設置成功!" /bin/true
}
#05 時間同步
syncSystemTime(){
if [ `grep 0.0.0.123 /var/spool/cron/root | grep -v grep | wc -l ` -lt 1 ];then
echo "*/5 * * * * root /usr/sbin/ntpdate 10.0.0.123 > /dev/null 2>&1 " >> /var/spool/cron/root
fi
action "05 同步系統時間成功!" /bin/true
}
#06 設置服務器字符編碼
initI18n(){
cat > $ADJUST_CONF/i18n << EOF
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.GB2312:zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16"
EOF
cmp $ADJUST_CONF/i18n /etc/sysconfig/i18n
if [ $? -ne 0 ];then
\cp /etc/sysconfig/i18n $BACK_CONF/i18n.$(date +%F)
#此處須要修改,增長判斷
cat $ADJUST_CONF/i18n > /etc/sysconfig/i18n
source /etc/sysconfig/i18n
grep LANG /etc/sysconfig/i18n
action "06 字符編碼已設置成功" /bin/true
else
action "06 字符編碼已設置成功" /bin/true
fi
sleep 1
}
#07 用戶設置
AddSAUser(){
datetmp=`date +"%Y-%m-%d_%H-%M-%S"`
#\cp /etc/sudoers /etc/sudoers.${datetmp}
for((i=0;i<${#saUserArr[@]};i++))
do
if [ `cat /etc/passwd | grep ${saUserArr[$1]} | wc -l` -lt 1 ];then
useradd ${saUserArr[$1]}
echo "${saUserPass}" | passwd ${saUserArr[$i]} --stdin
action "07 添加新用戶成功!" /bin/true
else
action "07 新用戶已添加!" /bin/true
fi
echo "${saUserPass}" | passwd ${saUserArr[$i]} --stdin
#config sudo perm
#[ $(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL " /etc/sudoers|wc -l ) -le 0 ] && echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
#[ `grep "\%sa" | grep -v grep | wc -l` -ne 1 ] && echo "%sa ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
done
#/usr/sbin/visudo -c
#[ $? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers && echo $"Sudoers not configured -- exinging" && exit 1
sleep 1
}
#08 文件打開數等資源設置
openFiles(){
cat > $ADJUST_CONF/limits.conf << EOF
# nofile 能夠被理解爲是文件句柄數 文件描述符 還有socket數
* soft nofile 65535
* hard nofile 65535
# 最大進程數
* soft nproc 65535
* hard nproc 65535
EOF
cmp $ADJUST_CONF/limits.conf /etc/security/limits.conf
if [ $? -ne 0 ];then
echo "----調整最大打開系統文件個數65535個------"
\cp /etc/security/limits.conf $BACK_CONF/limits.conf.`date +%F`
cat $ADJUST_CONF/limits.conf > /etc/security/limits.conf
ulimit -HSn 65535
echo "ulimit -HSn 65535" >> /etc/rc.local
action "08 調整打開系統文件個數成功!(修改後從新登陸生效)" /bin/true
else
action "08 調整打開系統文件個數已配置!" /bin/true
fi
sleep 1
}
#09 防火牆iptables設置
closeIptables(){
/etc/init.d/iptables stop
action "09 已關閉iptables" /bin/true
}
#10 selinux設置
initFirewall(){
if [ `cat /etc/selinux/config | grep -v '#' | grep SELINUX=` != 'SELINUX=disabled' ];then
\cp /etc/selinux/config $BACK_CONF/config.`date +%F`
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
/etc/init.d/iptables status
grep SELINUX=disabled /etc/selinux/config
action "10 已關閉selinux" /bin/true
else
action "10 selinux均已關閉" /bin/true
fi
setenforce 0
sleep 1
}
#11 sshd設置
initSsh(){
cat > $ADJUST_CONF/sshd_config << EOF
PORT $SSH_PORT
Protocol 2
Compression yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile.ssh/authorized_keys
PermitRootLogin yes
UseDns no
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding no
Subsystem sftp /usr/libexec/openssh/sftp-server
EOF
cmp $ADJUST_CONF/sshd_config /etc/ssh/sshd_config
if [ $? -ne 0 ];then
\cp /etc/ssh/sshd_config $BACK_CONF/sshd_config.`date +%F`
cat $ADJUST_CONF/sshd_config > /etc/ssh/sshd_config
egrep "UseDns|52113|PermitRootLogin|PeermitEmpPasswords" /etc/ssh/sshd_config
/etc/init.d/sshd reload && action "11 ssh已配置完成!" /bin/true || action "11 ssh已配置完成!" /bin/false
else
action "11 ssh已配置完成!" /bin/true
fi
sleep 1
}
#12 禁止ctrl+alt+del三鍵重啓系統
init_safe(){
cp /etc/init/control-alt-delete.conf $BACK_CONF/control-alt-delete.conf.`date +F`
sed -i 's#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#\#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"#g' /etc/init/control-alt-delete.conf
action "12 禁止ctrl+alt+del三鍵重啓系統" /bin/true
}
#13 禁止IPv6
disableIPV6(){
if [ `cat /etc/modprobe.conf | grep "alias net-pf-10 off" | wc -l` -lt 1 ];then
cp /etc/modprobe.conf $BACK_CONF/modprobe.conf.`date +%F`
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
fi
action $"13 禁止使用IPV6" /bin/true
}
#14 yum源配置
ConfigYum(){
echo "Config Yum CentOS-Base.repo"
#\cp的做用是逃離別名
if [ ! -f "/etc/yum.repos.d/epel.repo" ];then
\cp CentOS-Base.repo CentOS-Base.repo.bak.$(date +%F)
ping -c 1 baidu.com > /dev/null
[ ! $? -eq 0 ] && echo "Networking not configured -- exiting" && exit 1
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
else
echo "YUM源已進行過優化"
fi
}
#15 基礎服務
initService(){
echo "Close Nouseful Service"
export LANG="en_US.UTF-8"
for i in `chkconfig --list | grep 3:on | awk '{print $1}'`;do chkconfig --level 3 $i off ; done
for i in cron syslog sshd;do chkconfig --level 3 $i on ; done
export LANG="zh_CN.UTF-8"
echo "Close Nouserful service ->OK"
sleep 1
}
#16 內核優化
optimizationKernel(){
echo " 優化系統內核------------>"
\cp /etc/sysctl.conf $BACK_CONF/sysctl.conf.`date +%F`
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_timestamps = on
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 945000000 914000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.core_wmem_default = 8388608
net.ipv4.core_rmem_default = 8388608
net.ipv4.core_wmem_max = 16777216
net.ipv4.core_rmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.core.netdev_max_backlog = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p && action $"內核優化:" /bin/true || action $"內核優化:" /bin/false
}
installTool
initHostName
#initHostIp
initZone
#syncSystemTime
#initI18n
AddSAUser
openFiles
closeIptables
initFirewall
initSsh
init_safe
#disableIPV6
#optimizationKernel
#ConfigYum
#initService
相關文章
- 1. 系統初始化腳本
- 2. 【linux】系統初始化的shell腳本
- 3. Linux 系統初始化腳本
- 4. Linux系統初始化配置
- 5. centos7 系統初始化腳本
- 6. 系統初始化SHELL腳本
- 7. centos系統初始化腳本
- 8. 系統安裝初始化腳本
- 9. CentOS7系統初始化腳本
- 10. centos7系統初始化腳本
- 更多相關文章...
- • IP地址分配(靜態分配+動態分配+零配置) - TCP/IP教程
- • Swift 下標腳本 - Swift 教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 系統初始化腳本
- 2. 【linux】系統初始化的shell腳本
- 3. Linux 系統初始化腳本
- 4. Linux系統初始化配置
- 5. centos7 系統初始化腳本
- 6. 系統初始化SHELL腳本
- 7. centos系統初始化腳本
- 8. 系統安裝初始化腳本
- 9. CentOS7系統初始化腳本
- 10. centos7系統初始化腳本