一鍵系統優化15項腳本,適用於Centos6.x
1 #!/bin/sh 2 ################################################ 3 #Author:nulige 4 # qqinfo:1034611705 5 # Date: 2015-6-8 6 #version:1.2 7 #實現功能:一鍵系統優化15項腳本,適用於Centos6.x 8 ################################################ 9 10 #Source function library. 11 12 . /etc/init.d/functions 13 14 #date 15 DATE=`date +"%y-%m-%d %H:%M:%S"` 16 #ip 17 IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 ` 18 #hostname 19 HOSTNAME=`hostname -s` 20 #user 21 USER=`whoami` 22 #disk_check 23 DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'` 24 #cpu_average_check 25 cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'` 26 27 #set LANG 28 export LANG=zh_CN.UTF-8 29 30 #Require root to run this script. 31 uid=`id | cut -d\( -f1 | cut -d= -f2` 32 if [ $uid -ne 0 ];then 33 action "Please run this script as root." /bin/false 34 exit 1 35 fi 36 37 #"stty erase ^H" 38 \cp /root/.bash_profile /root/.bash_profile_$(date +%F) 39 erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l` 40 if [ $erase -lt 1 ];then 41 echo "stty erase ^H" >>/root/.bash_profile 42 source /root/.bash_profile 43 fi 44 45 #Config Yum CentOS-Bases.repo and save Yum file 46 configYum(){ 47 echo "================更新爲國內YUM源==================" 48 cd /etc/yum.repos.d/ 49 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F) 50 ping -c 1 mirrors.aliyun.com >/dev/null 51 if [ $? -eq 0 ];then 52 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 53 else 54 echo "沒法鏈接網絡。" 55 exit $? 56 fi 57 58 echo "==============保存YUM源文件======================" 59 sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf 60 grep keepcache /etc/yum.conf 61 sleep 5 62 63 action "配置國內YUM完成" /bin/true 64 echo "=================================================" 65 echo "" 66 sleep 2 67 } 68 69 #Charset zh_CN.UTF-8 70 initI18n(){ 71 echo "================更改成中文字符集=================" 72 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F) 73 >/etc/sysconfig/i18n 74 cat >>/etc/sysconfig/i18n<<EOF 75 LANG="zh_CN.UTF-8" 76 #LANG="en_US.UTF-8" 77 SYSFONT="latarcyrheb-sun16" 78 EOF 79 source /etc/sysconfig/i18n 80 echo '#cat /etc/sysconfig/i18n' 81 grep LANG /etc/sysconfig/i18n 82 action "更改字符集zh_CN.UTF-8完成" /bin/true 83 echo "=================================================" 84 echo "" 85 sleep 2 86 } 87 88 #Close Selinux and Iptables 89 initFirewall(){ 90 echo "============禁用SELINUX及關閉防火牆==============" 91 \cp /etc/selinux/config /etc/selinux/config.$(date +%F) 92 /etc/init.d/iptables stop 93 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 94 setenforce 0 95 /etc/init.d/iptables status 96 echo '#grep SELINUX=disabled /etc/selinux/config ' 97 grep SELINUX=disabled /etc/selinux/config 98 echo '#getenforce ' 99 getenforce 100 action "禁用selinux及關閉防火牆完成" /bin/true 101 echo "=================================================" 102 echo "" 103 sleep 2 104 } 105 106 #Init Auto Startup Service 107 initService(){ 108 echo "===============精簡開機自啓動====================" 109 export LANG="en_US.UTF-8" 110 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done 111 for B in rsyslog network sshd crond;do chkconfig $B on;done 112 echo '+--------which services on---------+' 113 chkconfig --list |grep 3:on 114 echo '+----------------------------------+' 115 export LANG="zh_CN.UTF-8" 116 action "精簡開機自啓動完成" /bin/true 117 echo "=================================================" 118 echo "" 119 sleep 2 120 } 121 122 #Removal system and kernel version login before the screen display 123 initRemoval(){ 124 echo "======去除系統及內核版本登陸前的屏幕顯示=======" 125 #must use root user run scripts 126 if 127 [ $UID -ne 0 ];then 128 echo This script must use the root user ! ! ! 129 sleep 2 130 exit 0 131 fi 132 >/etc/redhat-release 133 >/etc/issue 134 action "去除系統及內核版本登陸前的屏幕顯示" /bin/true 135 echo "=================================================" 136 echo "" 137 sleep 2 138 } 139 140 #Change sshd default port and prohibit user root remote login. 141 initSsh(){ 142 echo "========修改ssh默認端口禁用root遠程登陸==========" 143 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F) 144 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config 145 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config 146 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config 147 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config 148 echo '+-------modify the sshd_config-------+' 149 echo 'Port 52113' 150 echo 'PermitEmptyPasswords no' 151 echo 'PermitRootLogin no' 152 echo 'UseDNS no' 153 echo '+------------------------------------+' 154 /etc/init.d/sshd reload && action "修改ssh默認參數完成" /bin/true || action "修改ssh參數失敗" /bin/false 155 echo "=================================================" 156 echo "" 157 sleep 2 158 } 159 160 #time sync 161 syncSysTime(){ 162 echo "================配置時間同步=====================" 163 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null 164 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l` 165 if [ $NTPDATE -eq 0 ];then 166 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root 167 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root 168 fi 169 echo '#crontab -l' 170 crontab -l 171 action "配置時間同步完成" /bin/true 172 echo "=================================================" 173 echo "" 174 sleep 2 175 } 176 177 #install tools 178 initTools(){ 179 echo "#####安裝系統補裝工具(選擇最小化安裝minimal)#####" 180 ping -c 2 mirrors.aliyun.com 181 sleep 2 182 yum install tree nmap sysstat lrzsz dos2unix -y 183 sleep 2 184 rpm -qa tree nmap sysstat lrzsz dos2unix 185 sleep 2 186 action "安裝系統補裝工具(選擇最小化安裝minimal)" /bin/true 187 echo "=================================================" 188 echo "" 189 sleep 2 190 } 191 192 #add user and give sudoers 193 addUser(){ 194 echo "===================新建用戶======================" 195 #add user 196 while true 197 do 198 read -p "請輸入新用戶名:" name 199 NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l` 200 if [ ${#name} -eq 0 ];then 201 echo "用戶名不能爲空,請從新輸入。" 202 continue 203 elif [ $NAME -eq 1 ];then 204 echo "用戶名已存在,請從新輸入。" 205 continue 206 fi 207 useradd $name 208 break 209 done 210 #create password 211 while true 212 do 213 read -p "爲 $name 建立一個密碼:" pass1 214 if [ ${#pass1} -eq 0 ];then 215 echo "密碼不能爲空,請從新輸入。" 216 continue 217 fi 218 read -p "請再次輸入密碼:" pass2 219 if [ "$pass1" != "$pass2" ];then 220 echo "兩次密碼輸入不相同,請從新輸入。" 221 continue 222 fi 223 echo "$pass2" |passwd --stdin $name 224 break 225 done 226 sleep 1 227 228 #add visudo 229 echo "#####add visudo#####" 230 \cp /etc/sudoers /etc/sudoers.$(date +%F) 231 SUDO=`grep -w "$name" /etc/sudoers |wc -l` 232 if [ $SUDO -eq 0 ];then 233 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers 234 echo '#tail -1 /etc/sudoers' 235 grep -w "$name" /etc/sudoers 236 sleep 1 237 fi 238 action "建立用戶$name並將其加入visudo完成" /bin/true 239 echo "=================================================" 240 echo "" 241 sleep 2 242 } 243 244 #Adjust the file descriptor(limits.conf) 245 initLimits(){ 246 echo "===============加大文件描述符====================" 247 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l` 248 if [ $LIMIT -eq 0 ];then 249 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F) 250 echo '* - nofile 65535'>>/etc/security/limits.conf 251 fi 252 echo '#tail -1 /etc/security/limits.conf' 253 tail -1 /etc/security/limits.conf 254 ulimit -HSn 65535 255 echo '#ulimit -n' 256 ulimit -n 257 action "配置文件描述符爲65535" /bin/true 258 echo "=================================================" 259 echo "" 260 sleep 2 261 } 262 263 #set ssh 264 initSsh(){ 265 echo "======禁用GSSAPI來認證,也禁用DNS反向解析,加快SSH登錄速度=======" 266 sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config 267 sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config 268 service sshd restart 269 action "禁用GSSAPI來認證,也禁用DNS反向解析,加快SSH登錄速度" /bin/true 270 echo "=================================================" 271 echo "" 272 sleep 2 273 } 274 275 #set the control-alt-delete to guard against the miSUSE 276 initRestart(){ 277 sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf 278 action "將ctrl alt delete鍵進行屏蔽,防止誤操做的時候服務器重啓" /bin/true 279 echo "=================================================" 280 echo "" 281 sleep 2 282 } 283 284 #Optimizing the system kernel 285 initSysctl(){ 286 echo "================優化內核參數=====================" 287 SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l` 288 if [ $SYSCTL -lt 10 ];then 289 \cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F) 290 cat >>/etc/sysctl.conf<<EOF 291 net.ipv4.tcp_fin_timeout = 2 292 net.ipv4.tcp_tw_reuse = 1 293 net.ipv4.tcp_tw_recycle = 1 294 net.ipv4.tcp_syncookies = 1 295 net.ipv4.tcp_keepalive_time = 600 296 net.ipv4.ip_local_port_range = 4000 65000 297 net.ipv4.tcp_max_syn_backlog = 16384 298 net.ipv4.tcp_max_tw_buckets = 36000 299 net.ipv4.route.gc_timeout = 100 300 net.ipv4.tcp_syn_retries = 1 301 net.ipv4.tcp_synack_retries = 1 302 net.core.somaxconn = 16384 303 net.core.netdev_max_backlog = 16384 304 net.ipv4.tcp_max_orphans = 16384 305 net.netfilter.nf_conntrack_max = 25000000 306 net.netfilter.nf_conntrack_tcp_timeout_established = 180 307 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 308 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 309 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 310 EOF 311 fi 312 \cp /etc/rc.local /etc/rc.local.$(date +%F) 313 modprobe nf_conntrack 314 echo "modprobe nf_conntrack">> /etc/rc.local 315 modprobe bridge 316 echo "modprobe bridge">> /etc/rc.local 317 sysctl -p 318 action "內核調優完成" /bin/true 319 echo "=================================================" 320 echo "" 321 sleep 2 322 } 323 324 #setting history and login timeout 325 initHistory(){ 326 echo "======設置默認歷史記錄數和鏈接超時時間======" 327 echo "TMOUT=300" >>/etc/profile 328 echo "HISTSIZE=5" >>/etc/profile 329 echo "HISTFILESIZE=5" >>/etc/profile 330 tail -3 /etc/profile 331 source /etc/profile 332 action "設置默認歷史記錄數和鏈接超時時間" /bin/true 333 echo "=================================================" 334 echo "" 335 sleep 2 336 } 337 338 #chattr file system 339 initChattr(){ 340 echo "======鎖定關鍵文件系統======" 341 chattr +i /etc/passwd 342 chattr +i /etc/inittab 343 chattr +i /etc/group 344 chattr +i /etc/shadow 345 chattr +i /etc/gshadow 346 /bin/mv /usr/bin/chattr /usr/bin/lock 347 action "鎖定關鍵文件系統" /bin/true 348 echo "=================================================" 349 echo "" 350 sleep 2 351 } 352 353 #menu2 354 menu2(){ 355 while true 356 do 357 clear 358 cat <<EOF 359 ---------------------------------------- 360 |****Please Enter Your Choice:[0-15]****| 361 ---------------------------------------- 362 (1) 新建一個用戶並將其加入visudo 363 (2) 配置爲國內YUM源鏡像和保存YUM源文件 364 (3) 配置中文字符集 365 (4) 禁用SELINUX及關閉防火牆 366 (5) 精簡開機自啓動 367 (6) 去除系統及內核版本登陸前的屏幕顯示 368 (7) 修改ssh默認端口及禁用root遠程登陸 369 (8) 設置時間同步 370 (9) 安裝系統補裝工具(選擇最小化安裝minimal) 371 (10) 加大文件描述符 372 (11) 禁用GSSAPI來認證,也禁用DNS反向解析,加快SSH登錄速度 373 (12) 將ctrl alt delete鍵進行屏蔽,防止誤操做的時候服務器重啓 374 (13) 系統內核調優 375 (14) 設置默認歷史記錄數和鏈接超時時間 376 (15) 鎖定關鍵文件系統 377 (0) 返回上一級菜單 378 EOF 379 read -p "Please enter your Choice[0-15]: " input2 380 case "$input2" in 381 0) 382 clear 383 break 384 ;; 385 1) 386 addUser 387 ;; 388 2) 389 configYum 390 ;; 391 3) 392 initI18n 393 ;; 394 4) 395 initFirewall 396 ;; 397 5) 398 initService 399 ;; 400 6) 401 initRemoval 402 ;; 403 7) 404 initSsh 405 ;; 406 8) 407 syncSysTime 408 ;; 409 9) 410 initTools 411 ;; 412 10) 413 initLimits 414 ;; 415 11) 416 initSsh 417 ;; 418 12) 419 initRestart 420 ;; 421 13) 422 initSysctl 423 ;; 424 14) 425 initHistory 426 ;; 427 15) 428 initChattr 429 ;; 430 *) echo "----------------------------------" 431 echo "| Warning!!! |" 432 echo "| Please Enter Right Choice! |" 433 echo "----------------------------------" 434 for i in `seq -w 3 -1 1` 435 do 436 echo -ne "\b\b$i"; 437 sleep 1; 438 done 439 clear 440 esac 441 done 442 } 443 #initTools 444 #menu 445 while true 446 do 447 clear 448 echo "========================================" 449 echo ' Linux Optimization ' 450 echo "========================================" 451 cat << EOF 452 |-----------System Infomation----------- 453 | DATE :$DATE 454 | HOSTNAME :$HOSTNAME 455 | USER :$USER 456 | IP :$IPADDR 457 | DISK_USED :$DISK_SDA 458 | CPU_AVERAGE:$cpu_uptime 459 ---------------------------------------- 460 |****Please Enter Your Choice:[1-3]****| 461 ---------------------------------------- 462 (1) 一鍵優化 463 (2) 自定義優化 464 (3) 退出 465 EOF 466 #choice 467 read -p "Please enter your choice[0-3]: " input1 468 469 case "$input1" in 470 1) 471 addUser 472 configYum 473 initI18n 474 initFirewall 475 initService 476 initRemoval 477 initSsh 478 syncSysTime 479 initTools 480 initLimits 481 initSsh 482 initRestart 483 initSysctl 484 initHistory 485 initChattr 486 ;; 487 488 2) 489 menu2 490 ;; 491 3) 492 clear 493 break 494 ;; 495 *) 496 echo "----------------------------------" 497 echo "| Warning!!! |" 498 echo "| Please Enter Right Choice! |" 499 echo "----------------------------------" 500 for i in `seq -w 3 -1 1` 501 do 502 echo -ne "\b\b$i"; 503 sleep 1; 504 done 505 clear 506 esac 507 done
相關文章
- 1. 適用於CentOS6.x系統的15項優化腳本
- 2. 一鍵系統優化15項腳本
- 3. 一鍵優化系統腳本 for centos6.x
- 4. CentOS6系統優化腳本
- 5. centos6和7的系統優化腳本
- 6. CentOS 6.x 系統優化腳本
- 7. CentOS6.x系統下智能初始化腳本
- 8. Centos6.x系統安裝後的基本優化
- 9. centos6.3系統優化腳本
- 10. Linux系統優化腳本
- 更多相關文章...
- • Swift 下標腳本 - Swift 教程
- • SEO - 搜索引擎優化 - 網站建設指南
- • 適用於PHP初學者的學習線路和建議
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章