##################################################
# CentOS6.5 #
# initialize the Linux system to deploy lnmp #
# 2016/10/30 22:58 #
# author:kangjie #
# original article #
##################################################
#!/bin/sh
#向自動化運維邁進
#定義文件位置
LOG_PATH=/server/initlog
LOG_FILE=$LOG_PATH/init.log
i=0
#若是文件夾不存在,則建立
[ ! -d /server/tools ] && mkdir -p /server/tools
[ ! -d $LOG_PATH ] && mkdir -p $LOG_PATH
#判斷命令執行是否成功
#check status then wirite to log
function check(){
if [ $? != 0 ]
then
echo "××××-operate $1 Failed!!!-×××" >> $LOG_FILE
else
echo "√√√-operate $1 Success-√√√" >> $LOG_FILE
fi
}
#關閉防火牆,禁止開機啓動(僅限於沒有公網的狀況)
#iptables
function iptable(){
/etc/init.d/iptables stop
check iptables
chkconfig iptables off
check chkconfig-iptables
((i++))
}
#關閉selinux,修改配置文件後,同時設置臨時生效
#selinux disable the selinux
function selinux(){
status=`grep SELINUX= /etc/selinux/config | tail -1 | awk -F '=' '{print $2}'`
if [ $status != disabled ]
then
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
status=`grep SELINUX= /etc/selinux/config | tail -1 | awk -F '=' '{print $2}'`
if [ $status == disabled ]
then
echo "√√√-Modify selinux config success-√√√-" >> $LOG_FILE
else
echo "××××-Modify selinux config Failed!!!-××××" >> $LOG_FILE
fi
else
echo "Selinx config already Modified" >> $LOG_FILE
fi
setenforce 0 #關閉selinux
check setenfore
((i++))
}
#添加系統用戶,修改密碼
#add user and change password
function adduser(){
userdel -r kangjie >/dev/null 2>&1
useradd kangjie
check adduser
echo "123456" | passwd --stdin kangjie && history -c
check "change user password"
((i++))
}
#更新yum源爲163yum源
#yum update 163
function yumsource(){
cd /etc/yum.repos.d/
/bin/mv CentOS-Base.repo CentOS-Base.repo.ori
/bin/mv CentOS6-Base-163.repo CentOS-Base.repo
check yum-update
((i++))
}
#安裝系統監控軟件
#software sysstat
function soft(){
yum install sysstat -y
check sysstat
((i++))
}
#精簡開機啓動項,虛擬機上設置後沒法開機,須要在真實環境中測試
#Msconfig something the matter
function Msconfig(){
for a in `chkconfig --list | grep "3:on" | awk '{print $1}' | grep -vE "crond|network|sshd|rsyslog"`;
do
chkconfig $a off;
done
check Msconfig
((i++))
}
#更改ssh登陸端口、禁止root用戶登陸,禁止空密碼,禁用DNS登陸
#sshd
function changesshd(){
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
sed -i 's%#Port 22%Port 22222%' /etc/ssh/sshd_config
sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config
sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sshd_config
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
egrep "UseDNS|22222|RootLogin|EmptyPass" /etc/ssh/sshd_config >> $LOG_FILE
((i++))
}
#給kangjie用戶賦予高的權限
#sudouser
function sudouser(){
cp /etc/sudoers /etc/sudoers.ori
echo "kangjie ALL=(ALL) ALL" >>/etc/sudoers
tail -1 /etc/sudoers >> $LOG_FILE
((i++))
}
#更改字符集,支持國標,雞肋
#lang something the matter
function lang(){
echo ' LANG="zh_CN.GB18030"' >/etc/sysconfig/i18n
source /etc/sysconfig/i18n
echo $LANG >> $LOG_FILE
((i++))
}
#定時任務校準時間 ,虛擬機無效,須要手動更改時區和時間
#crontab something the matter
function cron(){
echo '*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l >> $LOG_FILE
((i++))
}
#修改系統文件描述符
#limits
function limit(){
echo '* - nofile 65535 ' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf >> $LOG_FILE
((i++))
}
#修改vim配置,顯示行號等內容
#注意:使用EOF時,其後不能跟多餘的空格,不然報錯
#vimrc
function vimrc(){
cp /etc/vimrc /etc/vimrc.ori
cat >>/etc/vimrc<<EOF
set nu
syntax on
set autoindent
set smartindent
set tabstop=4
set shiftwidth=4
set showmatch
set cursorline
EOF
check vimrc
((i++))
}
#修改系統內核參數,sysctl -p 使參數生效
#來源:oldboy51cto博客
#sysctl.conf
function sys(){
cp /etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"` #備份
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_time=1200
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.ip_local_port_range = 1024 65535
EOF
sysctl -p
check sysctl
((i++))
}
#配置郵件,使用126郵箱發送郵件
#mail
function mailset(){
cat >>/etc/mail.rc<<EOF
set from=13888888888@126.com
set smtp=smtp.126.com
set smtp-auth-user=13888888888@126.com
set smtp-auth-password=888888
set smtp-auth=login
EOF
#取得主機的IP地址
a=`ifconfig | grep 'inet addr:'|grep -v '127.0.0.1'|awk -F '[ :]+' '{print $4}'`
echo "This is a test mail from $a" | mail -s "deploy linux" 88888888@qq.com
}
#發郵件
function Mail(){
mail -s "***Linux Deploy Report***" 888888888@qq.com < $LOG_FILE
}
#主函數
#main
function main(){
echo "Deploy Linux *****`date +"%Y-%m-%d_%H-%M-%S"`*****">>$LOG_FILE
iptable
selinux
adduser
yumsource
soft
mailset
#Msconfig
changesshd
sudouser
#lang
cron
limit
vimrc
sys
#統計執行過的函數的個數
echo "ALL steps=$i" >> $LOG_FILE
Mail
}
main