初始化腳本(Os_Init_Optimization.sh)

#!/bin/bash #解壓縮startup.tar.gz包 cd /tmp && tar -zxf startup.tar.gz #初始化YUM源 rm -rf /etc/yum.repos.d/* cp -ap ./file/*.repo /etc/yum.repos.d/ /bin/rpm --import ./file/RPM-GPG-KEY.dag.txt /bin/rpm --import ./file/RPM-GPG-KEY-CentOS-6 /usr/bin/yum clean all /usr/bin/yum makecache #下載工具及時間同步工具 /usr/bin/yum install -y wget /usr/bin/yum install -y ntp ntpdate -d cn.pool.ntp.org date echo "##### update server time #####" >> /var/spool/cron/root echo "*/10 * * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null 2>&1 && /sbin/clock -w > /dev/null 2>&1" >> /var/spool/cron/root echo "" >> /var/spool/cron/root echo "##### history #####" >> /var/spool/cron/root echo "*/5 * * * * /usr/local/gacp/worksh/history.sh > /dev/null 2>&1" >> /var/spool/cron/root echo "" >> /var/spool/cron/root echo "##### Logs #####" >> /var/spool/cron/root echo "00 00 * * * /usr/local/gacp/worksh/del_100day_before_logs.sh > /dev/null 2>&1" >> /var/spool/cron/root echo "00 00 * * * /usr/local/gacp/worksh/log_rotate.sh > /dev/null 2>&1" >> /var/spool/cron/root echo "" >> /var/spool/cron/root #下載必要系統工具 /usr/bin/yum install -y lsof htop nmap iotop telnet iptraf iftop vim-enhanced logrotate ntsysv bind-utils sysstat irqbalance microcode_ctl dstat net-snmp rsync openssh-clients #selinux is disabled sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config echo "selinux is disabled,you must reboot!" #vim sed -i "8 s/^/alias vi='vim'/" /root/.bashrc sed -i "9 s/^/alias dstat='dstat -cdlmnpsy'\n/" /root/.bashrc sed -i "10 s/^/alias grep='grep --color=auto'\n\n/" /root/.bashrc echo 'syntax on' > /root/.vimrc source ~/.bashrc mv /etc/security/limits.d/90-nproc.conf /etc/security/limits.d/90-nproc #file size echo 'ulimit -SHn 65535' >> /etc/rc.local cat >> /etc/security/limits.conf << EOF *                     soft     nofile             60000 *                     hard     nofile             65535 EOF #sysctl.conf cat >> /etc/sysctl.conf <<eof # NEW ADD net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_syncookies = 1 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_max_syn_backlog = 65535 net.ipv4.tcp_max_tw_buckets = 65535 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 131070 net.core.somaxconn = 20480 eof /sbin/sysctl -p #init for sun in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 2345 $sun off;done for sun in crond irqbalance network sysstat sshd rsyslog iptables;do chkconfig --level 2345 $sun on;done DATE=`date +%Y%m%H` #add lsyw user /usr/sbin/useradd lsyw echo "lishen@123" | passwd lsyw --stdin #ssh ssh_cf="/etc/ssh/sshd_config" cp $ssh_cf $ssh_cf.$DATE sed -i "s/#Port 22/Port 50000/" $ssh_cf sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf sed -i "/X11Forwarding yes/d" $ssh_cf sed -i "s/#X11Forwarding no/X11Forwarding no/g" $ssh_cf sed -i "s/#PrintMotd yes/PrintMotd no/g" $ssh_cf sed -i "s/#PrintLastLog yes/PrintLastLog no/g" $ssh_cf sed -i 's/^#PermitRootLogin yes/PermitRootLogin no/' $ssh_cf sed -i '$aAllowUsers lsyw' $ssh_cf /etc/init.d/sshd reload #iptables添加規則放通50000端口 sed -i '/dport 22/{ s/22/50000/g }' /etc/sysconfig/iptables /etc/init.d/iptables reload #清空信息信息爲了安全 ISSUE=/etc/issue ISSUE_NET=/etc/issue.net RELEASE=/etc/redhat-release cp $ISSUE $ISSUE.$DATE cp $ISSUE_NET $ISSUE_NET.$DATE cp $RELEASE $RELEASE.$DATE >$ISSUE >$ISSUE_NET >$RELEASE #snmp snmp_cf="/etc/snmp/snmpd.conf" cp $snmp_cf $snmp_cf.$DATE rm -rf $snmp_cf cp -a ./etc/snmpd.conf $snmp_cf #deluser userdel uucp userdel operator userdel games userdel gopher userdel ftp #防爆破登陸 yum install -y fail2ban mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.$DATE cp -ap ./file/jail.conf /etc/fail2ban/ mkdir /usr/local/gacp/worksh -p cp -ap ./file/history.sh ./file/log_rotate.sh ./file/del_100day_before_logs.sh /usr/local/gacp/worksh/