linux系统初始化脚本

2021-07-14 07:19:29

给大家分享一个工作中很实用的系统初始化脚本,其实就是各种命令的集合!当然了,如果有cobber就更嗨了~~

点击(此处)折叠或打开

  1. #!/bin/bash
  2. ###此脚本用于初始化系统,也就是刚刚配置完网卡的服务器用于初始化.
  3. ## This is system init shell script.
  4. ## Writen by zhunzhun.zeng 2013-06-18
  5. cat
  6. +------------------------------------------------------------------+
  7. | ***Welcome to CentOS System init*** |
  8. +------------------------------------------------------------------+
  9. EOF
  10. echo -e "\033[33;5m注意此脚本只适合同时带外网和内网IP地址的服务器。\033[0m";
  11. choose="no yes"
  12. echo -e "\033[31;1m请确认要初始化这台服务器的操作系统配置?\033[0m";
  13. select comfirm in $choose
  14. do
  15. if [ "${comfirm}" != "yes" ]; then
  16. echo "初始化结束";
  17. exit 0;
  18. fi
  19. break;
  20. done;
  22. OS=`cat /etc/redhat-release | awk '{print $1}'`
  23. VER=`cat /etc/redhat-release | awk '{print $3}' | awk -F'.' '{print $1}'`
  24. if [ $OS != 'CentOS' ] || [ $VER != '6' ];then
  25. echo -e '\033[31;1mThe current system does not match, the script shell exits!\033[0m'
  26. exit
  27. else
  28. echo -e '\033[34;1m开始初始化操作系统中......\033[0m'
  29. fi
  31. ###关闭NetworkManager服务
  32. /etc/init.d/NetworkManager stop > /dev/null 2>&1 && chkconfig NetworkManager off
  33. if [ $? = '0' ];then
  34. echo -e '\033[32;1m1.NetworkManager服务已关闭\033[0m'
  35. fi
  37. ###创建目录
  38. mkdir /root/{config,shell,software} > /dev/null 2>&1
  39. if [ $? = '0' ];then
  40. echo -e '\033[32;1m2.创建目录完成\033[0m'
  41. else
  42. echo -e '\033[32;1m2.目录已经存在\033[0m'
  43. fi
  45. ###关闭Selinux服务
  46. setenforce 0 > /dev/null 2>&1 && sed -i s/"SELINUX=enforcing"/"SELINUX=disabled"/g /etc/sysconfig/selinux
  47. echo -e '\033[32;1m3.Selinux已关闭\033[0m'
  49. ###开始创建软链接
  50. ln -s /etc/crontab /root/config/ > /dev/null 2>&1
  51. ln -s /etc/hosts /root/config/ > /dev/null 2>&1
  52. ln -s /etc/sysconfig/iptables /root/config/ > /dev/null 2>&1
  53. ln -s /etc/security/limits.conf /root/config/ > /dev/null 2>&1
  54. ln -s /etc/rc.local /root/config/ > /dev/null 2>&1
  55. ln -s /etc/resolv.conf /root/config/ > /dev/null 2>&1
  56. ln -s /etc/selinux/config /root/config/ > /dev/null 2>&1
  57. ln -s /etc/ssh/sshd_config /root/config/ > /dev/null 2>&1
  58. ln -s /etc/sysctl.conf /root/config/ > /dev/null 2>&1
  59. ln -s /etc/yum.repos.d /root/config/ > /dev/null 2>&1
  60. echo -e '\033[32;1m4.软链接创建完成\033[0m'
  62. ###配置DNS解析
  63. echo "" > /etc/resolv.conf
  64. echo "nameserver 192.168.168.229" > /etc/resolv.conf
  65. echo "nameserver 202.106.0.20" >> /etc/resolv.conf
  66. echo -e '\033[32;1m5.DNS配置完成\033[0m'
  68. ###配置计划任务
  69. CRON=`cat /etc/crontab | grep "ntp.puppet.com" | grep -v grep | wc -l`
  70. if [ $CRON -eq "0" ];then
  71. sed -i "15 a\*/5 * * * * root ntpdate ntp.puppet.com > /dev/null 2>&1" /etc/crontab
  72. fi
  73. echo -e '\033[32;1m6.计划任务配置完成\033[0m'
  75. ###安装软件源
  76. YUM=`ls -l /etc/yum.repos.d/ | grep -e epel.repo -e nginx.repo -e remi.repo | wc -l`
  77. if [ $YUM -eq "0" ];then
  78. rpm -ivf http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm > /dev/null 2>&1
  79. rpm -ivf http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm > /dev/null 2>&1
  80. rpm -ivf http://rpms.famillecollet.com/enterprise/remi-release-6.rpm > /dev/null 2>&1
  81. fi
  82. echo -e '\033[32;1m7.软件源安装完成\033[0m'
  84. ###安装软件包
  85. SOFT=`rpm -qa gcc openssl-devel rpcbind vim telnet openssh-clients rsync zlib-devel | wc -l`
  86. if [ $SOFT -eq "0" ];then
  87. yum install -y gcc openssl-devel rpcbind vim telnet openssh-clients rsync zlib-devel > /dev/null 2>&1
  88. fi
  89. echo -e '\033[32;1m8.软件包安装完成\033[0m'
  91. ###配置登录显示
  92. echo "Welcome to visit prize.the server!" > /etc/motd
  93. echo -e '\033[32;1m9.登录显示配置完成\033[0m'
  95. ###配置ssh服务
  96. sed -i s/'#UseDNS yes'/'UseDNS no'/g /etc/ssh/sshd_config
  97. sed -i s/'GSSAPIAuthentication yes'/'GSSAPIAuthentication no'/g /etc/ssh/sshd_config
  98. mkdir /root/.ssh > /dev/null 2>&1
  99. echo "ssh-rsa AAAAB3NzaC1yc3EAAAABIwAAAQEAm3gIM+Lk3DUZ5cM8swTrTFty9iaSCW+3YDPY5f6QayPB/1zS19pD3jZgYi6neO64FUj23Z0u7yKIC2GQciXaYULFCsIPnB7crB9YYoI9RdrcAwiXotWp4ZaysugRrltddqdFLkUyZBjoegmSzBQW5ENUfzDIbsi6P0Bk4ep1/hLDrRszg9r8sUHrElRj0vt1b0bZpmbTon4iCQa8ne8MILXogVcEHg2yfiZsiXBobu/6w7lkW2TsXu+yNMjml1J8f5mbqKWq1qLcdoxQ9Asscx/VfzsB3aIBg1vSVwDwa+9mA1stJwdnhcxTEZFB9Zz8HKOj66Lfmq8elxt6w== root@mirror" > /root/.ssh/authorized_keys
  100. echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApISEFRv54KtuJ2a6PIhQuL+r9Wp35FK9MUgK3Z8taBSQsWVju6ArFPAUn2Os/dmC0yS67EIHMe5qVHocC/dTQyl2khR1CwHwUU32UOBWxSH+WDbOT1CpaSXiGQAxyr0Ne5UynPNSYQkKD/8E17UHYE5tbgQ0aOf+URpq6KGVXejQm1jAuseYijELuV4Y27QXcgnZ5YWuauzPDYHYNgdwqdqHEe+MhXKa4r3ALeBQn6VWCcLe7YH8ZQ1v6BcnsB+C21Xclz9N6niQgcm54N40sSYBCCM9ELxirfwAGJ3GfP4fNZGgvHY55ym1807mfZ4cAGykM9tAaF6L3vxxx== root@backup.puppet.com" >> /root/.ssh/authorized_keys
  101. sed -i s/'PasswordAuthentication yes'/'PasswordAuthentication no'/g /etc/ssh/sshd_config
  102. /etc/init.d/sshd restart > /dev/null 2>&1
  103. echo -e '\033[32;1m10.ssh服务配置完成\033[0m'
  105. ###配置打开连接数
  106. LIMIT=`cat /etc/security/limits.conf | grep 65535 | grep -v grep | wc -l`
  107. if [ $LIMIT -eq "0" ];then
  108. echo "* soft nofile 65535" >> /etc/security/limits.conf
  109. echo "* hard nofile 65535" >> /etc/security/limits.conf
  110. echo "* soft nproc 65535" >> /etc/security/limits.conf
  111. echo "* hard nproc 65535" >> /etc/security/limits.conf
  112. fi
  113. echo -e '\033[32;1m11.打开文件数配置完成\033[0m'
  115. ###配置防火墙
  116. iptables-save > /etc/sysconfig/iptables
  117. /etc/init.d/iptables restart > /dev/null 2>&1
  118. echo -e '\033[32;1m12.防火墙配置完成\033[0m'
  120. ###修改内核参数
  121. ROW=`cat /etc/sysctl.conf | wc -l`
  122. if [ $ROW = "40" ];then
  123. cp /etc/sysctl.conf /etc/sysctl.conf.default
  124. cat > /etc/sysctl.conf
  125. # Kernel sysctl configuration file for Red Hat Linux
  126. #
  127. # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
  128. # sysctl.conf(5) for more details.
  130. # Controls IP packet forwarding
  131. net.ipv4.ip_forward = 0
  132. net.ipv4.ip_local_port_range = 1024 65535
  133. net.ipv4.ip_dynaddr = 0
  134. net.ipv4.ip_nonlocal_bind = 0
  135. net.ipv4.ip_no_pmtu_disc = 0
  136. net.ipv4.ip_default_ttl = 64
  138. # Controls source route verification
  139. net.ipv4.conf.default.rp_filter = 1
  141. # Do not accept source routing
  142. net.ipv4.conf.default.accept_source_route = 0
  144. # Controls the System Request debugging functionality of the kernel
  145. kernel.sysrq = 0
  146. kernel.msgmnb = 65536
  147. kernel.msgmax = 65536
  148. kernel.shmmax = 68719476736
  149. kernel.shmall = 134217728
  151. # Controls whether core dumps will append the PID to the core filename.
  152. # Useful for debugging multi-threaded applications.
  153. kernel.core_uses_pid = 1
  155. # Controls the use of TCP syncookies
  156. net.ipv4.tcp_syncookies = 1
  157. net.ipv4.tcp_rmem = 4096 87380 16777216
  158. net.ipv4.tcp_wmem = 4096 65536 16777216
  159. net.ipv4.tcp_mem = 196608 262144 393216
  160. net.ipv4.tcp_fin_timeout = 15
  161. net.ipv4.tcp_tw_recycle = 1
  162. net.ipv4.tcp_tw_reuse = 1
  163. net.ipv4.tcp_no_metrics_save = 1
  164. net.ipv4.tcp_max_orphans = 262144
  165. net.ipv4.tcp_max_syn_backlog = 262144
  166. net.ipv4.tcp_synack_retries = 1
  167. net.ipv4.tcp_syn_retries = 1
  168. net.ipv4.tcp_slow_start_after_idle = 1
  169. net.ipv4.tcp_dma_copybreak = 4096
  170. net.ipv4.tcp_workaround_signed_windows = 0
  171. net.ipv4.tcp_base_mss = 512
  172. net.ipv4.tcp_mtu_probing = 0
  173. net.ipv4.tcp_abc = 0
  174. net.ipv4.tcp_congestion_control = bic
  175. net.ipv4.tcp_tso_win_divisor = 3
  176. net.ipv4.tcp_moderate_rcvbuf = 1
  177. net.ipv4.tcp_low_latency = 0
  178. net.ipv4.tcp_frto = 0
  179. net.ipv4.tcp_adv_win_scale = 2
  180. net.ipv4.tcp_app_win = 31
  181. net.ipv4.tcp_dsack = 1
  182. net.ipv4.tcp_ecn = 0
  183. net.ipv4.tcp_reordering = 3
  184. net.ipv4.tcp_fack = 1
  185. net.ipv4.tcp_orphan_retries = 0
  186. net.ipv4.tcp_rfc1337 = 0
  187. net.ipv4.tcp_stdurg = 0
  188. net.ipv4.tcp_abort_on_overflow = 0
  189. net.ipv4.tcp_syncookies = 1
  190. net.ipv4.tcp_retries2 = 15
  191. net.ipv4.tcp_retries1 = 3
  192. net.ipv4.tcp_keepalive_intvl = 75
  193. net.ipv4.tcp_keepalive_probes = 9
  194. net.ipv4.tcp_keepalive_time = 30
  195. net.ipv4.tcp_max_tw_buckets = 6000
  196. net.ipv4.tcp_retrans_collapse = 0
  197. net.ipv4.tcp_sack = 1
  198. net.ipv4.tcp_window_scaling = 1
  199. net.ipv4.tcp_timestamps = 1
  201. # Disable netfilter on bridges.
  202. net.bridge.bridge-nf-call-ip6tables = 0
  203. net.bridge.bridge-nf-call-iptables = 0
  204. net.bridge.bridge-nf-call-arptables = 0
  206. net.core.rmem_max = 16777216
  207. net.core.wmem_max = 16777216
  208. net.core.netdev_max_backlog = 262144
  209. net.core.somaxconn = 262144
  211. net.ipv4.udp_wmem_min = 4096
  212. net.ipv4.udp_rmem_min = 4096
  213. net.ipv4.udp_mem = 774240 1032320 1548480
  215. vm.swappiness = 3
  216. net.ipv4.cipso_rbm_strictvalid = 1
  217. net.ipv4.cipso_rbm_optfmt = 0
  218. net.ipv4.cipso_cache_bucket_size = 10
  219. net.ipv4.cipso_cache_enable = 1
  221. net.ipv4.inet_peer_gc_maxtime = 120
  222. net.ipv4.inet_peer_gc_mintime = 10
  223. net.ipv4.inet_peer_maxttl = 600
  224. net.ipv4.inet_peer_minttl = 120
  225. net.ipv4.inet_peer_threshold = 65664
  227. net.ipv4.igmp_max_msf = 10
  228. net.ipv4.igmp_max_memberships = 20
  230. net.ipv4.route.secret_interval = 600
  231. net.ipv4.route.min_adv_mss = 256
  232. net.ipv4.route.min_pmtu = 552
  233. net.ipv4.route.mtu_expires = 600
  234. net.ipv4.route.gc_elasticity = 8
  235. net.ipv4.route.error_burst = 5000
  236. net.ipv4.route.error_cost = 1000
  237. net.ipv4.route.redirect_silence = 20480
  238. net.ipv4.route.redirect_number = 9
  239. net.ipv4.route.redirect_load = 20
  240. net.ipv4.route.gc_interval = 60
  241. net.ipv4.route.gc_timeout = 300
  242. net.ipv4.route.gc_min_interval_ms = 500
  243. net.ipv4.route.gc_min_interval = 0
  244. net.ipv4.route.max_size = 4194304
  245. net.ipv4.route.gc_thresh = 262144
  247. net.ipv4.icmp_ratemask = 6168
  248. net.ipv4.icmp_ratelimit = 1000
  249. net.ipv4.icmp_errors_use_inbound_ifaddr = 0
  250. net.ipv4.icmp_ignore_bogus_error_responses = 1
  251. net.ipv4.icmp_echo_ignore_broadcasts = 1
  252. net.ipv4.icmp_echo_ignore_all = 0
  254. net.ipv4.ipfrag_max_dist = 64
  255. net.ipv4.ipfrag_secret_interval = 600
  256. net.ipv4.ipfrag_time = 30
  257. net.ipv4.ipfrag_low_thresh = 196608
  258. net.ipv4.ipfrag_high_thresh = 262144
  259. EOF
  260. sysctl -p
  261. fi
  262. echo -e '\033[32;1m13.内核参数配置完成\033[0m'
  263. echo -e '\033[34;1m这台服务器系统初始化已完成!\033[0m'

上一篇:Android Studio导入Eclipse项目源码


下一篇:Linux 2 unit11 系统恢复技术