#!/bin/bash
#设置时区并同步时间
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
if ! crontab -l |grep ntpdate &>/dev/null ; then
(echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontab -l
fi
#更改字符集
/usr/bin/cp
/etc/sysconfig/i18n
/etc/sysconfig/i18n
.bak
echo
‘LANG="en_US.UTF-8"‘
>
/etc/sysconfig/i18n
#更改默认的ssh服务端口,禁止root用户远程连接,禁止空密码连接
/bin/cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
#sed -i ‘s/\#Port 22/Port 52113/‘ /etc/ssh/sshd_config
sed -i ‘s/\#PermitRootLogin yes/PermitRootLogin no/‘ /etc/ssh/sshd_config
sed -i ‘s/\#PermitEmptyPasswords no/PermitEmptyPasswords no/‘ /etc/ssh/sshd_config
sed -i ‘s/\#UseDNS yes/UseDNS no/‘ /etc/ssh/sshd_config
[ `grep "Port 52113" /etc/ssh/sshd_config |wc -l` -ne 0 -a `grep "PermitRootLogin no" /etc/ssh/sshd_config|wc -l` -ne 0 -a `grep "PermitEmptyPasswords no" /etc/ssh/sshd_config|wc -l` -ne 0 -a `grep "UseDNS no" /etc/ssh/sshd_config|wc -l` -ne 0 ] &&action "ssh set" /bin/true || action "ssh set" /bin/false
[ `grep "PermitRootLogin no" /etc/ssh/sshd_config|wc -l` -ne 0 -a `grep "PermitEmptyPasswords no" /etc/ssh/sshd_config|wc -l` -ne 0 -a `grep "UseDNS no" /etc/ssh/sshd_config|wc -l` -ne 0 ] &&action "ssh set" /bin/true || action "ssh set" /bin/false
锁定关键的系统文件可以增加系统的安全性,使用chattr命令来锁定,下面是几个需要锁定的文件:
#用户文件
chattr +i /etc/passwd
#用户密码文件
chattr +i /etc/shadow
#用户组文件
chattr +i /etc/group
#主密码文件
chattr +i /etc/gshadow
#开机启动的重要文件
chattr +i /etc/inittab
#关闭防火墙:
systemctl disable firewalld.service
systemctl stop firewalld.service
#关闭selinux配置:
/usr/bin/cp
/etc/selinux/config
/etc/selinux/config
.bak
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
setenforce 0
#修改主机名:
read -p "请输入主机名" Hostname
hostname $Hostname
echo "HOSTNAME=$Hostname">/etc/sysconfig/network
#配置本地yum源
cd /etc/yum.repos.d/
tar -czvf repos.tar.gz *.repo
cat <<EOF>/etc/yum.repos.d/local.repo
[local]
name=CentOS7
baseurl=file:///mnt
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
EOF
mount /dev/sr0 /mnt
yum groupinstall -y
"development tools"