#!/bin/bash echo "这个是系统初始化脚本,请慎重运行!" input_fun() { OUTPUT_VAR=$1 INPUT_VAR="" while [ -z $INPUT_VAR ];do read -p "$OUTPUT_VAR" INPUT_VAR done echo $INPUT_VAR } input_again() { MYHOSTNAME=$(input_fun "please input the hostname:") DOMAINNAME=$(input_fun "please input the domainname:") CARD_TYPE=$(input_fun "please input card type(eth0):") IPADDR=$(input_fun "please input ip address(192.168.100.1):") NETMASK=$(input_fun "please input netmask(255.255.255.0):") GATEWAY=$(input_fun "please input gateway(192.168.100.1):") MYDNS1=$(input_fun "please input DNS1(114.114.114.114):") MYDNS2=$(input_fun "please input DNS2(8.8.4.4):") } input_again MAC=$(ifconfig $CARD_TYPE | grep "HWaddr" | awk -F[" "]+ ‘{print $5}‘) #SET COMPUTER NAME cat >/etc/sysconfig/network <<ENDF NETWORK=yes HOSTNAME=$MYHOSTNAME ENDF cat >/etc/sysconfig/network-scripts/ifcfg-$CARD_TYPE <<ENDF DEVICE=$CARD_TYPE BOOTPROTO=static HWADDR=$MAC NM_CONTROLLED=yes ONBOOT=yes TYPE=Ethernet IPV6INIT=no IPADDR=$IPADDR NETMASK=$NETMASK GATEWAY=$GATEWAY ENDF /etc/init.d/network restart cat >/etc/hosts <<ENDF 127.0.0.1 $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost $IPADDR $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME localhost ENDF cat >/etc/resolv.conf <<ENDF domain $DOMAINNAME search $DOMAINNAME nameserver $MYDNS1 nameserver $MYDNS2 ENDF #关闭SEKINUX sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/sysconfig/selinux setenforce 0 #修改文件打开数 echo "* soft nofile 66666" >> /etc/security/limits.conf echo "* hard nofile 66666" >> /etc/security/limits.conf #优化内核参数 cat >> /etc/sysctl.conf << ENDF net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65535 ENDF sysctl -p #关闭系统不用的服务 for server in `chkconfig --list |grep 3:on|awk ‘{ print $1}‘` do chkconfig --level 3 $server off done for server in crond network rsyslog sshd do chkconfig --level 3 $server on done #增加用户并sudo提权 user_add() { USERNAME=$(input_fun "please input new user name:") useradd $USERNAME passwd $USERNAME } user_add chmod +w /etc/sudoers echo "$USERNAME ALL=(ALL) ALL" >>/etc/sudoers chmod -w /etc/sudoers #设置时间时区同步 yum -y install ntpdate /usr/sbin/ntpdate time.nist.gov echo "*/5 * * * * root /usr/sbin/ntpdate time.nist.gov 1> /dev/null 2>&1" >> /var/spool/cron/root #配置SSHD sed -i ‘/^#Port/s/#Port 22/Port 65535/g‘ /etc/ssh/sshd_config sed -i ‘/^#UseDNS/s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_config sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/g‘ /etc/ssh/sshd_config sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g‘ /etc/ssh/sshd_config iptables -A INPUT -p tcp --dport 65535 -j ACCEPT /etc/init.d/sshd restart
本文出自 “枫林晚” 博客,请务必保留此出处http://fengwan.blog.51cto.com/508652/1430307
CentOS 6.5初始化优化脚本,布布扣,bubuko.com
原文:http://fengwan.blog.51cto.com/508652/1430307