linux一键优化脚本1.0

2019独角兽企业重金招聘Python工程师标准>>>

#!/bin/bash
#Author:Johnny.Feng
#fengjihu@chnvideo.com

. /etc/init.d/functions

#开启iptables服务
function set_Iptables(){
iptables -F
iptables -X
iptables -Z
iptables -I INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 9022 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -m limit --limit 3/second --limit-burst 5 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 3/second --limit-burst 5 -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
/etc/init.d/iptables save
}

#关闭不需要的服务
function stop_Service(){
echo "Only start sshd|network|rsyslog|crond|iptables!" > /dev/null
service=($(ls /etc/init.d/))
for i in ${service[@]}; do
case $i in
sshd|network|rsyslog|crond|iptables)
chkconfig $i on;;
*)
chkconfig $i off;;
esac
done
[[ $? == 0 ]] && action "Close Non-essential service!!" /bin/true || action "Close Non-essential service!!" /bin/false
}

#修改ssh配置
function set_ssh(){
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
[[ $? == 0 ]] && action "Change GSSAPIAuthentication yes to no " /bin/true || action "Restart ssh service" /bin/false
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
[[ $? == 0 ]] && action "Change UseDNS yes yes to no " /bin/true || action "Restart ssh service" /bin/false
sed -i 's/#Port 22/Port 9022/' /etc/ssh/sshd_config
[[ $? == 0 ]] && action "Change port 22 to 9022 " /bin/true || action "Restart ssh service" /bin/false
echo -e "\033[31mNote: SSH PORT Change to 9022\033[0m"
service sshd restart
[[ $? == 0 ]] && action "Restart ssh service" /bin/true || action "Restart ssh service" /bin/false
}

#更改时区为上海
function change_zone_Shanghai(){
mv /etc/localtime /etc/localtime.`date +%Y%m%d`
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
cat > /etc/sysconfig/clock <<EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
[[ `date -R |awk '{print $6}'` == '+0800' ]] && action "Change zone to Shanghai" /bin/true
}

#设置文件数限制
function file_limit() {
grep "soft nofile" /etc/security/limits.conf > /dev/null
if [[ $? != 0 ]];then
cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
EOF
else
:
fi
[[ $? == 0 ]] && action "Set file limit" /bin/true;echo -e "\033[32mPlese reboot system,make it changed.\033[0m" || action "Set file limit" /bin/false
}

#关闭SElinux
function disabled_selinux() {
grep SELINUX=disabled /etc/selinux/config >/dev/null
if [[ $? != 0 && getenforce != "Disabled" ]];then
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
[[ $? == 0 ]] && action "Change SELINUX enforcing to disabled" /bin/true || action "Change SELINUX enforcing to disabled" /bin/false
setenforce 0
[[ $? == 0 ]] && action "Close SELINUX" /bin/true || action "Close SELINUX" /bin/false
else
action "Close SELINUX already seted." /bin/true
fi
}

#设置sysctl
function set_sysctl() {
cat > /etc/sysctl.conf <<EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p > /dev/null
[[ $? == 0 ]] && action "Change Sysctl.conf" /bin/true || action "Change Sysctl.conf" /bin/false
}

#设置同步时间服务器
function set_synctime() {
count=$(crontab -l | grep ntpdate | wc -l)
chkconfig --list | grep ntp >> /dev/NULL
if [ $? != 0 ];then
echo "Ntpdate not install,now install it." > /dev/null
yum -y install ntp > /dev/null
[[ $? == 0 ]] && action "Install Ntpdate" /bin/true || action "Install Ntpdate" /bin/false
count = $(crontab -l | grep ntpdate | wc -l)
if [[ ${count} == 0 ]];then
echo "0 0 * * * /usr/sbin/ntpdate cn.pool.ntp.org;/sbin/hwclock -w > /dev/null 2>&1" >>/var/spool/cron/root
else
:
fi
else
if [[ ${count} == 0 ]];then
echo "0 0 * * * /usr/sbin/ntpdate cn.pool.ntp.org;/sbin/hwclock -w > /dev/null 2>&1" >>/var/spool/cron/root
else
:
fi
fi
echo -e "Now time is: \033[32m$(/usr/sbin/ntpdate cn.pool.ntp.org)\033[0m" && action "Sync time" /bin/true || action "Sync time" /bin/false
}

#从本地添加YUM源
function add_yum_location() {
yes | cp ./yum/10gen.repo ./yum/epel.repo ./yum/ajenti.repo ./yum/cobbler-config.repo ./yum/epel-testing.repo /etc/yum.repos.d/ > /dev/null
[[ $? == 0 ]] && action "Copy repo file." /bin/true || action "Copy repo file." /bin/false
yum clean all >/dev/null
[[ $? == 0 ]] && action "Clear yum cache." /bin/true || action "Clear yum cache." /bin/false
echo -e "\033[32mYum makecache may take some times.\033[0m"
yum makecache > /dev/null
[[ $? == 0 ]] && action "Yum Makecache." /bin/true || action "Yum Makecache." /bin/false
}

#安装lrzsz
function install_lrzsz(){
rpm -qa | grep lrzsz > /dev/null
if [[ $? != 0 ]];then
yum -y install lrzsz > /dev/null
[[ $? == 0 ]] && action "Install lrzsz." /bin/true || action "Install lrzsz." /bin/false
else
action "Lrzsz already installed." /bin/true
fi
}

#主程序部分
#export LANG=zh_CN.GB18030

#判断是否为root用户
if [ $(id -u) != 0 ];then
echo "Must be root can do this script."
exit
fi

#判断系统
platform=`uname -i`
version=`lsb_release -r |awk '{print substr($2,1,1)}'`
if [[ $platform != "x86_64" && $version != 6 ]];then
echo "This script is only for CentOS6 64bit Operating System !"
exit
fi

if [[ $1 == "" ]];then
#执行操作
serviceList=(disabled_selinux change_zone_Shanghai add_yum_location set_synctime stop_Service set_ssh set_sysctl file_limit install_lrzsz set_Iptables)

for i in ${serviceList[@]}; do
${i}
[[ $? == 0 ]] && action "${i}" /bin/true || action "${i}" /bin/false
done

else
$1
fi

#disabled_selinux
#change_zone_Shanghai
#add_yum_location
#set_synctime
#stop_Service
#set_ssh
#set_sysctl
#file_limit
#install_lrzsz
#set_Iptables

转载于:https://my.oschina.net/fengjihu/blog/192461

linux一键优化脚本1.0相关推荐

linux 优化脚本关闭服务器,linux服务器一键优化脚本
服务器一键优化脚本,高亮显示linux 内容:关闭selinux.时间同步设置.永久静态路由天添加.经常使用软件安装centos 高并发参数调优:文件句柄数调优.防火墙表空间调优bash 测试环境:c ...
linux内核优化脚本,linux内核高级优化脚本
linux内核高级优化脚本可以用于hadoop生态圈环境的组件安装 linux内核调优具体的每一步的解释请参考 03搭建cdh 备注:使用与centos6和centos7两个系统版本执行 [[em ...
linux一键分区脚本,【Shell】Linux中分区脚本
后天要中期答辩了,今天只刷了一个题,还没写出来,但是想更新博客,所以只有把之前写的东西贴出来了. 一个用于分区的shell脚本 1 #!/bin/bash #指定脚本解释器路径 2 echo &quo ...
Linux一键性能测试脚本
收集一些自用的shell脚本. 测试环境:Centos7.6系统-服务器来自:蓝易云香港五网CN2网络 ,国内速度优秀,支持VPC内网互联.快照.备份等功能. 移动+联通+电信+教育网+广电-五网 ...
linux刷脚本需要什么工具吗,利用宝塔Linux一键挂载脚本工具挂载www目录方法
如果我们网友有使用过宝塔面板的应该知道,默认一般都是安装到www目录的.而且我们有很多网友是不会,而且也不知道挂载数据盘.一般我们买到的有些国内的机器,系统盘10GB,数据盘可能有20GB,但是如果你 ...
Linux一键部署脚本
之前已经开发完跨平台客户端,在Linux运行是用命令行和人为设置权限运行的,适合开发使用,用着挺麻烦.所以需要一键部署,把之前手工的工作汇总起来处理.先打包好文件目录.把dotnet和自己程序包放一个 ...
centos7一键优化脚本
#!/bin/bash usage() {cat <<EOFI Usage: $0 [OPTION] OPTION:all (expcet net_config) #执行所有disable ...
linux一键安装脚本编写,Linux中自动安装脚本
如何让你的主机自动的完成安装,自动的回答系统提出的问题,编写自动安装脚本即可实现,如下将详细解释自动脚本安装方法. systemd-config-kickstart ##自动应答脚本制作工具安装成 ...
Linux执行csh脚本出现 0: Event not found.
脚本内容: #!/bin/csh -fset file_name=$0 set prj_path=$1echo file_name: ${file_name} echo prj_path : ${pr ...

linux一键优化脚本1.0

linux一键优化脚本1.0相关推荐

最新文章

热门文章