centos7初始化脚本

#!/bin/bash

# Author: chunk
# date:2017-05-04
# des: system_init_shell
# version: 1.0if [[ "$(whoami)" != "root" ]]; thenecho "please run this script as root ." >&2exit 1
fiecho -e "\033[31m 这个是centos7系统初始化脚本，请慎重运行！ 5秒后开始执行！press ctrl+C to cancel \033[0m"
sleep 5#changes network interface to ONBOOT=YES
change_network()
{sed -i '/ONBOOT/s#no#yes#' /etc/sysconfig/network-scripts/ifcfg-enp0s3/etc/init.d/network restart
}restart_sshd()
{service sshd restart
}#update system pack
yum_update(){yum -y install wget net-tools lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel  python-develyum -y install epel-release
#    cd /etc/yum.repos.d/
#    mkdir bak
#    mv ./*.repo bak
#    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#    yum clean all && yum makecache}#set ntp
zone_time()
{cp  /usr/share/zoneinfo/Asia/Hong_Kong  /etc/localtimeprintf 'ZONE="Asia/Hong_Kong"\nUTC=false\nARC=false' > /etc/sysconfig/clock/usr/sbin/ntpdate pool.ntp.orgecho "* */5 * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root;chmod 600 /var/spool/cron/rootecho 'LANG="en_US.UTF-8"' > /etc/sysconfig/i18nsource  /etc/sysconfig/i18n
}#set ulimit
ulimit_config(){
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF*           soft   nofile       102400*           hard   nofile       102400*           soft   nproc        102400*           hard   nproc        102400
EOF
}#set ssh
sshd_config(){
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
systemctl start crond
}#set sysctl
sysctl_config(){
cp /etc/sysctl.conf /et/sysctl.conf.bak
cat > /etc/sysctl.conf << EOFnet.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.default.accept_source_route = 0kernel.sysrq = 0kernel.core_uses_pid = 1net.ipv4.tcp_syncookies = 1kernel.msgmnb = 65536kernel.msgmax = 65536kernel.shmmax = 68719476736kernel.shmall = 4294967296net.ipv4.tcp_max_tw_buckets = 6000net.ipv4.tcp_sack = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_rmem = 4096 87380 4194304net.ipv4.tcp_wmem = 4096 16384 4194304net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.core.netdev_max_backlog = 262144net.core.somaxconn = 262144net.ipv4.tcp_max_orphans = 3276800net.ipv4.tcp_max_syn_backlog = 262144net.ipv4.tcp_timestamps = 0net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_keepalive_time = 1200net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}#disable selinux
selinux_config(){
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
echo "selinux is disable"
}iptables_config(){
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install iptables-services -y
cat > /etc/sysconfig/iptables << EOF
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
EOF
/sbin/service iptables restart
}main(){
yum_update
zone_time
ulimit_config
#sshd_config
sysctl_config
selinux_config
iptables_config
}main

本文转自 yanconggod 51CTO博客，原文链接:http://blog.51cto.com/yanconggod/2055531

centos7初始化脚本相关推荐

centos7.X系统初始化脚本
一.我把优化centos7的脚本分享给大家,建议刚安装完服务器的朋友执行如下优化脚本 [root@test2 yum.repos.d]# cat centos7.sh #!/bin/bash #aut ...
虚拟机初始化脚本, 虚拟机相互免秘钥
一.虚拟机初始化脚本 #!/bin/bash ## -bash: ./lucky.sh: /bin/bash^M: bad interpreter: No such file or directory ...
MySQL初始化脚本mysql_install_db使用简介及选项参数
mysql_install_db是一个默认放在.../mysql/scripts的一个初始化脚本. 该脚本可以在任何装有perl的操作系统上被使用,在5.6.8之前的版本,该脚本是一个shell脚本, ...
Centos 7初始化脚本
今天跟大家分享一个我自己写的Linux初始化脚本,自认为写的不是很好.希望看到这篇文章的你,能暂时停留下你的脚步,给些修改意见,或者有什么需要补充的地方都可以提出来,大家共同进步,谢谢! 此脚本主要功 ...
mysql_install_db参数_MySQL初始化脚本mysql_install_db使用简介及选项参数
mysql_install_db是一个默认放在.../mysql/scripts的一个初始化脚本. 该脚本可以在任何装有perl的操作系统上被使用,在5.6.8之前的版本,该脚本是一个shell脚本, ...
s5.CentOS、Ubuntu、Rocky Linux系统初始化脚本
CentOS.Ubuntu.Rocky Linux系统初始化脚本 Shell脚本源码地址 Gitee:https://gitee.com/raymond9/shell Github:https://g ...
centos6——初始化脚本
服务器centos6初始化脚本,包含几个方面: 修改主机名添加用户秘钥 ssh 端口修改 ulimit值修改防火墙修改添加追踪日志时间同步安装一些基础软件包 nagios客户端安装 zabb ...
linux 账户初始化脚本,linux 系统初始化脚本
服务器初始化脚本,可以参考一下. #!/bin/env bash exportPATH=$PATH:/bin:/sbin:/usr/sbin # Require root to run thisscr ...
【flyway】从mysql的初始化脚本到 oracle 的初始化脚本
背景:系统使用的 flyway 进行自动升级.现在要兼容 oracle.首要之事当然是制作 oracle 的数据初始化脚本. 失败经历:使用 Navicat Premium 12 的[工具->数 ...
android 初始化脚本,Android init language与init.rc初始化脚本
微信公众号:杨源鑫如果你觉得文章对你有帮助,欢迎在评论区交流讨论参考: android源码目录里的system/core/init/readme.txt. Android系统里以*.rc为扩展名为 ...

centos7初始化脚本

centos7初始化脚本相关推荐

最新文章

热门文章