linux系统初始化脚本

简介: 给大家分享一个工作中很实用的系统初始化脚本,其实就是各种命令的集合!当然了,如果有cobber就更嗨了~~ 点击(此处)折叠或打开 #!/bin/bash ###此脚本用于初始化系统,也就是刚刚配置完网卡的服务器用于初始化.
给大家分享一个工作中很实用的系统初始化脚本,其实就是各种命令的集合!当然了,如果有cobber就更嗨了~~

点击(此处)折叠或打开

  1. #!/bin/bash
  2. ###此脚本用于初始化系统,也就是刚刚配置完网卡的服务器用于初始化.
  3. ## This is system init shell script.
  4. ## Writen by zhunzhun.zeng 2013-06-18
  5. cat
  6. +------------------------------------------------------------------+
  7. | ***Welcome to CentOS System init*** |
  8. +------------------------------------------------------------------+
  9. EOF
  10. echo -e "\033[33;5m注意此脚本只适合同时带外网和内网IP地址的服务器。\033[0m";
  11. choose="no yes"
  12. echo -e "\033[31;1m请确认要初始化这台服务器的操作系统配置?\033[0m";
  13. select comfirm in $choose
  14. do
  15. if [ "${comfirm}" != "yes" ]; then
  16. echo "初始化结束";
  17. exit 0;
  18. fi
  19. break;
  20. done;
  21. OS=`cat /etc/redhat-release | awk '{print $1}'`
  22. VER=`cat /etc/redhat-release | awk '{print $3}' | awk -F'.' '{print $1}'`
  23. if [ $OS != 'CentOS' ] || [ $VER != '6' ];then
  24. echo -e '\033[31;1mThe current system does not match, the script shell exits!\033[0m'
  25. exit
  26. else
  27. echo -e '\033[34;1m开始初始化操作系统中......\033[0m'
  28. fi
  29. ###关闭NetworkManager服务
  30. /etc/init.d/NetworkManager stop > /dev/null 2>&1 && chkconfig NetworkManager off
  31. if [ $? = '0' ];then
  32. echo -e '\033[32;1m1.NetworkManager服务已关闭\033[0m'
  33. fi
  34. ###创建目录
  35. mkdir /root/{config,shell,software} > /dev/null 2>&1
  36. if [ $? = '0' ];then
  37. echo -e '\033[32;1m2.创建目录完成\033[0m'
  38. else
  39. echo -e '\033[32;1m2.目录已经存在\033[0m'
  40. fi
  41. ###关闭Selinux服务
  42. setenforce 0 > /dev/null 2>&1 && sed -i s/"SELINUX=enforcing"/"SELINUX=disabled"/g /etc/sysconfig/selinux
  43. echo -e '\033[32;1m3.Selinux已关闭\033[0m'
  44. ###开始创建软链接
  45. ln -s /etc/crontab /root/config/ > /dev/null 2>&1
  46. ln -s /etc/hosts /root/config/ > /dev/null 2>&1
  47. ln -s /etc/sysconfig/iptables /root/config/ > /dev/null 2>&1
  48. ln -s /etc/security/limits.conf /root/config/ > /dev/null 2>&1
  49. ln -s /etc/rc.local /root/config/ > /dev/null 2>&1
  50. ln -s /etc/resolv.conf /root/config/ > /dev/null 2>&1
  51. ln -s /etc/selinux/config /root/config/ > /dev/null 2>&1
  52. ln -s /etc/ssh/sshd_config /root/config/ > /dev/null 2>&1
  53. ln -s /etc/sysctl.conf /root/config/ > /dev/null 2>&1
  54. ln -s /etc/yum.repos.d /root/config/ > /dev/null 2>&1
  55. echo -e '\033[32;1m4.软链接创建完成\033[0m'
  56. ###配置DNS解析
  57. echo "" > /etc/resolv.conf
  58. echo "nameserver 192.168.168.229" > /etc/resolv.conf
  59. echo "nameserver 202.106.0.20" >> /etc/resolv.conf
  60. echo -e '\033[32;1m5.DNS配置完成\033[0m'
  61. ###配置计划任务
  62. CRON=`cat /etc/crontab | grep "ntp.puppet.com" | grep -v grep | wc -l`
  63. if [ $CRON -eq "0" ];then
  64. sed -i "15 a\*/5 * * * * root ntpdate ntp.puppet.com > /dev/null 2>&1" /etc/crontab
  65. fi
  66. echo -e '\033[32;1m6.计划任务配置完成\033[0m'
  67. ###安装软件源
  68. YUM=`ls -l /etc/yum.repos.d/ | grep -e epel.repo -e nginx.repo -e remi.repo | wc -l`
  69. if [ $YUM -eq "0" ];then
  70. rpm -ivf http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm > /dev/null 2>&1
  71. rpm -ivf http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm > /dev/null 2>&1
  72. rpm -ivf http://rpms.famillecollet.com/enterprise/remi-release-6.rpm > /dev/null 2>&1
  73. fi
  74. echo -e '\033[32;1m7.软件源安装完成\033[0m'
  75. ###安装软件包
  76. SOFT=`rpm -qa gcc openssl-devel rpcbind vim telnet openssh-clients rsync zlib-devel | wc -l`
  77. if [ $SOFT -eq "0" ];then
  78. yum install -y gcc openssl-devel rpcbind vim telnet openssh-clients rsync zlib-devel > /dev/null 2>&1
  79. fi
  80. echo -e '\033[32;1m8.软件包安装完成\033[0m'
  81. ###配置登录显示
  82. echo "Welcome to visit prize.the server!" > /etc/motd
  83. echo -e '\033[32;1m9.登录显示配置完成\033[0m'
  84. ###配置ssh服务
  85. sed -i s/'#UseDNS yes'/'UseDNS no'/g /etc/ssh/sshd_config
  86. sed -i s/'GSSAPIAuthentication yes'/'GSSAPIAuthentication no'/g /etc/ssh/sshd_config
  87. mkdir /root/.ssh > /dev/null 2>&1
  88. echo "ssh-rsa AAAAB3NzaC1yc3EAAAABIwAAAQEAm3gIM+Lk3DUZ5cM8swTrTFty9iaSCW+3YDPY5f6QayPB/1zS19pD3jZgYi6neO64FUj23Z0u7yKIC2GQciXaYULFCsIPnB7crB9YYoI9RdrcAwiXotWp4ZaysugRrltddqdFLkUyZBjoegmSzBQW5ENUfzDIbsi6P0Bk4ep1/hLDrRszg9r8sUHrElRj0vt1b0bZpmbTon4iCQa8ne8MILXogVcEHg2yfiZsiXBobu/6w7lkW2TsXu+yNMjml1J8f5mbqKWq1qLcdoxQ9Asscx/VfzsB3aIBg1vSVwDwa+9mA1stJwdnhcxTEZFB9Zz8HKOj66Lfmq8elxt6w== root@mirror" > /root/.ssh/authorized_keys
  89. echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApISEFRv54KtuJ2a6PIhQuL+r9Wp35FK9MUgK3Z8taBSQsWVju6ArFPAUn2Os/dmC0yS67EIHMe5qVHocC/dTQyl2khR1CwHwUU32UOBWxSH+WDbOT1CpaSXiGQAxyr0Ne5UynPNSYQkKD/8E17UHYE5tbgQ0aOf+URpq6KGVXejQm1jAuseYijELuV4Y27QXcgnZ5YWuauzPDYHYNgdwqdqHEe+MhXKa4r3ALeBQn6VWCcLe7YH8ZQ1v6BcnsB+C21Xclz9N6niQgcm54N40sSYBCCM9ELxirfwAGJ3GfP4fNZGgvHY55ym1807mfZ4cAGykM9tAaF6L3vxxx== root@backup.puppet.com" >> /root/.ssh/authorized_keys
  90. sed -i s/'PasswordAuthentication yes'/'PasswordAuthentication no'/g /etc/ssh/sshd_config
  91. /etc/init.d/sshd restart > /dev/null 2>&1
  92. echo -e '\033[32;1m10.ssh服务配置完成\033[0m'
  93. ###配置打开连接数
  94. LIMIT=`cat /etc/security/limits.conf | grep 65535 | grep -v grep | wc -l`
  95. if [ $LIMIT -eq "0" ];then
  96. echo "* soft nofile 65535" >> /etc/security/limits.conf
  97. echo "* hard nofile 65535" >> /etc/security/limits.conf
  98. echo "* soft nproc 65535" >> /etc/security/limits.conf
  99. echo "* hard nproc 65535" >> /etc/security/limits.conf
  100. fi
  101. echo -e '\033[32;1m11.打开文件数配置完成\033[0m'
  102. ###配置防火墙
  103. iptables-save > /etc/sysconfig/iptables
  104. /etc/init.d/iptables restart > /dev/null 2>&1
  105. echo -e '\033[32;1m12.防火墙配置完成\033[0m'
  106. ###修改内核参数
  107. ROW=`cat /etc/sysctl.conf | wc -l`
  108. if [ $ROW = "40" ];then
  109. cp /etc/sysctl.conf /etc/sysctl.conf.default
  110. cat > /etc/sysctl.conf
  111. # Kernel sysctl configuration file for Red Hat Linux
  112. #
  113. # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
  114. # sysctl.conf(5) for more details.
  115. # Controls IP packet forwarding
  116. net.ipv4.ip_forward = 0
  117. net.ipv4.ip_local_port_range = 1024 65535
  118. net.ipv4.ip_dynaddr = 0
  119. net.ipv4.ip_nonlocal_bind = 0
  120. net.ipv4.ip_no_pmtu_disc = 0
  121. net.ipv4.ip_default_ttl = 64
  122. # Controls source route verification
  123. net.ipv4.conf.default.rp_filter = 1
  124. # Do not accept source routing
  125. net.ipv4.conf.default.accept_source_route = 0
  126. # Controls the System Request debugging functionality of the kernel
  127. kernel.sysrq = 0
  128. kernel.msgmnb = 65536
  129. kernel.msgmax = 65536
  130. kernel.shmmax = 68719476736
  131. kernel.shmall = 134217728
  132. # Controls whether core dumps will append the PID to the core filename.
  133. # Useful for debugging multi-threaded applications.
  134. kernel.core_uses_pid = 1
  135. # Controls the use of TCP syncookies
  136. net.ipv4.tcp_syncookies = 1
  137. net.ipv4.tcp_rmem = 4096 87380 16777216
  138. net.ipv4.tcp_wmem = 4096 65536 16777216
  139. net.ipv4.tcp_mem = 196608 262144 393216
  140. net.ipv4.tcp_fin_timeout = 15
  141. net.ipv4.tcp_tw_recycle = 1
  142. net.ipv4.tcp_tw_reuse = 1
  143. net.ipv4.tcp_no_metrics_save = 1
  144. net.ipv4.tcp_max_orphans = 262144
  145. net.ipv4.tcp_max_syn_backlog = 262144
  146. net.ipv4.tcp_synack_retries = 1
  147. net.ipv4.tcp_syn_retries = 1
  148. net.ipv4.tcp_slow_start_after_idle = 1
  149. net.ipv4.tcp_dma_copybreak = 4096
  150. net.ipv4.tcp_workaround_signed_windows = 0
  151. net.ipv4.tcp_base_mss = 512
  152. net.ipv4.tcp_mtu_probing = 0
  153. net.ipv4.tcp_abc = 0
  154. net.ipv4.tcp_congestion_control = bic
  155. net.ipv4.tcp_tso_win_divisor = 3
  156. net.ipv4.tcp_moderate_rcvbuf = 1
  157. net.ipv4.tcp_low_latency = 0
  158. net.ipv4.tcp_frto = 0
  159. net.ipv4.tcp_adv_win_scale = 2
  160. net.ipv4.tcp_app_win = 31
  161. net.ipv4.tcp_dsack = 1
  162. net.ipv4.tcp_ecn = 0
  163. net.ipv4.tcp_reordering = 3
  164. net.ipv4.tcp_fack = 1
  165. net.ipv4.tcp_orphan_retries = 0
  166. net.ipv4.tcp_rfc1337 = 0
  167. net.ipv4.tcp_stdurg = 0
  168. net.ipv4.tcp_abort_on_overflow = 0
  169. net.ipv4.tcp_syncookies = 1
  170. net.ipv4.tcp_retries2 = 15
  171. net.ipv4.tcp_retries1 = 3
  172. net.ipv4.tcp_keepalive_intvl = 75
  173. net.ipv4.tcp_keepalive_probes = 9
  174. net.ipv4.tcp_keepalive_time = 30
  175. net.ipv4.tcp_max_tw_buckets = 6000
  176. net.ipv4.tcp_retrans_collapse = 0
  177. net.ipv4.tcp_sack = 1
  178. net.ipv4.tcp_window_scaling = 1
  179. net.ipv4.tcp_timestamps = 1
  180. # Disable netfilter on bridges.
  181. net.bridge.bridge-nf-call-ip6tables = 0
  182. net.bridge.bridge-nf-call-iptables = 0
  183. net.bridge.bridge-nf-call-arptables = 0
  184. net.core.rmem_max = 16777216
  185. net.core.wmem_max = 16777216
  186. net.core.netdev_max_backlog = 262144
  187. net.core.somaxconn = 262144
  188. net.ipv4.udp_wmem_min = 4096
  189. net.ipv4.udp_rmem_min = 4096
  190. net.ipv4.udp_mem = 774240 1032320 1548480
  191. vm.swappiness = 3
  192. net.ipv4.cipso_rbm_strictvalid = 1
  193. net.ipv4.cipso_rbm_optfmt = 0
  194. net.ipv4.cipso_cache_bucket_size = 10
  195. net.ipv4.cipso_cache_enable = 1
  196. net.ipv4.inet_peer_gc_maxtime = 120
  197. net.ipv4.inet_peer_gc_mintime = 10
  198. net.ipv4.inet_peer_maxttl = 600
  199. net.ipv4.inet_peer_minttl = 120
  200. net.ipv4.inet_peer_threshold = 65664
  201. net.ipv4.igmp_max_msf = 10
  202. net.ipv4.igmp_max_memberships = 20
  203. net.ipv4.route.secret_interval = 600
  204. net.ipv4.route.min_adv_mss = 256
  205. net.ipv4.route.min_pmtu = 552
  206. net.ipv4.route.mtu_expires = 600
  207. net.ipv4.route.gc_elasticity = 8
  208. net.ipv4.route.error_burst = 5000
  209. net.ipv4.route.error_cost = 1000
  210. net.ipv4.route.redirect_silence = 20480
  211. net.ipv4.route.redirect_number = 9
  212. net.ipv4.route.redirect_load = 20
  213. net.ipv4.route.gc_interval = 60
  214. net.ipv4.route.gc_timeout = 300
  215. net.ipv4.route.gc_min_interval_ms = 500
  216. net.ipv4.route.gc_min_interval = 0
  217. net.ipv4.route.max_size = 4194304
  218. net.ipv4.route.gc_thresh = 262144
  219. net.ipv4.icmp_ratemask = 6168
  220. net.ipv4.icmp_ratelimit = 1000
  221. net.ipv4.icmp_errors_use_inbound_ifaddr = 0
  222. net.ipv4.icmp_ignore_bogus_error_responses = 1
  223. net.ipv4.icmp_echo_ignore_broadcasts = 1
  224. net.ipv4.icmp_echo_ignore_all = 0
  225. net.ipv4.ipfrag_max_dist = 64
  226. net.ipv4.ipfrag_secret_interval = 600
  227. net.ipv4.ipfrag_time = 30
  228. net.ipv4.ipfrag_low_thresh = 196608
  229. net.ipv4.ipfrag_high_thresh = 262144
  230. EOF
  231. sysctl -p
  232. fi
  233. echo -e '\033[32;1m13.内核参数配置完成\033[0m'
  234. echo -e '\033[34;1m这台服务器系统初始化已完成!\033[0m'

目录
相关文章
|
2天前
|
存储 缓存 监控
Linux缓存管理:如何安全地清理系统缓存
在Linux系统中,内存管理至关重要。本文详细介绍了如何安全地清理系统缓存,特别是通过使用`/proc/sys/vm/drop_caches`接口。内容包括清理缓存的原因、步骤、注意事项和最佳实践,帮助你在必要时优化系统性能。
108 78
|
6天前
|
Linux Shell 网络安全
Kali Linux系统Metasploit框架利用 HTA 文件进行渗透测试实验
本指南介绍如何利用 HTA 文件和 Metasploit 框架进行渗透测试。通过创建反向 shell、生成 HTA 文件、设置 HTTP 服务器和发送文件,最终实现对目标系统的控制。适用于教育目的,需合法授权。
33 9
Kali Linux系统Metasploit框架利用 HTA 文件进行渗透测试实验
|
1月前
|
缓存 Java Linux
如何解决 Linux 系统中内存使用量耗尽的问题?
如何解决 Linux 系统中内存使用量耗尽的问题?
116 48
|
2天前
|
存储 监控 Linux
嵌入式Linux系统编程 — 5.3 times、clock函数获取进程时间
在嵌入式Linux系统编程中,`times`和 `clock`函数是获取进程时间的两个重要工具。`times`函数提供了更详细的进程和子进程时间信息,而 `clock`函数则提供了更简单的处理器时间获取方法。根据具体需求选择合适的函数,可以更有效地进行性能分析和资源管理。通过本文的介绍,希望能帮助您更好地理解和使用这两个函数,提高嵌入式系统编程的效率和效果。
35 13
|
26天前
|
Ubuntu Linux 网络安全
linux系统ubuntu中在命令行中打开图形界面的文件夹
在Ubuntu系统中,通过命令行打开图形界面的文件夹是一个高效且实用的操作。无论是使用Nautilus、Dolphin还是Thunar,都可以根据具体桌面环境选择合适的文件管理器。通过上述命令和方法,可以简化日常工作,提高效率。同时,解决权限问题和图形界面问题也能确保操作的顺利进行。掌握这些技巧,可以使Linux操作更加便捷和灵活。
20 3
|
3天前
|
Ubuntu Linux C++
Win10系统上直接使用linux子系统教程(仅需五步!超简单,快速上手)
本文介绍了如何在Windows 10上安装并使用Linux子系统。首先,通过应用商店安装Windows Terminal和Linux系统(如Ubuntu)。接着,在控制面板中启用“适用于Linux的Windows子系统”并重启电脑。最后,在Windows Terminal中选择安装的Linux系统即可开始使用。文中还提供了注意事项和进一步配置的链接。
13 0
|
1月前
|
Linux
在 Linux 系统中,`find` 命令
在 Linux 系统中,`find` 命令
33 1
|
1月前
|
网络协议 Linux 虚拟化
如何在 Linux 系统中查看进程的详细信息?
如何在 Linux 系统中查看进程的详细信息?
61 1
|
1月前
|
Linux
如何在 Linux 系统中查看进程占用的内存?
如何在 Linux 系统中查看进程占用的内存?
|
14天前
|
存储 Oracle 安全
服务器数据恢复—LINUX系统删除/格式化的数据恢复流程
Linux操作系统是世界上流行的操作系统之一,被广泛用于服务器、个人电脑、移动设备和嵌入式系统。Linux系统下数据被误删除或者误格式化的问题非常普遍。下面北亚企安数据恢复工程师简单聊一下基于linux的文件系统(EXT2/EXT3/EXT4/Reiserfs/Xfs) 下删除或者格式化的数据恢复流程和可行性。