最小化安装Linux系统初始化脚本

简介: 最小化安装Linux系统初始化脚本

最小化安装Linux系统初始化脚本

注:此脚本适用于centos 7/8、Ubuntu1804,具体需要根据实际情况进行测试调整。

此脚本包含的功能:

  1. 允许 root 用户使用 ssh 登录
  2. 关闭 selinux
  3. 关闭防火墙
  4. 设置 ps1
  5. 设置默认编辑器为 vim
  6. 自定义 vim
  7. 自定义历史命令
  8. 修改内核参数
  9. 设置资源限制
  10. 修改软件源
  11. 安装常用包
  12. 设置时间同步
  13. 修改网卡为传统命令格式
  14. 设置IP地址等
[root@centos8 ~]# cat init_v1.sh
#!/bin/bash
#
#**************************************************
#Author:                Xan_Yum
#QQ:                    7993167
#Email:                 waluna@qq.com
#Version:               1.0
#Date:                  2021-11-03
#FileName:              init_v1.sh
#Description:           system init
#URL:                   https://blog.waluna.top
#Copyroght (C):         2021 ALL rights reserved
#**************************************************

OS=`awk -F'"' '/PRETTY_NAME/{print $2}' /etc/os-release|tr ' ' '-'`

#1
set_ssh () {
   
    if [[ $OS == Ubuntu-18.04* ]];then
        sed -i.bak '/#PermitRootLogin/a PermitRootLogin yes' /etc/ssh/sshd_config
        systemctl restart sshd
    fi
    echo -e "\e[32;1mPermit root login set complete\e[0m"
}

#2
disable_selinux () {
   
    if [[ $OS == CentOS* ]];then
        sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    fi
    echo -e "\e[32;1mSElinux already disabled,Restart to take effect\e[0m"

}

#3
disbale_firewall () {
   
    systemctl disable --now firewalld &> /dev/null
    echo -e "\e[32;1mFirewall already disabled\e[0m"
}

#4
set_ps1 () {
   
    if [[ $OS == CentOS* ]];then
        echo "PS1='\[\e[1;36m\][\u@\h \W]\\$ \[\e[0m\]'" >> /etc/profile.d/env.sh
        . /etc/profile.d/env.sh
    elif [[ $OS == Ubuntu* ]];then
        echo 'PS1="\[\e[1;32m\][${debian_chroot:+($debian_chroot)}\u@\h \w]\\$ \[\e[0m\]"' >> .bashrc
        . .bashrc
    fi
    echo -e "\e[32;1mPS1 already modify,Please login again\e[0m"

}

#5
set_default_text_editor_vim () {
   
    echo "export EDITOR=vim" >> /etc/profile.d/env.sh
    . /etc/profile.d/env.sh
    echo -e "\e[32;1mdefault_text_editor already modify vim,Please login again\e[0m"
}

#6
set_vim () {
   
cat > ~/.vimrc <<EOF
set ts=4
set expandtab
set ignorecase
set cursorline
set autoindent
autocmd BufNewFile *.sh exec ":call SetTitle()"
func SetTitle()
    if expand("%:e")=='sh'
    call setline(1,"#!/bin/bash")
    call setline(2,"#")
    call setline(3,"#**************************************************")
    call setline(4,"#Author:                Xan_Yum")
    call setline(5,"#QQ:                    7993167")
    call setline(6,"#Email:                 waluna@qq.com")
    call setline(7,"#Version:               1.0")
    call setline(8,"#Date:                  ".strftime("%Y-%m-%d"))
    call setline(9,"#FileName:              ".expand("%"))
    call setline(10,"#Description:           The test script")
    call setline(11,"#URL:                   https://blog.waluna.top")
    call setline(12,"#Copyroght (C):         ".strftime("%Y")." ALL rights reserved")
    call setline(13,"#**************************************************")
    endif
endfunc
autocmd BufNewFile * normal G
EOF
    echo -e "\e[32;1mVim already modify\e[0m"
}

#7
set_history () {
   
    echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile.d/env.sh
    echo -e "\e[32;1mHistory modify\e[0m"
}

#8
modify_kernel_parameters () {
   
    mv /etc/sysctl.conf{
   ,.bak}
cat > /etc/sysctl.conf <<EOF
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
# 表示是否打开TCP同步标签(syncookie),内核必须打开了CONFIG_SYN_COOKIES项进行编译,同步标签可以防止一个套接字在有过多试图连接到达时引起过载。    
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
# net.bridge.bridge-nf-call-arptables:是否在arptables的FORWARD中过滤网桥的ARP包
# net.bridge.bridge-nf-call-ip6tables:是否在ip6tables链中过滤IPv6包
# net.bridge.bridge-nf-call-iptables:是否在iptables链中过滤IPv4包
# net.bridge.bridge-nf-filter-vlan-tagged:是否在iptables/arptables中过滤打了vlan标签的包

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1

# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920

# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15

# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1

net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1

# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001    65000

# swap
vm.overcommit_memory = 0
vm.swappiness = 10

#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2

EOF
    echo -e "\e[32;1mKernel parameters modify complete\e[0m"
}

#9
modify_resource_limits () {
   
cat >> /etc/security/limits.conf <<EOF

*    -    core        unlimited
*    -    nproc        1000000
*    -    nofile        1000000
*    -    memlock        32000
*    -    msgqueue    8192000
root    -       core            unlimited
root    -       nproc           1000000
root    -       nofile          1000000
root    -       memlock         32000
root    -       msgqueue        8192000
EOF
    echo -e "\e[32;1mResource limits modify complete\e[0m"
}

#10
set_software_source () {
   
    if [[ $OS == CentOS-Linux-7* ]];then
        mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
        curl -o /etc/yum.repos.d/Centos-7.repo https://mirrors.aliyun.com/repo/Centos-7.repo
        curl -o /etc/yum.repos.d/epel-7.repo https://mirrors.aliyun.com/repo/epel-7.repo
        yum clean all && yum makecache
    elif [[ $OS == CentOS-Linux-8* ]];then
        mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
        curl -o /etc/yum.repos.d/Centos-8.repo https://mirrors.aliyun.com/repo/Centos-8.repo
        yum clean all && yum makecache
        yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
        sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
        sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
    elif [[ $OS == Ubuntu-18.04* ]];then
        mkdir /etc/apt/backup && mv /etc/apt/sources.list /etc/apt/backup
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
        rm -f /var/lib/apt/lists/lock && apt update
    fi
    echo -e "\e[32;1mSoftware source set complete\e[0m"

}

#11
install_package () {
   
    if [[ $OS == CentOS-Linux-7* ]];then
        yum install bash-completion vim-enhanced tree psmisc wget bc iotop gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools lrzsz ntpdate telnet lsof tcpdump libevent libevent-devel openssh-server openssh-clients postfix -y
    elif [[ $OS == CentOS-Linux-8* ]];then
        dnf install bash-completion vim-enhanced tree psmisc wget bc iotop gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools lrzsz chrony telnet lsof tcpdump libevent libevent-devel openssh-server openssh-clients postfix -y
    elif [[ $OS == Ubuntu-18.04* ]];then
        apt install make gcc iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree zip unzip openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev iotop libreadline-dev libsystemd-dev -y
    fi
    echo -e "\e[32;1mCommon Package already install\e[0m"
}

#12
set_time_sync () {
   
    if [[ $OS == CentOS-Linux-7* ]];then
        echo '*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w' >> /var/spool/cron/root
        systemctl restart crond
    elif [[ $OS == CentOS-Linux-8* ]];then
        sed -i.bak '/^pool /c pool time1.aliyun.com iburst' /etc/chrony.conf
        systemctl restart chronyd && systemctl enable chronyd
        echo '*/5 * * * * chronyc -a makestep &> /dev/null && hwclock -w' >> /var/spool/cron/root
        systemctl restart crond
    elif [[ $OS == Ubuntu-18.04* ]];then
        echo '*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w' >> /var/spool/cron/root
        systemctl restart cron
    fi
    echo -e "\e[32;1mTime sync complete\e[0m"
}

#13
set_eth () {
   
    if [[ $OS == CentOS* ]];then
        sed -i.bak '/GRUB_CMDLINE_LINUX/s#"$# net.ifnames=0"#' /etc/default/grub
        grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null
    elif [[ $OS == Ubuntu-18.04* ]];then
        sed -i.bak '/GRUB_CMDLINE_LINUX/s#"$#net.ifnames=0"#' /etc/default/grub
        grub-mkconfig -o /boot/grub/grub.cfg &> /dev/null
    fi

    echo -e "\e[32;1mNetname already modify,Restart to take effect\e[0m"
}

set_eth0 () {
   
    if [[ $OS == Ubuntu-18.04* ]];then
        mv /etc/netplan/01-netcfg.yaml{
   ,.bak}
cat > /etc/netplan/01-netcfg.yaml <<EOF
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses: [10.0.0.9/24]
      gateway4: 10.0.0.2
      nameservers:
        addresses: [223.5.5.5,114.114.114.114]
EOF
    fi
    echo -e "\e[32;1mIP already set\e[0m"
}

#14
set_ip () {
   
    if [[ $OS == CentOS-Linux-8* ]];then
        mv /etc/sysconfig/network-scripts/ifcfg-ens160{
   ,.bak}
    read -p "Please input IP: " IP
    read -p "Please input Prefix: " PREFIX
    read -p "Please input Gateway: " GATEWAY
    read -p "Please input DNS1: " DNS1
    read -p "Please input DNS2: " DNS2
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
NAME=eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=$IP
PREFIX=$PREFIX
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
    elif [[ $OS == CentOS-Linux-7* ]];then
        mv /etc/sysconfig/network-scripts/ifcfg-ens33{
   ,.bak}
    read -p "Please input IP: " IP
    read -p "Please input Prefix: " PREFIX
    read -p "Please input Gateway: " GATEWAY
    read -p "Please input DNS1: " DNS1
    read -p "Please input DNS2: " DNS2
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
NAME=eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=$IP
PREFIX=$PREFIX
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
    elif [[ $OS == Ubuntu-18.04* ]];then
        mv /etc/netplan/01-netcfg.yaml{
   ,.bak}
        read -p "Please input IP/PREFIX: " IP_MASK
        read -p "Please input Gateway: " GATEWAY
        read -p "Please input DNS: " DNS
cat > /etc/netplan/01-netcfg.yaml <<EOF
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses: [$IP_MASK]
      gateway4: $GATEWAY
      nameservers:
        addresses: [$DNS]
EOF
    fi
    echo -e "\e[32;1mIP already set\e[0m"
}



echo -en "\e[32;1m"
cat <<EOF

This script applies to centos7 centos8 ubuntu1804!!!

Please select: 
1)Perimtrootlogin
2)Disable SElinux
3)Disable Firewall
4)Modify PS1
5)Set default text editor
6)Modify vim
7)Set History
8)Modify kernel parameters
9)Modify resource limits
10)set_software_source
11)Install Common Package
12)Set Time Sync
13)Modify NetName
14)Set IP
15)All realized
EOF
echo -en '\e[0m'
read -p "Please input number 1-15: " MENU
case $MENU in
1)
    set_ssh
    ;;
2)
    disable_selinux
    ;;
3)
    disbale_firewall
    ;;
4)
    set_ps1
    ;;
5)
    set_default_text_editor_vim
    ;;
6)
    set_vim
    ;;
7)
    set_history
    ;;
8)
    modify_kernel_parameters
    ;;
9)
    modify_resource_limits
    ;;
10)
    set_software_source
    ;;
11)
    install_package
    ;;
12)
    set_time_sync
    ;;
13)
    set_eth
    set_eth0
    ;;
14)
    set_ip
    ;;
15)
    #set_ssh
    disable_selinux
    disbale_firewall
    set_ps1
    set_default_text_editor_vim
    set_vim
    set_history
    modify_kernel_parameters
    modify_resource_limits
    set_software_source
    install_package
    set_time_sync
    set_eth
    set_eth0
    #set_ip
    echo -e "\e[32;1mAll done\e[0m"
    ;;
*)
    echo -e "\e[32;1mINPUY FLASE!\e[0m"
    ;;
esac

关于我
全网可搜《阿贤Linux》
CSDN、知乎、哔哩哔哩、博客园、51CTO、开源中国、思否、掘金、阿里云、腾讯云、华为云、今日头条、GitHub、个人博客
公众号:阿贤Linux
个人博客:blog.waluna.top
https://blog.waluna.top/


原文链接: 最小化安装系统初始化脚本.

相关实践学习
CentOS 7迁移Anolis OS 7
龙蜥操作系统Anolis OS的体验。Anolis OS 7生态上和依赖管理上保持跟CentOS 7.x兼容,一键式迁移脚本centos2anolis.py。本文为您介绍如何通过AOMS迁移工具实现CentOS 7.x到Anolis OS 7的迁移。
目录
相关文章
|
2天前
|
Linux Shell
Linux系统
是对Linux系统进行管理的命令。对于Linux系统来说,无论是中央处理器、内存、磁盘驱动器、键盘、鼠标,还是用户等都是文件,Linux系统管理的命令是它正常运行的核心,与之前的DOS命令类似。linux命令在系统中有两种类型:内置Shell命令和Linux命令。Linux系统
|
23小时前
|
Linux Shell
Linux系统
是对Linux系统进行管理的命令。对于Linux系统来说,无论是中央处理器、内存、磁盘驱动器、键盘、鼠标,还是用户等都是文件,Linux系统管理的命令是它正常运行的核心,与之前的DOS命令类似。linux命令在系统中有两种类型:内置Shell命令和Linux命令。
|
1天前
|
运维 监控 Shell
深入理解Linux系统下的Shell脚本编程
【10月更文挑战第24天】本文将深入浅出地介绍Linux系统中Shell脚本的基础知识和实用技巧,帮助读者从零开始学习编写Shell脚本。通过本文的学习,你将能够掌握Shell脚本的基本语法、变量使用、流程控制以及函数定义等核心概念,并学会如何将这些知识应用于实际问题解决中。文章还将展示几个实用的Shell脚本例子,以加深对知识点的理解和应用。无论你是运维人员还是软件开发者,这篇文章都将为你提供强大的Linux自动化工具。
|
2天前
|
消息中间件 Linux RocketMQ
在Red Hat Enterprise Linux 9上使用Docker快速安装并部署
通过以上步骤,你可以在Red Hat Enterprise Linux 9上使用Docker快速安装并部署RocketMQ。这种方法不仅简化了安装过程,还提供了一个灵活的环境来管理和扩展消息队列系统。RocketMQ作为一款高性能的分布式消息系统,通过Docker可以实现快速部署和高效管理。
12 2
|
3天前
|
Linux Shell
Linux系统
是对Linux系统进行管理的命令。对于Linux系统来说,无论是中央处理器、内存、磁盘驱动器、键盘、鼠标,还是用户等都是文件,Linux系统管理的命令是它正常运行的核心,与之前的DOS命令类似。linux命令在系统中有两种类型:内置Shell命令和Linux命令。
|
3天前
|
消息中间件 Linux RocketMQ
在Red Hat Enterprise Linux 9上使用Docker快速安装并部署
通过以上步骤,你可以在Red Hat Enterprise Linux 9上使用Docker快速安装并部署RocketMQ。这种方法不仅简化了安装过程,还提供了一个灵活的环境来管理和扩展消息队列系统。RocketMQ作为一款高性能的分布式消息系统,通过Docker可以实现快速部署和高效管理。
11 3
|
3天前
|
存储 安全 关系型数据库
Linux系统在服务器领域的应用与优势###
本文深入探讨了Linux操作系统在服务器领域的广泛应用及其显著优势。通过分析其开源性、安全性、稳定性和高效性,揭示了为何Linux成为众多企业和开发者的首选服务器操作系统。文章还列举了Linux在服务器管理、性能优化和社区支持等方面的具体优势,为读者提供了全面而深入的理解。 ###
|
5月前
|
NoSQL Java Linux
linux 安装 neo4j简介
Neo4j是高性能NoSQL图形数据库,利用图结构存储数据。推荐使用JDK 11配合Neo4j 3.x版本。下载3.5.9版,通过`curl`命令在Linux上获取tar.gz文件,然后解压。配置`neo4j.conf`,调整内存设置,开启远程访问。执行`./bin/neo4j start`启动,通过`http://服务器IP:7474`访问,默认凭据是username: neo4j, password: neo4j,登录后应更改密码。
438 0
|
存储 缓存 Ubuntu
【嵌入式开发】 Linux Kernel 下载 配置 编译 安装 及 驱动简介(二)
【嵌入式开发】 Linux Kernel 下载 配置 编译 安装 及 驱动简介(二)
207 0
|
Ubuntu 安全 Unix
【嵌入式开发】 Linux Kernel 下载 配置 编译 安装 及 驱动简介(一)
【嵌入式开发】 Linux Kernel 下载 配置 编译 安装 及 驱动简介(一)
255 0