-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathinit_v2.0.sh
240 lines (223 loc) · 9.5 KB
/
init_v2.0.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
#!/bin/bash
#
##----------------------------##
# @Time:2015-10-30 11:30:06 #
# @Debug:2016-11-19 19:26:38 #
# @rootsecurity #
# @Ver:3.06 #
##----------------------------##
#判断用户是否为ROOT权限
[ $(id -u) != "0" ] && { echo "Error: You must be root to run this script!"; exit 1; }
base_init_repo() {
if [ -s /etc/issue ] && grep 'CentOS release 6.*' /etc/issue; then
rm -rf /etc/yum.repos.d/*
wget -q --no-check-certificate https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/centos?codeblock=2 -O CentOS-Base.repo
wget -q --no-check-certificate https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=0 -O epel.repo
wget -q --no-check-certificate https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=1 -O epel-testing.repo
wget -q --no-check-certificate https://mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-6 -O RPM-GPG-KEY-EPEL-6
mv -f RPM-GPG-KEY-EPEL-6 /etc/pki/rpm-gpg/
mv *.repo /etc/yum.repos.d/
yum clean all && yum makecache
echo -e '\033[33m |---------- yum repo源即将设置完毕,请稍候!!! ----------|\033[0m' && sleep 2
fi
if [ -s /etc/issue ] && grep 'CentOS release 5.*' /etc/issue; then
rm -rf /etc/yum.repos.d/*
wget -q --no-check-certificate https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/centos?codeblock=1 -O CentOS-Base.repo
wget -q --no-check-certificate https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=0 -O epel.repo
wget -q --no-check-certificate https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=1 -O epel-testing.repo
wget -q --no-check-certificate https://mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-5 -O RPM-GPG-KEY-EPEL-5
mv -f RPM-GPG-KEY-EPEL-5 /etc/pki/rpm-gpg/
mv *.repo /etc/yum.repos.d/
yum clean all && yum makecache
echo -e '\033[33m |---------- yum repo源即将设置完毕,请稍候!!! ----------|\033[0m' && sleep 2
fi
}
base_init_yum() {
if [ ! -f "/tmp/sys_init.lock" ]; then
echo -e '\033[33m |---------- 系统即将 yum 安装依赖包,请稍候!!! ----------|\033[0m' && sleep 2 && touch /tmp/sys_init.lock
for packages in gcc gcc-c++ make libedit libxslt* libicu libicu-devel pcre pcre-devel libxslt libxslt-devel magic flex libevent zlib libevent-devel bison libtool* gperftools-libs bzip2-devel iptraf pptp-setup python-devel python-setuptools libxml2 libxml2-devel gettext gettext-devel ncurses-devel file file-devel sqlite sqlite-devel gperftools gperftools-devel jemalloc readline readline-devel libyaml libyaml-devel libhtp libhtp-devel gd gd-devel freetype freetype-devel openssl openssl-devel libcurl libcurl-devel libpcap libpcap-devel lrzsz libcurl libcurl-devel tcl tcl-devel perl-Time-HiRes
do
yum -y install $packages
done
echo -e '\033[33m |---------- 系统即将yum 卸载依赖包,请稍候!!! ----------|\033[0m' && sleep 2
yum -y remove postfix mysql-libs httpd httpd-tools httpd-devel php php-devel
echo -e '\033[33m |---------- 系统即将 yum 安装依赖包,请稍候!!! ----------|\033[0m' && sleep 2
yum -y install sysstat cronie crontabs cronie-anacron;chkconfig --level 35 exim off
else
echo -e '\033[33m |---------- yum初始化已完成,无需再次初始化!!! ----------|\033[0m'
fi
}
base_add_user() {
groupadd -g 555 rootsecurity
useradd -u 555 -g rootsecurity rootsecurity
echo "I-KTBz%d(-E)*nEo" | passwd --stdin root
echo "q5V8n5j4Q.O8*qxl" | passwd --stdin rootsecurity
sleep 2 && echo -e '\033[33m |---------- 用户更新完毕!!! ----------|\033[0m'
}
base_add_mysql_user() {
groupadd -g 600 mysql
useradd -u 600 -g mysql mysql
#echo "18bhsLU&!B&NQ*NBJ!1" | passwd --stdin mysql
sleep 2 && echo -e '\033[33m |---------- 用户更新完毕!!! ----------|\033[0m'
}
base_add_www_user() {
groupadd -g 601 www
useradd -u 601 -g www www
#echo "yVv*HA!^HWu+cNm~" | passwd --stdin www
sleep 2 && echo -e '\033[33m |---------- 用户更新完毕!!! ----------|\033[0m'
}
base_set_ssh() {
sed -i 's/#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/#PermitRootLogin no /' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
#sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
#sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers
sed -i -e '/^root/a \rootsecurity ALL=(ALL) NOPASSWD:ALL' /etc/sudoers
echo -e '\033[33m |---------- SSH服务设置完毕!!! ----------|\033[0m'
sleep 2 && /etc/init.d/sshd restart
}
base_set_other() {
#去掉wget时候显示的英国中部时间
[! -f "/usr/bin/msgunfmt" ]; echo "msgunfmt not found !";sleep 2; /usr/bin/msgunfmt /usr/share/locale/zh_CN/LC_MESSAGES/wget.mo -o - |sed 's/eta(英国中部时间)/ETA/' | msgfmt - -o/tmp/zh_CN.mo
/bin/cp -f /tmp/zh_CN.mo /usr/share/locale/zh_CN/LC_MESSAGES/wget.mo
#登陆密码超过5次错误,锁定180秒
[ -z "`cat /etc/pam.d/system-auth | grep 'pam_tally2.so'`" ] && sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
#默认VIM开启高亮模式
[ -z "`cat ~/.bashrc | grep 'alias vi='`" ] && sed -i "s@alias mv=\(.*\)@alias mv=\1\nalias vi=vim@" ~/.bashrc && echo 'syntax on' >> /etc/vimrc
#优化系统选项
[ -z "`grep 'ulimit -SH 65535' /etc/rc.local`" ] && echo "ulimit -SH 65535" >> /etc/rc.local
}
base_set_limits() {
echo '* soft nproc 2047' >> /etc/security/limits.conf
echo '* hard nproc 16384' >> /etc/security/limits.conf
echo '* soft nofile 32767' >> /etc/security/limits.conf
echo '* hard nofile 65536' >> /etc/security/limits.conf
sleep 2 && echo -e '\033[33m |---------- limits.conf设置完毕!!! ----------|\033[0m'
}
base_set_sysctl() {
sed -i 's/net.bridge.bridge-nf-call-ip6tables = 0/#net.bridge.bridge-nf-call-ip6tables = 0/g' /etc/sysctl.conf
sed -i 's/net.bridge.bridge-nf-call-iptables = 0/#net.bridge.bridge-nf-call-iptables = 0/g' /etc/sysctl.conf
sed -i 's/net.bridge.bridge-nf-call-arptables = 0/#net.bridge.bridge-nf-call-arptables = 0/g' /etc/sysctl.conf
cat >> /etc/sysctl.conf << SYSCTL
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 100
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.ip_default_ttl = 255
SYSCTL
/sbin/sysctl -p && sleep 2
echo -e '\033[33m |---------- SYSCTL设置完毕!!! ----------|\033[0m'
}
base_add_dir() {
mkdir -p /export/{App,Config,Log,MySQLData,Service,Server,Shell}
mkdir -p /export/Log/{mysql,nginx,php-fpm,debug}
chown -R mysql.mysql /export/MySQLData
chown -R mysql.mysql /export/Log/mysql
chown -R www.www /export/Log/nginx
chown -R www.www /export/App
echo -e '\033[33m |---------- 系统目录设置完毕!!! ----------|\033[0m'
}
base_use_meminfo(){
a=`awk '/MemTotal/{total=$2}/MemFree/{free=$2}/Buffers/{buffers=$2}/^Cached/{cached=$2}END{print (total-free-buffers-cached)/1024/1024}' /proc/meminfo`
b=`free -g |grep Mem |awk '{print $2}'`
mem_usege=`echo "scale=2;$a/$b*100"|bc`
echo -e "\n\nmem_usege:\n$mem_usege%\n\n"
}
base_use_cpuinfo(){
a=(`cat /proc/stat | grep -E "cpu\b" | awk -v total=0 '{$1="";for(i=2;i<=NF;i++){total+=$i};used=$2+$3+$4+$7+$8 }END{print total,used}'`)
sleep 5
b=(`cat /proc/stat | grep -E "cpu\b" | awk -v total=0 '{$1="";for(i=2;i<=NF;i++){total+=$i};used=$2+$3+$4+$7+$8 }END{print total,used}'`)
c=(${a[1]}-${b[1]})*100
d=(${a[0]}-${b[0]})
e=`echo $[c]`
f=`echo $[d]`
cpu_usage=`echo "scale=2;$e/$f*100"|bc`
echo -e "\n\ncpu_usage:\n$cpu_usage%\n\n"
}
base_set_services() {
for service_off in cups abrt-cpp abrtd acpid auditd blk-availability kdump iptables ip6tables; do chkconfig --level 2345 $service_off off;done
for service_on in atd crond sshd portreserve netfs messagebus mdmonitor network rsyslog sysstat udev-post; do chkconfig --level 2345 $service_on on;done
sleep 2 && echo -e '\033[33m |---------- 系统服务设置完毕!!! ----------|\033[0m'
}
base_set_timezone() {
ntpserv=`rpm -qa |grep ntp-4.2 |wc -l`
if [ $ntpserv == "0" ]; then
yum install ntp ntpdate
else
yum remove ntp && yum install ntp
fi
cat > /etc/sysconfig/clock <<DATE
ZONE="Asia/Shanghai"
UTC=false
ARC=false
DATE
ntpdate cn.pool.ntp.org > /dev/null 2>&1
echo -e '\033[33m |---------- 系统时间设置完毕!!! ----------|\033[0m'
}
case $1 in
repo)
base_init_repo
;;
yum)
base_init_yum
;;
add_user)
base_add_user
;;
add_mysql_user)
base_add_mysql_user
;;
add_www_user)
base_add_www_user
;;
meminfo)
base_use_meminfo
;;
cpuinfo)
base_use_cpuinfo
;;
ssh)
base_set_ssh
;;
sysctl)
base_set_sysctl
;;
add_dir)
base_add_dir
;;
limits)
base_set_limits
;;
other)
base_set_other
;;
services)
base_set_services
;;
timezone)
base_set_timezone
;;
--help|-h|-help)
help_info
;;
*)
echo "Usage: $0 {repo|yum|add_user|add_mysql_user|add_www_user|ssh|sysctl|add_dir|services|timezone}"
exit 1
;;
esac