CentOS7系統(tǒng)初始化腳本2

[root@linux-node1 ~]# cat optimize.sh

!/bin/bash

Optimize the system after installation

PASSWD=reid
NETIP=192.168.56.11
PROTOBOOT=static
HOSTNAME=linux-node1.example.com
DNS1=192.168.56.2
NTPSERVER=ntp1.aliyun.com
YUMREPO=http://mirrors.aliyun.com/repo/Centos-7.repo
EPELREPO=http://mirrors.aliyun.com/repo/epel-7.repo
SSH_PORT=22122

in case of some bad behaviours

CHATTR=chenhao

Open the port for iptabeles input or maybe stop iptables

PORTS=80,22,21,8088

record the system user,ip addresse,shell command and detail

HISTDIR=/usr/etc/.history

the welcome info

cat << EOF
+------------------------------------------------------------------+
| ********** Welcome to CentOS 7.x System init ********** |
+------------------------------------------------------------------+
EOF
[ whoami != "root" ] && echo "please use root" && exit 1
function format() {
echo -e "\033[32m Success!!!\033[0m\n"
echo "#########################################################"
}

change the root passwd

echo "set root passwd"
echo $PASSWD | passwd root --stdin &> /dev/null
format

change network setting

echo ""> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "TYPE=Ethernet" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "NAME=eth0" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "DEVICE=eth0" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "ONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "BOOTPROTO= $PROTOBOOT" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPADDR=$ NETIP" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "NETMASK=255.255.255.0" >> /etc/sysconfig/network-scripts/ifcfg-eth0

systemctl restart network

format

stop NetworkManager

systemctl stop NetworkManager
systemctl diable NetworkManager
format

add route

route add default gateway $DNS1 echo "route add default gateway$ DNS1" >/etc/profile.d/add-route.sh
format

change the hostname

echo "set hostname"
hostname $HOSTNAME && echo "$ HOSTNAME" > /etc/hostname
format

change the dns

echo "set DNS"
echo "" > /etc/resolv.conf
echo "nameserver $DNS1" > /etc/resolv.conf

echo "nameserver $DNS2" >> /etc/resolv.conf

ping -c 3 www.baidu.com &> /dev/null || echo "Network is unreachable" || exit 3
format

diable selinux

echo "disable selinux"
[ getenforce != "Disabled" ] && setenforce 0 &> /dev/null && sed -i s/"^SELINUX=.*$"/"SELINUX=disabled"/g /etc/sysconfig/selinux
format

update yum repo

echo "set yum mirrors"
cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.bak
curl -o /etc/yum.repos.d/CentOS-Base.repo $YUMREPO &> /dev/null curl -o /etc/yum.repos.d/epel.repo$ EPELREPO &> /dev/null
mv /var/cache/yum /tmp
yum clean all &> /dev/null && yum makecache &> /dev/null
format

install the basic command

yum install vim wget openssl-devel ntpdate make gcc-c++ ncurses-devel net-snmp sysstat lrzsz zip unzip tree net-tools lftp -y

yum -y groupinstall "Development Tools" "Server Platform Development" &> /dev/null

format

change ssh port

echo "set sshd"

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

sed -i s/"^Port 22"/"Port $SSH_PORT"/g /etc/ssh/sshd_config

sed -i s/"^UseDNS yes"/"UseDNS no"/g /etc/ssh/sshd_config

service sshd restart &> /dev/null

lock the important file($CHATTR -i to disable)

echo "chattr files"

chattr +i /etc/passwd

chattr +i /etc/inittab

chattr +i /etc/group

chattr +i /etc/shadow

chattr +i /etc/gshadow

chattr +i /etc/resolv.conf

chattr +i /etc/hosts

chattr +i /etc/fstab

mv /usr/bin/chattr /usr/bin/$CHATTR

character set

echo "set LANG"

sed -i s/"^LANG=.*$"/"LANG=zh_CN.UTF-8"/ /etc/locale.conf

source /etc/locale.conf

update timezone

echo "set ntptime"
mv /etc/localtime /tmp
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate $NTPSERVER &> /dev/null echo "*/5 * * * * /usr/sbin/ntpdate$ NTPSERVER &>/dev/null" >> /etc/crontab
hwclock -w
format

set the system limit

echo "Set ulimit 65535"
cat << EOF > /etc/security/limits.conf

soft nofile 65535
hard nofile 65535
soft nproc 65535
hard nproc 65535
EOF
sed -i 's/65535/1024000/g' /etc/security/limits.d/90-nproc.conf
format

system audit and trouleshooting

echo "set history"
cat >> /etc/profile.d/system-audit.sh << EOF
USER_IP=who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'
if [ -z $USER_IP ] then USER_IP=`hostname` fi if [ ! -d$ HISTDIR ]
then
mkdir -p $HISTDIR chmod 777$ HISTDIR
fi
if [ ! -d $HISTDIR/$ {LOGNAME} ]
then
mkdir -p $HISTDIR/$ {LOGNAME}
chmod 300 $HISTDIR/$ {LOGNAME}
fi
export HISTSIZE=2000
DT=date +%Y%m%d_%H%M%S
export HISTFILE=" $HISTDIR/$ {LOGNAME}/ ${USER_IP}.history.$ DT"
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] "
chmod 600 $HISTDIR/$ {LOGNAME}/.history 2>/dev/null

ulimit -SHn 65535
ulimit -SHu unlimited
ulimit -SHd unlimited
ulimit -SHm unlimited
ulimit -SHs unlimited
ulimit -SHt unlimited
ulimit -SHv unlimited
EOF
source /etc/profile.d/system-audit.sh
format

show the system info

echo "Set login message."
echo "This is Product Server" > /etc/issue
format

iptables setting

echo "set iptables"
systemctl stop firewalld
systemctl disable firewalld
format

iptables -F

iptables -A INPUT -p tcp -m multiport --dports $SSH_PORT,$ PORTS -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

service iptables save &> /dev/null

reboot the system after setting

reboot

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者

人面猴
序言：七十年代末，一起剝皮案震驚了整個(gè)濱河市橄仍，隨后出現(xiàn)的幾起案子嗜浮，更是在濱河造成了極大的恐慌酌心，老刑警劉巖，帶你破解...
沈念sama閱讀 219,270評(píng)論 6贊 508
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件逸绎，死亡現(xiàn)場(chǎng)離奇詭異，居然都是意外死亡，警方通過(guò)查閱死者的電腦和手機(jī)稽亏，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 93,489評(píng)論 3贊 395
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進(jìn)店門(mén)，熙熙樓的掌柜王于貴愁眉苦臉地迎上來(lái)缕题，“玉大人截歉，你說(shuō)我怎么就攤上這事⊙塘悖” “怎么了瘪松？”我有些...
開(kāi)封第一講書(shū)人閱讀 165,630評(píng)論 0贊 356
道士緝兇錄：失蹤的賣姜人
文/不壞的土叔我叫張陵，是天一觀的道長(zhǎng)瓶摆。經(jīng)常有香客問(wèn)我凉逛，道長(zhǎng)，這世上最難降的妖魔是什么群井？我笑而不...
開(kāi)封第一講書(shū)人閱讀 58,906評(píng)論 1贊 295
?港島之戀（遺憾婚禮）
正文為了忘掉前任状飞，我火速辦了婚禮，結(jié)果婚禮上书斜，老公的妹妹穿的比我還像新娘诬辈。我一直安慰自己，他們只是感情好荐吉，可當(dāng)我...
茶點(diǎn)故事閱讀 67,928評(píng)論 6贊 392
惡毒庶女頂嫁案：這布局不是一般人想出來(lái)的
文/花漫我一把揭開(kāi)白布焙糟。她就那樣靜靜地躺著，像睡著了一般样屠。火紅的嫁衣襯著肌膚如雪穿撮。梳的紋絲不亂的頭發(fā)上，一...
開(kāi)封第一講書(shū)人閱讀 51,718評(píng)論 1贊 305
城市分裂傳說(shuō)
那天痪欲，我揣著相機(jī)與錄音悦穿，去河邊找鬼。笑死业踢，一個(gè)胖子當(dāng)著我的面吹牛栗柒，可吹牛的內(nèi)容都是我干的。我是一名探鬼主播知举，決...
沈念sama閱讀 40,442評(píng)論 3贊 420
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開(kāi)眼瞬沦，長(zhǎng)吁一口氣：“原來(lái)是場(chǎng)噩夢(mèng)啊……” “哼太伊！你這毒婦竟也來(lái)了？” 一聲冷哼從身側(cè)響起逛钻，我...
開(kāi)封第一講書(shū)人閱讀 39,345評(píng)論 0贊 276
萬(wàn)榮殺人案實(shí)錄
序言：老撾萬(wàn)榮一對(duì)情侶失蹤僚焦，失蹤者是張志新（化名）和其女友劉穎，沒(méi)想到半個(gè)月后绣的，有當(dāng)?shù)厝嗽跇?shù)林里發(fā)現(xiàn)了一具尸體叠赐，經(jīng)...
沈念sama閱讀 45,802評(píng)論 1贊 317
?護(hù)林員之死
正文獨(dú)居荒郊野嶺守林人離奇死亡，尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點(diǎn)故事閱讀 37,984評(píng)論 3贊 337
?白月光啟示錄
正文我和宋清朗相戀三年屡江，在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了芭概。大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
茶點(diǎn)故事閱讀 40,117評(píng)論 1贊 351
活死人
序言：一個(gè)原本活蹦亂跳的男人離奇死亡惩嘉，死狀恐怖罢洲，靈堂內(nèi)的尸體忽然破棺而出，到底是詐尸還是另有隱情文黎，我是刑警寧澤惹苗，帶...
沈念sama閱讀 35,810評(píng)論 5贊 346
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布，位于F島的核電站耸峭，受9級(jí)特大地震影響桩蓉，放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜劳闹，卻給世界環(huán)境...
茶點(diǎn)故事閱讀 41,462評(píng)論 3贊 331
男人毒藥：我在死后第九天來(lái)索命
文/蒙蒙一院究、第九天我趴在偏房一處隱蔽的房頂上張望。院中可真熱鬧本涕，春花似錦业汰、人聲如沸。這莊子的主人今日做“春日...
開(kāi)封第一講書(shū)人閱讀 32,011評(píng)論 0贊 22
一樁弒父案样漆，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽(yáng)。三九已至晦闰，卻和暖如春放祟，著一層夾襖步出監(jiān)牢的瞬間，已是汗流浹背呻右。一陣腳步聲響...
開(kāi)封第一講書(shū)人閱讀 33,139評(píng)論 1贊 272
情欲美人皮
我被黑心中介騙來(lái)泰國(guó)打工舞竿，沒(méi)想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留，地道東北人窿冯。一個(gè)月前我還...
沈念sama閱讀 48,377評(píng)論 3贊 373
代替公主和親
正文我出身青樓，卻偏偏與公主長(zhǎng)得像确徙，于是被迫代替她去往敵國(guó)和親醒串。傳聞我的和親對(duì)象是個(gè)殘疾皇子执桌，可洞房花燭夜當(dāng)晚...
茶點(diǎn)故事閱讀 45,060評(píng)論 2贊 355