centos_6.7_系统初始化

时间:2022-12-18 13:58:04
 #!/bin/bash
 #****************************************************************#
 # ScriptName: acfuninit.sh
 # version 1.1
 # Author: *****
 # Create Date: 2015-7-31
 # Modify Author:******
 # Modify Date: 2015-12-23
 # Function: acfun CentOS 6.7 init shell (use on kickstart)
 #***************************************************************#
 # 设置颜色参数
 GC="\033[1;32m"
 BC="\033[1;34m"
 RC="\033[1;31m"
 EC="\033[0m"
 __detect_result() {
     if [ $? -eq 0 ]; then
         echo -e "${GC}[  OK  ]${EC}"
         echo ""
     else
         echo -e "${RC}[FAILED]${EC}"
         echo ""
     fi
 }
 # 关闭图形界面
 clear;echo -en "${BC}Linux X11 is disabled...    ${EC}";sleep 1
 sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
 __detect_result
 # SSH 配置
 echo -en "${BC}SSH is config...    ${EC}";sleep 1
 sed -i 's/#ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config
 sed -i 's/#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
 sed -i 's/#Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config
 sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
 rm -fr /root/.ssh/ 2>/dev/null
 __detect_result
 # 添加系统管理员组
 echo -en "${BC}group & user is created...  ${EC}";sleep 1
 getent group xxadmin > /dev/null || groupadd -g 1000 xxadmin 2>/dev/null
 if [ $(grep -c "%xxadmin" /etc/sudoers) == 0 ]; then
     echo "%xxadmin   ALL=(ALL)  NOPASSWD: ALL" >> /etc/sudoers
 fi
 if [ $(grep -c "hostkeeper" /etc/passwd) == 0 ]; then
     useradd -u 1000 -g xxadmin -p '123456' -c "hostkeeper user" hostkeeper
 fi
 mkdir /home/hostkeeper/.ssh/ && echo 'ssh-rsa ********************************************
 -----END RSA PRIVATE KEY-----' > /home/hostkeeper/.ssh/id_rsa && chown -R hostkeeper:xxadmin /home/hostkeeper/.ssh && chmod 400 /home/hostkeeper/.ssh/*
 __detect_result
 # 字符编码设置为 UTF-8
 echo -en "${BC}LANG is en_US.UTF8...    ${EC}";sleep 1
 sed -i 's/LANG=.*/LANG="en_US.UTF-8"/g' /etc/sysconfig/i18n
 __detect_result
 # 清空 iptables 规则
 echo -en "${BC}iptables is optimize...    ${EC}";sleep 1
 iptables='/etc/sysconfig/iptables'
 if [ ! -f ${iptables} ] || [ $(grep -c '\-F' ${iptables}) == 0 ]; then
     sed -i 's/\-A FORWARD \-j REJECT \-\-reject\-with icmp\-host\-prohibited/\-A FORWARD \-j REJECT \-\-reject\-with icmp\-host\-prohibited\n\-F/g' $iptables
 fi
 __detect_result
 # 关闭 SElinux
 echo -en "${BC}Selinux is disabled...    ${EC}";sleep 1
 if [ $(getenforce) != 'Diabled' ]; then
     sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
     sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 fi
 __detect_result
 # 配置 VIM
 #echo -en "${BC}vimrc is config...    ${EC}";sleep 1
 #echo "set paste" >> /etc/vimrc
 #echo "filetype on" >> /etc/vimrc
 #
 #__detect_result
 # 配置 security bash
 echo -en "${BC}acfun_bashenv.sh is config...    ${EC}";sleep 1
 cat > /etc/profile.d/acfun_bashenv.sh <<EOF
 # for security set
 alias chgrp='chgrp --preserve-root'
 alias chown='chown --preserve-root'
 alias chmod='chmod --preserve-root'
 alias rm='rm -i --preserve-root'
 # for history set
 HISTTIMEFORMAT='[%F %T] '
 HISTSIZE=2000
 # set vim set
 export EDITOR=vim
 alias vi='vim'
 EOF
 __detect_result
 # 配置 limit.conf
 echo -en "${BC}limits.conf is optimize...    ${EC}";sleep 1
 login='/etc/pam.d/login'
 if [ $(grep -c "pam_limits.so" ${login}) == 0 ]; then
     echo "session    required     pam_limits.so" >> ${login}
 fi
 limits='/etc/security/limits.conf'
 if [ $(grep -c "* soft nofile 655360" ${limits}) == 0 ]; then
     echo "* soft nofile 655360" >> ${limits}
     echo "* hard nofile 655360" >> ${limits}
     echo "* soft nproc  131072" >> ${limits}
     echo "* hard nproc  131072" >> ${limits}
     echo "# End of file" >> ${limits}
 fi
 nproc='/etc/security/limits.d/90-nproc.conf'
 if [ ! -f ${nproc} ] || [ $(grep -c 'nproc' ${nproc}) == 0 ];then
     echo '* soft nproc 131072' >> ${nproc}
 else
     sed -i 's/*.*soft.*nproc.*/*          soft    nproc     131072/g' ${nproc}
 fi
 __detect_result
 # 配置 sysctl.conf
 #echo -en "${BC}sysctl.conf is optimize...    ${EC}";sleep 1
 #sysctl='/etc/sysctl.conf'
 #if [ $(grep -c "net.ipv4.tcp_syncookies = 0" ${sysctl}) == 0 ]; then
 # {
 #    sed -i 's/net.ipv4.tcp_syncookies = 1/net.ipv4.tcp_syncookies = 0/g' ${sysctl}
 #    echo "net.ipv4.conf.all.arp_ignore = 1" >> ${sysctl}
 #    echo "net.ipv4.conf.all.arp_announce = 2" >> ${sysctl}
 #    echo "net.ipv4.conf.lo.arp_ignore = 1" >> ${sysctl}
 #    echo "net.ipv4.conf.lo.arp_announce = 2" >> ${sysctl}
 #    echo "net.core.rmem_default = 262144" >> ${sysctl}
 #    echo "net.core.wmem_default = 262144" >> ${sysctl}
 #    echo "net.core.netdev_max_backlog = 10000" >> ${sysctl}
 #    echo "net.core.rmem_max = 16777216" >> ${sysctl}
 #    echo "net.core.wmem_max = 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_rmem = 8192 87380 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_wmem = 8192 65536 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_mem = 8388608 12582912 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_max_syn_backlog = 4096" >> ${sysctl}
 #    echo "net.ipv4.tcp_synack_retries = 2" >> ${sysctl}
 #    echo "net.nf_conntrack_max = 8553600" >> ${sysctl}
 #    echo "net.netfilter.nf_conntrack_max = 8553600" >> ${sysctl}
 #    echo "net.netfilter.nf_conntrack_tcp_timeout_established = 60" >> ${sysctl}
 #}
 #fi
 #__detect_result
 # 建立数据目录
 echo -en "${BC}data file is create...    ${EC}";sleep 1
 mkdir -p /opt/logs
 mkdir -p /opt/package
 mkdir -p /opt/javaserver
 mkdir -p /opt/data/mysqldata
 mkdir -p /opt/data/redis
 mkdir -p /opt/data/zookeeper
 mkdir -p /opt/script
 mkdir -p /opt/backup
 __detect_result
 # 搭建rsync服务
 echo -e "${BC}create rsync server...    ${EC}";sleep 1
 touch /etc/rsyncd.conf
 if [ $(grep -c "rsync" /etc/rsyncd.conf) == 0 ]; then
 cat > /etc/rsyncd.conf <<EOF
 uid = root
 gid = root
 use chroot = no
 max connections = 10
 strict modes = yes
 pid file = /var/run/rsyncd.pid
 lock file = /var/run/rsync.lock
 log file = /opt/logs/rsyncd.log
 EOF
 fi
 if [ $(grep -c "/usr/bin/rsync --daemon" /etc/rc.local) == 0 ]; then
     echo '/usr/bin/rsync --daemon' >> /etc/rc.local
 fi
 /usr/bin/rsync --daemon
 __detect_result
 # 安装java服务
 echo -e "${BC}install oracle java...    ${EC}";sleep 1
 wget -P /tmp/ --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.rpm
 rpm -ivh /tmp/jdk-8u45-linux-x64.rpm
 echo "" >>/etc/profile
 echo "# java jdk config" >> /etc/profile
 echo "JAVA_HOME=/usr/java/jdk1.8.0_45" >> /etc/profile
 echo "PATH=\$JAVA_HOME/bin:\$JAVA_HOME/jre/bin:\$PATH" >> /etc/profile
 echo "CLASSPATH=.:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/jre/lib/rt.jar" >> /etc/profile
 echo "export JAVA_HOME PATH CLASSPATH" >> /etc/profile
 source /etc/profile
 __detect_result
 # 关闭服务
 echo -e "${BC}services is optimize...    ${EC}";sleep 1
 chkconfig --level 35 abrt-ccpp off 2>/dev/null
 chkconfig --level 35 abrtd off 2>/dev/null
 chkconfig --level 35 acpid off 2>/dev/null
 chkconfig --level 35 atd off 2>/dev/null
 chkconfig --level 35 certmonger off 2>/dev/null
 chkconfig --level 35 cpuspeed off 2>/dev/null
 chkconfig --level 35 cups off 2>/dev/null
 chkconfig --level 35 mcelogd off 2>/dev/null
 chkconfig --level 35 mdmonitor off 2>/dev/null
 chkconfig --level 35 nfslock off 2>/dev/null
 chkconfig --level 35 ip6tables off 2>/dev/null
 chkconfig --level 35 postfix off 2>/dev/null
 service abrt-ccpp stop 2>/dev/null
 service abrtd stop 2>/dev/null
 service acpid stop 2>/dev/null
 service atd stop 2>/dev/null
 service certmonger stop 2>/dev/null
 service cpuspeed stop 2>/dev/null
 service cups stop 2>/dev/null
 service mcelogd stop 2>/dev/null
 service mdmonitor stop 2>/dev/null
 service nfslock stop 2>/dev/null
 service ip6tables stop 2>/dev/null
 service postfix stop 2>/dev/null
 __detect_result
 # 添加 yum 软件源
 echo -en "${BC}yum source is install...    ${EC}";sleep 1
 rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 yum install yum-priorities -y
 epel='/etc/yum.repos.d/epel.repo'
 if [ $(grep -c "priority=10" ${epel}) == 0 ]; then
     sed -i 's/enabled = 1/enabled = 1\npriority = 10/g' ${epel}
 fi
 __detect_result
 # YUM 安装相关服务
 echo -e "${BC}packages is installed...    ${EC}";sleep 1
 yum -e 0 -d 0 -y -q install iftop iotop ipmitool wget telnet vim xinetd dmidecode redhat-lsb ntp openssl bash man gcc gcc-c++ make sysstat nc lrzsz parted mtr iptraf strace 2>/dev/null
 __detect_result
 # 初始安装关闭DHCP引导
 echo -e "${BC}DHCP BOOT is disabled...    ${EC}";sleep 1
 ipmitool -I open chassis bootdev disk options=persistent,efiboot
 __detect_result
 echo "system init finished!"
 echo ""
 echo "reboot after 1 minutes!"
 shutdown -r +1

centos_6.7_系统初始化的更多相关文章

  1. centos7 系统初始化脚本

    现在自己的本地虚拟机系统,直接安装的是centos7.2 mini版,安装完成发现好多东西都没有安装,所以写了一个简单的系统初始化脚本,让自己可以省一些力气,哈哈 人懒主要是. 下面贴出写的脚本,脚本 ...

  2. ssh下:系统初始化实现ServletContextListener接口时,获取spring中数据层对象无效的问题

    想要实现的功能:SSH环境下,数据层都交由Spring管理:在服务启动时,将数据库中的一些数据加载到ServletContext中缓存起来. 系统初始化类需要实现两个接口: ServletContex ...

  3. 详解linux系统的启动过程及系统初始化

    一.linux系统的启动流程 关于linux系统的启动流程我们可以按步进行划分为如下: POST加电自检 -->BIOS(Boot Sequence)-->加载对应引导上的MBR(boot ...

  4. Ztack学习笔记&lpar;2&rpar;-系统初始化分析

    main函数先执行初始化工作,包括硬件.网络层.任务等的初始化. 一 系统初始化 系统初始化函数主要完成内存分配.消息队列头.定时器.电源管理.任务系统及内存栈等的初始化,具体如下代码所示: //os ...

  5. Linux安装系统注意事项及系统初始化

      Linux安装系统注意事项 1.分区 学习用途: /boot:200M /swap :内存的1到2倍 /:根据需要分配大小,比如虚拟机下总空间是15G,那么可以分配8——10G跟/分区,如果是生产 ...

  6. ucos系统初始化及启动过程

    之前在ucos多任务切换中漏掉了一个变量, OSCtxSwCtr标识系统任务切换次数 主要应该还是用在调试功能中 Ucos系统初始化函数为OSInit(),主要完成以下功能 全局变量初始化 就绪任务表 ...

  7. centos系统初始化流程及实现系统裁剪

    Linux系统的初始化流程: POST:ROM+RAM BIOS: Boot Sequence MBR: 446:bootloader 64: 分区表 2: 5A kernel文件:基本磁盘分区 /s ...

  8. 【linux】系统初始化的shell脚本

    根据参考网上的一些文章,总结出来一个系统初始化的shell脚本 1.初始化脚本 #!/bin/bash cat << EOF +------------------------------ ...

  9. Saltstack生产案例之系统初始化

    把之前的配置打个包 zip -r salt.zip * 拷贝到/root/tools目录 博客园文件里面也保留一份,删除之前所有的salt配置文件重新开始 想 1,系统初始化 2,功能模块:设置单独的 ...

随机推荐

  1. 【bzoj3505】 Cqoi2014—数三角形

    http://www.lydsy.com/JudgeOnline/problem.php?id=3505 (题目链接) 题意 给定一个n*m的网格,请计算三点都在格点上的三角形共有多少个. Solut ...

  2. nodejs笔记2

    下面在改变app.js的代码,可以通过不同的请求的url来返回不同的内容,注意1.html前的/不能省略,要细致 2.下面呢就是开始数据库的一些操作了 (1)在代码中引入模块var mongodb=r ...

  3. &lbrack;2015hdu多校联赛补题&rsqb;hdu5299 Circles Game

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5299 题意: 在欧几里得平面上有n个圆,圆之间不会相交也不会相切,现在Alice和Bob玩游戏,两人轮 ...

  4. 【笔记】Python 学习Tips

    Lambda Python中给予的定义是用来创建匿名的简单函数(单行).基本的应用场景就是替换简单函数的定义. >>> fl = lambda x : x % 3 >>& ...

  5. 关于angularjs依赖注入的整理

    初学angularjs阶段,刚刚看到菜鸟教程的angularjs依赖注入.现在整理一下: 1.含义:一个或更多的依赖(可以理解为模块关系依赖)或服务(分为内建服务[例如$http,$tiomeout等 ...

  6. 十四、Hadoop学习笔记————Zookeeper概述与基本概念

    顺序一致性:严格按照顺序在zookeeper上执行 原子性:所有事物请求的结果,在整个集群的应用情况一致 单一视图:无论从哪个服务器进入集群,看到的东西都是一致的 可靠性:服务端成功响应后,状态会 一 ...

  7. Java - Spring MVC 实现跨域资源 CORS 请求

    拦截器设置响应头 这种方式原理就是利用拦截器在方法执行前,我们增加请求的响应头,用来支持跨域请求.这种方案是可行的,大部分都是采用这种方案.我当时也是打算采用这种方案,直到我发现原来 Spring 框 ...

  8. springboot学习之授权Spring Security

    SpringSecurity核心功能:认证.授权.攻击防护(防止伪造身份) 涉及的依赖如下: <dependency> <groupId>org.springframework ...

  9. SpringBoot —— AOP注解式拦截与方法规则拦截

    AspectJ是一个面向切面的框架,它扩展了Java语言.AspectJ定义了AOP语法,所以它有一个专门的编译器用来生成遵守Java字节编码规范的Class文件. SpringBoot中AOP的使用 ...

  10. cas单点登录-CAS5&period;1&period;3 overlay服务器搭建&lpar;二&rpar;

    前言    本节主要讲解怎么搭建cas服务端,并且在浏览器中使用https访问cas服务端 1.通过cas代码生成工具(https://casinitializr.herokuapp.com/),生成 ...

相关文章