#!/bin/bash
##############################################################
# File Name: /var/www/html/ks_config/optimization.sh
# Version: V1.0
# Author: ersa ma
# Organization: http://www.iyunv.com/
# Created Time : 2016-11-14 22:26:08
# Description: Linux system initialization
# E.g: /bin/sh optimization.sh 172.16.1.41
##############################################################
. /etc/init.d/functions
if [ $# -ne 1 ];then
Msg "Please enter the ip address passed to the script!"
exit -1
fi
ipaddr=$1
# Defined result function
function Msg(){
if [ $? -eq 0 ];then
action "$1" /bin/true
else
action "$1" /bin/false
fi
}
# Defined Time Synchronization Functions
function Time(){
echo "#time sync by ersa at $(date +%F)" >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov &>/dev/null' >>/var/spool/cron/root
Msg "Time Synchronization"
}
# Defined IP function
function ConfigIP(){
#Suffix=`ifconfig eth1|awk -F "[ .]+" 'NR==2 {print $6}'`
Suffix=`echo $ipaddr |awk -F "." '{print $4}'`
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
USERCTL=no
IPV6INIT=no
IPADDR=10.0.0.$Suffix
NETMASK=255.255.255.0
DNS2=223.5.5.5
GATEWAY=10.0.0.2
DNS1=10.0.0.2
NAME="System eth0"
EOF
Msg "config eth0"
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
USERCTL=no
IPV6INIT=no
IPADDR=172.16.1.$Suffix
NETMASK=255.255.255.0
DNS2=223.5.5.5
GATEWAY=10.0.0.2
DNS1=10.0.0.2
NAME="System eth1"
EOF
Msg "config eth1"
}
#Defined cloned after internet optimization Function
function ClonedNetworkOpti() {
sed -i '/UUID/d;/HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth*
>/etc/udev/rules.d/70-persistent-net.rules
Msg "Clone online optimization"
}
# Defined Yum source Functions
function UpdateYumSource(){
YumDir=/etc/yum.repos.d
repoDir=http://mirrors.aliyun.com/repo/Centos-6.repo
epelDir=http://mirrors.aliyun.com/repo/epel-6.repo
[ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori}
#wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null &&\
#wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null &&\
wget -O $YumDir/CentOS-Base.repo $repoDir &>/dev/null &&\
wget -O $YumDir/epel.repo $epelDir &>/dev/null &&\
#清空yum缓存,建立yum缓存
yum clean all && yum makecache &&\
#然后使用如下命令将系统更新到最新
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* #导入签名KEY到RPM
# yum upgrade -y #更新系统内核到最新
Msg "YUM source"
}
#Install the base package (tree nmap sysstat lrzsz telnet dos2unix)
function InstallBasePackage() {
yum install -y tree nmap sysstat lrzsz dos2unix telnet &>/dev/null &&\
Msg "Base packages"
}
#Lock critical file systems()
function LockCriticalFile() {
chattr +i /etc/passwd &&\
chattr +i /etc/inittab &&\
chattr +i /etc/group &&\
chattr +i /etc/shadow &&\
chattr +i /etc/gshadow &&\
Msg "Lock files"
}
# Defined Hide the system version number Functions
function HideVersion(){
[ -f "/etc/issue" ] && >/etc/issue
Msg "Hide issue"
[ -f "/etc/issue.net" ] && > /etc/issue.net
Msg "Hide issue.net"
}
# Defined OPEN FILES Functions
function openfiles(){
[ -f "/etc/security/limits.conf" ] && {
echo '* - nofile 65535' >> /etc/security/limits.conf
Msg "open files"
}
}
#Defined Stop iptables Functions
function StopIptables() {
[ -f "/etc/init.d/iptables" ] && {
/etc/init.d/iptables stop
chkconfig iptables off
Msg "stop iptables"
}
}
#Defined Close SELinux Functions
function CloseSELinux(){
[ -f "/etc/selinux/config" ] && {
sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config
setenforce 0
Msg "Close SELinux"
}
}
#Defined Modify the remote login configuration on the SSH server
function ModifySSHConfig(){
[ -f "/etc/ssh/sshd_config" ] && {
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
sed '13i Port 52113\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' /etc/ssh/sshd_config
/etc/init.d/sshd reload
Msg "Modify ssh config"
}
}
#Kernel parameter optimization
function KernelParameterOpti() {
cat >>/etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time =600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化,防火墙不开会有提示,可以忽略不理
net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
EOF
#使配置文件生效
sysctl –p &>/dev/null &&\
Msg "Kernel parameter optimization"
}
# Defined System Startup Services Functions
function boot(){
for oldboy in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd|sysstat"`
do
chkconfig $oldboy off
done
Msg "BOOT config"
}
# Defined main Functions
function main(){
ConfigIP
ClonedNetworkOpti
Time
UpdateYumSource
InstallBasePackage
CloseSELinux
StopIptables
openfiles
boot
KernelParameterOpti
HideVersion
LockCriticalFile
}
main
运维网声明
1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网 享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com