centos6——初始化脚本

ikyujyhtg

服务器centos6初始化脚本，包含几个方面：

修改主机名
添加用户秘钥
ssh 端口修改

ulimit值修改
防火墙修改

添加追踪日志

时间同步

安装一些基础软件包

nagios客户端安装

zabbix客户端安装
salt客户端安装


第一个脚本：

#!/bin/bash
# DATE 2017-02-03 17:01
SPORT=51029
SURL=http://XX.XX.XX.XX
IPTBL="/etc/sysconfig/iptables"
AUTH="authorized_keys"
MD5_DIR="/root/.md5_back"
userlist="user1 user2 user3"
sudouser="user1 user2 user3"
MINION_PATH="/etc/salt/minion"
MASTER="XX.XX.XX.XX"
LANIP=`ifconfig eth0 | grep inet | awk '{print $2}'`
NagiosServer="XX.XX.XX.XX"
TNagios="XX.XX.XX.XX"
NagiosDir="/etc/nagios/nrpe.cfg"

SCRIPT="/mnt/log/script"

if [ ! -d "$MD5_DIR" ];then
    mkdir -p $MD5_DIR
fi

function get_md5() {
    md5_value=`echo -n $1|md5sum|cut -d' ' -f1`
echo "$1 ----->  $md5_value" >>$MD5_DIR/command_md5.log
}
get_md5 /bin/ls
get_md5 /bin/cp
get_md5 /bin/vi
get_md5 /usr/bin/crontab
get_md5 /etc/passwd
get_md5 /etc/crontab
get_md5 /usr/bin/last
get_md5 /usr/bin/lastlog



INIT(){

NAME=`hostname`
sed -i '/'$NAME'/d' /etc/hosts
NEWNAME=$1
if [ $# -eq 1 -a ! -z "$NEWNAME"  ];then
    echo "Setting HOSTNAME"
    sed -i "s/$NAME/$NEWNAME/" /etc/sysconfig/network
hostname $NEWNAME
else
    echo "The hostname of this server must not be empty"
    exit 1
fi

#修改/etc/hosts 文件的主机名
echo "$LANIP  $NEWNAME" >> /etc/hosts


###sed -i 's/localhost.localdomain/$HNAME/g' /etc/sysconfig/network
sed -i 's/enforcing/disabled/g' /etc/sysconfig/selinux
#### limit 值修改
cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF


useradd -u 1001 -G wheel user1
useradd -u 1002 -G wheel user2
useradd -u 1003 -G wheel user3

sed -i "/# User_Alias ADMINS = jsmith, mikem/ aUser_Alias ADMINS = $sudouser" /etc/sudoers
sed -i '/^root/ aADMINS  ALL=\(ALL\)       ALL' /etc/sudoers
sed -i '/NOPASSWD: ALL$/ a%wheel          ALL=\(ALL\)       NOPASSWD\: ALL' /etc/sudoers

#sed -i 's/PasswordAuthentication yes/#PasswordAuthentication yes/g' /etc/ssh/sshd_config
#sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
sed -i '/#Port 22/a\Port $SPORT' /etc/ssh/sshd_config
service sshd restart

#添加用户登录密钥
for i in $userlist
do

wget $SURL/secret/$i/$AUTH -P /home/$i/.ssh/
chown $i.$i /home/$i/.ssh/$AUTH
chmod 600 /home/$i/.ssh/$AUTH
done


####添加防火墙
RESTART=0
HAVE=$(grep $SPORT $IPTBL | grep -c ACCEPT)
if [ $HAVE -eq 0 ]; then
sed -i "/-i\ lo\ -j\ ACCEPT/a-A INPUT -p tcp -m tcp --dport $SPORT -j ACCEPT" $IPTBL
RESTART=1
fi
if [ $RESTART -eq 1 ]; then
service iptables restart
fi


##添加追踪日志 script log
if [ ! -d $SCRIPT ];then
mkdir -p $SCRIPT
chmod 743 $SCRIPT
fi

cat >> /etc/profile <<EOF
if [ \$UID -ge 1000 ]; then
        exec /usr/bin/script -t 2>$SCRIPT/\$USER-\$UID-\`date +%Y%m%d%H%M\`.date -a -f -q $SCRIPT/\$USER-\$UID-\`date +%Y%m%d%H%M\`.log
fi      
EOF

#时间同步
yum -y install ntpdate
echo '02 3 * * * root /usr/sbin/ntpdate cn.pool.ntp.org' >> /etc/crontab


###INSTALL make 编译器
yum -y install gcc gcc-c++ make autoconf automake libtool zlib zlib-devel openssl openssl-devel pcre-devel ncurses-devel unixODBC-devel perl-ExtUtils-Embed mesa* gtk+extra-devel mesa* freeglut* lrzsz openssh-clients unzip patch

}

nagios_client(){
yum -y install nrpe nagios-plugins nagios-plugins-nrpe nrpe nagios-plugins-load nagios-plugins-disk nagios-plugins-swap
sed -i 's/allowed_hosts=127.0.0.1/allowed_hosts='$NagiosServer','$TNagios'/g' $NagiosDir
sed -i '/check_total_procs/a \command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 15% -c 10% -p /mnt' $NagiosDir
service nrpe start
}

salt_agent(){
# Install salt 2016.03.01
yum -y install https://repo.saltstack.com/yum/r ... st-1.el6.noarch.rpm

yum -y update
if [ $? -eq 0 ];then
yum -y install salt-minion
else
echo "yum update error"
exit 3
fi

#Config /etc/salt/minion
sed -i 's/#master: salt/master: '$MASTER'/g' $MINION_PATH
sed -i 's/#hash_type: sha256/hash_type: sha256/g' $MINION_PATH
sed -i '/#key_logfile/a\log_file: \/var\/log\/salt\/minion/' $MINION_PATH
sed -i 's/#key_logfile: \/var\/log\/salt\/key/key_logfile: \/var\/log\/salt\/key/' $MINION_PATH

service salt-minion start
}

INIT

nagios_client

salt_agent

以上为初始化脚本。

第二个脚本： 添加zabbix客户端
hname=`hostname`
SURL=http://XX.XX.XX.XX
MASTER="XX.XX.XX.XX"

#判断用户是否存在
add_user_zabbix()
{
name="zabbix"

a=`grep -c $name /etc/passwd`

if [ "$a" -eq 1 ];then
    echo  "THE user $zabbix is aready exist"
    return 1
else
   echo "Add zabbix user"
   groupadd "$name" -g 201
   useradd -g "$name" -u 201 -m "$name"
fi
}


zabbix_agentd_install()
{

log_d="/var/log/zabbix"
#安装所需软件
yum install -y ntpdate gcc gcc-c++

sleep 3
#同步时间
ntpdate asia.pool.ntp.org

sleep 3
#安装zabbix
#切换到src
cd /usr/local/src

echo "Installing zabbix_agentd"
rm -rf zabbix-3.0.4.tar.gz*
sleep 1
echo "Downloading"
wget $SURL/zabbix/zabbix-3.0.4.tar.gz
sleep 1


if [ ! -f "zabbix-3.0.4.tar.gz" ];then
echo "zabbix-3.0.4.tar.gz is not exist"
exit 1
fi


tar zxvf zabbix-3.0.4.tar.gz
cd zabbix-3.0.4
sleep 1
/bin/bash configure --prefix=/usr --sysconfdir=/etc/zabbix --enable-agent
sleep 3

if [ $? != 0 ]; then
  echo "configure was wrong!!"
  exit 1
else
  echo "The zabbix is aready installed!!"
fi

make && make install
if [ $? != 0 ]; then
  echo "There were something wrong in make!!!"
  exit 1
fi

#创建zabbix日志目录
if [ ! -d "$log_d" ];then
    mkdir $log_d
fi

chown zabbix.zabbix $log_d

#修改配置文件
/bin/cp misc/init.d/fedora/core/zabbix_agentd /etc/init.d/
chmod 755 /etc/init.d/zabbix_agentd
sed -i "s#BASEDIR=/usr/local#BASEDIR=/usr/#g" /etc/init.d/zabbix_agentd
sed -i "s/Server\=127.0.0.1/Server\=127.0.0.1,$MASTER/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s/ServerActive\=127.0.0.1/ServerActive\=$MASTER:10051/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s/Hostname=Zabbix server/Hostname=$hname/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s#tmp/zabbix_agentd.log#var/log/zabbix/zabbix_agentd.log#g" /etc/zabbix/zabbix_agentd.conf
sed -i "#UnsafeUserParameters=0#aUnsafeUserParameters=1\n" /etc/zabbix/zabbix_agentd.conf
#启动服务
chkconfig zabbix_agentd on
service zabbix_agentd start

return 1
}


pid=`pgrep zabbix_agentd`
if [ -n "$pid" ];then
    echo "the zabbix_agentd is aready installed!"
echo "Do want to reload the zabbix_agentd? Y/N"
read choice
case $choice in
Y) service zabbix_agentd stop;zabbix_agentd_install ;;
N) echo "You choose N,the script will be break";exit 2;;
*) echo "UNknow anwser!";exit 3;;
esac
else
    add_user_zabbix
zabbix_agentd_install
exit 4
fi


以上为整理的初始化centos 6 服务器的脚本。隐藏了一些ip，不能直接使用于你的服务器。可以为读者提供一些思路。或者后续会完善为更简便的脚本。