CentOS6开机优化脚本

cwx

　　最近看了下公司之前的CentOS6的开机配置脚本，简单调整了下：
#!/bin/bash
#created by molewan
#set env
export PATH=$PATH:/bin:/sbin:/usr/sbin
hostname=$1
if [ $UID != "0" ];then
echo "Please run as root"
exit 1
fi
Usage(){
echo $"USAGRE:/bin/bash $0 hostname"
exit 1
}
if [ "$#" -ne "1" ];then
Usage
fi
#define cmd var
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
function mod_yum(){
ping -c 2 -w 2 mirrors.aliyun.com >/dev/null 2>&1
if [ $? -eq 0 ];then
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum install -y vim lsof telnet lrzsz wget openssh-clients unix2dos dos2unix gcc gcc-c++ openssl-devel openssl-perl bc
yum clean all
else
echo "your must check network"
exit 1
fi
}
function disable_selinux(){
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0 >/dev/null 2>$1
}
function disable_iptables(){
/sbin/iptables -F && /sbin/iptables -X && /sbin/iptables -Z
/etc/init.d/iptables save
/etc/init.d/iptables stop && chkconfig iptables off
}
function least_service(){
export LANG=en
chkconfig|awk '{print "chkconfig",$1,"off"}'|bash
chkconfig|egrep "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"on"}'|bash
}
function charset(){
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.bak
echo 'LANG="zh_CN.UTF-8"'>/etc/sysconfig/i18n
source /etc/sysconfig/i18n
}
function ntp_time_sync(){
ntpdate -u 202.120.2.101 && hwclock -w >/dev/null 2>&1
echo "05 23 * * * /usr/sbin/ntpdate -u 202.120.2.101">>/var/spool/cron/root
}
function com_line_set(){
if [ `egrep "TMOUT|HISTSIZE|ISTFILESIZE" /etc/profile|wc -l` -lt 3 ]
then
echo 'export TMOUT=300'>>/etc/profile
echo 'export HISTSIZE=5'>>/etc/profile
echo 'export HISTFILESIZE=5'>>/etc/profile
source /etc/profile
fi
}
function open_file_set(){
if [ `grep 65535 /etc/security/limits.conf|wc -l` -lt 1]
then
echo '*-nofile65535'>>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
fi
}
function set_kernel(){
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_resue = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
EOF
sysctl -p
}
function set_sercurity_limits.conf(){
echo ' ' >> /etc/security/limits.conf
echo '* soft nofile 65535' >> /etc/security/limits.conf
echo '* hard nofile 65535' >> /etc/security/limits.conf
echo '* soft nproc 65535' >> /etc/security/limits.conf
echo '* hard nproc 65535' >> /etc/security/limits.conf
}
function set_ssh(){
sed -i '/#Port 22/Port 5272/g' /etc/sysconfig/sshd_config
sed -i '/#UseDNS yes/a\UseDNS no' /etc/ssh/sshd_config
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g' /etc/ssh/sshd_config
/etc/init.d/sshd reload
}
function set_hostname(){
echo 'NETWORKING=yes' >> /etc/sysconfig/network
echo "HOSTNAME=${hostname}" >> /etc/sysconfig/network
}
function ctrl_alt_del_deny(){
sed -i 's/start on control-alt-delete/#start on control-alt-delete/g' /etc/init/control-alt-delete.conf
}
function shutdown_ipv6(){
echo 'alias net-pf-10 off' >> /etc/modprobe.d/dist.conf
echo 'alias ipv6 off' >> /etc/modprobe.d/dist.conf  
}
function alter_bootmenu_time(){
sed -i '/timeout=5/d' /boot/grub/menu.lst
sed -i '/default/a\timeout=1' /boot/grub/menu.lst
}
main(){
mod_yum
disable_selinux
disable_iptables
least_service
charset
ntp_time_sync
com_line_set
open_file_set
set_kernel
set_sercurity_limits.conf
set_ssh
set_hostname
ctrl_alt_del_deny
shutdown_ipv6
alter_bootmenu_time
}
main