鹹魚今天給大家分享一個無論是學習還是工作中都很實用的 Linux 系統初始化腳本,其實就是各種命令的集合 完整代碼在文章最後哦 定義相關變數 配置 yum 鏡像源 獲取阿裡雲 yum 鏡像源 判斷函數是否執行成功 寫入一行配置 修改配置 配置系統時區 配置 dns 伺服器 修改最大文件描述符限制 關 ...
鹹魚今天給大家分享一個無論是學習還是工作中都很實用的 Linux 系統初始化腳本,其實就是各種命令的集合
完整代碼在文章最後哦
定義相關變數
配置 yum 鏡像源
獲取阿裡雲 yum 鏡像源
判斷函數是否執行成功
寫入一行配置
修改配置
配置系統時區
配置 dns 伺服器
修改最大文件描述符限制
關閉系統不需要的服務
內核參數優化相關
安裝常用工具
關閉 SELinux
主函數
完整腳本
#環境變數 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin export PATH #當前時間 current_time=$(date +%Y%m%d) #阿裡的DNS dns_server=223.5.5.5 if [[ ! -z `uname -r|grep 'el6'` ]] then kernel_version=el6 yum_repo=http://mirrors.aliyun.com/repo/Centos-6.repo elif [[ ! -z `uname -r|grep 'el7'` ]] then kernel_version=el7 yum_repo=http://mirrors.aliyun.com/repo/Centos-7.repo else echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m" exit fi function add_yum_repo(){ local item="Add Aliyun Yum Mirrors" yum clean all cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.${current_time} && \ curl -o /etc/yum.repos.d/CentOS-Base.repo ${yum_repo} > /dev/null 2>&1 show_result $? "${item}" yum makecache } function show_result(){ if [ "$1" -eq 0 ] then echo -e "\e[32m$2 is Success . [ OK ] \e[0m" else echo -e "\e[31m$2 is Fail . [ FAIL ] \e[0m" fi } function add_newconfig_tofile(){ local SearchResult=`grep "$1" "$2"` if [ -z "${SearchResult}" ] then echo "$1" >> $2 fi } function add_config_tofile(){ local keywords=`echo $1| awk -F "[= ]+" '{print $1}'` local SearchResult=`grep "^${keywords}" "$2"` if [ -z "${SearchResult}" ] #空為真,非空為假 then echo $1 >> $2 else sed -i "s/^${keywords}.*/$1/" $2 fi } function config_localtime(){ local item="Config SH As Location" rm -f /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime show_result $? "${item}" } function config_dns_addr(){ local item="Config DNS Address" cp /etc/resolv.conf /etc/resolv.conf.${current_time} && \ echo "nameserver ${dns_server}" > /etc/resolv.conf show_result $? "${item}" } function maximum_file_dspt(){ local item="Maximum File Descriptor" cp /etc/security/limits.conf /etc/security/limits.conf.${current_time} && \ echo "* soft nofile 100000 * hard nofile 100000 * soft nproc 65535 * hard nproc 65535 * soft core unlimited * hard core unlimited" > /etc/security/limits.conf show_result $? "${item}" } function shutdown_nonuse_srv(){ local item="Shutdown Unused Services" if [[ "${kernel_version}" == el6 ]] then for i in `chkconfig --list | awk '{print $1}'` do chkconfig --level 2345 $i off > /dev/null 2>&1 done for ii in crond network rsyslog sshd sysstat haldaemon do chkconfig --level 2345 $ii on > /dev/null 2>&1 done show_result $? "${item}" elif [[ "${kernel_version}" == el7 ]] then systemctl disable postfix > /dev/null 2>&1 show_result $? "${item}" else echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m" fi } function optimize_kel_args(){ local item="Optimize Kernel Arguments" cp /etc/sysctl.conf /etc/sysctl.conf.${current_time} > /dev/null 2>&1 arch_ratio=$([[ ! -z $(uname -a | grep x86_64) ]] && expr 64 / 32 || expr 32 / 32) memory_size=$(free -b| awk 'NR==2{print $2}') nf_conntrack_size=$(expr ${memory_size} / 16384 / ${arch_ratio}) #開啟反向路徑過濾 add_config_tofile "net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.conf.all.rp_filter = 1" /etc/sysctl.conf #處理無源路由包 add_config_tofile "net.ipv4.conf.all.accept_source_route = 0" /etc/sysctl.conf add_config_tofile "net.ipv4.conf.default.accept_source_route = 0" /etc/sysctl.conf #core文件名中添加pid作為擴展名 add_config_tofile "kernel.core_uses_pid = 1" /etc/sysctl.conf #開啟syn洪水攻擊保護 add_config_tofile "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf #修改消息隊列長度 add_config_tofile "kernel.msgmnb = 65536" /etc/sysctl.conf add_config_tofile "kernel.msgmax = 65536" /etc/sysctl.conf #修改最大記憶體共用段大小bytes add_config_tofile "kernel.shmmax = 68719476736" /etc/sysctl.conf add_config_tofile "kernel.shmall = 4294967296" /etc/sysctl.conf #timewait數量預設18000 add_config_tofile "net.ipv4.tcp_max_tw_buckets = 600" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_sack = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_window_scaling = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_rmem = 4096 87380 16777216" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_wmem = 4096 65536 16777216" /etc/sysctl.conf add_config_tofile "net.core.rmem_default = 8388608" /etc/sysctl.conf add_config_tofile "net.core.wmem_max = 16777216" /etc/sysctl.conf #未收到客戶端確認信息連接請求的最大值 add_config_tofile "net.ipv4.tcp_max_syn_backlog = 262144" /etc/sysctl.conf #放棄建立連接之前發送的synack包 add_config_tofile "net.ipv4.tcp_syn_retries = 2" /etc/sysctl.conf #開啟重用,允許time—wait socket 重新用語新的tcp連接 add_config_tofile "net.ipv4.tcp_tw_reuse = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_fin_timeout = 1" /etc/sysctl.conf #防止簡單的ddos攻擊 add_config_tofile "net.ipv4.tcp_max_orphans = 3276800" /etc/sysctl.conf #啟用timewait快速收回 add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf #keeptime啟用時tcp發送keepalive消息的頻度,預設2h add_config_tofile "net.ipv4.tcp_keepalive_time = 600" /etc/sysctl.conf #允許系統打開的埠範圍 add_config_tofile "net.ipv4.ip_local_port_range = 1024 65535" /etc/sysctl.conf #資源回收 add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf #路由轉發 add_config_tofile "net.ipv4.ip_forward = 1" /etc/sysctl.conf #修改防火牆連接跟蹤表大小,預設65535 add_config_tofile "net.netfilter.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf add_config_tofile "net.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf #解禁ping add_config_tofile "net.ipv4.icmp_echo_ignore_all = 0" /etc/sysctl.conf modprobe bridge sysctl -p > /dev/null 2>&1 show_result $? "${item}" } function install_pkgs(){ local item="Install Common Pkgs" yum -y groupinstall "Development libraries" > /dev/null 2>&1 yum -y groupinstall "Development tools" > /dev/null 2>&1 yum -y install sysstat tree lrzsz telnet wget net-tools tcpdump lsof vim ntp > /dev/null 2>&1 show_result $? "${item}" } function shutdown_selinux(){ local item="Shutdown Selinux " setenforce 0 > /dev/null 2>&1 cp /etc/selinux/config /etc/selinux/config.${current_time} && \ sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config show_result $? "${item}" } function main(){ echo -e '\033[34;1m開始初始化操作系統中......\033[0m' add_yum_repo install_pkgs config_localtime config_dns_addr maximum_file_dspt shutdown_nonuse_srv shutdown_selinux optimize_kel_args echo -e '\033[34;1m伺服器系統初始化已完成!\033[0m' } main
