Linux 初始化脚本

干货！超实用的 Linux 初始化脚本

原创 咸鱼不想秃头 咸鱼运维杂谈 2023-03-02 19:52 发表于上海

收录于合集#Linux 相关50个

咸鱼今天给大家分享一个无论是学习还是工作中都很实用的 Linux 系统初始化脚本，其实就是各种命令的集合

 

完整代码在文章最后哦

 

定义相关变量

 

配置 yum 镜像源

 

获取阿里云 yum 镜像源

 

 

判断函数是否执行成功

 

 

写入一行配置

 

 

修改配置

 

 

配置系统时区

 

 

配置 dns 服务器

 

 

修改最大文件描述符限制

 

 

关闭系统不需要的服务

 

 

内核参数优化相关

 

 

安装常用工具

 

 

关闭 SELinux

 

 

主函数

 

 

完整脚本

#环境变量PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbinexport PATH
#当前时间current_time=$(date +%Y%m%d)
#阿里的DNSdns_server=223.5.5.5 
if [[ ! -z `uname -r|grep 'el6'` ]]  then  kernel_version=el6  yum_repo=http://mirrors.aliyun.com/repo/Centos-6.repoelif [[ ! -z `uname -r|grep 'el7'` ]]  then  kernel_version=el7  yum_repo=http://mirrors.aliyun.com/repo/Centos-7.repoelse  echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m"  exitfi
function add_yum_repo(){  local item="Add Aliyun Yum Mirrors"  yum clean all  cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.${current_time} && \  curl -o /etc/yum.repos.d/CentOS-Base.repo ${yum_repo} > /dev/null 2>&1  show_result $? "${item}"  yum makecache}
function show_result(){  if [ "$1" -eq 0 ]    then      echo -e "\e[32m$2 is Success .   [ OK ] \e[0m"    else      echo -e "\e[31m$2 is Fail .   [ FAIL ] \e[0m"  fi}
function add_newconfig_tofile(){  local SearchResult=`grep "$1" "$2"`  if [ -z "${SearchResult}" ]    then    echo "$1" >> $2  fi}
function add_config_tofile(){  local keywords=`echo $1| awk -F "[= ]+" '{print $1}'`  local SearchResult=`grep "^${keywords}" "$2"`  if [ -z "${SearchResult}" ] #空为真，非空为假    then    echo $1 >> $2  else    sed -i "s/^${keywords}.*/$1/" $2  fi}
function config_localtime(){  local item="Config SH As Location"  rm -f /etc/localtime  ln -s  /usr/share/zoneinfo/Asia/Shanghai /etc/localtime  show_result $? "${item}"}
function config_dns_addr(){  local item="Config DNS Address"  cp /etc/resolv.conf /etc/resolv.conf.${current_time} && \  echo "nameserver ${dns_server}" > /etc/resolv.conf  show_result $? "${item}"}
function maximum_file_dspt(){  local item="Maximum File Descriptor"  cp /etc/security/limits.conf /etc/security/limits.conf.${current_time} && \  echo "*           soft    nofile          100000*           hard    nofile          100000*           soft    nproc           65535*           hard    nproc           65535*           soft    core            unlimited*           hard    core            unlimited" > /etc/security/limits.conf  show_result $? "${item}"}

function shutdown_nonuse_srv(){  local item="Shutdown Unused Services"  if [[ "${kernel_version}" == el6 ]]      then    for i in `chkconfig --list | awk '{print $1}'`      do      chkconfig --level 2345 $i off > /dev/null 2>&1      done    for ii in crond network rsyslog sshd sysstat haldaemon      do      chkconfig --level 2345 $ii on > /dev/null 2>&1      done    show_result $? "${item}"  elif [[ "${kernel_version}" == el7 ]]    then    systemctl disable postfix > /dev/null 2>&1    show_result $? "${item}"  else    echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m"  fi}
function optimize_kel_args(){  local item="Optimize Kernel Arguments"  cp /etc/sysctl.conf /etc/sysctl.conf.${current_time} > /dev/null 2>&1  arch_ratio=$([[ ! -z $(uname -a | grep x86_64) ]] && expr 64 / 32 || expr 32 / 32)  memory_size=$(free -b| awk 'NR==2{print $2}')  nf_conntrack_size=$(expr ${memory_size} / 16384 / ${arch_ratio})  #开启反向路径过滤  add_config_tofile "net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.conf  add_config_tofile "net.ipv4.conf.all.rp_filter = 1" /etc/sysctl.conf  #处理无源路由包  add_config_tofile "net.ipv4.conf.all.accept_source_route = 0" /etc/sysctl.conf  add_config_tofile "net.ipv4.conf.default.accept_source_route = 0" /etc/sysctl.conf  #core文件名中添加pid作为扩展名  add_config_tofile "kernel.core_uses_pid = 1" /etc/sysctl.conf  #开启syn洪水攻击保护  add_config_tofile "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf  #修改消息队列长度  add_config_tofile "kernel.msgmnb = 65536" /etc/sysctl.conf  add_config_tofile "kernel.msgmax = 65536" /etc/sysctl.conf  #修改最大内存共享段大小bytes  add_config_tofile "kernel.shmmax = 68719476736" /etc/sysctl.conf  add_config_tofile "kernel.shmall = 4294967296" /etc/sysctl.conf  #timewait数量默认18000  add_config_tofile "net.ipv4.tcp_max_tw_buckets = 600" /etc/sysctl.conf  add_config_tofile "net.ipv4.tcp_sack = 1" /etc/sysctl.conf  add_config_tofile "net.ipv4.tcp_window_scaling = 1" /etc/sysctl.conf  add_config_tofile "net.ipv4.tcp_rmem = 4096 87380 16777216" /etc/sysctl.conf  add_config_tofile "net.ipv4.tcp_wmem = 4096 65536 16777216" /etc/sysctl.conf  add_config_tofile "net.core.rmem_default = 8388608" /etc/sysctl.conf  add_config_tofile "net.core.wmem_max = 16777216" /etc/sysctl.conf  #未收到客户端确认信息连接请求的最大值  add_config_tofile "net.ipv4.tcp_max_syn_backlog = 262144" /etc/sysctl.conf  #放弃建立连接之前发送的synack包  add_config_tofile "net.ipv4.tcp_syn_retries = 2" /etc/sysctl.conf  #开启重用，允许time—wait socket 重新用语新的tcp连接  add_config_tofile "net.ipv4.tcp_tw_reuse = 1" /etc/sysctl.conf  add_config_tofile "net.ipv4.tcp_fin_timeout = 1" /etc/sysctl.conf  #防止简单的ddos攻击  add_config_tofile "net.ipv4.tcp_max_orphans = 3276800" /etc/sysctl.conf  #启用timewait快速收回  add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf  #keeptime启用时tcp发送keepalive消息的频度，默认2h  add_config_tofile "net.ipv4.tcp_keepalive_time = 600" /etc/sysctl.conf  #允许系统打开的端口范围  add_config_tofile "net.ipv4.ip_local_port_range = 1024 65535" /etc/sysctl.conf    #资源回收    add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf    #路由转发    add_config_tofile "net.ipv4.ip_forward = 1" /etc/sysctl.conf   #修改防火墙连接跟踪表大小，默认65535  add_config_tofile "net.netfilter.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf  add_config_tofile "net.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf  #解禁ping  add_config_tofile "net.ipv4.icmp_echo_ignore_all = 0" /etc/sysctl.conf      modprobe bridge  sysctl -p > /dev/null 2>&1  show_result $? "${item}"}
function install_pkgs(){  local item="Install Common Pkgs"  yum -y groupinstall "Development libraries" > /dev/null 2>&1  yum -y groupinstall "Development tools" > /dev/null 2>&1  yum -y install sysstat  tree  lrzsz  telnet wget net-tools tcpdump lsof vim ntp > /dev/null 2>&1  show_result $? "${item}"}
function shutdown_selinux(){  local item="Shutdown Selinux "  setenforce 0 > /dev/null 2>&1  cp /etc/selinux/config /etc/selinux/config.${current_time} && \  sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config  show_result $? "${item}"}
function main(){  echo -e '\033[34;1m开始初始化操作系统中......\033[0m'  add_yum_repo  install_pkgs  config_localtime  config_dns_addr  maximum_file_dspt  shutdown_nonuse_srv  shutdown_selinux  optimize_kel_args  echo -e '\033[34;1m服务器系统初始化已完成！\033[0m'}
main

 

 

---

 

感谢阅读，喜欢作者就动动小手[一键三连]，这是我写作最大的动力

咸鱼不想秃头

喜欢作者

收录于合集 #Linux 相关

 50个

上一篇99%运维人员都忽略的服务器安全问题下一篇一次惨痛教训让我写了个Windows定期备份文件脚本

阅读 2146

分享收藏

193

 

咸鱼运维杂谈

124篇原创内容

关注