

echo -e '\033[1;31m ********************************此脚本自动化安装初始环境******************************** \033[0m'
echo -e '\033[1;31m 1.安装必须组件 \033[0m'
echo -e '\033[1;31m 安装vim \033[0m'
yum -y install vim
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装wget \033[0m'
yum -y install wget
echo -e '\033[1;31m ********************************************************************************** \033[0m'

echo -e '\033[1;31m 2.更换阿里源 \033[0m'
echo -e '\033[1;31m 备份本地yum源 \033[0m'
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
echo -e '\033[1;31m 获取阿里yum源配置文件 \033[0m'
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

echo -e '\033[1;31m 清除缓存 \033[0m'
yum clean all
echo -e '\033[1;31m 更新cache \033[0m'
yum makecache
echo -e '\033[1;31m 更新 \033[0m'
yum -y update
echo -e '\033[1;31m ********************************************************************************** \033[0m'

echo -e '\033[1;31m 安装nano \033[0m'
yum -y install nano
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装zip \033[0m'
yum -y install zip
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装unzip \033[0m'
yum -y install unzip
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装git \033[0m'
yum -y install git
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装java \033[0m'
yum -y install java
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装yum-utils \033[0m'
yum -y install yum-utils
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装expect \033[0m'
yum -y install expect
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装htop \033[0m'
echo -e '\033[1;31m 启用epe版本 \033[0m'
yum -y install epel-release
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装npm \033[0m'
yum -y install npm
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装pv \033[0m'
yum -y install pv
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装telnet \033[0m'
yum -y install telnet
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装net-tools \033[0m'
yum -y install net-tools
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装tree \033[0m'
yum -y install tree
echo -e '\033[1;31m ********************************************************************************** \033[0m'
echo -e '\033[1;31m 安装lsof \033[0m'
yum -y install lsof
echo -e '\033[1;31m ********************************************************************************** \033[0m'

echo -e '\033[1;31m 3.安装时间同步服务器 \033[0m'
yum -y install ntp
echo -e '\033[1;31m 设置开机启动 \033[0m'
systemctl enable ntpd
echo -e '\033[1;31m 启动时间同步服务器 \033[0m'
systemctl start ntpd
echo -e '\033[1;31m 查看时间同步服务器运行状态 \033[0m'
systemctl status ntpd
echo -e '\033[1;31m ********************************************************************************** \033[0m'

echo -e '\033[1;31m 4.关闭swap分区 \033[0m'
swapoff -a
echo -e '\033[1;31m 查看内存实用情况 \033[0m'
free -m
echo -e '\033[1;31m ********************************************************************************** \033[0m'

echo -e '\033[1;31m 5.关闭防火墙 \033[0m'
echo -e '\033[1;31m 禁用SElinux \033[0m'
setenforce 0
echo -e '\033[1;31m 修改 \033[1;33m /etc/selinux/config \033[0m 配置文件 \033[0m'
sed -i "s/enforcing/disabled/g" /etc/selinux/config
echo -e '\033[1;31m 停止防火墙服务 \033[0m'
systemctl stop firewalld
iptable -F
echo -e '\033[1;31m 禁止防火墙开机自启 \033[0m'
systemctl disable firewalld
echo -e '\033[1;31m ********************************************************************************** \033[0m'

echo -e '\033[1;31m 8.更改主机hostname \033[0m'
IP_ADDRESS=$(ip a | grep inet | grep -v inet6 | grep -v 127 | sed 's/^[ \t]*//g' | awk -F " " '{print $2}' | grep -v 172 | grep -v 32 | awk -F"/" '{print $1}')
cat <<EOF >/etc/hostname

# echo "修复重启后网络服务无法启动的问题"
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl restart network
# Systemctl start network

echo -e '\033[1;32m系统初始化配置完成!\033[0m'
echo -e "\033[1;31m 清除yum安装包 \033[0m"
yum -y clean all

#内核优化sysctl.conf && 调整文件描述符ulimit
sed -i "/^#DefaultLimitNOFILE=/cDefaultLimitNOFILE=1048576" /etc/systemd/system.conf

cat <<EOF >> /etc/security/limits.conf
* soft nofile 1048576
* hard nofile 1048576
* soft nproc 65535
* hard nproc 65535

cat <<EOF > /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
## 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1
## 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
## 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
##限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
##内核放弃建立连接之前发送SYNACK 包的数量
net.ipv4.tcp_synack_retries = 1
##内核放弃建立连接之前发送SYN 包的数量
net.ipv4.tcp_syn_retries = 1
##启用timewait 快速回收
net.ipv4.tcp_tw_recycle = 1
##开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 15
##当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65536
fs.file-max = 2097152
#系统级别的能够打开的文件句柄的数量,ulimit 是进程级别的
net.core.somaxconn = 32768

# 确保无人能修改路由表
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.nf_conntrack_max = 6553600





read -p "请输入要免密的服务器的IP最后一位:(注:请以空格分隔 eg:157 167 177 ... ):" IP_NUM


for i in ${IP_NUM};
spawn ssh $username@10.10.1.$i ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
expect eof


mkdir /tmp/ssh-pub
for i in ${IP_NUM};
spawn scp $username@10.10.1.$i:/root/.ssh/id_rsa.pub /tmp/ssh-pub/id_rsa.pub_$i
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
expect eof


cat /tmp/ssh-pub/id_rsa.pub_* >> /tmp/authorized_keys
rm -rf /tmp/ssh-pub


cat /tmp/authorized_keys


for i in ${IP_NUM};
spawn scp /tmp/authorized_keys $username@10.10.1.$i:/root/.ssh
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
expect eof


rm -rf /tmp/authorized_keys


for i in ${IP_NUM};
spawn scp /root/.ssh/known_hosts $username@10.10.1.$i:/root/.ssh
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
expect eof


