第三十八章 Linux系统优化脚本

一、Linux系统-centos7

##########################################################################
# Author:          jin.hui
# QQ:              974089352
# File Name:       Opt-Centos7.sh
# Copyright (C):   2021 All rights reserved
# Created Time:    2021年07月23日 星期五 17时50分34秒
#########################################################################
#!/usr/bin/bash
source /etc/init.d/functions

# 验证操作系统是否匹配
function check_operating_system()
{
 platform=`uname -i`
 if [ $platform != "x86_64" ];then
   echo "This script is only for 64bit Operating System !";exit 1
 fi
   action  "The platform is " /usr/bin/true
   cat << EOF
+---------------------------------------+
| Your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF
}

# 修改主机名
function seting_hostname_status()
{
 read -p "Please enter the host name you want to modify:" name
 hostnamectl set-hostname $name &>/dev/null
 if [ $? -eq 0 ];then
   action "Hostname update is `hostname`" /usr/bin/true
 else
   action "Hostname update is " /usr/bin/false
 fi
}

# 进行磁盘分区
function perform_disk_init()
{
 disk_path=/dev/vdb
 data_disk_size=`fdisk  -l |grep $disk_path |awk 'NR==1{print $3}'`
 parted -s /dev/vdb mklab msdos
 max=`parted -s $disk_path print | grep "Disk $disk_path" | awk '{print $3}'`
 start=0GB
 parted -s $disk_path mkpart primary xfs ${start} ${data_disk_size}GB &>/dev/null
 mkfs.xfs ${disk_path}1 > /dev/null
 mount ${disk_path}1 /opt
   if [ $? -eq 0 ]; then
#       dd if=/dev/zero of=/opt/swap bs=1M count=32768 > /dev/null 2>&1
#	mkswap /opt/swap  > /dev/null 2>&1
#	swapon /opt/swap  > /dev/null 2>&1
#	echo "/opt/swap  swap  swap  defaults  0 0" >>/etc/fstab
     echo "${disk_path}1   /opt    xfs   defaults  0 0" >>/etc/fstab
  else
     echo "auto_disk failed"
  fi
}

# 判断selinux是否关闭
function check_selinux_status()
{
 check_selinux_linux=`cat /etc/selinux/config |grep ^SELINUX |awk -F '=' 'NR==1{print $NF}'` &>/dev/null
 if [ $check_selinux_linux == 'disabled' ];then
   action "Selinux stauts is disabled" /usr/bin/true
 else
   action "Selinux stauts is disabled" /usr/bin/false
   echo -e "\033[36m ====================== Resting selinux status for disabled ====================== \033[0m"
   sed -i 's#enforcing#disabled#g' /etc/selinux/config
   echo "Now selinux stauts is disabled"
   echo -e "\033[36m ====================== Rested selinux status for disabled ====================== \033[0m"	
 fi
}

# 判断防火墙是否关闭
function check_firewalld_status()
{
 check_firewalld_status=`ps -ef |grep [fire]walld`
 if [ $? -eq 0 ];then
   action "Firewalld is disabled" /usr/bin/false
   echo -e "\033[36m ====================== Resting firewalld status for off ======================\033[0m"
   systemctl disable firewalld
   systemctl stop firewalld
   echo -e "\033[36m ====================== Ending firewalld status for off ====================== \033[0m"
 else
   action "Firewalld is disabled" /usr/bin/true
 fi
}

# 配置yum仓库
function seting_yum_depository()
{
 yum_dir="/etc/yum.repos.d/"
 base_yum="CentOS-Base.repo"
 epel_yum="epel.repo"
 if [ -f "${yum_dir}${base_yum}.bak" ];then
   action "Yum Depository is Added" /usr/bin/true
 else
   echo -e "\033[36m ====================== Starting Reset Yum Depository ====================== \033[0m"
   mv $yum_dir$base_yum  $yum_dir${base_yum}.bak
   mv $yum_dir$epel_yum  $yum_dir${epel_yum}.bak
   curl -o $yum_dir$base_yum http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
   curl -o $yum_dir$epel_yum http://mirrors.aliyun.com/repo/epel-7.repo  &>/dev/null
   sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' $yum_dir$base_yum
   sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' $yum_dir$epel_yum
   yum clean all &>/dev/null
   yum makecache &>/dev/null	
 fi
}

# 安装基础软件包
function ins_base_psckage()
{
 echo -e "\033[36m ====================== Starting Install Basic Software ====================== \033[0m"
 linux_comm_software=(net-tools vim tree htop iftop gcc gcc-c++ glibc iotop lrzsz sl wget unzip telnet nmap nc psmisc dos2unix bash-completion bash-completion-extra sysstat rsync nfs-utils httpd-tools expect)
	
 for i in ${linux_comm_software[*]}
 do
   rpm -q $i &>/dev/null
   if [ $? -eq 0 ];then
     action "$i is installed" /usr/bin/true
   else
     yum -y install $i  &>/dev/null                                     
     action "$i is installed"  /usr/bin/true
   fi     
 done
}

# 添加本地地址解析
function add_local_hosts()
{
 echo -e "\033[36m ====================== Starting Add Local Hosts ====================== \033[0m"
 local_IP=`ifconfig |awk -F ' ' 'NR==2{print $2}'`
 local_hostname=`hostname`
 hosts_line=`cat /etc/hosts | wc -l`
 if [ $hosts_line -ne 2 ];then
   sed -i '3,$d' /etc/hosts
   echo "$local_IP $local_hostname" >> /etc/hosts
 fi
 action "Add Local hosts is" /bin/true
}

# 设置时间同步
function seting_sync_time()
{
 echo -e "\033[36m ====================== Starting Seting NTPdate ====================== \033[0m"
 yum -y install ntpdate &> /dev/null
 if [ $? -eq 0 ];then
   cron_dir="/var/spool/cron/root"
   timedatectl set-timezone Asia/Shanghai
   /usr/sbin/ntpdate time1.aliyun.com  
   echo '#Timing synchronization time' >> $cron_dir
   echo "* 4 * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null 2>&1" >> $cron_dir
   systemctl restart crond.service
 else
   echo "ntpdate安装失败"
   exit $?
 fi
 action "Seting NTPdate is" /bin/true
 sleep 2
}

# 加大文件描述符
function increase_file_description()
{
 echo -e "\033[36m ====================== Starting Increase File Description ====================== \033[0m"
 echo '* - nofile 65535'>/etc/security/limits.conf
 ulimit -SHn 65535
 echo "`cat /etc/security/limits.conf`"
 echo "`ulimit -Sn ; ulimit -Hn`"
 action "Increase File Description is" /bin/true
 sleep 2
}

# 环境变量及别名优化
function seting_alias_profile()
{
 cat>>/etc/profile.d/color.sh<<EOF
alias ll='ls -l --color=auto --time-style=long-iso'
PS1="\[\e[37;40m\][\[\e[32;1m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\[\e[32;1m\]\\$ \[\e[0m\]"
export HISTTIMEFORMAT='%F-%T '
EOF

 source  /etc/profile
 action "Seting Alias Profile is" /bin/true
}

# 内核优化
function seting_kernel_opt()
{
 echo -e "\033[36m ====================== Starting Seting Kernel Optimization ====================== \033[0m"
 chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l`
 if [ $chk_nf -eq 0 ];then
   cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_all=1
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
 sysctl -p
 else
   echo "Kernel Optimization options is exist!。"
 fi
 action "Seting Kernel Optimization is" /bin/true
 sleep 2
}

# 更新软件
function update_yum_software()
{
 echo -e "\033[36m ====================== Starting Update YUM Software ====================== \033[0m"
 yum -y update &>/dev/null
 action "Update YUM Software is" /bin/true
 sleep 2
}

# 修改字符集
function seting_chinese_char()
{
 echo -e "\033[36m ====================== Starting Seting Chinese Character ====================== \033[0m"
 cat > /etc/locale.conf <<EOF
LANG="zh_CN.UTF-8"
#LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
 source /etc/locale.conf
 echo "#cat /etc/locale.conf"
 cat /etc/locale.conf
 action "Seting Chinese Character is" /bin/true
sleep 2
}

# 精简开机启动
function compact_boot_start()
{
 echo -e "\033[36m ====================== Starting Compact Boot Start ====================== \033[0m"
 systemctl disable auditd.service
 systemctl disable postfix.service
 systemctl disable NetworkManager.service
 systemctl list-unit-files | grep -E "auditd|postfix|NetworkManager"
 action "Compact Boot Start is" /bin/true
 sleep 2
}

# 加快ssh登录速度
function set_ssh_conf()
{
 echo -e "\033[36m ====================== Starting Seting SSH Configration ====================== \033[0m"
 sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
 systemctl restart sshd.service
 echo "`grep GSSAPIAuthentication /etc/ssh/sshd_config`"
 echo "`grep UseDNS /etc/ssh/sshd_config`"
 action "Seting SSH Configration is" /bin/true
 sleep 2
}

# 禁用ctrl+alt+del重启
function prohibit_quick_reboot()
{
 echo -e "\033[36m ====================== Starting Prohibit Quick Restart ====================== \033[0m"
 del_file="/usr/lib/systemd/system/ctrl-alt-del.target"
 if [ -f "$del_file" ];then
   rm -rf $del_file
 fi
 action "Prohibit Quick Restart is" /bin/true
 sleep 2
}

# history优化
function config_history_record()
{
 echo -e "\033[36m ====================== Starting Seting History Record ====================== \033[0m"
 chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l`
 if [ $chk_his -eq 0 ];then
  cat >> /etc/profile <<'EOF'
#设置history格式
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: "
#记录shell执行的每一条命令
export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
    export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
    logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
fi;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'
EOF
  source /etc/profile
 else
  echo "History Optimization options is exist!"
 fi
 action "Seting History Record is" /bin/true
 sleep 2
}

# 备份显示系统版本和内核的文件
function sync_system_version()
{
 echo -e "\033[36m ====================== Starting Sync System Version ====================== \033[0m"
 cp /etc/issue{,.bak}
 cp /etc/issue.net{,.bak}

 > /etc/issue
 > /etc/issue.net
 action "Sync System Version is" /bin/true
}

# 优化完成    
function opt_system_complete(){
cat << EOF
+-------------------------------------------------+
| 优 化 已 完 成                                  |
| 请 重启 这台服务器 !                            |
+-------------------------------------------------+
EOF

sleep 5
}

# 调用函数功能
function start_sh(){
check_operating_system
seting_hostname_status
perform_disk_init
check_selinux_status
check_firewalld_status
seting_yum_depository
ins_base_psckage
add_local_hosts
seting_sync_time
increase_file_description
seting_alias_profile
seting_kernel_opt
update_yum_software
seting_chinese_char
compact_boot_start
set_ssh_conf
prohibit_quick_reboot
config_history_record
sync_system_version
opt_system_complete
}

# 运行脚本
start_sh