CentOS系统初始化---不断更新中

注意EOF不能有空格tab键

#get os version 
release=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release))
#
#configure yum base source  and epel source
cd /etc/yum.repos.d/
test -d /etc/yum.repos.d/bak || mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
if [ $release == 6 ];then
        curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
        wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
fi
if [ $release == 7 ];then
        curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
        wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
fi
yum clean all
yum makecache

#install base rpm package
yum -y install nc git vim iftop iotop dstat tcpdump 
yum -y install ipmitool bind-libs bind-utils
yum -y install libselinux-python ntpdate 
yum -y tree nmap sysstat lrzsz dos2unix unix2dos

#update rpm package and kernel 
#yum update
#rm -rf /etc/yum.repos.d/CentOS*

#vim优化
cat >>/etc/vimrc<<EOF
set ic 
set ai 
EOF

#alias 
cat >>/etc/bashrc<<EOF
alias grep='grep --color=auto'
alias ll='ls -l --time-style=long-iso'
alias iptable='iptables -L -n --line-number'
EOF

#update ulimit configure 
if [ $release == 6 ];then
	test -f /etc/security/limits.d/90-nproc.conf && rm -rf /etc/security/limits.d/90-nproc.conf && touch  /etc/security/limits.d/90-nproc.conf
fi 
if [ $release == 7 ];then
	test -f /etc/security/limits.d/20-nproc.conf && rm -rf /etc/security/limits.d/20-nproc.conf && touch  /etc/security/limits.d/20-nproc.conf
fi 
>/etc/security/limits.conf 
cat >> /etc/security/limits.conf <<EOF
*	soft	nproc 	65535
*	hard	nproc	65535
*	soft 	nofile 	65535
*	hard 	nofile 	65535
EOF

#set timezone 
test -f /etc/localtime && rm -rf /etc/localtime 
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 

#set LANG
if [ $release == 6 ];then
	sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
fi
if [ $release == 7 ];then
	sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/locale.conf 
fi

#uptime time 
if [ $release == 6 ];then
	/usr/sbin/ntpdate -b ntp1.aliyun.com
	grep -q ntpdate /var/spool/cron/root
	if [ $? -ne 0 ];then
		echo "*	* * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >>/var/spool/cron/root
		chmod 600 /var/spool/cron/root
	fi 
	/etc/init.d/crond restart
fi 
if [ $release == 7 ];then
yum -y install chrony
>/etc/chrony.conf 
cat >>/etc/chrony.conf <<EOF
server ntp1.aliyun.com iburst 
server ntp2.aliyun.com iburst 
stratumweight 0 
driftfile /var/lib/chrony/drift 
rtcsync 
makestep 10 3 
bindcmdaddress 127.0.0.1 
bindcmdaddress ::1 
keyfile /etc/chrony.keys  
generatecommandkey 
noclientlog 
logchange 0.5
logdir /var/log/chrony 
EOF
systemctl restart chronyd 
systemctl enable chronyd 
fi 

#clean iptables default rules 
if [ $release == 6 ];then
	/sbin/iptables -F 
	/etc/inti.d/iptables save 
	chkconfig ip6tables off 
fi 
if [ $release == 7 ];then
	systemctl disable firewalld 
	systemctl stop firewalld
fi 

#disable unused service 
chkconfig auditd off 

#disable ipv6 
cd /etc/modprobe.d/ && touch ipv6.conf 
>/etc/modprobe.d/ipv6.conf 
cat >>/etc/modprobe.d/ipv6.conf<<EOF
alias net-pf-10 off
alias ipv6 off
EOF

#disable selinux 
setenforce 0 
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config 

#update record command 
sed -i 's/^HISTSIZE=.*$/HISTSIZE=100000/' /etc/profile 
grep -q 'HISTTIMEFORMAT' /etc/profile 
if [ $? -eq 0 ];then 
	sed -i 's/HISTTIMEFORMAT=.*$/HISTTIMEFORMAT="%F %T "/' /etc/profile 
else 
	echo 'HISTTIMEFORMAT="%F %T "' >> /etc/profile 
fi 
source /etc/profile
#set dns 
>/etc/resolv.conf 
cat >> /etc/resolv.conf <<EOF
nameserver 114.114.114.114 
EOF

#ssh优化
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config


#内核优化
sed -i 's/net.ipv4.tcp_syncookies.*/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf 
cat >>/etc/sysctl.conf <<EOF
kernel.core_uses_pid=1 
kernel.core_pattern=/tmp/core-%e-%p
fs.suid_dumpable=2 
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_timestamps=1 
EOF
sysctl -p 
posted @ 2018-05-29 19:27  你很棒  阅读(209)  评论(0编辑  收藏  举报