CentOS6.5优化脚本以及检测优化脚本
一、tunning.sh
#!/bin/bash
# 系统优化脚本
# 使用于CentOS 6.4 x64系统
# Ver : 1.1.1
KCF=/etc/sysctl.conf
# ------- kernel Tcp/ip options config --------
kernel_conf(){
if [ `grep $1 $KCF | wc -l` -eq 0 ]
then
echo "$1 = $2" >> $KCF
elif [ `grep $1 $KCF | wc -l` -gt 1 ]
then
sed -i /$1/d $KCF
echo "$1 = $2" >> $KCF
else
if [ `grep $1 $KCF | awk '{print $3}'` -ne $2 ]
then
sed -i s# `grep $1 $KCF | awk '{print $3}'`#$2#g
else
echo -e "--- You hava right \033[32m $1 \033[0m config"
fi
fi
}
# ------- kernel Local_Port_Range config --------
port_range_conf(){
if [ `grep $1 $KCF | wc -l` -eq 0 ]
then
echo "$1 = $2 $3" >> $KCF
elif [ `grep $1 $KCF | wc -l` -gt 1 ]
then
sed -i /$1/d $KCF
echo "$1 = $2 $3" >> $KCF
else
if [ `grep $1 $KCF | awk '{print $3}'` -ne $2 ] || [ `grep $1 $KCF | awk '{print $4}'` -ne $3 ]
then
sed -i s# `grep $1 $KCF | awk '{print $3}'`#$2#g
sed -i s# `grep $1 $KCF | awk '{print $4}'`#$3#g
else
echo -e "--- You hava right \033[32m $1 \033[0m config"
fi
fi
}
# ------- kernel Tcp rmen/wmen options config --------
tcp_mem_conf(){
if [ `grep $1 $KCF | wc -l` -eq 0 ]
then
echo "$1 = $2 $3 $4" >> $KCF
else
sed -i /$1/d $KCF
echo "$1 = $2 $3 $4" >> $KCF
echo -e "--- You hava right \033[32m $1 \033[0m config"
fi
}
# TurnOFF the SELinux
sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config
setenforce 0
# set some service not start when system run
export LANG="en"
for srv_name in `chkconfig --list|grep 3:on|awk '{print $1}'`;
do
chkconfig $srv_name off;
done
for name in crond irqbalance messagebus haldaemon network rsyslog sshd sysstat udev-post ntpd;
do
chkconfig $name on ;
done
# NetworkManager Server config
if [ `/sbin/chkconfig --list | grep NetworkManager | wc -l` -ne 0 ]
then
/sbin/chkconfig NetworkManager on
/sbin/chkconfig --list NetworkManager
else
echo -e "--- NetworkManager server is not in , Will skip !"
fi
# Edit limits.conf
if [ `grep -E -v "^#|^$" /etc/security/limits.conf | wc -l` -eq 0 ]
then
cat >>/etc/security/limits.conf <<EOF
* soft noproc 65535
* hard noproc 65535
* soft nofile 1048576
* hard nofile 1048576
EOF
else
echo "PLS check limit.conf configuation"
fi
sleep 2
# Clear system information
echo "Welcome to Server" >/etc/issue
# Kernel configuation. be fit for Nginx Apache application service.
echo -e "#For web server" >>$KCF
kernel_conf fs.file-max 1048576
kernel_conf net.ipv4.tcp_fin_timeout 30
kernel_conf net.ipv4.tcp_timestamps 1
kernel_conf net.ipv4.tcp_tw_reuse 1
kernel_conf net.ipv4.tcp_tw_recycle 1
kernel_conf net.ipv4.tcp_window_scaling 1
kernel_conf net.ipv4.tcp_sack 1
port_range_conf net.ipv4.ip_local_port_range 1024 65535
tcp_mem_conf net.ipv4.tcp_rmem 4096 4096 16777216
tcp_mem_conf net.ipv4.tcp_wmem 4096 4096 16777216
sysctl -p
ulimit -SHn 1048576
echo -e "
Warning:
--You must command ulimit -SHn 1048576 if you don't restart system !
"
sleep 5
二、检测优化脚本
#!/bin/bash
# 系统优化项检查脚本。
export LANG="en"
SERESULT=`getenforce`
UMRESULT=`ulimit -n`
FWCURRENT=`service iptables status | grep "Firewall is not running" | wc -l`
FWSTART=`chkconfig --list iptables | awk '{print $5}'| awk -F : '{print $2}'`
FILE_MAX=`grep "fs.file-max" /etc/sysctl.conf|awk '{print $3}'`
FINTIMEOUT=`grep "tcp_fin_timeout" /etc/sysctl.conf | awk '{print $3}'`
REUSE=`grep "tcp_tw_reuse" /etc/sysctl.conf | awk '{print $3}'`
RECYCLE=`grep "tcp_tw_recycle" /etc/sysctl.conf | awk '{print $3}'`
TCPTIME=`grep "tcp_timestamps" /etc/sysctl.conf | awk '{print $3}'`
PORTRANGE_MIN=`grep "ip_local_port_range" /etc/sysctl.conf | awk '{print $3}'`
PORTRANGE_MAX=`grep "ip_local_port_range" /etc/sysctl.conf | awk '{print $4}'`
TCPWINDOW=`grep "tcp_window_scaling" /etc/sysctl.conf | awk '{print $3}'`
TCPSACK=`grep "tcp_sack" /etc/sysctl.conf | awk '{print $3}'`
# Check SELinux Configure
if [ $SERESULT = 'Disabled' ]
then echo -e "The SElinux is $SERESULT "..................."\033[32m PASS \033[0m"
else
echo -e "The SElinux is $SERESULT "..................."\033[31m FAILED \033[0m"
fi
# Check ulimit Configure
if [ $UMRESULT -ge 65535 ]
then echo -e "The ulimit is $UMRESULT"........................"\033[32m PASS \033[0m"
else
echo -e "The ulimit is $UMRESULT"....................."\033[31m FAILED \033[0m"
fi
# Check IPTABLES RUNNING & CONFIGURE
if [ $FWCURRENT -eq 0 ]
then echo -e "The Ipteblas is running "..................."\033[31m FAILED \033[0m"
elif [ $FWSTART = 'on' ]
then echo -e "The iptables you must stop "..................."\033[31m FAILED \033[0m"
else
echo -e "The iptables is not running"................"\033[32m PASS \033[0m"
fi
# Check Kernel File Open Max Configure
if [ `grep "fs.file-max" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $FILE_MAX -eq 1048576 ]
then echo -e "fs.file-max is $FILE_MAX"....................."\033[32m PASS \033[0m"
else
echo -e "fs.file-max is $FILE_MAX"...................."\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m fs.file-max not configure,please check! \033[0m"
fi
# Check Kernel Fin_timeout Configure
if [ `grep "tcp_fin_timeout" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $FINTIMEOUT -eq 30 ]
then echo -e "tcp_fin_timeout is $FINTIMEOUT"......................"\033[32m PASS \033[0m"
else
echo -e "tcp_fin_timeout is $FINTIMEOUT"........................"\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m FIN_timeout not config ,please check! \033[0m"
fi
# Check Kernel TCP reuse Configure
if [ `grep "tcp_tw_reuse" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $REUSE -eq 1 ]
then echo -e "tcp_tw_reuse is $REUSE"......................."\033[32m PASS \033[0m"
else
echo -e "tcp_tw_reuse is $REUSE".........................."\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m TCP_TW_REUSE not config ,please check! \033[0m"
fi
# Check Kernel TCP recycle Configure
if [ `grep "tcp_tw_recycle" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $RECYCLE -eq 1 ]
then echo -e "tcp_tw_recycle is $RECYCLE"....................."\033[32m PASS \033[0m"
else
echo -e "tcp_tw_recycle is $RECYCLE"........................"\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m TCP_TW_RECYCLE not config ,please check! \033[0m"
fi
# Check Kernel TCP timestamps Configure
if [ `grep "tcp_timestamps" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $TCPTIME -eq 1 ]
then echo -e "tcp_timestamps is $TCPTIME"......................"\033[32m PASS \033[0m"
else
echo -e "tcp_timestamps is $TCPTIME"........................."\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m TCP timestamps not config ,please check! \033[0m"
fi
# Check IPv4 Port Range configure
if [ `grep "ip_local_port_range" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $PORTRANGE_MIN -eq 1024 ] && [ $PORTRANGE_MAX -eq 65535 ]
then echo -e "ip_local_port_range is $PORTRANGE_MIN $PORTRANGE_MAX"........"\033[32m PASS \033[0m"
else
echo -e "ip_local_port_range is $PORTRANGE_MIN $PORTRANGE_MAX"........"\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m ip_local_port_range not config ,please check! \033[0m"
fi
# Check TCP_WINDOW Configure
if [ `grep "tcp_window_scaling" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $TCPWINDOW -eq 1 ]
then echo -e "TCP_WINDOW is $TCPWINDOW"........................."\033[32m PASS \033[0m"
else
echo -e "TCP_WINDOW is $TCPWINDOW"............................"\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m TCP_WINDOW not config ,please check! \033[0m"
fi
# Check tcp_sack Configure
if [ `grep "tcp_sack" /etc/sysctl.conf| wc -l` -ne 0 ]
then
if [ $TCPSACK -eq 1 ]
then echo -e "tcp_sack Time is $TCPSACK "..................."\033[32m PASS \033[0m"
else
echo -e "tcp_sack Time is $TCPSACK "......................"\033[31m FAILED \033[0m"
fi
else
echo -e "\033[34m tcp_sack Time not config ,please check! \033[0m"
fi
