第一篇：Linux主机初始化

Linux主机初始化

# 设置主机名称
hostname_setup(){
cur_name=`gawk -F "=" '/HOSTNAME/{print $2}' /etc/sysconfig/network`
sed -i "s/${cur_name}/${h_name}/g" /etc/sysconfig/network
hostname ${h_name}
echo "Change hostname to ${h_name}!!"
echo "--------------------------------------------"
}

# 基本软件包安装
rpm_install(){
echo "you need rpm install"
yum -y install gcc gcc-c++ automake autoconf \
tree lrzsz cmake openssl-devel curl unzip ntp \
libaio-devel wget ncurses-devel screen
echo "--------------------------------------------"
}

# 新建必要的工作目录
mkwork_dir(){
dir_list=(
/application/tools
/server/scripts
/app/logs
)
for ((i=0;i<${#dir_list[@]};i++))
do
    if [ ! -d ${dir_list[i]} ]
        mkdir -p ${dir_list[i]}
    then
        echo "${dir_list[i]} is exist!"
    fi
done
echo "--------------------------------------------"
}

# 设置yum源，如果公司内部有搭建yum源可以使用公司内部yum源
yum_setup(){
mkdir -p /etc/yum.repos.d/repo
mv /etc/yum.repos.d/* /etc/yum.repos.d/repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 
rpm -ivh http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
#rpm -ivh http://mirrors.aliyun.com/epel/6/i386/epel-release-6-8.noarch.rpm
}

# sshd优化
sshd_setup(){
cp /etc/ssh/sshd_config{,.`date +%F`}
sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config   
#sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/#AuthorizedKeysFile    .ssh\/authorized_keys/AuthorizedKeysFile    .ssh\/authorized_keys/g' /etc/ssh/sshd_config
sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
/etc/init.d/sshd reload
}

# 设置sudo记录log
sudolog_setup(){
echo "Defaults     logfile=/var/log/sudo.log">>/etc/sudoers  
echo "local2.debug    /var/log/sudo.log">>/etc/rsyslog.conf
/etc/init.d/rsyslog restart
}

# iptables优化
iptables_setup(){
/etc/init.d/iptables stop
chkconfig iptables off
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 
echo "iptables and selinux is stop"
}

# 添加默认的系统用户
adduser_setup(){
user=(
mads
)
for ((i=0;i<${#user[@]};i++))
do
    grep -q ${user[$i]} /etc/passwd
    if [ $? -eq 0 ];then
        echo "user ${user[$i]} is exit!!!"
    else
        useradd ${user[$i]}    
        echo "strong"|passwd --stdin mads && history -c
        echo "${user[$i]} ALL=(ALL) ALL" >>/etc/sudoers
        visudo -c
    fi
done
echo "add or del user is ok!!!"
}

# NTP优化
ntp_setup(){
grep -q "ntp time setup" /var/spool/cron/root
if [ $? -eq 0 ]
then
    echo "ntp server is setup ok"
else
    echo -e "\n#ntp time setup by mads `date +%F`\n*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2 >&1\n*/10 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1">>/var/spool/cron/root
fi
echo "ntp server is ok!!!"
}

# 优化开机启动项
server_manage(){
LANG=en
for sun in `chkconfig --list|grep 3:on|gawk '{print $1}'`;do chkconfig $sun off;done
for sun in crond rsyslog sshd network;do chkconfig $sun on;done
echo "server is setup ok,only sshd network rsyslog crond is on"
echo "--------------------------------------------"
}

# mail相关优化
Mail_setup(){

# 设置利用第三方邮箱发送邮件
# 待补充

chkconfig postfix off
/etc/init.d/postfix stop
[ -d /var/spool/clientmqueue/ ]&&find /var/spool/clientmqueue/ -type f -mtime +30|xargs rm -f
if [ $? -eq 0 ]
then
    echo "clear mail crond is exist!!!"
else
    echo -e '\n#clear mail by mads `date +%F`\n*/30 * * * * /bin/sh /server/scripts/spool_clean.sh >/dev/null 2>&1'>>/var/spool/cron/root
fi
echo "clear mail is setup ok"
echo "--------------------------------------------"
}

# 锁定关键系统文件
chattr_file(){
if [ -x /usr/bin/chattr ]
then
    chattr +i /etc/passwd /etc/inittab /etc/group /etc/shadow /etc/gshadow /etc/services
    /bin/mv /usr/bin/chattr /usr/bin/rttahc
else
    /usr/bin/rttahc +i /etc/passwd /etc/inittab /etc/group /etc/shadow /etc/gshadow /etc/services
fi
echo "file is chattr +i not remeber"
echo "--------------------------------------------"
}

# 隐藏系统信息
note_setup(){
cp /etc/redhat-release{,.`date +%F`}
cp /etc/issue{,.`date +%F`}
cp /etc/issue.net{,.`date +%F`}
>/etc/redhat-release
>/etc/issue
>/etc/issue.net
echo "note is clear"
echo "--------------------------------------------"
}