最小化安装系统后操作-1
1,centos 7 最小化安装系统
#!/bin/bash
#
#********************************************************************
#FileName: allinone.sh
#Description: The test script
#Copyright (C): 2019 All rights reserved
#********************************************************************
#
miniyum () {
yum install vim iotop bc gcc gcc-c++ glibc glibc-devel pcre \
pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools \
lrzsz tree ntpdate telnet lsof tcpdump wget libevent libevent-devel \
bc systemd-devel bash-completion traceroute -y
}
# globe set
modifyPS1 ()
{
if [ -e ~/.bashrc ] ;then
Ps1='PS1="\e[1;32m[\u@\h \W] \e[1;33;32m \$ \e[0m"'
echo $Ps1 >> ~/.bashrc
source /root/.bashrc
else
echo '~/.bashrc is not exist'
fi
}
mbrBackup ()
{
echo "start backup your MBR"
echo 'recovery usage: dd of=backup.file if=/dev/sda bs=1 count=512 '
dd if=/dev/sda of=~/mbr.backup bs=1 count=512
echo "backup success! your file is ~/mbr.backup "
}
#########
## 添加yum仓库及epel源
modifYUM ()
{
# version=`sed -nr '/^VERSION=/ s/.*([0-9]+).*/\1/p' /etc/os-release`
# if [ -n "$version" ] ;then
# url="http://mirrors.163.com/.help/CentOS${version}-Base-163.repo"
# cd /etc/yum.repos.d/
# find . -type f -exec mv {} {}.bak \;
# wget -O "${version}.repo" "$url"
# sed -ri.bk 's/enabled=./enabled=1/' "${version}.repo"
# fi
cd /etc/yum.repos.d/
rm -rf *
cat > /etc/yum.repos.d/epel-`sed -rn 's@.* ([0-9]).*@\1@p' /etc/centos-release
`.repo<<EOF
[epel]
name=Extra Packages for Enterprise Linux 7 -\$basearch
baseurl=http://mirrors.aliyun.com/epel/\$releasever/\$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 -\$basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/\$releasever/\$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
[epel-source]
name=Extra Packages for Enterprise Linux 7 -\$basearch- Source
baseurl=http://mirrors.aliyun.com/epel/\$releasever/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
EOF
cat >/etc/yum.repos.d/CentOS-Base-`sed -rn 's@.* ([0-9]).*@\1@p' /etc/centos-release
`-163.repo<<EOF
[base]
name=CentOS-\$releasever - Base - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=\$releasever&arch=\$basearch&repo=os
baseurl=http://mirrors.163.com/centos/\$releasever/os/\$basearch/
gpgcheck=0
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
EOF
}
shutdownFirewalldSelinux ()
{
echo "echo shutdowning firewalld and selinux"
`systemctl stop firewalld` &> /dev/null
`systemctl disable firewalld` &> /dev/null
[[ `getenforce` != "Disabled" ]] && `sed -inr 's/^(SELINUX=)(.*)/\1disabled/p' /etc/selinux/config`
}
changeToeth0 ()
{
echo "start to modfiy /etc/default/grub ,so the NetInterface will like eth0 "
sed -ri.bak 's/(GRUB_CMDLINE_LINUX=).*/\1"rhgb quiet net.ifnames=0 biosdevname=0"/g' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null
echo "pls reboot !"
}
modifyVim (){
cat > ~/.vimrc <<EOF
syntax on
set number
set ignorecase
set cursorline
set autoindent
set tabstop=4
autocmd BufNewFile *.sh exec ":call SetTitle()"
func SetTitle()
if expand("%:e") == 'sh'
call setline(1,"#!/bin/bash")
call setline(2,"#")
call setline(3,"#********************************************************************")
call setline(4,"#Author: yon_")
call setline(5,"#QQ: xxx25144")
call setline(6,"#Date: ".strftime("%Y-%m-%d"))
call setline(7,"#FileName: ".expand("%"))
call setline(8,"#URL: https://www.cnblogs.com/g2thend/")
call setline(9,"#Description: The test script")
call setline(10,"#Copyright (C): ".strftime("%Y")." All rights reserved")
call setline(11,"#********************************************************************")
call setline(12,"")
endif
endfunc
autocmd BufNewFile * normal G
EOF
}
fastKey() {
cat >> ~/.bashrc <<EOF
alias cc='clear'
alias cdd='cd /data'
alias cdnet='cd /etc/sysconfig/network-scripts'
alias cdyum='cd /etc/yum.repos.d/'
alias yy='yum -y install'
alias vie0='vim /etc/sysconfig/network-scripts/ifcfg-eth0'
alias vie1='vim /etc/sysconfig/network-scripts/ifcfg-eth1'
EOF
source /root/.bashrc
}
modifYUM
changeToeth0
modifyVim
fastKey
modifyPS1
shutdownFirewalldSelinux
miniyum
命令行补全
yum install -y bash-completion
容器补全:
sudo curl -L https://raw.githubusercontent.com/docker/compose/1.24.1/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
source /etc/bash_completion.d/docker-compose
再一个
#!/bin/bash
#临时dns设置,用于yum下载
echo "nameserver 8.8.8.8" /etc/resolv.conf
echo "nameserver 8.8.4.4" /etc/resolv.conf
#设置ntp时间服务
/usr/bin/yum install -y ntpdate
/usr/sbin/ntpdate 10.0.11.26
echo "*/5 * * * * /usr/sbin/ntpdate 10.0.11.26 > /dev/null 2>&1" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate 10.0.11.27 > /dev/null 2>&1" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate 10.0.11.28 > /dev/null 2>&1" >>/var/spool/cron/root
chmod 600 /var/spool/cron/root
#关闭防火墙
iptables -F
iptables -X
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
#设置DNS
\cp -f /etc/resolv.conf /etc/resolv.conf.bak
> /etc/resolv.conf
echo "domain veredholdings.cn" >> /etc/resolv.conf
echo "search veredholdings.cn" >> /etc/resolv.conf
echo "nameserver 10.0.11.21" >> /etc/resolv.conf
echo "nameserver 10.0.11.22" >> /etc/resolv.conf
/usr/bin/chattr +ai /etc/resolv.conf
#更换为内网yum源
cd /etc/yum.repos.d/
/bin/mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget http://10.0.8.50/software/CentOS-Base.repo
wget http://10.0.8.50/software/epel.repo
/usr/bin/yum clean all
/usr/bin/yum makecache
#内核参数优化
/bin/cat << EOF > /etc/sysctl.conf
kernel.sysrq = 1
kernel.core_uses_pid = 1
fs.aio-max-nr = 1048576
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_forward = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.core.somaxconn = 65535
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 10000
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_max_orphans = 131072
#fs.file-max = 65536 #os can config
vm.min_free_kbytes = 1048576
vm.swappiness = 10
vm.dirty_ratio = 10
vm.vfs_cache_pressure=150
vm.drop_caches = 1
kernel.panic = 60
EOF
/sbin/sysctl -p >/dev/null 2>&1;
#ssh登陆优化
cp /etc/ssh/sshd_config{,.bak}
#sed -e 's/\#PermitRootLogin yes/PermitRootLogin no/' -i /etc/ssh/sshd_config > /dev/null 2>&1
sed -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' -i /etc/ssh/sshd_config > /dev/null 2>&1
sed -e 's/#UseDNS yes/UseDNS no/' -i /etc/ssh/sshd_config > /dev/null 2>&1
systemctl restart sshd.service
#修改文件描述符数量
sed -i 's#4096#65535#g' /etc/security/limits.d/20-nproc.conf
/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo '* soft nofile 65535'>>/etc/security/limits.conf
echo '* hard nofile 65535'>>/etc/security/limits.conf
echo '* soft nproc 102400'>>/etc/security/limits.conf
echo '* hard nproc 102400'>>/etc/security/limits.conf
# 安装常用软件
/usr/bin/yum groupinstall "Development Tools"
/usr/bin/yum install -y gcc glibc gcc-c++ make lrzsz tree wget curl lsof dstat vim wsmancli ipmitool mtr sysstat ethtool systemtap strace
/bin/rm /root/idc_system_centos7_init.sh
# 最后重启服务器
reboot
lll
#!/bin/bash
#设置内网DNS
set_resolv()
{
/bin/cat << EOF > /etc/resolv.conf
server bkjk.cn
nameserver 172.29.16.27
nameserver 172.29.16.28
options timeout:1
EOF
}
#设置ntp时间服务
set_ntp()
{
echo -e '\033[32m ***************config ntp*************** \033[0m'
/usr/sbin/ntpdate ntp1.aliyun.com;/sbin/hwclock -w"
echo "00 * * * * /usr/sbin/ntpdate ntp1.aliyun.com;/sbin/hwclock -w" >>/var/spool/cron/root
chmod 600 /var/spool/cron/root
}
#关闭防火墙
set_firewall()
{
echo -e '\033[32m ***************config firewall*************** \033[0m'
iptables -F
iptables -X
#service iptables save > /dev/null 2>&1
chkconfig iptables off > /dev/null 2>&1
service iptables stop > /dev/null 2>&1
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
}
#设置内网yum源(yum.bkjk.cn是内网yum源机器的内网域名)
set_repo()
{
rm -rf /etc/yum.repos.d/*
cd /etc/yum.repos.d/
wget http://yum.bkjk.cn/repo/CentOS-Base.repo
wget http://yum.bkjk.cn/repo/epel.repo
wget http://yum.bkjk.cn/repo/puppet.repo
yum clean all
yum makecache
}
#设置系统环境变量
set_audit ()
{
#add syslog audit
sed -i 's#HISTSIZE=1000#HISTSIZE=3000#' /etc/profile
echo 'HISTTIMEFORMAT="<%F %T>"' >> /etc/profile
echo "user.info /var/log/history" >> /etc/rsyslog.conf
sed -i "/\/var\/log\/spooler/a/var/log/history" /etc/logrotate.d/syslog
source /etc/profile
/etc/init.d/rsyslog restart
}
set_security()
{
#disable control-alt-delete
cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.override
sed -i 's/exec/#exec/' /etc/init/control-alt-delete.override
#limit normal user can't reboot poweroff halt
rm -rf /etc/security/console.apps/*
echo "/etc/security/console.apps/ is empty now"
#/etc/rc.d/init.d authority
chmod -R 700 /etc/rc.d/init.d/
echo "/etc/rc.d/init.d/ mod is 700 now"
#delete banner
echo > /etc/issue
echo > /etc/issue.net
#delete tty
echo "console" > /etc/securetty
echo "vc/1" >> /etc/securetty
echo "tty1" >> /etc/securetty
echo "tty config is done"
}
set_tune()
{
#nofile limits
echo " * soft nofile 65535" >> /etc/security/limits.conf
echo " * hard nofile 65535" >> /etc/security/limits.conf
echo " * soft nproc 102400" >> /etc/security/limits.conf
echo " * hard nproc 102400" >> /etc/security/limits.conf
ulimit -SHn 65535
}
set_sysctl()
{
/bin/cat << EOF > /etc/sysctl.conf
kernel.sysrq = 1
kernel.core_uses_pid = 1
fs.aio-max-nr = 1048576
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_forward = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.core.somaxconn = 65535
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 10000
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_max_orphans = 131072
#fs.file-max = 65536 #os can config
vm.min_free_kbytes = 1048576
vm.swappiness = 10
vm.dirty_ratio = 10
vm.vfs_cache_pressure=150
vm.drop_caches = 1
kernel.panic = 60
EOF
/sbin/sysctl -p >/dev/null 2>&1;
}
set_user()
{
#delete useless user
usernum=`awk -F : '{print $1}' /etc/passwd | grep -E 'adm|lp|sync|shutdown|halt|news|uucp|operator|games|gopher' | wc -l`
if [ $usernum == 0 ]
then
echo there is no useless user
else
for i in `awk -F : '{print $1}' /etc/passwd | grep -E 'adm|lp|sync|shutdown|halt|news|uucp|operator|games|gopher'`
do
userdel -r $i > /dev/null 2>&1
echo delete useless user $i
done
echo **********************useless user delete complete!**********************
fi
#delete useless group
groupnum=`awk -F : '{ print $1 }' /etc/group | grep -E 'adm|lp|news|uucp|games|dip|pppusers|popusers|slipusers' | wc -l`
if [ $groupnum == 0 ]
then
echo there is no useless group
else
for j in `awk -F : '{ print $1 }' /etc/group | grep -E 'adm|lp|news|uucp|games|dip|pppusers|popusers|slipusers'`
do
groupdel $j > /dev/null 2>&1
echo delete uesless group $j
done
echo **********************useless group delete complete!**********************
fi
}
set_ssh()
{
cp /etc/ssh/sshd_config{,.bak}
#sed -e 's/\#PermitRootLogin yes/PermitRootLogin no/' -i /etc/ssh/sshd_config > /dev/null 2>&1
sed -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' -i /etc/ssh/sshd_config > /dev/null 2>&1
sed -e 's/#UseDNS yes/UseDNS no/' -i /etc/ssh/sshd_config > /dev/null 2>&1
sed -e 's/#Port 22/Port 22222/' -i /etc/ssh/sshd_config > /dev/null 2>&1
sed -i '/StrictHostKeyChecking/ s/ask/no/' /etc/ssh/ssh_config > /dev/null 2>&1
sed -i '/StrictHostKeyChecking/ s/^#/^/' /etc/ssh/ssh_config > /dev/null 2>&1
sed -i '/StrictHostKeyChecking/a UserKnownHostsFile \/dev\/null' /etc/ssh/ssh_config > /dev/null 2>&1
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config > /dev/null 2>&1
/etc/init.d/sshd restart > /dev/null 2>&1
}
set_yumpackage()
{
yum install -y gcc glibc gcc-c++ make lrzsz tree wget curl lsof dstat vim wsmancli ipmitool mtr sysstat ethtool systemtap strace
}
phy_deploy()
{
set_resolv
set_repo
set_yumpackage
set_ssh
set_user
set_sysctl
set_security
set_audit
set_tune
set_ntpdate
}
set_reboot() {
shutdown -r now
}
main()
{
phy_deploy
set_reboot
}
main
浙公网安备 33010602011771号