#!/bin/bash
############################################################
# $Name: system_optimization.lid
# $Version: v1.0
# $Functions:
# optimization_main(){
# 1 SELINUX_stop
# 2 Create_general_user
# 3 Security_display
# 4 DF_declare
# 5 Clear_mail_queue
# 6 Linux_update_time
# 7 Sysctl_set
# 8 Linux_charavter_set
# # 9 Command_Move
# 10 All_Env_Set
# 11 mail_rc_set
# 12 general_user_shell_env
# 13 Hosts_declare
# 14 sshd_config_set
# 15 Set_hostname
# 16 Set_eth_0_1
# # 17 Linux_service_init
# }
# $Author: Jeson Li
# $organization: www.lzbbg.cn
# $Create Date: 2017-03-10
# $Mail: libobin@tom.com
# $Description: Linux System optimization Lib
################################################################
local_MAC="$(ip addr show eth0|awk 'NR==2{print $2}')"
eth1_profix='10.0.0.'
eth0_profix="172.16.1."
lb_haproxy_01_IP=3 ; lb_haproxy_01="lb-haproxy-01" ; lb_haproxy_01_MAC="00:50:56:21:5e:03"
lb_haproxy_02_IP=4 ; lb_haproxy_02="lb-haproxy-02" ; lb_haproxy_02_MAC="00:50:56:21:5e:04"
web_lnmp_01_IP=10 ; web_lnmp_01="web-lnmp-01" ; web_lnmp_01_MAC="00:50:56:21:5e:10"
web_lamp_02_IP=11 ; web_lamp_02="web-lamp-02" ; web_lamp_02_MAC="00:50:56:21:5e:11"
store_nfs_01_IP=30 ; store_nfs_01="store-nfs-01" ; store_nfs_01_MAC="00:50:56:21:5e:30"
store_rsync_01_IP=31 ; store_rsync_01="store-rsync-01" ; store_rsync_01_MAC="00:50:56:21:5e:31"
mysql_master_01_IP=50 ; mysql_master_01="mysql-master-01" ; mysql_master_01_MAC="00:50:56:21:5e:50"
mysql_master_02_IP=51 ; mysql_master_02="mysql-master-02" ; mysql_master_02_MAC="00:50:56:21:5e:51"
mysql_slave_01_IP=53 ; mysql_slave_01="mysql-slave-01" ; mysql_slave_01_MAC="00:50:56:21:5e:53"
mysql_proxy_01_IP=54 ; mysql_proxy_01="mysql-proxy-01" ; mysql_proxy_01_MAC="00:50:56:21:5e:54"
mysql_proxy_02_IP=55 ; mysql_proxy_02="mysql-proxy-02" ; mysql_proxy_02_MAC="00:50:56:21:5e:55"
cache_redis_01_IP=61 ; cache_redis_01="cache-redis-01" ; cache_redis_01_MAC="00:50:56:21:5e:61"
cache_redis_02_IP=62 ; cache_redis_02="cache-redis-02" ; cache_redis_02_MAC="00:50:56:21:5e:62"
mage_jump_01_IP=200 ; mage_jump_01="mage-jump-01" ; mage_jump_01_MAC="00:50:56:21:5e:20"
mage_monitor_01_IP=201 ; mage_monitor_01="mage-monitor-01" ; mage_monitor_01_MAC="00:50:56:21:5e:21"
[ "$local_MAC" == "$lb_haproxy_01_MAC" ] && { IPADDR=${lb_haproxy_01_IP} ; HostName=${lb_haproxy_01}; }
[ "$local_MAC" == "$lb_haproxy_02_MAC" ] && { IPADDR=${lb_haproxy_02_IP} ; HostName=${lb_haproxy_02}; }
[ "$local_MAC" == "$web_lnmp_01_MAC" ] && { IPADDR=${web_lnmp_01_IP} ; HostName=${web_lnmp_01}; }
[ "$local_MAC" == "$web_lamp_02_MAC" ] && { IPADDR=${web_lamp_02_IP} ; HostName=${web_lamp_02}; }
[ "$local_MAC" == "$store_nfs_01_MAC" ] && { IPADDR=${store_nfs_01_IP} ; HostName=${store_nfs_01}; }
[ "$local_MAC" == "$store_rsync_01_MAC" ] && { IPADDR=${store_rsync_01_IP} ; HostName=${store_rsync_01}; }
[ "$local_MAC" == "$mysql_master_01_MAC" ] && { IPADDR=${mysql_master_01_IP} ; HostName=${mysql_master_01}; }
[ "$local_MAC" == "$mysql_master_02_MAC" ] && { IPADDR=${mysql_master_02_IP} ; HostName=${mysql_master_02}; }
[ "$local_MAC" == "$mysql_slave_01_MAC" ] && { IPADDR=${mysql_slave_01_IP} ; HostName=${mysql_slave_01}; }
[ "$local_MAC" == "$mysql_proxy_01_MAC" ] && { IPADDR=${mysql_proxy_01_IP} ; HostName=${mysql_proxy_01}; }
[ "$local_MAC" == "$mysql_proxy_02_MAC" ] && { IPADDR=${mysql_proxy_02_IP} ; HostName=${mysql_proxy_02}; }
[ "$local_MAC" == "$cache_redis_01_MAC" ] && { IPADDR=${cache_redis_01_IP} ; HostName=${cache_redis_01}; }
[ "$local_MAC" == "$cache_redis_02_MAC" ] && { IPADDR=${cache_redis_02_IP} ; HostName=${cache_redis_02}; }
[ "$local_MAC" == "$mage_jump_01_MAC" ] && { IPADDR=${mage_jump_01_IP} ; HostName=${mage_jump_01}; }
[ "$local_MAC" == "$mage_monitor_01_MAC" ] && { IPADDR=${mage_monitor_01_IP} ; HostName=${mage_monitor_01}; }
export create_user_name="jeson"
export user_passwd="123456"
export uid="30325"
#######################################################################################################
# Create general user
Create_general_user(){
useradd -u ${uid} ${create_user_name}
echo "${user_passwd}"|passwd --stdin ${create_user_name}
echo -e "${create_user_name} ALL=(ALL) NOPASSWD: ALL\nDefaults logfile=/var/log/sudo.log" >>/etc/sudoers
visudo -c
}
# Security display
Security_display(){
> /etc/issue
> /etc/issue.net
}
# All user file discreption declare
DF_declare(){
echo "* - nofile 65535" >> /etc/security/limits.conf
}
# Cron Clear mail queue
Clear_mail_queue(){
echo -e "# clean maildrop created date: $(date +%F) user: $(whoami)\n00 * * * * /usr/bin/rm -f /var/spool/postfix/maildrop/* &>/dev/null\n" >>/var/spool/cron/$(whoami)
}
# Cron Linux update time
Linux_update_time(){
echo -e "# system time update created date: $(date +%F) user: $(whoami)\n#*/5 * * * * /usr/sbin/ntpdate time.windows.com &>/dev/null\n*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null\n" >>/var/spool/cron/$(whoami)
}
# /etc/sysctl.conf optimization
Sysctl_set(){
cat >> /etc/sysctl.conf <<-EOF
###sysctl.conf modify in $(date +%F)###
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65535
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
####################################
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
###iptables modify in $(date +%F)###
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
sysctl -p
}
# SELINUX optimization
SELINUX_stop(){
if [ $(grep "^SELINUX=" /etc/selinux/config) == "SELINUX=enforcing" ];then
sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config
[ $(getenforce) == "Enforcing" ] && { setenforce 0 ; }
fi
}
# Linux character set suport for china
Linux_charavter_set(){
cat > /etc/locale.conf <<-EOF
LANG="en_US.UTF-8"
#LANG="zh_CN.UTF-8"
EOF
}
# Command Move
Command_Move(){
mkdir -p /My_tools
chattr +i /etc/{passwd,passwd-,shadow,shadow-,group,group-,gshadow,gshadow-,inittab} && mv /usr/bin/{lsattr,chattr} /My_tools
tar czf My_tools.tar.gz /My_tools && rm -f /My_tools/[!M]*
}
# Declare all env variable
All_Env_Set(){
cat >>/etc/profile<<-EOF
# modify in $(date +%F)
export HISTTIMEFORMAT="%F %T \$(whoami) "
export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });logger "[euid=\$( whoami )]":\$(who am i):[\$(pwd)]"$msg"; }'
export PS1='\[\e[32m\][\u\[\e[33m\]@\[\e[32m\]\H\[\e[35m\]\w/\[\e[32m\]]\\$\[\e[0m'
EOF
}
# Declare send mailbox
mail_rc_set(){
cat >> /etc/mail.rc <<-EOF
# modify in $(date +%F)
set bsdcompat
set from=18978035799@189.cn
set smtp=smtp.189.cn
set smtp-auth-user=18978035799@189.cn
set smtp-auth-password=lbb123456
set smtp-auth=login
# mail -s "Title" 1270963692@qq.com </etc/mail.rc
EOF
}
# Set general user vim shell env
general_user_shell_env(){
cp /etc/vimrc /home/${create_user_name}/.vimrc
cat >> /home/${create_user_name}/.vimrc <<-EOF
set smartindent
set tabstop=4
set shiftwidth=4
set expandtab
set softtabstop=4
EOF
sed -i 's#autocmd BufNewFile \*\.spec 0r .*#autocmd BufNewFile *.sh 0r ~/.vim_template.sh#g' /home/${create_user_name}/.vimrc
cat >> /home/${create_user_name}/.vim_template.sh <<-EOF
#!/bin/bash
############################################################
# \$Name: commond.sh
# \$Version: v1.0
# \$Function:
#
#
# \$Author: Jeson Li
# \$organization: www.lzbbg.cn
# \$Create Date: 2017-03-10
# \$Mail: libobin@tom.com
# \$Description:
############################################################
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
Tik="\e[5m";Red="\e[31m";Grn="\e[32m";Ylw="\e[33m";Blu="\e[34m";Pup="\e[35m";Rst="\e[0m"
# source /etc/rc.d/init.d/functions
EOF
chown -R ${create_user_name}.${create_user_name} /home/${create_user_name}/
}
# Declare /etc/hosts file
Hosts_declare(){
cat >> /etc/hosts <<-EOF
${eth0_profix}$lb_haproxy_01_IP $lb_haproxy_01 lb01.lzbbg.cn
${eth0_profix}$lb_haproxy_02_IP $lb_haproxy_02 lb02.lzbbg.cn
${eth0_profix}$web_lnmp_01_IP $web_lnmp_01 web01.lzbbg.cn
${eth0_profix}$web_lamp_02_IP $web_lamp_02 web02.lzbbg.cn
${eth0_profix}$store_nfs_01_IP $store_nfs_01 nfs01.lzbbg.cn
${eth0_profix}$store_rsync_01_IP $store_rsync_01 rsync01.lzbbg.cn
${eth0_profix}$mysql_master_01_IP $mysql_master_01 dbmaster01.lzbbg.cn
${eth0_profix}$mysql_master_02_IP $mysql_master_02 dbmaster02.lzbbg.cn
${eth0_profix}$mysql_slave_01_IP $mysql_slave_01 dbslave01.lzbbg.cn
${eth0_profix}54 ${mysql_proxy_01} myproxy01.lzbbg.cn
${eth0_profix}55 ${mysql_proxy_02} myproxy02.lzbbg.cn
${eth0_profix}$cache_redis_01_IP $cache_redis_01 cache01.lzbbg.cn
${eth0_profix}$cache_redis_02_IP $cache_redis_02 cache02.lzbbg.cn
${eth0_profix}$mage_jump_01_IP $mage_jump_01 jump.lzbbg.cn
${eth0_profix}$mage_monitor_01_IP $mage_monitor_01 monitor.lzbbg.cn zabbix.lzbbg.cn dbzabbix.lzbbg.cn download.lzbbg.cn
${eth0_profix}32 nfs_vip.lzbbg.cn
${eth0_profix}52 dbmaster_vip.lzbbg.cn
${eth0_profix}56 myproxy_vip56.lzbbg.cn
${eth0_profix}57 myproxy_vip57.lzbbg.cn
${eth0_profix}63 cache_vip.lzbbg.cn
EOF
}
# Set /etc/ssh/sshd_config
sshd_config_set(){
cat >> /etc/ssh/sshd_config <<-EOF
# modify in $(date +%F)
Port 52113
PermitRootLogin no
PermitEmptyPasswords no
GSSAPIAuthentication no
UseDNS no
# ListenAddress $(grep "$HostName" /etc/hosts|awk 'NR==1{print $1}')
EOF
systemctl restart sshd.service
}
# Set hostname
Set_hostname(){
hostnamectl --static set-hostname $HostName
echo "$HostName" >/etc/hostname
}
Set_eth_0_1(){
sed -i "
s@BOOTPROTO=.*@BOOTPROTO=none@g
s@ONBOOT=no@ONBOOT=yes@
" /etc/sysconfig/network-scripts/ifcfg-eth0
# Set eth0 and Create eth0 for static
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF
IPADDR=${eth0_profix}${IPADDR}
NETMASK=255.255.255.0
DNS1=8.8.8.8
DNS2=8.8.4.4
EOF
sed -i "
s@BOOTPROTO=.*@BOOTPROTO=none@g
s@ONBOOT=no@ONBOOT=yes@
" /etc/sysconfig/network-scripts/ifcfg-eth1
# Set eth1 and Create eth1 for static
cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 <<-EOF
IPADDR=${eth1_profix}${IPADDR}
NETMASK=255.255.255.0
GATEWAY=${eth1_profix}2
EOF
ifdown eth1
ifup eth1
ifdown eth0
ifup eth0
sleep 5
}
# Linux Open the machine need start services
Linux_service_init(){
for service_name in $(systemctl list-unit-files|awk '/enabled/{print $1}')
do
systemctl disable $service_name
systemctl stop $service_name
done
for service_name in rsyncd default.target rsyslog sshd crond systemd-readahead-collect systemd-readahead-replay systemd-readahead-drop multi-user.target
do
systemctl enable $service_name
systemctl start $service_name
done
}
optimization_main(){
SELINUX_stop
Create_general_user
Security_display
DF_declare
Clear_mail_queue
Linux_update_time
Sysctl_set
Linux_charavter_set
# Command_Move
All_Env_Set
mail_rc_set
general_user_shell_env
Hosts_declare
sshd_config_set
Set_hostname
Set_eth_0_1
# Linux_service_init
}
浙公网安备 33010602011771号