Linux模板机优化实操

1. 防火墙，selinux

• 防火墙关闭

点击查看代码

systemctl stop firewalld 
systemctl disable  firewalld

#ubuntu系统
systemctl  disable  ufw 
systemctl  stop   ufw

• 防火墙检查

点击查看代码

systemctl status firewalld

• selinux关闭

点击查看代码

setenforce  0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g'  /etc/selinux/config

• selinux检查

点击查看代码

[root@oldboy-muban ~]# grep disabled /etc/selinux/config 
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@oldboy-muban ~]# getenforce 
Permissive  #或是是disabled都是关闭

2. yum与apt源与安装常用工具

• 配置centos

点击查看代码

#配置base源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#增加epel源
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
#安装常用工具
yum install -y vim tree wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate
yum install -y sl cowsay

• 麒麟

点击查看代码

#增加epel源
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
#安装麒麟常用软件
yum install -y vim tree wget bash-completion lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate

• ubuntu 22.04

点击查看代码

cp  /etc/apt/sources.list{,.bak}

cat  >/etc/apt/sources.list<<EOF

deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse

# deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF

apt update

#安装常用工具
apt install -y tree vim   telnet  lrzsz   nmap  ncat  ntpdate

3. ssh远程连接加速

点击查看代码

#关闭ssh远程连接反向解析功能,加速ssh远程连接.
#修改ssh服务端配置文件
#1.注释掉已有的配置
sed -i '/^GSSAPIAuthentication/s@^@#@g' /etc/ssh/sshd_config
#2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
#关闭dns反向解析  ip-->域名
#kylin系统默认允许root远程登陆，ubuntu系统默认root用户不能远程登录
#PermitRootLogin yes
EOF
#3.重启sshd
systemctl restart sshd
#ubuntu的命令为systemctl restart ssh
#4.检查
egrep '^(PermitRootLogin|GSSAPIAuthentication|UseDNS)' /etc/ssh/sshd_config

#结果有2个no即可.

4. 时间同步

点击查看代码

cat >/var/spool/cron/root<<EOF
*/3 * * * * /sbin/ntpdate ntp.aliyun.com  >/dev/null  2>&1
EOF

#ubuntu
select-editor
#选2，vim.basic

5. 配置命令行颜色

点击查看代码

echo "export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \w\[\e[0m\]]\$ '" >> /etc/profile

6. 配置rm的别名

点击查看代码

#1.写入别名到/etc/profile中
alias rm='echo pls do not use rm'

#2.回收站别名
cat > /server/scripts/recyle-rm.sh << EOF
#!/bin/bash
##############################################################
# File Name:recyle-rm.sh
# Version:V1.0
# Desc:
##############################################################

#1.vars
files="$@"
dir=/recyle/

#2.判断
if [ $# -eq 0 ];then
   echo "Help: $0 file dir ...."
   exit 
fi

#3.创建临时目录
#后期可以加入判断 目录不存在则创建
mkdir -p $dir
tmp_dir=`mktemp -d -p ${dir}`

#4.把文件,目录...移动到临时目录
#这里未来可以加入更多的判断.
mv -t ${tmp_dir} ${files}

#5.文件,目录已经移动到回收站
echo "文件,目录已经移动到回收站:${tmp_dir}"
EOF

alias rm='bash /server/scripts/recyle-rm.sh'

#2.注释掉已有的rm别名
sed -i '/rm/s@^@#@g' ~/.bashrc

sed -i 's@alias.*rm@#&@g' ~/.bashrc
#3.重新登录系统检查

#其他别名
cat  >>/etc/profile<<EOF
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
EOF

7. 修改ip和主机名的脚本

点击查看代码

#kylin
cat > /server/scripts/change.sh << EOF
#!/bin/bash
#author: wangzhi
#desc: change ip and hostname
#version: v7.0 fina
#sh   脚本  主机名  ip地址(新的ip)
eth0_name=ens33
eth1_name=ens34
eth0=/etc/sysconfig/network-scripts/ifcfg-$eth0_name
eth1=/etc/sysconfig/network-scripts/ifcfg-$eth1_name
bak=/backup/

#0.backup network config
mkdir -p $bak  
\cp $eth0 $eth1 $bak

#1.脚本参数个数
if [ $# -ne 2 ] ;then
  echo "请输入2个参数"
  exit 1
fi

#2.模板机ip地址(最后1位)
ip=`hostname -I |awk '{print $1}'|sed 's#.*\.##g'`
#3.新的ip
ip_new=`echo $2 |sed 's#^.*\.##g'`
#4.新的主机名
hostname=$1

#5.修改ip
if [ -f $eth0 ];then
   sed -i "s#10.0.0.$ip#10.0.0.$ip_new#g" $eth0
else
   echo "eth0网卡不存在,修改失败"
fi

if [ -f $eth1 ];then
   sed -i "s#172.16.1.$ip#172.16.1.$ip_new#g" $eth1
else
   echo "eth1网卡不存在,修改失败"
fi

ifdown $eth0_name && ifup $eth0_name
ifdown $eth1_name && ifup $eth1_name

#6.修改主机名
hostnamectl set-hostname $hostname
EOF

#ubuntu
cat > /server/scripts/changeip.sh << EOF
#!/bin/bash
#author: wangzhi
#desc: change ip and hostname
#version: v7.0 fina
#sh   脚本  主机名  ip地址(新的ip)

net_config=/etc/netplan/00-installer-config.yaml 

#0.root?
[ $UID -ne 0 ] && {
   echo "pls run as root".
   exit 1
}

#1.脚本参数个数
if [ $# -ne 2 ] ;then
  echo "请输入2个参数"
  exit 2
fi

#2.模板机ip地址(最后1位)
ip=`hostname -I |awk '{print $1}'|sed 's#.*\.##g'`
#3.新的ip
ip_new=`echo $2 |sed 's#^.*\.##g'`
#4.新的主机名
hostname=$1

#5.修改ip
if [ -f $net_config ];then
   sed -i "s#10.0.0.$ip#10.0.0.$ip_new#g" $net_config
   sed -i "s#172.16.1.$ip#172.16.1.$ip_new#g" $net_config
else
   echo "eth0网卡不存在,修改失败"
fi

#6.生效
netplan apply
networkctl reload 

#7.修改主机名
hostnamectl set-hostname $hostname
EOF

#配置脚本命令行运行
chmod  +x /server/scripts/changeip.sh
ln -s  /server/scripts/changeip.sh /bin/

8. 配置hosts解析
   略

9. vimrc

点击查看代码

cat >> /etc/vimrc << EOF
set ignorecase 
autocmd BufNewFile *.py,*.cc,*.sh,*.java,*.bash exec ":call SetTitle()"

func SetTitle()
if expand("%:e") =~ 'sh\|bash'
call setline(1, "#!/bin/bash")
call setline(2,"##############################################################")
call setline(3, "# File Name:".expand("%"))
call setline(4, "# Version:V1.0")
call setline(5,"##############################################################")

endif
endfunc
EOF

10. 释放被占用的内存 kdump

点击查看代码

#关闭kdump
#1.命令关闭
systemctl disable --now kdump

#2.修改启动配置文件
sed  -i  's#crashkernel=1024M,high##g'   /boot/grub2/grub.cfg

#3.重启linux系统

11. 处理tmp

点击查看代码

systemctl mask tmp.mount
umount /tmp/
#重启检查结果