初始化系统(普通,未加入zabbix和puppet)
标准化系统
2.优化系统内核
3.设置时区同步
4.安装glances
5.添加用户操作权限
6.更改ssh22端口,并禁止rootssh
7.保存防火墙设置并重启生效
1 #!/bin/bash 2 echo "这个是线上linux系统设置" 3 input_fun() 4 { 5 OUTPUT_VAR=$1 6 INPUT_VAR="" 7 while [ -z $INPUT_VAR ];do 8 read -p "$OUTPUT_VAR" INPUT_VAR 9 done 10 echo $INPUT_VAR 11 } 12 #1.优化内核参数 13 cat >> /etc/sysctl.conf << ENDF 14 net.ipv4.tcp_max_syn_backlog = 65536 15 net.core.netdev_max_backlog = 32768 16 net.core.somaxconn = 32768 17 net.core.wmem_default = 8388608 18 net.core.rmem_default = 8388608 19 net.core.rmem_max = 16777216 20 net.core.wmem_max = 16777216 21 net.ipv4.tcp_timestamps = 0 22 net.ipv4.tcp_synack_retries = 2 23 net.ipv4.tcp_syn_retries = 2 24 net.ipv4.tcp_tw_recycle = 1 25 #net.ipv4.tcp_tw_len = 1 26 net.ipv4.tcp_tw_reuse = 1 27 net.ipv4.tcp_mem = 94500000 915000000 927000000 28 net.ipv4.tcp_max_orphans = 3276800 29 net.ipv4.ip_local_port_range = 1024 65535 30 ENDF 31 sysctl -p 32 33 #2.设置时间时区同步 34 yum -y install ntpdate 35 /usr/sbin/ntpdate time.nist.gov 36 echo "*/5 * * * * root /usr/sbin/ntpdate time.nist.gov 1> /dev/null 2>&1" >> /var/spool/cron/root 37 #3.yum glances 38 yum install -y epel* python-pip python-devel 39 yum install –y glances 40 #4.增加用户并sudo提权 41 user_add() 42 { 43 USERNAME=$(input_fun "please input new user name:") 44 useradd $USERNAME 45 passwd $USERNAME 46 } 47 user_add 48 49 chmod +w /etc/sudoers 50 echo "$USERNAME ALL=(ALL) ALL" >>/etc/sudoers 51 chmod -w /etc/sudoers 52 53 #5.配置SSHD 每次添加一台主机更改一次端口 54 sed -i '/^#Port/s/#Port 22/Port 35535/g' /etc/ssh/sshd_config 55 sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config 56 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config 57 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config 58 /sbin/iptables -I INPUT -p tcp --dport 35535 -j ACCEPT 59 /etc/rc.d/init.d/iptables save 60 service iptables restart 61 /etc/init.d/sshd restart
浙公网安备 33010602011771号