linux系统 -新环境-初始化脚本

 

vi hj.sh

#!/bin/bash
# Optimize the system after installation
PASSWD=123456
NETIP=192.168.1.63
NETGATWAY=192.168.1.1
PROTOBOOT=none
HOSTNAME=zsl.cn
DNS1=8.8.8.8
NTPSERVER=ntp1.aliyun.com
YUMREPO=http://mirrors.aliyun.com/repo/Centos-7.repo
EPELREPO=http://mirrors.aliyun.com/repo/epel-7.repo
SSH_PORT=10024
eth0=ens33

# in case of some bad behaviours
CHATTR=chenhao
# Open the port for iptabeles input or maybe stop iptables
PORTS=80,22,21,8088
# record the system user,ip addresse,shell command and detail
HISTDIR=/usr/etc/.history
 
# the welcome info
cat << EOF
+------------------------------------------------------------------+
|     **********  Welcome to CentOS 7.x System init  **********    |
+------------------------------------------------------------------+
EOF
[ `whoami` != "root" ] && echo "please use root" && exit 1
function format() {
    echo -e "\033[32m Success!!!\033[0m\n"
    echo "#########################################################"
}
 
###change the root passwd
echo "set root passwd"
echo $PASSWD | passwd root --stdin &> /dev/null
format
 
###change network setting
# sed -i "s/\$releasever/${RHEL_Ver}/g" --替换写法
cat > /etc/sysconfig/network-scripts/ifcfg-$eth0 << EOF
TYPE=Ethernet
BOOTPROTO=none
NAME=$eth0
DEVICE=$eth0
ONBOOT=yes
IPADDR=$NETIP
PREFIX=24
GATEWAY=$NETGATWAY
DNS1=8.8.8.8
EOF
systemctl restart network
format

###add route
#route add default gateway $DNS1
#echo "route add default gateway $DNS1" >/etc/profile.d/add-route.sh
#format
 
###change the hostname
echo "set hostname"
hostname $HOSTNAME && echo "$HOSTNAME" > /etc/hostname
format
 
###change the dns
echo "set DNS"
echo "" > /etc/resolv.conf    
echo "nameserver $DNS1" > /etc/resolv.conf
#echo "nameserver $DNS2" >> /etc/resolv.conf
ping -c 3 www.baidu.com &> /dev/null || echo "Network is unreachable" || exit 3
format
 
###diable selinux
echo "disable selinux"
[ `getenforce` != "Disabled" ] && setenforce 0 &> /dev/null && sed -i s/"^SELINUX=.*$"/"SELINUX=disabled"/g /etc/sysconfig/selinux
format
 
###update yum repo
echo "set yum mirrors"
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo $YUMREPO &> /dev/null
curl -o /etc/yum.repos.d/epel.repo $EPELREPO &> /dev/null
yum clean all &> /dev/null && yum makecache &> /dev/null
format
 
###install the basic command
yum install vim wget openssl-devel ntpdate make gcc-c++  ncurses-devel net-snmp sysstat lrzsz zip unzip tree net-tools lftp -y
#yum -y groupinstall "Development Tools" "Server Platform Development" &> /dev/null
format
 
### change ssh port
#echo "set sshd"
#cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
#sed -i s/"^Port 22"/"Port $SSH_PORT"/g /etc/ssh/sshd_config
#sed -i s/"^UseDNS yes"/"UseDNS no"/g /etc/ssh/sshd_config
#service sshd restart &> /dev/null
 
###lock the important file($CHATTR -i to disable)
#echo "chattr files"
#chattr +i /etc/passwd
#chattr +i /etc/inittab
#chattr +i /etc/group
#chattr +i /etc/shadow
#chattr +i /etc/gshadow
#chattr +i /etc/resolv.conf
#chattr +i /etc/hosts
#chattr +i /etc/fstab
#mv /usr/bin/chattr /usr/bin/$CHATTR
 
###character set
echo "set LANG"
#sed -i s/"^LANG=.*$"/"LANG=zh_CN.UTF-8"/ /etc/locale.conf
#source /etc/locale.conf
 
###update timezone
echo "set ntptime"
rm /etc/localtime
ln -vs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
yum install ntpdate -y
ntpdate $NTPSERVER &> /dev/null
echo "*/5 * * * * /usr/sbin/ntpdate $NTPSERVER  &>/dev/null" >> /etc/crontab
hwclock -w
format
 
###set the system limit
echo "Set ulimit 65535"
cat << EOF >> /etc/security/limits.conf
*    soft    nofile  65535
*    hard    nofile  65535
*    soft    nproc 65535
*    hard    nproc 65535
EOF
sed -i 's/4096/1024000/g' /etc/security/limits.d/20-nproc.conf
format
 
###system audit and trouleshooting
echo "set history"
cat >> /etc/profile.d/system-audit.sh << EOF
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ -z $USER_IP ]
then
USER_IP=`hostname`
fi
if [ ! -d $HISTDIR ]
then
mkdir -p $HISTDIR
chmod 777 $HISTDIR
fi
if [ ! -d $HISTDIR/${LOGNAME} ]
then
mkdir -p $HISTDIR/${LOGNAME}
chmod 300 $HISTDIR/${LOGNAME}
fi
export HISTSIZE=2000
DT=`date +%Y%m%d_%H%M%S`
export HISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.history.$DT"
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] "
chmod 600 $HISTDIR/${LOGNAME}/*.history* 2>/dev/null
  
ulimit -SHn 65535
ulimit -SHu unlimited
ulimit -SHd unlimited
ulimit -SHm unlimited
ulimit -SHs unlimited
ulimit -SHt unlimited
ulimit -SHv unlimited
EOF
source /etc/profile.d/system-audit.sh
format
 
###show the system info
echo "Set login message."
echo "This is Product Server" > /etc/issue
format
 
###iptables setting
echo "set iptables"
systemctl stop firewalld
systemctl disable firewalld
format
iptables -F
#iptables -A INPUT -p tcp -m multiport --dports $SSH_PORT,$PORTS -j ACCEPT
#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i lo -j ACCEPT
#iptables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -P INPUT DROP
#iptables -P FORWARD DROP
#iptables -P OUTPUT ACCEPT
#service iptables save &> /dev/null
 
# reboot the system after setting
reboot

 

posted @ 2018-12-01 11:59  夜辰雪扬  阅读(161)  评论(0)    收藏  举报