适用于Centos6.x系统的15项优化脚本
Posted 有暗香盈袖c
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了适用于Centos6.x系统的15项优化脚本相关的知识,希望对你有一定的参考价值。
喜欢 · 再关注
再小的努力乘以365都很明显。
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo "stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo "================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo "无法连接网络。"
45 exit $?
46 fi
47echo "==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo "================================================="
53echo ""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo "================更改为中文字符集================="
59 cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo '#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo "================================================="
71echo ""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo "============禁用SELINUX及关闭防火墙=============="
77 cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo '#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo '#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo "================================================="
88echo ""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo "===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo '+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo '+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo "================================================="
103echo ""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo "======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo "================================================="
120echo ""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo "========修改ssh默认端口禁用root远程登录=========="
126 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo '+-------modify the sshd_config-------+'
132 echo 'Port 52113'
133 echo 'PermitEmptyPasswords no'
134 echo 'PermitRootLogin no'
135 echo 'UseDNS no'
136 echo '+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo "================================================="
139echo ""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo "================配置时间同步====================="
145 cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo '#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo "================================================="
155echo ""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo "#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo "================================================="
169echo ""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo "===================新建用户======================"
175#add user
176while true
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo "用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo "用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191while true
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo "密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo "两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo "$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo "#####add visudo#####"
209cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo '#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo "================================================="
219echo ""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo "===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo '* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo '#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo '#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo "================================================="
237echo ""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo "================================================="
248echo ""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo "================================================="
256echo ""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo "================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo "modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo "modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo "================================================="
295echo ""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo "======设置默认历史记录数和连接超时时间======"
301echo "TMOUT=300" >>/etc/profile
302echo "HISTSIZE=5" >>/etc/profile
303echo "HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo "================================================="
308echo ""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo "======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo "================================================="
322echo ""
323sleep 2
324}
325#menu2
326menu2(){
327while true
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case "$input2" in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo "----------------------------------"
403 echo "| Warning!!! |"
404 echo "| Please Enter Right Choice! |"
405 echo "----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417while true
418do
419clear
420echo "========================================"
421echo ' Linux Optimization '
422echo "========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case "$input1" in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo "----------------------------------"
467 echo "| Warning!!! |"
468 echo "| Please Enter Right Choice! |"
469 echo "----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "$i";
473 sleep 1;
474 done
475 clear
476esac
477done
推荐阅读
钟 意 请 长 按 ➜
以上是关于适用于Centos6.x系统的15项优化脚本的主要内容,如果未能解决你的问题,请参考以下文章