一键系统优化15项脚本,适用于Centos6.x

Posted 努力哥-运维自动化

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了一键系统优化15项脚本,适用于Centos6.x相关的知识,希望对你有一定的参考价值。

  1 #!/bin/sh
  2 ################################################
  3 #Author:nulige
  4 # qqinfo:1034611705
  5 # Date: 2015-6-8
  6 #version:1.2
  7 #实现功能:一键系统优化15项脚本,适用于Centos6.x
  8 ################################################
  9  
 10 #Source function library.
 11  
 12 . /etc/init.d/functions
 13  
 14 #date
 15 DATE=`date +"%y-%m-%d %H:%M:%S"`
 16 #ip
 17 IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
 18 #hostname
 19 HOSTNAME=`hostname -s`
 20 #user
 21 USER=`whoami`
 22 #disk_check
 23 DISK_SDA=`df -h |grep -w "/" |awk {print $5}`
 24 #cpu_average_check
 25 cpu_uptime=`cat /proc/loadavg|awk {print $1,$2,$3}`
 26   
 27 #set LANG
 28 export LANG=zh_CN.UTF-8
 29  
 30 #Require root to run this script.
 31 uid=`id | cut -d\( -f1 | cut -d= -f2`
 32 if [ $uid -ne 0 ];then
 33   action "Please run this script as root." /bin/false
 34   exit 1
 35 fi
 36 
 37 #"stty erase ^H"
 38 \cp /root/.bash_profile  /root/.bash_profile_$(date +%F)
 39 erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
 40 if [ $erase -lt 1 ];then
 41     echo "stty erase ^H" >>/root/.bash_profile
 42     source /root/.bash_profile
 43 fi
 44 
 45 #Config Yum CentOS-Bases.repo and save Yum file
 46 configYum(){
 47 echo "================更新为国内YUM源=================="
 48   cd /etc/yum.repos.d/
 49   \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
 50   ping -c 1 mirrors.aliyun.com >/dev/null
 51   if [ $? -eq 0 ];then
 52   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
 53   else
 54     echo "无法连接网络。"
 55     exit $?
 56   fi
 57 
 58 echo "==============保存YUM源文件======================"
 59 sed -i s#keepcache=0#keepcache=1#g /etc/yum.conf     
 60 grep keepcache /etc/yum.conf
 61 sleep 5
 62 
 63 action "配置国内YUM完成"  /bin/true
 64 echo "================================================="
 65 echo ""
 66   sleep 2
 67 }
 68  
 69 #Charset zh_CN.UTF-8
 70 initI18n(){
 71 echo "================更改为中文字符集================="
 72   \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
 73 >/etc/sysconfig/i18n
 74 cat >>/etc/sysconfig/i18n<<EOF
 75 LANG="zh_CN.UTF-8"
 76 #LANG="en_US.UTF-8"
 77 SYSFONT="latarcyrheb-sun16"
 78 EOF
 79   source /etc/sysconfig/i18n
 80   echo #cat /etc/sysconfig/i18n
 81   grep LANG /etc/sysconfig/i18n
 82 action "更改字符集zh_CN.UTF-8完成" /bin/true
 83 echo "================================================="
 84 echo ""
 85   sleep 2
 86 }
 87 
 88 #Close Selinux and Iptables
 89 initFirewall(){
 90 echo "============禁用SELINUX及关闭防火墙=============="
 91   \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
 92   /etc/init.d/iptables stop
 93   sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
 94   setenforce 0
 95   /etc/init.d/iptables status
 96   echo #grep SELINUX=disabled /etc/selinux/config  
 97   grep SELINUX=disabled /etc/selinux/config 
 98   echo #getenforce 
 99   getenforce 
100 action "禁用selinux及关闭防火墙完成" /bin/true
101 echo "================================================="
102 echo ""
103   sleep 2
104 }
105 
106 #Init Auto Startup Service
107 initService(){
108 echo "===============精简开机自启动===================="
109   export LANG="en_US.UTF-8"
110   for A in `chkconfig --list |grep 3:on |awk {print $1} `;do chkconfig $A off;done
111   for B in rsyslog network sshd crond;do chkconfig $B on;done
112   echo +--------which services on---------+
113   chkconfig --list |grep 3:on
114   echo +----------------------------------+
115   export LANG="zh_CN.UTF-8"
116 action "精简开机自启动完成" /bin/true
117 echo "================================================="
118 echo ""
119   sleep 2
120 }
121 
122 #Removal system and kernel version login before the screen display
123 initRemoval(){
124 echo "======去除系统及内核版本登录前的屏幕显示======="
125 #must use root user run scripts
126 if    
127    [ $UID -ne 0 ];then
128    echo This script must use the root user ! ! ! 
129    sleep 2
130    exit 0
131 fi
132     >/etc/redhat-release
133     >/etc/issue
134 action "去除系统及内核版本登录前的屏幕显示" /bin/true
135 echo "================================================="
136 echo ""
137   sleep 2
138 }
139 
140 #Change sshd default port and prohibit user root remote login.
141 initSsh(){
142 echo "========修改ssh默认端口禁用root远程登录=========="
143   \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
144   sed -i s/#Port 22/Port 52113/g /etc/ssh/sshd_config
145   sed -i s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g /etc/ssh/sshd_config
146   sed -i s/#PermitRootLogin yes/PermitRootLogin no/g /etc/ssh/sshd_config
147   sed -i s/#UseDNS yes/UseDNS no/g /etc/ssh/sshd_config
148   echo +-------modify the sshd_config-------+
149   echo Port 52113
150   echo PermitEmptyPasswords no
151   echo PermitRootLogin no
152   echo UseDNS no
153   echo +------------------------------------+
154   /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
155 echo "================================================="
156 echo ""
157   sleep 2
158 }
159 
160 #time sync
161 syncSysTime(){
162 echo "================配置时间同步====================="
163   \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
164   NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
165   if [ $NTPDATE -eq 0 ];then
166     echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
167     echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
168   fi
169   echo #crontab -l  
170   crontab -l
171 action "配置时间同步完成" /bin/true
172 echo "================================================="
173 echo ""
174   sleep 2
175 }
176 
177 #install tools
178 initTools(){
179     echo "#####安装系统补装工具(选择最小化安装minimal)#####"
180     ping -c 2 mirrors.aliyun.com
181     sleep 2
182     yum install tree nmap sysstat lrzsz dos2unix -y
183     sleep 2
184     rpm -qa tree nmap sysstat lrzsz dos2unix
185     sleep 2
186 action "安装系统补装工具(选择最小化安装minimal)" /bin/true
187 echo "================================================="
188 echo ""
189   sleep 2
190 }
191 
192 #add user and give sudoers
193 addUser(){
194 echo "===================新建用户======================"
195 #add user
196 while true
197 do  
198     read -p "请输入新用户名:" name
199     NAME=`awk -F: {print $1} /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
200     if [ ${#name} -eq 0 ];then
201        echo "用户名不能为空,请重新输入。"
202        continue
203     elif [ $NAME -eq 1 ];then
204        echo "用户名已存在,请重新输入。"
205        continue
206     fi
207 useradd $name
208 break
209 done
210 #create password
211 while true
212 do
213     read -p "为 $name 创建一个密码:" pass1
214     if [ ${#pass1} -eq 0 ];then
215        echo "密码不能为空,请重新输入。"
216        continue
217     fi
218     read -p "请再次输入密码:" pass2
219     if [ "$pass1" != "$pass2" ];then
220        echo "两次密码输入不相同,请重新输入。"
221        continue
222     fi
223 echo "$pass2" |passwd --stdin $name
224 break
225 done
226 sleep 1
227 
228 #add visudo
229 echo "#####add visudo#####"
230 \cp /etc/sudoers /etc/sudoers.$(date +%F)
231 SUDO=`grep -w "$name" /etc/sudoers |wc -l`
232 if [ $SUDO -eq 0 ];then
233     echo "$name  ALL=(ALL)       NOPASSWD: ALL" >>/etc/sudoers
234     echo #tail -1 /etc/sudoers
235     grep -w "$name" /etc/sudoers
236     sleep 1
237 fi
238 action "创建用户$name并将其加入visudo完成"  /bin/true
239 echo "================================================="
240 echo ""
241 sleep 2
242 }
243   
244 #Adjust the file descriptor(limits.conf)
245 initLimits(){
246 echo "===============加大文件描述符===================="
247   LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
248   if [ $LIMIT -eq 0 ];then
249   \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
250   echo *                  -        nofile         65535>>/etc/security/limits.conf
251   fi
252   echo #tail -1 /etc/security/limits.conf
253   tail -1 /etc/security/limits.conf
254   ulimit -HSn 65535
255   echo #ulimit -n
256   ulimit -n
257 action "配置文件描述符为65535" /bin/true
258 echo "================================================="
259 echo ""
260 sleep 2
261 }
262 
263 #set ssh
264 initSsh(){
265 echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
266 sed -i s/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/ /etc/ssh/sshd_config
267 sed -i s/#UseDNS yes/UseDNS no/ /etc/ssh/sshd_config
268 service sshd restart
269 action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
270 echo "================================================="
271 echo ""
272 sleep 2
273 }
274 
275 #set the control-alt-delete to guard against the miSUSE
276 initRestart(){
277 sed -i s#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now# /etc/init/control-alt-delete.conf
278 action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
279 echo "================================================="
280 echo ""
281 sleep 2
282 }
283 
284 #Optimizing the system kernel
285 initSysctl(){
286 echo "================优化内核参数====================="
287 SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
288 if [ $SYSCTL -lt 10 ];then
289 \cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
290 cat >>/etc/sysctl.conf<<EOF
291 net.ipv4.tcp_fin_timeout = 2
292 net.ipv4.tcp_tw_reuse = 1
293 net.ipv4.tcp_tw_recycle = 1
294 net.ipv4.tcp_syncookies = 1
295 net.ipv4.tcp_keepalive_time = 600
296 net.ipv4.ip_local_port_range = 4000 65000
297 net.ipv4.tcp_max_syn_backlog = 16384
298 net.ipv4.tcp_max_tw_buckets = 36000
299 net.ipv4.route.gc_timeout = 100
300 net.ipv4.tcp_syn_retries = 1
301 net.ipv4.tcp_synack_retries = 1
302 net.core.somaxconn = 16384
303 net.core.netdev_max_backlog = 16384
304 net.ipv4.tcp_max_orphans = 16384
305 net.netfilter.nf_conntrack_max = 25000000
306 net.netfilter.nf_conntrack_tcp_timeout_established = 180
307 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
308 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
309 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
310 EOF
311 fi
312   \cp /etc/rc.local /etc/rc.local.$(date +%F)  
313   modprobe nf_conntrack
314   echo "modprobe nf_conntrack">> /etc/rc.local
315   modprobe bridge
316   echo "modprobe bridge">> /etc/rc.local
317   sysctl -p  
318 action "内核调优完成" /bin/true
319 echo "================================================="
320 echo ""
321   sleep 2
322 }
323 
324 #setting history and login timeout
325 initHistory(){
326 echo "======设置默认历史记录数和连接超时时间======"
327 echo "TMOUT=300" >>/etc/profile
328 echo "HISTSIZE=5" >>/etc/profile
329 echo "HISTFILESIZE=5" >>/etc/profile
330 tail -3 /etc/profile
331 source /etc/profile
332 action "设置默认历史记录数和连接超时时间" /bin/true
333 echo "================================================="
334 echo ""
335 sleep 2
336 }
337 
338 #chattr file system
339 initChattr(){
340 echo "======锁定关键文件系统======"
341 chattr +i /etc/passwd
342 chattr +i /etc/inittab
343 chattr +i /etc/group
344 chattr +i /etc/shadow
345 chattr +i /etc/gshadow
346 /bin/mv /usr/bin/chattr /usr/bin/lock
347 action "锁定关键文件系统" /bin/true
348 echo "================================================="
349 echo ""
350 sleep 2
351 }
352 
353 #menu2
354 menu2(){
355 while true
356 do
357 clear
358 cat <<EOF
359 ----------------------------------------
360 |****Please Enter Your Choice:[0-15]****|
361 ----------------------------------------
362 (1)  新建一个用户并将其加入visudo
363 (2)  配置为国内YUM源镜像和保存YUM源文件
364 (3)  配置中文字符集
365 (4)  禁用SELINUX及关闭防火墙
366 (5)  精简开机自启动
367 (6)  去除系统及内核版本登录前的屏幕显示
368 (7)  修改ssh默认端口及禁用root远程登录
369 (8)  设置时间同步
370 (9)  安装系统补装工具(选择最小化安装minimal)
371 (10) 加大文件描述符
372 (11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
373 (12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
374 (13) 系统内核调优
375 (14) 设置默认历史记录数和连接超时时间
376 (15) 锁定关键文件系统
377 (0) 返回上一级菜单
378 EOF
379 read -p "Please enter your Choice[0-15]: " input2
380 case "$input2" in
381   0)
382   clear
383   break 
384   ;;
385   1)
386   addUser
387   ;;
388   2)
389   configYum
390   ;;
391   3)
392   initI18n
393   ;;
394   4)
395   initFirewall
396   ;;
397   5)
398   initService
399   ;;
400   6)
401   initRemoval
402   ;;
403   7)
404   initSsh
405   ;;
406   8)
407   syncSysTime
408   ;;
409   9)
410   initTools
411   ;;
412   10)
413   initLimits
414   ;;
415   11)
416   initSsh
417   ;;
418   12)
419   initRestart
420   ;;
421   13)
422   initSysctl
423   ;;
424   14)
425   initHistory
426   ;;
427   15)
428   initChattr
429   ;;
430   *) echo "----------------------------------"
431      echo "|          Warning!!!            |"
432      echo "|   Please Enter Right Choice!   |"
433      echo "----------------------------------"
434      for i in `seq -w 3 -1 1`
435        do 
436          echo -ne "\b\b$i";
437   sleep 1;
438      done
439      clear
440 esac
441 done
442 }
443 #initTools
444 #menu
445 while true
446 do
447 clear
448 echo "========================================"
449 echo           Linux Optimization               
450 echo "========================================"
451 cat << EOF
452 |-----------System Infomation-----------
453 | DATE       :$DATE
454 | HOSTNAME   :$HOSTNAME
455 | USER       :$USER
456 | IP         :$IPADDR
457 | DISK_USED  :$DISK_SDA
458 | CPU_AVERAGE:$cpu_uptime
459 ----------------------------------------
460 |****Please Enter Your Choice:[1-3]****|
461 ----------------------------------------
462 (1) 一键优化
463 (2) 自定义优化
464 (3) 退出
465 EOF
466 #choice
467 read -p "Please enter your choice[0-3]: " input1
468  
469 case "$input1" in
470 1) 
471   addUser
472   configYum
473   initI18n
474   initFirewall
475   initService
476   initRemoval
477   initSsh
478   syncSysTime
479   initTools
480   initLimits
481   initSsh
482   initRestart
483   initSysctl
484   initHistory
485   initChattr
486   ;;
487   
488 2)
489   menu2
490   ;;
491 3) 
492   clear 
493   break
494   ;;
495 *)   
496   echo "----------------------------------"
497   echo "|          Warning!!!            |"
498   echo "|   Please Enter Right Choice!   |"
499   echo "----------------------------------"
500   for i in `seq -w 3 -1 1`
501       do
502         echo -ne "\b\b$i";
503         sleep 1;
504   done
505   clear
506 esac  
507 done

 

以上是关于一键系统优化15项脚本,适用于Centos6.x的主要内容,如果未能解决你的问题,请参考以下文章

centos6.x一键15项系统优化(转自努力哥)

转载黑苹果USB一键定制脚本:可临时修复升级11.3系统版本后USB失效问题

CentOS7一键安全加固及系统优化脚本

CentOS6.x生产环境下一键安装mono+jexus的脚本,自启动,带服务,版本号自控

CentOS6.x一键安装mysql5.6并定制数据目录

宝塔一键安装脚本