一键系统优化15项脚本,适用于Centos6.x
Posted 努力哥-运维自动化
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了一键系统优化15项脚本,适用于Centos6.x相关的知识,希望对你有一定的参考价值。
1 #!/bin/sh 2 ################################################ 3 #Author:nulige 4 # qqinfo:1034611705 5 # Date: 2015-6-8 6 #version:1.2 7 #实现功能:一键系统优化15项脚本,适用于Centos6.x 8 ################################################ 9 10 #Source function library. 11 12 . /etc/init.d/functions 13 14 #date 15 DATE=`date +"%y-%m-%d %H:%M:%S"` 16 #ip 17 IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 ` 18 #hostname 19 HOSTNAME=`hostname -s` 20 #user 21 USER=`whoami` 22 #disk_check 23 DISK_SDA=`df -h |grep -w "/" |awk ‘{print $5}‘` 24 #cpu_average_check 25 cpu_uptime=`cat /proc/loadavg|awk ‘{print $1,$2,$3}‘` 26 27 #set LANG 28 export LANG=zh_CN.UTF-8 29 30 #Require root to run this script. 31 uid=`id | cut -d\( -f1 | cut -d= -f2` 32 if [ $uid -ne 0 ];then 33 action "Please run this script as root." /bin/false 34 exit 1 35 fi 36 37 #"stty erase ^H" 38 \cp /root/.bash_profile /root/.bash_profile_$(date +%F) 39 erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l` 40 if [ $erase -lt 1 ];then 41 echo "stty erase ^H" >>/root/.bash_profile 42 source /root/.bash_profile 43 fi 44 45 #Config Yum CentOS-Bases.repo and save Yum file 46 configYum(){ 47 echo "================更新为国内YUM源==================" 48 cd /etc/yum.repos.d/ 49 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F) 50 ping -c 1 mirrors.aliyun.com >/dev/null 51 if [ $? -eq 0 ];then 52 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 53 else 54 echo "无法连接网络。" 55 exit $? 56 fi 57 58 echo "==============保存YUM源文件======================" 59 sed -i ‘s#keepcache=0#keepcache=1#g‘ /etc/yum.conf 60 grep keepcache /etc/yum.conf 61 sleep 5 62 63 action "配置国内YUM完成" /bin/true 64 echo "=================================================" 65 echo "" 66 sleep 2 67 } 68 69 #Charset zh_CN.UTF-8 70 initI18n(){ 71 echo "================更改为中文字符集=================" 72 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F) 73 >/etc/sysconfig/i18n 74 cat >>/etc/sysconfig/i18n<<EOF 75 LANG="zh_CN.UTF-8" 76 #LANG="en_US.UTF-8" 77 SYSFONT="latarcyrheb-sun16" 78 EOF 79 source /etc/sysconfig/i18n 80 echo ‘#cat /etc/sysconfig/i18n‘ 81 grep LANG /etc/sysconfig/i18n 82 action "更改字符集zh_CN.UTF-8完成" /bin/true 83 echo "=================================================" 84 echo "" 85 sleep 2 86 } 87 88 #Close Selinux and Iptables 89 initFirewall(){ 90 echo "============禁用SELINUX及关闭防火墙==============" 91 \cp /etc/selinux/config /etc/selinux/config.$(date +%F) 92 /etc/init.d/iptables stop 93 sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config 94 setenforce 0 95 /etc/init.d/iptables status 96 echo ‘#grep SELINUX=disabled /etc/selinux/config ‘ 97 grep SELINUX=disabled /etc/selinux/config 98 echo ‘#getenforce ‘ 99 getenforce 100 action "禁用selinux及关闭防火墙完成" /bin/true 101 echo "=================================================" 102 echo "" 103 sleep 2 104 } 105 106 #Init Auto Startup Service 107 initService(){ 108 echo "===============精简开机自启动====================" 109 export LANG="en_US.UTF-8" 110 for A in `chkconfig --list |grep 3:on |awk ‘{print $1}‘ `;do chkconfig $A off;done 111 for B in rsyslog network sshd crond;do chkconfig $B on;done 112 echo ‘+--------which services on---------+‘ 113 chkconfig --list |grep 3:on 114 echo ‘+----------------------------------+‘ 115 export LANG="zh_CN.UTF-8" 116 action "精简开机自启动完成" /bin/true 117 echo "=================================================" 118 echo "" 119 sleep 2 120 } 121 122 #Removal system and kernel version login before the screen display 123 initRemoval(){ 124 echo "======去除系统及内核版本登录前的屏幕显示=======" 125 #must use root user run scripts 126 if 127 [ $UID -ne 0 ];then 128 echo This script must use the root user ! ! ! 129 sleep 2 130 exit 0 131 fi 132 >/etc/redhat-release 133 >/etc/issue 134 action "去除系统及内核版本登录前的屏幕显示" /bin/true 135 echo "=================================================" 136 echo "" 137 sleep 2 138 } 139 140 #Change sshd default port and prohibit user root remote login. 141 initSsh(){ 142 echo "========修改ssh默认端口禁用root远程登录==========" 143 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F) 144 sed -i ‘s/#Port 22/Port 52113/g‘ /etc/ssh/sshd_config 145 sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g‘ /etc/ssh/sshd_config 146 sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/g‘ /etc/ssh/sshd_config 147 sed -i ‘s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_config 148 echo ‘+-------modify the sshd_config-------+‘ 149 echo ‘Port 52113‘ 150 echo ‘PermitEmptyPasswords no‘ 151 echo ‘PermitRootLogin no‘ 152 echo ‘UseDNS no‘ 153 echo ‘+------------------------------------+‘ 154 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false 155 echo "=================================================" 156 echo "" 157 sleep 2 158 } 159 160 #time sync 161 syncSysTime(){ 162 echo "================配置时间同步=====================" 163 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null 164 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l` 165 if [ $NTPDATE -eq 0 ];then 166 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root 167 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root 168 fi 169 echo ‘#crontab -l‘ 170 crontab -l 171 action "配置时间同步完成" /bin/true 172 echo "=================================================" 173 echo "" 174 sleep 2 175 } 176 177 #install tools 178 initTools(){ 179 echo "#####安装系统补装工具(选择最小化安装minimal)#####" 180 ping -c 2 mirrors.aliyun.com 181 sleep 2 182 yum install tree nmap sysstat lrzsz dos2unix -y 183 sleep 2 184 rpm -qa tree nmap sysstat lrzsz dos2unix 185 sleep 2 186 action "安装系统补装工具(选择最小化安装minimal)" /bin/true 187 echo "=================================================" 188 echo "" 189 sleep 2 190 } 191 192 #add user and give sudoers 193 addUser(){ 194 echo "===================新建用户======================" 195 #add user 196 while true 197 do 198 read -p "请输入新用户名:" name 199 NAME=`awk -F‘:‘ ‘{print $1}‘ /etc/passwd|grep -wx $name 2>/dev/null|wc -l` 200 if [ ${#name} -eq 0 ];then 201 echo "用户名不能为空,请重新输入。" 202 continue 203 elif [ $NAME -eq 1 ];then 204 echo "用户名已存在,请重新输入。" 205 continue 206 fi 207 useradd $name 208 break 209 done 210 #create password 211 while true 212 do 213 read -p "为 $name 创建一个密码:" pass1 214 if [ ${#pass1} -eq 0 ];then 215 echo "密码不能为空,请重新输入。" 216 continue 217 fi 218 read -p "请再次输入密码:" pass2 219 if [ "$pass1" != "$pass2" ];then 220 echo "两次密码输入不相同,请重新输入。" 221 continue 222 fi 223 echo "$pass2" |passwd --stdin $name 224 break 225 done 226 sleep 1 227 228 #add visudo 229 echo "#####add visudo#####" 230 \cp /etc/sudoers /etc/sudoers.$(date +%F) 231 SUDO=`grep -w "$name" /etc/sudoers |wc -l` 232 if [ $SUDO -eq 0 ];then 233 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers 234 echo ‘#tail -1 /etc/sudoers‘ 235 grep -w "$name" /etc/sudoers 236 sleep 1 237 fi 238 action "创建用户$name并将其加入visudo完成" /bin/true 239 echo "=================================================" 240 echo "" 241 sleep 2 242 } 243 244 #Adjust the file descriptor(limits.conf) 245 initLimits(){ 246 echo "===============加大文件描述符====================" 247 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l` 248 if [ $LIMIT -eq 0 ];then 249 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F) 250 echo ‘* - nofile 65535‘>>/etc/security/limits.conf 251 fi 252 echo ‘#tail -1 /etc/security/limits.conf‘ 253 tail -1 /etc/security/limits.conf 254 ulimit -HSn 65535 255 echo ‘#ulimit -n‘ 256 ulimit -n 257 action "配置文件描述符为65535" /bin/true 258 echo "=================================================" 259 echo "" 260 sleep 2 261 } 262 263 #set ssh 264 initSsh(){ 265 echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度=======" 266 sed -i ‘s/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/‘ /etc/ssh/sshd_config 267 sed -i ‘s/#UseDNS yes/UseDNS no/‘ /etc/ssh/sshd_config 268 service sshd restart 269 action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true 270 echo "=================================================" 271 echo "" 272 sleep 2 273 } 274 275 #set the control-alt-delete to guard against the miSUSE 276 initRestart(){ 277 sed -i ‘s#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#‘ /etc/init/control-alt-delete.conf 278 action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true 279 echo "=================================================" 280 echo "" 281 sleep 2 282 } 283 284 #Optimizing the system kernel 285 initSysctl(){ 286 echo "================优化内核参数=====================" 287 SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l` 288 if [ $SYSCTL -lt 10 ];then 289 \cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F) 290 cat >>/etc/sysctl.conf<<EOF 291 net.ipv4.tcp_fin_timeout = 2 292 net.ipv4.tcp_tw_reuse = 1 293 net.ipv4.tcp_tw_recycle = 1 294 net.ipv4.tcp_syncookies = 1 295 net.ipv4.tcp_keepalive_time = 600 296 net.ipv4.ip_local_port_range = 4000 65000 297 net.ipv4.tcp_max_syn_backlog = 16384 298 net.ipv4.tcp_max_tw_buckets = 36000 299 net.ipv4.route.gc_timeout = 100 300 net.ipv4.tcp_syn_retries = 1 301 net.ipv4.tcp_synack_retries = 1 302 net.core.somaxconn = 16384 303 net.core.netdev_max_backlog = 16384 304 net.ipv4.tcp_max_orphans = 16384 305 net.netfilter.nf_conntrack_max = 25000000 306 net.netfilter.nf_conntrack_tcp_timeout_established = 180 307 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 308 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 309 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 310 EOF 311 fi 312 \cp /etc/rc.local /etc/rc.local.$(date +%F) 313 modprobe nf_conntrack 314 echo "modprobe nf_conntrack">> /etc/rc.local 315 modprobe bridge 316 echo "modprobe bridge">> /etc/rc.local 317 sysctl -p 318 action "内核调优完成" /bin/true 319 echo "=================================================" 320 echo "" 321 sleep 2 322 } 323 324 #setting history and login timeout 325 initHistory(){ 326 echo "======设置默认历史记录数和连接超时时间======" 327 echo "TMOUT=300" >>/etc/profile 328 echo "HISTSIZE=5" >>/etc/profile 329 echo "HISTFILESIZE=5" >>/etc/profile 330 tail -3 /etc/profile 331 source /etc/profile 332 action "设置默认历史记录数和连接超时时间" /bin/true 333 echo "=================================================" 334 echo "" 335 sleep 2 336 } 337 338 #chattr file system 339 initChattr(){ 340 echo "======锁定关键文件系统======" 341 chattr +i /etc/passwd 342 chattr +i /etc/inittab 343 chattr +i /etc/group 344 chattr +i /etc/shadow 345 chattr +i /etc/gshadow 346 /bin/mv /usr/bin/chattr /usr/bin/lock 347 action "锁定关键文件系统" /bin/true 348 echo "=================================================" 349 echo "" 350 sleep 2 351 } 352 353 #menu2 354 menu2(){ 355 while true 356 do 357 clear 358 cat <<EOF 359 ---------------------------------------- 360 |****Please Enter Your Choice:[0-15]****| 361 ---------------------------------------- 362 (1) 新建一个用户并将其加入visudo 363 (2) 配置为国内YUM源镜像和保存YUM源文件 364 (3) 配置中文字符集 365 (4) 禁用SELINUX及关闭防火墙 366 (5) 精简开机自启动 367 (6) 去除系统及内核版本登录前的屏幕显示 368 (7) 修改ssh默认端口及禁用root远程登录 369 (8) 设置时间同步 370 (9) 安装系统补装工具(选择最小化安装minimal) 371 (10) 加大文件描述符 372 (11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度 373 (12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启 374 (13) 系统内核调优 375 (14) 设置默认历史记录数和连接超时时间 376 (15) 锁定关键文件系统 377 (0) 返回上一级菜单 378 EOF 379 read -p "Please enter your Choice[0-15]: " input2 380 case "$input2" in 381 0) 382 clear 383 break 384 ;; 385 1) 386 addUser 387 ;; 388 2) 389 configYum 390 ;; 391 3) 392 initI18n 393 ;; 394 4) 395 initFirewall 396 ;; 397 5) 398 initService 399 ;; 400 6) 401 initRemoval 402 ;; 403 7) 404 initSsh 405 ;; 406 8) 407 syncSysTime 408 ;; 409 9) 410 initTools 411 ;; 412 10) 413 initLimits 414 ;; 415 11) 416 initSsh 417 ;; 418 12) 419 initRestart 420 ;; 421 13) 422 initSysctl 423 ;; 424 14) 425 initHistory 426 ;; 427 15) 428 initChattr 429 ;; 430 *) echo "----------------------------------" 431 echo "| Warning!!! |" 432 echo "| Please Enter Right Choice! |" 433 echo "----------------------------------" 434 for i in `seq -w 3 -1 1` 435 do 436 echo -ne "\b\b$i"; 437 sleep 1; 438 done 439 clear 440 esac 441 done 442 } 443 #initTools 444 #menu 445 while true 446 do 447 clear 448 echo "========================================" 449 echo ‘ Linux Optimization ‘ 450 echo "========================================" 451 cat << EOF 452 |-----------System Infomation----------- 453 | DATE :$DATE 454 | HOSTNAME :$HOSTNAME 455 | USER :$USER 456 | IP :$IPADDR 457 | DISK_USED :$DISK_SDA 458 | CPU_AVERAGE:$cpu_uptime 459 ---------------------------------------- 460 |****Please Enter Your Choice:[1-3]****| 461 ---------------------------------------- 462 (1) 一键优化 463 (2) 自定义优化 464 (3) 退出 465 EOF 466 #choice 467 read -p "Please enter your choice[0-3]: " input1 468 469 case "$input1" in 470 1) 471 addUser 472 configYum 473 initI18n 474 initFirewall 475 initService 476 initRemoval 477 initSsh 478 syncSysTime 479 initTools 480 initLimits 481 initSsh 482 initRestart 483 initSysctl 484 initHistory 485 initChattr 486 ;; 487 488 2) 489 menu2 490 ;; 491 3) 492 clear 493 break 494 ;; 495 *) 496 echo "----------------------------------" 497 echo "| Warning!!! |" 498 echo "| Please Enter Right Choice! |" 499 echo "----------------------------------" 500 for i in `seq -w 3 -1 1` 501 do 502 echo -ne "\b\b$i"; 503 sleep 1; 504 done 505 clear 506 esac 507 done
以上是关于一键系统优化15项脚本,适用于Centos6.x的主要内容,如果未能解决你的问题,请参考以下文章
转载黑苹果USB一键定制脚本:可临时修复升级11.3系统版本后USB失效问题