CentOS6系统初始化脚本

Posted 2020-09-09

    我们在学习Linux过程中，经常需要安装系统和一些基本的系统设置，这是重复又浪费时间的过程。为了方便，结合老男孩教育课程内容，自己写了一个脚本，以便自己日后方便使用，也和大家一起分享。好，废话少说，直接上脚本。

#在家目录下创建脚本目录 mkdir -p ~/shells #初始化脚本 cat ~/shells/init.sh #!/bin/bash # Lion # V1.0 2017-04-08 16:00 #描述：在CentOS6系统安装完成后的系统初始化及优化 #####变量设置：主机名、内网IP、外网IP，请自行修改 Hostname=‘lion‘ Ip_wan=‘10.0.0.100‘ Ip_lan=‘172.16.1.100‘ ####网卡 eth0、eth1 设置########### cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=${Ip_wan} NETMASK=255.255.255.0 GATEWAY=10.0.0.2 DNS1=202.96.128.166 IPV6INIT=no EOF cat > /etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF DEVICE=eth1 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=${Ip_lan} NETMASK=255.255.255.0 EOF ###Host name setting cat >/etc/sysconfig/network <<EOF NETWORKING=yes HOSTNAME=${Hostname} GATEWAY=10.0.0.2 EOF hostname ${Hostname} ##############hosts文件设置###################### cat > /etc/hosts <<EOF 127.0.0.1 ${Hostname} localhost localhost.localdomain localhost4 localhost4.localdomain4 ${Ip_wan} ${Hostname} 172.16.1.5 lb01 172.16.1.6 lb02 172.16.1.7 web02 172.16.1.8 web01 172.16.1.51 db01 db01.etiantian.org 172.16.1.31 nfs01 172.16.1.41 backup 172.16.1.61 m01 EOF ###163 源设置 $releasever、$basearch变量前的$做了转义，否则获取不到系统变量############ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.ori cat > /etc/yum.repos.d/CentOS6-Base-163.repo <<EOF # CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client.  You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the  # remarked out baseurl= line instead. # # [base] name=CentOS-\$releasever - Base - 163.com baseurl=http://mirrors.163.com/centos/\$releasever/os/\$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #released updates  [updates] name=CentOS-\$releasever - Updates - 163.com baseurl=http://mirrors.163.com/centos/\$releasever/updates/\$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-\$releasever - Extras - 163.com baseurl=http://mirrors.163.com/centos/\$releasever/extras/\$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-\$releasever - Plus - 163.com baseurl=http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-\$releasever - Contrib - 163.com baseurl=http://mirrors.163.com/centos/\$releasever/contrib/\$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 EOF yum clean all yum makecache ####系统升级##### yum update -y ####安装常用的管理工作########################### yum install dstat sysstat lrzsz ntpdate -y ### 开机程序精简 ########### chkconfig --list|egrep -v ‘crond|network|rsyslog|sshd|sysstat‘|awk ‘{print "chkconfig "$1" off"}‘|bash ####新增管理员帐号并设置无需密码的sudo权限 useradd lion echo ‘123456‘ | passwd --stdin lion cp /etc/sudoers /etc/sudoers.ori echo "lion ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers tail -l /etc/sudoers visudo -c ####解决ssh连接慢 sed  -i ‘s/#GSSAPIAuthentication no/GSSAPIAuthentication no/g‘ /etc/ssh/sshd_config sed  -i ‘s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g‘ /etc/ssh/sshd_config #### 解决虚拟机在做ghost的网卡无法启动问题 echo ‘> /etc/udev/rules.d/70-persistent-net.rules‘ >> /etc/rc.local #### 内核优化 ################# cat > /etc/sysctl.conf << EOF # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and # sysctl.conf(5) for more details. # # Use ‘/sbin/sysctl -a‘ to list all possible parameters. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies #net.ipv4.tcp_syncookies = 1 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans =16384 #iptables net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 EOF sysctl -p /etc/sysctl.conf ####关闭防火墙 /etc/init.d/iptables stop ####关闭 SELINUX sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config setenforce 0 ####设置时间同步 echo ‘*/5 * * * * /usr/sbin/ntpdate times.aliyun.com > /dev/null 2>&1‘ >> /var/spool/cron/root #### 设置文件 描述符#### echo ‘* - nofile 65535‘ >> /etc/security/limits.conf ####运行脚本 sh ~/shells/init.sh

    至此整个脚本已经完成了。

    在此对老男孩教育表示感谢。

--------------------------------------------------------------------

欢迎朋友们加入我创建的QQ交流群：161490064

--------------------------------------------------------------------

本文出自 “冰锋” 博客，请务必保留此出处http://ruilan.blog.51cto.com/11948237/1914340