CentOS6系统初始化脚本

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS6系统初始化脚本相关的知识,希望对你有一定的参考价值。

#!/bin/bash
### Usage: This script use to config linux system

#获取IP地址 172.16.100.100
outip=`ifconfig eth1 |grep inet|cut -f 2 -d ":" |cut -f 1 -d " "|awk -F "." ‘{print $4}‘`

#定义系统主机名
hostname=dbbak$outip.mstuc.cn1

#修改yum源 
#Change yum source to mirrors.163.com
mv -f /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -s http://mirrors.163.com/.help/CentOS6-Base-163.repo -o /etc/yum.repos.d/CentOS-Base.repo

#添加第三方的yum源
#add the third-party repo
#add the epel
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
#add the rpmforge
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag

#生成yum缓存
yum clean all
yum makecache

#安装一些常用的软件
yum install -y sysstat vim lrzsz ntp traceroute vixie-cron crontabs lsof pcre pcre-devel wget openssl openssl-devel rsync 

#时间校正
#set ntp
/usr/sbin/ntpdate ntp.api.bz
echo "*/5 * * * * /usr/sbin/ntpdate ntp.api.bz > /dev/null 2>&1" >> /var/spool/cron/root
#set clock

#校正硬件时钟 bios里面的时间
hwclock --set --date="`date +%D\ %T`"
hwclock --hctosys

#ulimit 修改
#set ulimit
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*           soft   nofile       102400
*           hard   nofile       102400
*           soft   nproc        102400
*           hard   nproc        102400
EOF

#禁止使用control alt delete重启服务器
#close ctrl+alt+del
sed -i ‘s/exec \/sbin\/shutdown -r now "Control-Alt-Delete pressed"/#exec \/sbin\/shutdown -r now "Control-Alt-Delete pressed"/g‘ /etc/init/control-alt-delete.conf

#修改运行级别,修改成默认为3
sed -i ‘s/^id:5:initdefault:/id:3:initdefault:/‘ /etc/inittab

#关闭所有的服务的开机启动,只打开部分需要的服务
### service config
for i in `chkconfig --list | awk ‘{print $1}‘ `; do echo $i; chkconfig $i off; done
for i in sshd network crond sysstat acpid irqbalance iptables rsyslog ntpdate ; do chkconfig $i on; done

#添加系统需要的用户
### Add new user.
useradd lyp_hx
echo ‘Hu0X!nG%12‘ | passwd --stdin lyp_hx
chage -d 0 lyp_hx 
useradd developer
echo ‘Hu0X!nG%12‘ | passwd --stdin developer
chage -d 0  developer
useradd   xunge
echo ‘Hu0X!nG%12‘ | passwd --stdin xunge
chage -d 0 xunge
useradd  roke01
echo ‘Hu0X!nG%12‘ | passwd --stdin roke01
chage -d 0  roke01

#允许哪些用户有sudo的权限
chmod u+w /etc/sudoers
echo -e "lyp_hx ALL=(ALL)  ALL\ndeveloper ALL=(ALL)  ALL" >> /etc/sudoers
echo -e "xunge ALL=(ALL)  ALL\nroke01 ALL=(ALL)  ALL" >> /etc/sudoers
chmod u-w /etc/sudoers

#让所有的网卡开机自动启动
#network start with system.
sed -i s/ONBOOT=no/ONBOOT=yes/g  /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i s/ONBOOT=no/ONBOOT=yes/g  /etc/sysconfig/network-scripts/ifcfg-eth1

#禁止使用密码登录 
### sshd config
sed  -i s/"PasswordAuthentication yes"/"PasswordAuthentication no"/g /etc/ssh/sshd_config 

#添加ssh的密钥
[ ! -d /root/.ssh ] &&  mkdir -p /root/.ssh/
chmod 700 /root/.ssh/
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyVbaOb8yYSOfcfKXQo0zzOFlpUDAAxltM5lo44E0QG5IFtKe5NpUhl/3shOoS78SS6mfADF5+S+jyB/d32CwsG0M4P9ZcX4wt5vNrVuCyud3VF6qhYjuEx28T8L7EjGIHZdNto7mlc8nK2+juE4JxuMXwYknpb22zOR/j1DQcsysymvfgqsHVG2C0cyPCYffzO4baik68KSiyuECl2IQZtj611fHZkFk6jqxFUUav6vwXTBf/RCHYwo8l15IuiPK5YtHT0iLbbXOxlC8G24QAIaPU5FfX445qpd4iCwhYUIcGQAZXCXRwWCODUsTO/D6GtPB2fB1fnPTxUTkzQfe1Q== [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr905kqmgZT3kTrUEwnoJJpq0ecSo1g8p4NIaklsxOzjBmwKfXcN0RkPKm5qDcanWtalY7OEiJYg1ZMhdGutaFuuVLxsjJJsh2n1vRPC9TYNMEGQ0i99lEEz1shRih5VfHvdsx+htt68GtrUJUxQVE9nlboX6NIqch9FmTxxmegHX/W1nRQ1ejcLw9T0bfwU7/6f37eM4jQ9B72hhZc6tpVFvfrQRCp5rPDZ6agGY9PzNkKldulLmZ5egHhhzA/4UX7L358QeSI7UNb2gkxITqIxM2HS8P8IG0gJb41RJwl4l0dGKfvi32tK1aICSntKF8Bozj4am+6QrpaUip6S6dw==  developer
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4qV2CbFgB0rdEhYkfZYz3EcMy9mHBmPy8kxDw29RHqP5Pvx58fgHgDILdAoKQqpRDN7S4zTznPVJXt7atbGugWMdokG78du8K73CdNbB2NSl9l+XS3wdwQfeALgo+JX/NSuiDk0Zx9SSmfm10izix+4XJ+D5IjzsOrxrGbys3CbYyFx9bIuBN1at618gZezDB9bQaq0AL30w7D3qxp8s2V05s4t1Xngd5Kn1ZcK8327pAmipcHjpn7SDsH04suNdhCE7HJcrBIac2dfauw/90/mkhpA/58L6Hek6TRTPza7Y8+WVYe2RBLVZODmOym2gA9+qhcebVhgyUpAscXgOQQ==   program
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxSo72gHJX+tkCze25v3xr16urGM04oHKNWyo5+5eSafeJS+Xl8pHNN4EV3a3tuMvZo1tBmziONqmUv13N8rv1D3rMbkYZAzu10vZi/8Id9UJCu6X15+4j+mga95k/RkYDNydxaMV72f6Zue/ZR6NaoXLYKuXdHXZmRbRE435tAepmbbuxNrdOzM8hdRvFFc4LmM1GBfc3vPDCwNz3+lpLYsO0qPpeT8aVg3vaLX7gLul+f0W+iHzPtdRiGm9U6EXvuRVhv1FEAVpB+hGJmM1L2ECY3s6aWbCNF4bFWFxwtTR8Ykvlq4ekL4DIVF1qY1/vMOG5hp0zPNYGx5i5Y4Ghw==  roke001
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA34QAb/xi1Sme/YEBeuJrBW8hn1nIVSL03XiEcJacQO9VVkvKUdY8sXL9fUS2qFgFcFVj5GMI/7YCECp/PMAkox6LAs2+WbmfXgasK+aFWEY9Anop2qmrtvmtvMOy1cINB6fFC9UgXHFL7qm63h5OlZaRrXRzyf2G+LVnV+6vCzJuAO3vkeVzi6XTtrPhXIbh8HBmTFNCr2OQ1g5vX8IMpvhb60j6yY/CUlBbY2WktLPO7bPYOPat2GlrzPy4Ku2xITXnq3CwZnAfe2XTJ7kMG3Bp7YJhOhBV1fZ9VQNuOsodVRnMjNzgyftdZ/8Do5HMT66umos9MSI8f+zSWLoUBQ==   xunge
#key" > /root/.ssh/authorized_keys

#重启sshd
/etc/init.d/sshd restart
#修改服务器的DNS
### set dns server
echo -e "nameserver 114.114.114.114\nnameserver 8.8.8.8" > /etc/resolv.conf

#给一些自定义的脚本一些可执行权限
chmod a+x /opt/scripts/*.sh

#关闭SELinux 
###disable selinux 
sed -i ‘s/SELINUX=enforcing/SELINUX=disalbed/g‘ /etc/selinux/config

#把一些服务添加到开机启动
echo ‘bash /opt/zabbix/zabbix_agentd.sh‘ >> /etc/rc.local
echo ‘bash /opt/scripts/firewall_kvm.sh‘ >> /etc/rc.local
echo ‘cd /opt/scripts;nohup /opt/scripts/ssh_deny.sh &‘ >> /etc/rc.local

#把hostname写到配置文件中
echo ‘NETWORKING=yes‘ > /etc/sysconfig/network
echo "HOSTNAME=$hostname" >> /etc/sysconfig/network

#设置vim语法高亮
##Set vim 
echo ‘syntax on‘ > /root/.vimrc

#修改内核参数
###sysctl
cat >> /etc/sysctl.conf << END
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.core.wmem_max = 873200
net.core.rmem_max = 873200
net.core.somaxconn = 256
net.core.netdev_max_backlog = 1000
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_mem = 786432  1048576 1572864
net.ipv4.tcp_wmem = 8192  436600  873200
net.ipv4.tcp_rmem = 32768  436600  873200
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
END
modprobe bridge

#让修改后的内核参数生效
/sbin/sysctl -p

#添加执行命令的路径
#Add PATH environment.
echo ‘export PATH=$PATH:/opt/node/bin:/opt/node/lib/node_modules/npm/bin/node-gyp-bin:/opt/zabbix/bin:/opt/zabbix/sbin‘ >> /etc/profile

#添加zabbix这个用户
/usr/sbin/groupadd zabbix
/usr/sbin/useradd -g zabbix zabbix -s /sbin/nologin

#重启
###reboot
sleep 10
reboot


本文出自 “有趣灵魂” 博客,请务必保留此出处http://powermichael.blog.51cto.com/12450987/1951713

以上是关于CentOS6系统初始化脚本的主要内容,如果未能解决你的问题,请参考以下文章

CentOS6系统初始化脚本

CentOS6.X系统初始化脚本

Centos6&7 初始化脚本

centos 6/7 系统初始化脚本

centos6.x 初始化脚本

centos6/7通用查看系统版本的方法