centos7.3系统的初始化脚本

Posted 2020-10-17

#!/bin/bash
#
#authentication
if    [ `whoami` != "root" ]
then    echo "please run this script as root." >&2
    exit 1
fi
echo    -e "\033[31m system initialization script, only support CentOS-7-x86_64 \033[0m"
echo    -e "\033[31m please run carefully,press ctrl+C to cancel \033[0m"
sleep    5

#set date
date(){
if    [ `date +%z` != "+0800" ]
then    timedatectl set-timezone Asia/Shanghai
 if    [ `date +%z` != "+0800" ]
 then    echo "Shanghai time zone set fail "
    timedatectl set-timezone Asia/Chongqing
  if    [ `date +%z` != "+0800" ]
  then    echo -e "\033[31m Chongqing time zone set fail \033[0m"
    echo -e "\033[31m please manual setting \033[0m"
  fi
 fi
fi
yum -y install ntp
/usr/sbin/ntpdate cn.ntp.org.cn &>/dev/null
/usr/sbin/hwclock -w &>/dev/null
cat >> /etc/crontab <<EOF
*/10 * * * * root /usr/sbin/ntpdate cn.ntp.org.cn &>/dev/null
* * * * */1 root /usr/sbin/hwclock -w &>/dev/null
EOF
echo    "present time: `date`"
echo    -e "\033[31m date set completed \033[0m"
sleep    1
}

#ban kernel update
yum_conf(){
if    [ ! -f /etc/yum.conf.bak]
then    cp /etc/yum.conf /etc/yum.conf.bak
fi
sed    -i ‘/\[main\]/a\exclude=kernel*‘ /etc/yum.conf
cat     /etc/yum.conf | grep "exclude=kernel*"
echo    -e "\033[31m ban kernel update set completed \033[0m "
sleep    1
}

#set limit
limit_config(){
if    [ ! -f /etc/security/limits.conf.bak ] 
then    cp /etc/security/limits.conf /etc/security/limits.conf.bak 
fi
sed    -i ‘/^*.*soft.*nofile.*/d‘ /etc/security/limits.conf
sed    -i ‘/^*.*hard.*nofile.*/d‘ /etc/security/limits.conf
sed    -i ‘/^*.*soft.*nproc.*/d‘ /etc/security/limits.conf
sed    -i ‘/^*.*hard.*nproc.*/d‘ /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 102400
* hard nproc 102400
EOF
cat    /etc/security/limits.conf | grep "^*.*"
echo    -e "\033[31m limit setup completed \033[0m"
sleep    1
}

#disable selinux
selinux(){
if    [ ! -f /etc/selinux/config.bak ]
then    cp /etc/selinux/config /etc/selinux/config.bak
fi
sed    -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config
setenforce 0
getenforce
echo    -e "\033[31m selinux set completed \033[0m"
sleep    1
}

#reboot hotkey
hotkey(){
if    [ ! -f /usr/lib/systemd/system/ctrl-alt-del.target.bak ]
then    cp /usr/lib/systemd/system/ctrl-alt-del.target /usr/lib/systemd/system/ctrl-alt-del.target.bak
fi
sed    -i ‘s/^/#/g‘ /usr/lib/systemd/system/ctrl-alt-del.target
cat    /usr/lib/systemd/system/ctrl-alt-del.target
echo    -e "\033[31m hotkey set completed \033[0m"
sleep    1
}

#set SSH login timeout
ssh(){
if    [ ! -f /etc/profile.bak ]
then    cp /etc/profile /etc/profile.bak
fi
echo "TMOUT=300" >>/etc/profile
cat    /etc/profile | grep "TMOUT"
echo    -e "\033[31m SSH timeout set completed \033[0m"
sleep    1
}

#ban root ssh login permission
sshd_cofig(){
if    [ ! -f /etc/ssh/sshd_config ]
then    cp /etc/ssh/sshd_config  /etc/ssh/sshd_config.bak 
fi
sed    -i ‘s/#PermitRootLogin.*/PermitRootLogin no/‘ /etc/ssh/sshd_config
systemctl reload sshd
echo    -e "\033[31m bin root ssh login set completed \033[0m"
sleep    1
}