CentOS 7 ϵͳÓÅ»¯¾ç±¾
Ò»¡¢ÏÈÈÝ
×÷ΪһÃûÔËά£¬¾³£»á°²ÅÅÖÖÖÖÓÃ;µÄ²Ù×÷ϵͳ£¬µ«ÔÚÕâЩÊÂÇéÖУ¬ÎÒÃǻᷢÃ÷Ðí¶àÊÂÇé×ÅʵÊÇÖظ´ÐÔµÄÀͶ¯£¬²Ù×÷µÄÄÚÈÝÒ²ÊÇ´óͬСÒ죬»ùÓÚÕâÀàÇéÐΣ¬ÎÒÃÇ¿ÉÒÔ°ÑÏàͬµÄ²Ù×÷×ö³ÉͳһִÐеľ籾£¬²î±ðµÄ¹¤¾ß×÷Ϊ±äÁ¿ÊÖ¶¯ÊäÈë¡£½ÚÔ¼ÏÂÀ´µÄʱ¼ä²»¾Í¿ÉÒÔ×ö¸ü¶àÓÐÒâÒåµÄÊÂÇéÂð£¿
×î½üÔÚ·ÛË¿ÓÐÍƼöÏ·¢Ã÷Ò»¿î½ÏÁ¿ºÃÓõÄshellÔ´Â룬Ҳ»ùÓڴ˸ıàÁËһϣ¬·ÖÏí¸ø¸÷ÈË¡£
¶þ¡¢²Ëµ¥
Ö÷²Ëµ¥£º
¶þ¼¶²Ëµ¥£º
Ö÷ҪʵÏÖϵͳµÄÖÖÖÖÓÅ»¯£¬ºÃ±È³£ÓõÄÐÞ¸Ä×Ö·û¼¯¡¢¹Ø±Õselinux¡¢¹Ø±Õ·À»ðǽ¡¢×°Öó£Óù¤¾ßºÍ¼ÓËÙsshµÇ¼µÈ¹¦Ð§¡£
Å£±Æ°¡£¡½Ó˽»î±Ø±¸µÄ N ¸ö¿ªÔ´ÏîÄ¿£¡¸ÏæÕä²Ø°É
µÇ¼ºó¸´ÖÆ
Èý¡¢Ô´Âë
#!/bin/sh . /etc/rc.d/init.d/functions export LANG=zh_CN.UTF-8 #Ò»¼¶²Ëµ¥ menu1() { clear cat <<eof ---------------------------------------- |**** ½Ó´ýʹÓÃcetnos7.9ÓÅ»¯¾ç±¾ ****| |**** ²©¿ÍµØµã: aaa.al ****| ---------------------------------------- 1. Ò»¼üÓÅ»¯ 2. ×Ô½ç˵ÓÅ»¯ 3. Í˳ö EOF read -p "please enter your choice[1-3]:" num1 } #¶þ¼¶²Ëµ¥ menu2() { clear cat <<eof ---------------------------------------- |****Please Enter Your Choice:[0-13]****| ---------------------------------------- 1. ÐÞ¸Ä×Ö·û¼¯ 2. ¹Ø±Õselinux 3. ¹Ø±Õfirewalld 4. ¾«¼ò¿ª»úÆô¶¯ 5. ÐÞ¸ÄÎļþÐÎò·û 6. ×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´ 7. ÓÅ»¯ÏµÍ³ÄÚºË 8. ¼ÓËÙsshµÇ¼ËÙÂÊ 9. ½ûÓÃctrl+alt+delÖØÆô 10.ÉèÖÃʱ¼äͬ²½ 11.historyÓÅ»¯ 12.·µ»ØÉϼ¶²Ëµ¥ 13.Í˳ö EOF read -p "please enter your choice[1-13]:" num2 } #1.ÐÞ¸Ä×Ö·û¼¯ localeset() { echo "========================ÐÞ¸Ä×Ö·û¼¯=========================" cat > /etc/locale.conf <<eof LANG="zh_CN.UTF-8" #LANG="en_US.UTF-8" SYSFONT="latarcyrheb-sun16" EOF source /etc/locale.conf echo "#cat /etc/locale.conf" cat /etc/locale.conf action "Íê³ÉÐÞ¸Ä×Ö·û¼¯" /bin/true echo "===========================================================" sleep 2 } #2.¹Ø±Õselinux selinuxset() { selinux_status=`grep "SELINUX=disabled" /etc/sysconfig/selinux | wc -l` echo "========================½ûÓÃSELINUX========================" if [ $selinux_status -eq 0 ];then sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/sysconfig/selinux setenforce 0 echo '#grep SELINUX=disabled /etc/sysconfig/selinux' grep SELINUX=disabled /etc/sysconfig/selinux echo '#getenforce' getenforce else echo 'SELINUXÒÑ´¦ÓڹرÕ״̬' echo '#grep SELINUX=disabled /etc/sysconfig/selinux' grep SELINUX=disabled /etc/sysconfig/selinux echo '#getenforce' getenforce fi action "Íê³É½ûÓÃSELINUX" /bin/true echo "===========================================================" sleep 2 } #3.¹Ø±Õfirewalld firewalldset() { echo "=======================½ûÓÃfirewalld========================" systemctl stop firewalld.service &> /dev/null echo '#firewall-cmd --state' firewall-cmd --state systemctl disable firewalld.service &> /dev/null echo '#systemctl list-unit-files | grep firewalld' systemctl list-unit-files | grep firewalld action "Íê³É½ûÓÃfirewalld£¬Éú²úÇéÐÎϽ¨ÒéÆôÓã¡" /bin/true echo "===========================================================" sleep 5 } #4.¾«¼ò¿ª»úÆô¶¯ chkset() { echo "=======================¾«¼ò¿ª»úÆô¶¯========================" systemctl disable auditd.service systemctl disable postfix.service systemctl disable dbus-org.freedesktop.NetworkManager.service echo '#systemctl list-unit-files | grep -E "auditd|postfix|dbus-org\.freedesktop\.NetworkManager"' systemctl list-unit-files | grep -E "auditd|postfix|dbus-org\.freedesktop\.NetworkManager" action "Íê³É¾«¼ò¿ª»úÆô¶¯" /bin/true echo "===========================================================" sleep 2 } #5.ÐÞ¸ÄÎļþÐÎò·û limitset() { echo "======================ÐÞ¸ÄÎļþÐÎò·û=======================" echo '* - nofile 65535'>/etc/security/limits.conf ulimit -SHn 65535 echo "#cat /etc/security/limits.conf" cat /etc/security/limits.conf echo "#ulimit -Sn ; ulimit -Hn" ulimit -Sn ; ulimit -Hn action "Íê³ÉÐÞ¸ÄÎļþÐÎò·û" /bin/true echo "===========================================================" sleep 2 } #6.×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´ yumset() { echo "=================×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´===================" yum install wget -y &> /dev/null if [ $? -eq 0 ];then cd /etc/yum.repos.d/ \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F) ping -c 1 mirrors.aliyun.com &> /dev/null if [ $? -eq 0 ];then wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null yum clean all &> /dev/null yum makecache &> /dev/null else echo "ÎÞ·¨ÅþÁ¬ÍøÂç" exit $? fi else echo "wget×°ÖÃʧ°Ü" exit $? fi yum -y install ntpdate lsof net-tools telnet vim lrzsz tree nmap nc sysstat &> /dev/null action "Íê³É×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´" /bin/true echo "===========================================================" sleep 2 } #7. ÓÅ»¯ÏµÍ³ÄÚºË #ÁíÍ⣬ËÑË÷ÃñÖÚºÅÊÖÒÕÉçÇøºǫ́»Ø¸´¡°±ÚÖ½¡±£¬»ñÈ¡Ò»·Ý¾ªÏ²Àñ°ü¡£kernelset() { echo "======================ÓÅ»¯ÏµÍ³ÄÚºË=========================" chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l` if [ $chk_nf -eq 0 ];then cat >>/etc/sysctl.conf<<eof net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 0 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 EOF sysctl -p else echo "ÓÅ»¯ÏîÒѱ£´æ¡£" fi action "Äں˵÷ÓÅÍê³É" /bin/true echo "===========================================================" sleep 2 } #8.¼ÓËÙsshµÇ¼ËÙÂÊ sshset() { echo "======================¼ÓËÙsshµÇ¼ËÙÂÊ======================" sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config systemctl restart sshd.service echo "#grep GSSAPIAuthentication /etc/ssh/sshd_config" grep GSSAPIAuthentication /etc/ssh/sshd_config echo "#grep UseDNS /etc/ssh/sshd_config" grep UseDNS /etc/ssh/sshd_config action "Íê³É¼ÓËÙsshµÇ¼ËÙÂÊ" /bin/true echo "===========================================================" sleep 2 } #9. ½ûÓÃctrl+alt+delÖØÆô restartset() { echo "===================½ûÓÃctrl+alt+delÖØÆô====================" rm -rf /usr/lib/systemd/system/ctrl-alt-del.target action "Íê³É½ûÓÃctrl+alt+delÖØÆô" /bin/true echo "===========================================================" sleep 2 } #10. ÉèÖÃʱ¼äͬ²½ ntpdateset() { echo "=======================ÉèÖÃʱ¼äͬ²½========================" yum -y install ntpdate &> /dev/null if [ $? -eq 0 ];then /usr/sbin/ntpdate time.windows.com echo "*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com &>/dev/null" >> /var/spool/cron/root else echo "ntpdate×°ÖÃʧ°Ü" exit $? fi action "Íê³ÉÉèÖÃʱ¼äͬ²½" /bin/true echo "===========================================================" sleep 2 } #11. historyÓÅ»¯ historyset() { echo "========================historyÓÅ»¯========================" chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l` if [ $chk_his -eq 0 ];then cat >> /etc/profile <<'EOF' #ÉèÖÃhistoryÃûÌà export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: " #¼Í¼shellÖ´ÐеÄÿһÌõÏÂÁî export PROMPT_COMMAND='\ if [ -z "$OLD_PWD" ];then export OLD_PWD=$PWD; fi; if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)"; fi; export LAST_CMD="$(history 1)"; export OLD_PWD=$PWD;' EOF source /etc/profile else echo "ÓÅ»¯ÏîÒѱ£´æ¡£" fi action "Íê³ÉhistoryÓÅ»¯" /bin/true echo "===========================================================" sleep 2 } #¿ØÖƺ¯Êý main() { menu1 case $num1 in 1) localeset selinuxset firewalldset chkset limitset yumset kernelset sshset restartset ntpdateset historyset ;; 2) menu2 case $num2 in 1) localeset ;; 2) selinuxset ;; 3) firewalldset ;; 4) chkset ;; 5) limitset ;; 6) yumset ;; 7) kernelset ;; 8) sshset ;; 9) restartset ;; 10) ntpdateset ;; 11) historyset ;; 12) main ;; 13) exit ;; *) echo 'Please select a number from [1-13].' ;; esac ;; 3) exit ;; *) echo 'Err:Please select a number from [1-3].' sleep 3 main ;; esac } main $*
µÇ¼ºó¸´ÖÆ
½«ÆäÉúÑÄΪinit.sh£¬È»ºó¸¶ÓëÖ´ÐÐȨÏÞºóÖ´Ðм´¿É¡£
chmod +x init.sh && ./init.sh
µÇ¼ºó¸´ÖÆ
ÈôÊÇÕâÑùÍù·µµØ¸´ÖÆÕ³ÌùºÜƶÀ§£¬Ò²¿ÉÒÔͨ¹ýÎÒµÄÒ»¼üÏÂÁîÖ´ÐУ¬Í¬ÑùÄִܵïÉÏÃæµÄЧ¹û£º
bash -c "$(curl -L s.aaa.al/init.sh)"
µÇ¼ºó¸´ÖÆ
×îºó£¬ÈôÊǸ÷ÈËÓÐÏëʵÏֵĹ¦Ð§£¬Ò²¿ÉÒÔÔÚÔÓо籾µÄ»ù´¡ÉϾÙÐÐÐÞ¸ÄʵÏÖ¡£
ÒÔÉϾÍÊÇCentOS 7 ϵͳÓÅ»¯¾ç±¾µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡