适用于Centos6.x系统的15项优化脚本
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d\( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo "stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo "================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo "无法连接网络。"
45 exit $?
46 fi
47echo "==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo "================================================="
53echo ""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo "================更改为中文字符集================="
59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo '#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo "================================================="
71echo ""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo "============禁用SELINUX及关闭防火墙=============="
77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo '#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo '#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo "================================================="
88echo ""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo "===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo '+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo '+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo "================================================="
103echo ""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo "======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo "================================================="
120echo ""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo "========修改ssh默认端口禁用root远程登录=========="
126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo '+-------modify the sshd_config-------+'
132 echo 'Port 52113'
133 echo 'PermitEmptyPasswords no'
134 echo 'PermitRootLogin no'
135 echo 'UseDNS no'
136 echo '+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo "================================================="
139echo ""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo "================配置时间同步====================="
145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo '#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo "================================================="
155echo ""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo "#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo "================================================="
169echo ""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo "===================新建用户======================"
175#add user
176while true
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo "用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo "用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191while true
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo "密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo "两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo "$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo "#####add visudo#####"
209\cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo '#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo "================================================="
219echo ""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo "===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo '* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo '#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo '#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo "================================================="
237echo ""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo "================================================="
248echo ""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo "================================================="
256echo ""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo "================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 \cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo "modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo "modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo "================================================="
295echo ""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo "======设置默认历史记录数和连接超时时间======"
301echo "TMOUT=300" >>/etc/profile
302echo "HISTSIZE=5" >>/etc/profile
303echo "HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo "================================================="
308echo ""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo "======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo "================================================="
322echo ""
323sleep 2
324}
325#menu2
326menu2(){
327while true
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case "$input2" in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo "----------------------------------"
403 echo "| Warning!!! |"
404 echo "| Please Enter Right Choice! |"
405 echo "----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "\b\b$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417while true
418do
419clear
420echo "========================================"
421echo ' Linux Optimization '
422echo "========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case "$input1" in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo "----------------------------------"
467 echo "| Warning!!! |"
468 echo "| Please Enter Right Choice! |"
469 echo "----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "\b\b$i";
473 sleep 1;
474 done
475 clear
476esac
477done
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d\( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo"stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo"================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo"无法连接网络。"
45 exit $?
46 fi
47echo"==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo"================================================="
53echo""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo"================更改为中文字符集================="
59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo'#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo"================================================="
71echo""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo"============禁用SELINUX及关闭防火墙=============="
77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo'#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo'#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo"================================================="
88echo""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo"===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo'+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo'+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo"================================================="
103echo""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo"======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo"================================================="
120echo""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo"========修改ssh默认端口禁用root远程登录=========="
126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo'+-------modify the sshd_config-------+'
132 echo'Port 52113'
133 echo'PermitEmptyPasswords no'
134 echo'PermitRootLogin no'
135 echo'UseDNS no'
136 echo'+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo"================================================="
139echo""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo"================配置时间同步====================="
145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo"#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo"*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo'#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo"================================================="
155echo""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo"#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo"================================================="
169echo""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo"===================新建用户======================"
175#add user
176whiletrue
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':''{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo"用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo"用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191whiletrue
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo"密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo"两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo"$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo"#####add visudo#####"
209\cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo"$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo'#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo"================================================="
219echo""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo"===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo'* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo'#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo'#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo"================================================="
237echo""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo"======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo"================================================="
248echo""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo"================================================="
256echo""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo"================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 \cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo"modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo"modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo"================================================="
295echo""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo"======设置默认历史记录数和连接超时时间======"
301echo"TMOUT=300" >>/etc/profile
302echo"HISTSIZE=5" >>/etc/profile
303echo"HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo"================================================="
308echo""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo"======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo"================================================="
322echo""
323sleep 2
324}
325#menu2
326menu2(){
327whiletrue
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case"$input2"in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo"----------------------------------"
403 echo"| Warning!!! |"
404 echo"| Please Enter Right Choice! |"
405 echo"----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "\b\b$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417whiletrue
418do
419clear
420echo"========================================"
421echo' Linux Optimization '
422echo"========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case"$input1"in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo"----------------------------------"
467 echo"| Warning!!! |"
468 echo"| Please Enter Right Choice! |"
469 echo"----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "\b\b$i";
473 sleep 1;
474 done
475 clear
476esac
477done
适用于Centos6.x系统的15项优化脚本的更多相关文章
- CentOS6 x86_64最小化安装优化脚本
#!/bin/bash #centos6. x86_64系统最小化安装优化脚本 #系统基础优化,建议以root运行 if [ $USER != "root" ];then echo ...
- 一键系统优化15项脚本,适用于Centos6.x
#!/bin/sh ################################################ #Author:nulige # qqinfo:1034611705 # Date ...
- centos6.x一键15项系统优化(转自努力哥)
#!/bin/sh ################################################ #Author:nulige # qqinfo: # Date: -- #vers ...
- CentOS6、7优化脚本完美版
#!/bin/bash SysVer=`cat /etc/redhat-release | awk -F'release' '{print $2}' | awk -F'[ .]+' '{print $ ...
- GHOST WIN7系统64位经典优化版 V2016年
来自系统妈:http://www.xitongma.com 深度技术GHOST win7系统32,64位经典优化版 V2016年3月 系统概述 深度技术ghost win7系统64位经典优化版适用于笔 ...
- Centos6.5生产环境最小化优化配置
Centos6.5生产环境最小化优化配置,满足业务需求! 01.启动网卡 #centos6.x最小化安装后,网卡默认不是启动状态 ifup eth0 // ifconfig eth0 up /et ...
- CentOS6.X 系统安装后的基础优化
特别说明:克隆之后的网卡修改 1 编辑eth0的配置文件:vi /etc/sysconfig/network-scripts/ifcfg-eth0, 删除HWADDR地址那一行及UUID的行如下: H ...
- 如何在VMware虚拟机中安装CentOS6.7系统(上篇)
之前给大家分享了在VMware中如何创建CentOS虚拟机,今天给大家分享一下如何在虚拟机中安装CentOS系统,以CentOS6.7系统为例,其他的系统版本也可以参考该教程进行类似处理,具体的流程如 ...
- 在VMware Workstation上安装CentOS6.5系统步
在VMware Workstation上安装CentOS6.5系统步骤 听语音 | 浏览:147 | 更新:2016-07-28 15:45 | 标签:安装 虚拟机 CENTOS 1 2 3 4 5 ...
随机推荐
- CAS5.X 集群配置 初版
基础版 cas-overlay pom.xml <?xml version="1.0" encoding="UTF-8"?> <projec ...
- 实战Asp.Net Core:部署应用
1.前言 某一刻,你已经把 .Net Core 的程序写好了.接下来,还可以做什么呢?那就是部署了. 作为一名开发工程师,如果不会部署自己开发的应用,那么这也是不完整的.接下来,我们就来说说,如何部署 ...
- 封装HttpUrlConnection开箱即用
因为经常用到 便写出来方边使用 直接复制本类即可 import java.io.*; import java.net.HttpURLConnection; import java.net.URL; i ...
- 02-HTML之head标签
head标签 head内常用标签表 标签 类型 意义 <title></titile> 双闭合标签 定义网页标题 <style></style> 双闭合 ...
- 福州大学软件工程1816 | W班 第1次作业成绩排名
1.作业地址 第一次作业--准备篇 2.作业要求 (1)回想一下你初入大学时对计算机专业的畅想 当初你是如何做出选择计算机专业的决定的? 你认为过去两年中接触到的课程是否符合你对计算机专业的期待,为什 ...
- 数组建 BST
#include <bits/stdc++.h> using namespace std; const int maxn = 1e5 + 10; int N, root = 1; int ...
- 实验楼----PHP代码审计(sha1、md5)
地址:http://www.shiyanbar.com/ctf/1787 题目:
- java对象的四种引用:强引用、软引用、弱引用和虚引用
在JDK1.2之前,创建的对象只有在处于可触及(reachable)的状态下,才能被程序使用.也就是说,若一个对象不被任何变量引用,那么程序就无法再使用这个对象.垃圾回收器一旦发现这些无用对象,就会对 ...
- 面试题(校招java)
1:linux线程和进程的区别? 进程是程序执行时的一个实例,即它是程序已经执行到课中程度的数据结构的汇集.从内核的观点看,进程的目的就是担当分配系统资源(CPU时间.内存等)的基本单位. 线程是进程 ...
- Windows 激活的简单办法(能上网)
1. 之前很多机器上面总是提示我 盗版系统看起来挺不high的 2. 还是使用之前的办法来进行激活 slmgr (之前写过) /ipk <Product Key> 安装产品密钥(替换现 ...