适用于Centos6.x系统的15项优化脚本
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d\( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo "stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo "================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo "无法连接网络。"
45 exit $?
46 fi
47echo "==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo "================================================="
53echo ""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo "================更改为中文字符集================="
59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo '#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo "================================================="
71echo ""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo "============禁用SELINUX及关闭防火墙=============="
77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo '#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo '#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo "================================================="
88echo ""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo "===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo '+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo '+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo "================================================="
103echo ""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo "======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo "================================================="
120echo ""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo "========修改ssh默认端口禁用root远程登录=========="
126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo '+-------modify the sshd_config-------+'
132 echo 'Port 52113'
133 echo 'PermitEmptyPasswords no'
134 echo 'PermitRootLogin no'
135 echo 'UseDNS no'
136 echo '+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo "================================================="
139echo ""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo "================配置时间同步====================="
145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo '#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo "================================================="
155echo ""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo "#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo "================================================="
169echo ""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo "===================新建用户======================"
175#add user
176while true
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo "用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo "用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191while true
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo "密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo "两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo "$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo "#####add visudo#####"
209\cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo '#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo "================================================="
219echo ""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo "===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo '* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo '#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo '#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo "================================================="
237echo ""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo "================================================="
248echo ""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo "================================================="
256echo ""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo "================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 \cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo "modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo "modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo "================================================="
295echo ""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo "======设置默认历史记录数和连接超时时间======"
301echo "TMOUT=300" >>/etc/profile
302echo "HISTSIZE=5" >>/etc/profile
303echo "HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo "================================================="
308echo ""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo "======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo "================================================="
322echo ""
323sleep 2
324}
325#menu2
326menu2(){
327while true
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case "$input2" in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo "----------------------------------"
403 echo "| Warning!!! |"
404 echo "| Please Enter Right Choice! |"
405 echo "----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "\b\b$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417while true
418do
419clear
420echo "========================================"
421echo ' Linux Optimization '
422echo "========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case "$input1" in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo "----------------------------------"
467 echo "| Warning!!! |"
468 echo "| Please Enter Right Choice! |"
469 echo "----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "\b\b$i";
473 sleep 1;
474 done
475 clear
476esac
477done
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d\( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo"stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo"================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo"无法连接网络。"
45 exit $?
46 fi
47echo"==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo"================================================="
53echo""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo"================更改为中文字符集================="
59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo'#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo"================================================="
71echo""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo"============禁用SELINUX及关闭防火墙=============="
77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo'#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo'#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo"================================================="
88echo""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo"===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo'+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo'+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo"================================================="
103echo""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo"======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo"================================================="
120echo""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo"========修改ssh默认端口禁用root远程登录=========="
126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo'+-------modify the sshd_config-------+'
132 echo'Port 52113'
133 echo'PermitEmptyPasswords no'
134 echo'PermitRootLogin no'
135 echo'UseDNS no'
136 echo'+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo"================================================="
139echo""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo"================配置时间同步====================="
145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo"#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo"*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo'#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo"================================================="
155echo""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo"#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo"================================================="
169echo""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo"===================新建用户======================"
175#add user
176whiletrue
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':''{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo"用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo"用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191whiletrue
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo"密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo"两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo"$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo"#####add visudo#####"
209\cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo"$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo'#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo"================================================="
219echo""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo"===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo'* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo'#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo'#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo"================================================="
237echo""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo"======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo"================================================="
248echo""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo"================================================="
256echo""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo"================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 \cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo"modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo"modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo"================================================="
295echo""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo"======设置默认历史记录数和连接超时时间======"
301echo"TMOUT=300" >>/etc/profile
302echo"HISTSIZE=5" >>/etc/profile
303echo"HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo"================================================="
308echo""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo"======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo"================================================="
322echo""
323sleep 2
324}
325#menu2
326menu2(){
327whiletrue
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case"$input2"in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo"----------------------------------"
403 echo"| Warning!!! |"
404 echo"| Please Enter Right Choice! |"
405 echo"----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "\b\b$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417whiletrue
418do
419clear
420echo"========================================"
421echo' Linux Optimization '
422echo"========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case"$input1"in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo"----------------------------------"
467 echo"| Warning!!! |"
468 echo"| Please Enter Right Choice! |"
469 echo"----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "\b\b$i";
473 sleep 1;
474 done
475 clear
476esac
477done
适用于Centos6.x系统的15项优化脚本的更多相关文章
- CentOS6 x86_64最小化安装优化脚本
#!/bin/bash #centos6. x86_64系统最小化安装优化脚本 #系统基础优化,建议以root运行 if [ $USER != "root" ];then echo ...
- 一键系统优化15项脚本,适用于Centos6.x
#!/bin/sh ################################################ #Author:nulige # qqinfo:1034611705 # Date ...
- centos6.x一键15项系统优化(转自努力哥)
#!/bin/sh ################################################ #Author:nulige # qqinfo: # Date: -- #vers ...
- CentOS6、7优化脚本完美版
#!/bin/bash SysVer=`cat /etc/redhat-release | awk -F'release' '{print $2}' | awk -F'[ .]+' '{print $ ...
- GHOST WIN7系统64位经典优化版 V2016年
来自系统妈:http://www.xitongma.com 深度技术GHOST win7系统32,64位经典优化版 V2016年3月 系统概述 深度技术ghost win7系统64位经典优化版适用于笔 ...
- Centos6.5生产环境最小化优化配置
Centos6.5生产环境最小化优化配置,满足业务需求! 01.启动网卡 #centos6.x最小化安装后,网卡默认不是启动状态 ifup eth0 // ifconfig eth0 up /et ...
- CentOS6.X 系统安装后的基础优化
特别说明:克隆之后的网卡修改 1 编辑eth0的配置文件:vi /etc/sysconfig/network-scripts/ifcfg-eth0, 删除HWADDR地址那一行及UUID的行如下: H ...
- 如何在VMware虚拟机中安装CentOS6.7系统(上篇)
之前给大家分享了在VMware中如何创建CentOS虚拟机,今天给大家分享一下如何在虚拟机中安装CentOS系统,以CentOS6.7系统为例,其他的系统版本也可以参考该教程进行类似处理,具体的流程如 ...
- 在VMware Workstation上安装CentOS6.5系统步
在VMware Workstation上安装CentOS6.5系统步骤 听语音 | 浏览:147 | 更新:2016-07-28 15:45 | 标签:安装 虚拟机 CENTOS 1 2 3 4 5 ...
随机推荐
- CAP理论与分布式事务解决方案
微服务系统所设计的系统是分布式系统.分布式系统有一个著名的CAP理论,即同时满足"一致性""可用性"和"分区容错"是一件不可能的事.CAP理 ...
- 面试 16:栈的压入压出队列(剑指 Offer 第 22 题)
我们今天继续来看看周五留下的习题: 面试题:输入两个整数序列,第一个序列表示栈的压入顺序,请判断二个序列是否为该栈的弹出顺序.假设压入栈的所有数字均不相等.例如:压入序列为{1,2,3,4,5},那{ ...
- CSS 定位 (Positioning) 实例
CSS 定位和浮动CSS 为定位和浮动提供了一些属性,利用这些属性,可以建立列式布局,将布局的一部分与另一部分重叠,还可以完成多年来通常需要使用多个表格才能完成的任务. 定位的基本思想很简单,它允许你 ...
- A short Glimpse to Spectral Sequences 快速入坑谱序列(英文)
In this short paper with a few of page (but a lot of language mistake), I want to introduce the theo ...
- 插入排序专题 直接插入 折半 希尔shell
1.直接插入排序 分析:a[n]有n个元素 a[0...n-1] 从 i=1...n-1 a[i]依次与 a[0...n-2]数字进行比较 发现后面的数字大于前面的数字交换位置,每一次比较,与 ...
- ZOJ - 1610 经典线段树染色问题
这个是一个经典线段树染色问题,不过题目给的是左右左右坐标,即[0,3]包含0-1这一段 1-2这一段 2-3这一段,和传统的染色不太一样,不过其实也不用太着急. 我们把左边的坐标+1,即可,那么[0, ...
- Volterra方程的不动点
- Python_列表初识及操作
列表 列表初识 列表属于容器性数据类型. li = [123, '狗', True, [1, 2, 3], {'name': 'Lon'}, (1, 2, 3)] 其中包含有int型,例如123:字符 ...
- withRouter使用
import React from 'react'; import {Switch,NavLink,Route,Redirect,withRouter} from 'react-router-dom' ...
- C\C++学习笔记 3
C++记录7 函数指针: 函数名为地址, 地址指的是在机器指令存储的地址. double func(int line){ reture line*3.5;} void f(int line, doub ...