适用于Centos6.x系统的15项优化脚本
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d\( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo "stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo "================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo "无法连接网络。"
45 exit $?
46 fi
47echo "==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo "================================================="
53echo ""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo "================更改为中文字符集================="
59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo '#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo "================================================="
71echo ""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo "============禁用SELINUX及关闭防火墙=============="
77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo '#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo '#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo "================================================="
88echo ""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo "===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo '+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo '+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo "================================================="
103echo ""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo "======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo "================================================="
120echo ""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo "========修改ssh默认端口禁用root远程登录=========="
126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo '+-------modify the sshd_config-------+'
132 echo 'Port 52113'
133 echo 'PermitEmptyPasswords no'
134 echo 'PermitRootLogin no'
135 echo 'UseDNS no'
136 echo '+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo "================================================="
139echo ""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo "================配置时间同步====================="
145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo '#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo "================================================="
155echo ""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo "#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo "================================================="
169echo ""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo "===================新建用户======================"
175#add user
176while true
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo "用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo "用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191while true
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo "密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo "两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo "$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo "#####add visudo#####"
209\cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo '#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo "================================================="
219echo ""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo "===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo '* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo '#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo '#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo "================================================="
237echo ""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo "================================================="
248echo ""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo "================================================="
256echo ""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo "================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 \cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo "modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo "modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo "================================================="
295echo ""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo "======设置默认历史记录数和连接超时时间======"
301echo "TMOUT=300" >>/etc/profile
302echo "HISTSIZE=5" >>/etc/profile
303echo "HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo "================================================="
308echo ""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo "======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo "================================================="
322echo ""
323sleep 2
324}
325#menu2
326menu2(){
327while true
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case "$input2" in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo "----------------------------------"
403 echo "| Warning!!! |"
404 echo "| Please Enter Right Choice! |"
405 echo "----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "\b\b$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417while true
418do
419clear
420echo "========================================"
421echo ' Linux Optimization '
422echo "========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case "$input1" in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo "----------------------------------"
467 echo "| Warning!!! |"
468 echo "| Please Enter Right Choice! |"
469 echo "----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "\b\b$i";
473 sleep 1;
474 done
475 clear
476esac
477done
1#!/bin/bash
2# Date: 2018-6-8
3#version:1.2
4#实现功能:一键系统优化15项脚本,适用于Centos6.x
5################################################
6#Source function library.
7. /etc/init.d/functions
8#date
9DATE=`date +"%y-%m-%d %H:%M:%S"`
10#ip
11IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
12#hostname
13HOSTNAME=`hostname -s`
14#user
15USER=`whoami`
16#disk_check
17DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
18#cpu_average_check
19cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
20#set LANG
21export LANG=zh_CN.UTF-8
22#Require root to run this script.
23uid=`id | cut -d\( -f1 | cut -d= -f2`
24if [ $uid -ne 0 ];then
25 action "Please run this script as root." /bin/false
26 exit 1
27fi
28#"stty erase ^H"
29\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
30erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
31if [ $erase -lt 1 ];then
32 echo"stty erase ^H" >>/root/.bash_profile
33 source /root/.bash_profile
34fi
35#Config Yum CentOS-Bases.repo and save Yum file
36configYum(){
37echo"================更新为国内YUM源=================="
38 cd /etc/yum.repos.d/
39 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
40 ping -c 1 mirrors.aliyun.com >/dev/null
41 if [ $? -eq 0 ];then
42 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
43 else
44 echo"无法连接网络。"
45 exit $?
46 fi
47echo"==============保存YUM源文件======================"
48sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
49grep keepcache /etc/yum.conf
50sleep 5
51action "配置国内YUM完成" /bin/true
52echo"================================================="
53echo""
54 sleep 2
55}
56#Charset zh_CN.UTF-8
57initI18n(){
58echo"================更改为中文字符集================="
59 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
60>/etc/sysconfig/i18n
61cat >>/etc/sysconfig/i18n<<EOF
62LANG="zh_CN.UTF-8"
63#LANG="en_US.UTF-8"
64SYSFONT="latarcyrheb-sun16"
65EOF
66 source /etc/sysconfig/i18n
67 echo'#cat /etc/sysconfig/i18n'
68 grep LANG /etc/sysconfig/i18n
69action "更改字符集zh_CN.UTF-8完成" /bin/true
70echo"================================================="
71echo""
72 sleep 2
73}
74#Close Selinux and Iptables
75initFirewall(){
76echo"============禁用SELINUX及关闭防火墙=============="
77 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
78 /etc/init.d/iptables stop
79 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
80 setenforce 0
81 /etc/init.d/iptables status
82 echo'#grep SELINUX=disabled /etc/selinux/config '
83 grep SELINUX=disabled /etc/selinux/config
84 echo'#getenforce '
85 getenforce
86action "禁用selinux及关闭防火墙完成" /bin/true
87echo"================================================="
88echo""
89 sleep 2
90}
91#Init Auto Startup Service
92initService(){
93echo"===============精简开机自启动===================="
94 export LANG="en_US.UTF-8"
95 for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
96 for B in rsyslog network sshd crond;do chkconfig $B on;done
97 echo'+--------which services on---------+'
98 chkconfig --list |grep 3:on
99 echo'+----------------------------------+'
100 export LANG="zh_CN.UTF-8"
101action "精简开机自启动完成" /bin/true
102echo"================================================="
103echo""
104 sleep 2
105}
106#Removal system and kernel version login before the screen display
107initRemoval(){
108echo"======去除系统及内核版本登录前的屏幕显示======="
109#must use root user run scripts
110if
111 [ $UID -ne 0 ];then
112 echo This script must use the root user ! ! !
113 sleep 2
114 exit 0
115fi
116 >/etc/redhat-release
117 >/etc/issue
118action "去除系统及内核版本登录前的屏幕显示" /bin/true
119echo"================================================="
120echo""
121 sleep 2
122}
123#Change sshd default port and prohibit user root remote login.
124initSsh(){
125echo"========修改ssh默认端口禁用root远程登录=========="
126 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
127 sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
128 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
129 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
130 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
131 echo'+-------modify the sshd_config-------+'
132 echo'Port 52113'
133 echo'PermitEmptyPasswords no'
134 echo'PermitRootLogin no'
135 echo'UseDNS no'
136 echo'+------------------------------------+'
137 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
138echo"================================================="
139echo""
140 sleep 2
141}
142#time sync
143syncSysTime(){
144echo"================配置时间同步====================="
145 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
146 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
147 if [ $NTPDATE -eq 0 ];then
148 echo"#times sync by lee at $(date +%F)" >>/var/spool/cron/root
149 echo"*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
150 fi
151 echo'#crontab -l'
152 crontab -l
153action "配置时间同步完成" /bin/true
154echo"================================================="
155echo""
156 sleep 2
157}
158#install tools
159initTools(){
160 echo"#####安装系统补装工具(选择最小化安装minimal)#####"
161 ping -c 2 mirrors.aliyun.com
162 sleep 2
163 yum install tree nmap sysstat lrzsz dos2unix -y
164 sleep 2
165 rpm -qa tree nmap sysstat lrzsz dos2unix
166 sleep 2
167action "安装系统补装工具(选择最小化安装minimal)" /bin/true
168echo"================================================="
169echo""
170 sleep 2
171}
172#add user and give sudoers
173addUser(){
174echo"===================新建用户======================"
175#add user
176whiletrue
177do
178 read -p "请输入新用户名:" name
179 NAME=`awk -F':''{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
180 if [ ${#name} -eq 0 ];then
181 echo"用户名不能为空,请重新输入。"
182 continue
183 elif [ $NAME -eq 1 ];then
184 echo"用户名已存在,请重新输入。"
185 continue
186 fi
187useradd $name
188break
189done
190#create password
191whiletrue
192do
193 read -p "为 $name 创建一个密码:" pass1
194 if [ ${#pass1} -eq 0 ];then
195 echo"密码不能为空,请重新输入。"
196 continue
197 fi
198 read -p "请再次输入密码:" pass2
199 if [ "$pass1" != "$pass2" ];then
200 echo"两次密码输入不相同,请重新输入。"
201 continue
202 fi
203echo"$pass2" |passwd --stdin $name
204break
205done
206sleep 1
207#add visudo
208echo"#####add visudo#####"
209\cp /etc/sudoers /etc/sudoers.$(date +%F)
210SUDO=`grep -w "$name" /etc/sudoers |wc -l`
211if [ $SUDO -eq 0 ];then
212 echo"$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
213 echo'#tail -1 /etc/sudoers'
214 grep -w "$name" /etc/sudoers
215 sleep 1
216fi
217action "创建用户$name并将其加入visudo完成" /bin/true
218echo"================================================="
219echo""
220sleep 2
221}
222#Adjust the file descriptor(limits.conf)
223initLimits(){
224echo"===============加大文件描述符===================="
225 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
226 if [ $LIMIT -eq 0 ];then
227 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
228 echo'* - nofile 65535'>>/etc/security/limits.conf
229 fi
230 echo'#tail -1 /etc/security/limits.conf'
231 tail -1 /etc/security/limits.conf
232 ulimit -HSn 65535
233 echo'#ulimit -n'
234 ulimit -n
235action "配置文件描述符为65535" /bin/true
236echo"================================================="
237echo""
238sleep 2
239}
240#set ssh
241initSsh(){
242echo"======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
243sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
244sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
245service sshd restart
246action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
247echo"================================================="
248echo""
249sleep 2
250}
251#set the control-alt-delete to guard against the miSUSE
252initRestart(){
253sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
254action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
255echo"================================================="
256echo""
257sleep 2
258}
259#Optimizing the system kernel
260initSysctl(){
261echo"================优化内核参数====================="
262SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
263if [ $SYSCTL -lt 10 ];then
264\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
265cat >>/etc/sysctl.conf<<EOF
266net.ipv4.tcp_fin_timeout = 2
267net.ipv4.tcp_tw_reuse = 1
268net.ipv4.tcp_tw_recycle = 1
269net.ipv4.tcp_syncookies = 1
270net.ipv4.tcp_keepalive_time = 600
271net.ipv4.ip_local_port_range = 4000 65000
272net.ipv4.tcp_max_syn_backlog = 16384
273net.ipv4.tcp_max_tw_buckets = 36000
274net.ipv4.route.gc_timeout = 100
275net.ipv4.tcp_syn_retries = 1
276net.ipv4.tcp_synack_retries = 1
277net.core.somaxconn = 16384
278net.core.netdev_max_backlog = 16384
279net.ipv4.tcp_max_orphans = 16384
280net.netfilter.nf_conntrack_max = 25000000
281net.netfilter.nf_conntrack_tcp_timeout_established = 180
282net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
283net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
284net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
285EOF
286fi
287 \cp /etc/rc.local /etc/rc.local.$(date +%F)
288 modprobe nf_conntrack
289 echo"modprobe nf_conntrack">> /etc/rc.local
290 modprobe bridge
291 echo"modprobe bridge">> /etc/rc.local
292 sysctl -p
293action "内核调优完成" /bin/true
294echo"================================================="
295echo""
296 sleep 2
297}
298#setting history and login timeout
299initHistory(){
300echo"======设置默认历史记录数和连接超时时间======"
301echo"TMOUT=300" >>/etc/profile
302echo"HISTSIZE=5" >>/etc/profile
303echo"HISTFILESIZE=5" >>/etc/profile
304tail -3 /etc/profile
305source /etc/profile
306action "设置默认历史记录数和连接超时时间" /bin/true
307echo"================================================="
308echo""
309sleep 2
310}
311#chattr file system
312initChattr(){
313echo"======锁定关键文件系统======"
314chattr +i /etc/passwd
315chattr +i /etc/inittab
316chattr +i /etc/group
317chattr +i /etc/shadow
318chattr +i /etc/gshadow
319/bin/mv /usr/bin/chattr /usr/bin/lock
320action "锁定关键文件系统" /bin/true
321echo"================================================="
322echo""
323sleep 2
324}
325#menu2
326menu2(){
327whiletrue
328do
329clear
330cat <<EOF
331----------------------------------------
332|****Please Enter Your Choice:[0-15]****|
333----------------------------------------
334(1) 新建一个用户并将其加入visudo
335(2) 配置为国内YUM源镜像和保存YUM源文件
336(3) 配置中文字符集
337(4) 禁用SELINUX及关闭防火墙
338(5) 精简开机自启动
339(6) 去除系统及内核版本登录前的屏幕显示
340(7) 修改ssh默认端口及禁用root远程登录
341(8) 设置时间同步
342(9) 安装系统补装工具(选择最小化安装minimal)
343(10) 加大文件描述符
344(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
345(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
346(13) 系统内核调优
347(14) 设置默认历史记录数和连接超时时间
348(15) 锁定关键文件系统
349(0) 返回上一级菜单
350EOF
351read -p "Please enter your Choice[0-15]: " input2
352case"$input2"in
353 0)
354 clear
355 break
356 ;;
357 1)
358 addUser
359 ;;
360 2)
361 configYum
362 ;;
363 3)
364 initI18n
365 ;;
366 4)
367 initFirewall
368 ;;
369 5)
370 initService
371 ;;
372 6)
373 initRemoval
374 ;;
375 7)
376 initSsh
377 ;;
378 8)
379 syncSysTime
380 ;;
381 9)
382 initTools
383 ;;
384 10)
385 initLimits
386 ;;
387 11)
388 initSsh
389 ;;
390 12)
391 initRestart
392 ;;
393 13)
394 initSysctl
395 ;;
396 14)
397 initHistory
398 ;;
399 15)
400 initChattr
401 ;;
402 *) echo"----------------------------------"
403 echo"| Warning!!! |"
404 echo"| Please Enter Right Choice! |"
405 echo"----------------------------------"
406 for i in `seq -w 3 -1 1`
407 do
408 echo -ne "\b\b$i";
409 sleep 1;
410 done
411 clear
412esac
413done
414}
415#initTools
416#menu
417whiletrue
418do
419clear
420echo"========================================"
421echo' Linux Optimization '
422echo"========================================"
423cat << EOF
424|-----------System Infomation-----------
425| DATE :$DATE
426| HOSTNAME :$HOSTNAME
427| USER :$USER
428| IP :$IPADDR
429| DISK_USED :$DISK_SDA
430| CPU_AVERAGE:$cpu_uptime
431----------------------------------------
432|****Please Enter Your Choice:[1-3]****|
433----------------------------------------
434(1) 一键优化
435(2) 自定义优化
436(3) 退出
437EOF
438#choice
439read -p "Please enter your choice[0-3]: " input1
440case"$input1"in
4411)
442 addUser
443 configYum
444 initI18n
445 initFirewall
446 initService
447 initRemoval
448 initSsh
449 syncSysTime
450 initTools
451 initLimits
452 initSsh
453 initRestart
454 initSysctl
455 initHistory
456 initChattr
457 ;;
4582)
459 menu2
460 ;;
4613)
462 clear
463 break
464 ;;
465*)
466 echo"----------------------------------"
467 echo"| Warning!!! |"
468 echo"| Please Enter Right Choice! |"
469 echo"----------------------------------"
470 for i in `seq -w 3 -1 1`
471 do
472 echo -ne "\b\b$i";
473 sleep 1;
474 done
475 clear
476esac
477done
适用于Centos6.x系统的15项优化脚本的更多相关文章
- CentOS6 x86_64最小化安装优化脚本
#!/bin/bash #centos6. x86_64系统最小化安装优化脚本 #系统基础优化,建议以root运行 if [ $USER != "root" ];then echo ...
- 一键系统优化15项脚本,适用于Centos6.x
#!/bin/sh ################################################ #Author:nulige # qqinfo:1034611705 # Date ...
- centos6.x一键15项系统优化(转自努力哥)
#!/bin/sh ################################################ #Author:nulige # qqinfo: # Date: -- #vers ...
- CentOS6、7优化脚本完美版
#!/bin/bash SysVer=`cat /etc/redhat-release | awk -F'release' '{print $2}' | awk -F'[ .]+' '{print $ ...
- GHOST WIN7系统64位经典优化版 V2016年
来自系统妈:http://www.xitongma.com 深度技术GHOST win7系统32,64位经典优化版 V2016年3月 系统概述 深度技术ghost win7系统64位经典优化版适用于笔 ...
- Centos6.5生产环境最小化优化配置
Centos6.5生产环境最小化优化配置,满足业务需求! 01.启动网卡 #centos6.x最小化安装后,网卡默认不是启动状态 ifup eth0 // ifconfig eth0 up /et ...
- CentOS6.X 系统安装后的基础优化
特别说明:克隆之后的网卡修改 1 编辑eth0的配置文件:vi /etc/sysconfig/network-scripts/ifcfg-eth0, 删除HWADDR地址那一行及UUID的行如下: H ...
- 如何在VMware虚拟机中安装CentOS6.7系统(上篇)
之前给大家分享了在VMware中如何创建CentOS虚拟机,今天给大家分享一下如何在虚拟机中安装CentOS系统,以CentOS6.7系统为例,其他的系统版本也可以参考该教程进行类似处理,具体的流程如 ...
- 在VMware Workstation上安装CentOS6.5系统步
在VMware Workstation上安装CentOS6.5系统步骤 听语音 | 浏览:147 | 更新:2016-07-28 15:45 | 标签:安装 虚拟机 CENTOS 1 2 3 4 5 ...
随机推荐
- [翻译] 使用 Visual Studio 2019 来提高每个开发人员的工作效率
[翻译] 使用 Visual Studio 2019 来提高每个开发人员的工作效率 原文: Making every developer more productive with Visual Stu ...
- 剑指offer 第十一天
46.扑克牌顺子 LL今天心情特别好,因为他去买了一副扑克牌,发现里面居然有2个大王,2个小王(一副牌原本是54张^_^)...他随机从中抽出了5张牌,想测测自己的手气,看看能不能抽到顺子,如果抽到的 ...
- WebClient, HttpClient, HttpWebRequest ,RestSharp之间的区别与抉择
NETCore提供了三种不同类型用于生产的REST API: HttpWebRequest;WebClient;HttpClient,开源社区创建了另一个名为RestSharp的库.如此多的http库 ...
- Python学习之赋值列表
# the program aim to differentiate the defference of a=b or a=b[:] my_fruits=["apple",&quo ...
- PS制作恐怖逼真滴血文字
序言:各位同学们好,今天给大家带来一例恐怖逼真滴血文字效果的制作教程,本人比较喜欢看恐怖游戏,是看不是玩,然后就突发奇想地做了这件作品,最后的效果我很喜欢,而且制作起来难度并不大,在此分享自己在作图时 ...
- Socket编程,SocketServer模块
一.SocketServer的几种类型 面向远程: TCP 协议链接:socketserver.TCPServer(server_address, RequestHandlerClass, bind_ ...
- 学习WebSocket
初识WebSocket: index.html <!DOCTYPE html> <html> <head> <meta charset="UTF-8 ...
- 【学习总结】C-翁恺老师-入门-第4周<循环控制>
[学习总结]C-翁恺老师-入门-总 1-阶乘:引入for循环 2-控制循环次数:初始化与控制条件的设置 任何一个for循环都可以写成一个while循环 for中的每一个表达式都是可以省略的:for(; ...
- docker 修改port 端口
修改docker容器端口映射的方法 - wesleyflagon的专栏 - CSDN博客https://blog.csdn.net/wesleyflagon/article/details/78961 ...
- Mysql drop function xxxx ERROR 1305 (42000): FUNCTION (UDF) xxxx does not exist
mysql> drop function GetEmployeeInformationByID;ERROR 1305 (42000): FUNCTION (UDF) GetEmployeeInf ...