centos 7 & 6 优化脚本
简单优化 ,未涉及安全优化,如有需求请自行修改脚本实现
1 #!/bin/bash
2 SysVer=`cat /etc/redhat-release | awk -F'release' '{print $2}' | awk -F'[ .]+' '{print $2}'`
3 NetCnf=`ls /etc/sysconfig/network-scripts/ | grep if | head -1`
4 NetName=`ls /etc/sysconfig/network-scripts/ | grep if | head -1 | awk -F'-' '{print $2}'`
5 NetPath="/etc/sysconfig/network-scripts/"
6 clear
7 echo "#####################################"
8 echo "###### 1、配置网络 ######"
9 echo "###### 2、优化系统 ######"
10 echo "###### 3、命令审计 ######"
11 echo "###### 4、其他功能 ######"
12 echo "#####################################"
13 read -p "Please Input Number (1/2/3) :" Nmb
14 if [ ! $Nmb == 1 ] && [ ! $Nmb == 2 ] && [ ! $Nmb == 3 ]
15 then
16 echo -e "\033[41;33;5m Input ERROR,you Can only enter 1 or 2 or 3 \033[0m"
17 exit 110
18 fi
19
20 Jdt(){
21 echo "准备中..."
22 i=0
23 str=""
24 arr=("|" "/" "-" "\\")
25 while [ $i -le 20 ]
26 do
27 let index=i%4
28 let indexcolor=i%8
29 let color=30+indexcolor
30 let NUmbER=$i*5
31 printf "\e[0;$color;1m[%-20s][%d%%]%c\r" "$str" "$NUmbER" "${arr[$index]}"
32 sleep 0.1
33 let i++
34 str+='+'
35 done
36 printf "\n"
37 echo "正在执行...稍候!"
38 }
39
40 PanDuan(){
41 if [ ! $? -eq 0 ]
42 then
43 echo -e "\033[41;33;5m ERROR,Please To Check \033[0m"
44 exit 110
45 fi
46 }
47
48 C6NetWork(){
49 cat > $NetPath$NetCnf << END
50 DEVICE=$NetName
51 TYPE=Ethernet
52 ONBOOT=yes
53 NM_CONTROLLED=yes
54 BOOTPROTO=static
55 IPADDR=$Ipa
56 NETMASK=$Ntm
57 GATEWAY=$Gtw
58 DNS1=114.114.114.114
59 DNS2=223.5.5.5
60
61 END
62
63 service NetworkManager stop >/dev/null 2>&1
64 chkconfig NetworkManager off >/dev/null 2>&1
65 chkconfig network on >/dev/null 2>&1
66 Jdt
67 echo -e "\033[46;35;5m[ ## Network configuration succeeded ## ]\033[0m"
68 echo -e "\033[46;35;5m[ ##### Please restart the server ##### ]\033[0m"
69 }
70
71 C7NetWork(){
72 cat > $NetPath$NetCnf << EOF
73 TYPE=Ethernet
74 PROXY_METHOD=none
75 BROWSER_ONLY=no
76 BOOTPROTO=static
77 DEFROUTE=yes
78 IPV4_FAILURE_FATAL=no
79 NAME=$NetName
80 DEVICE=$NetName
81 ONBOOT=yes
82 IPADDR=$Ipa
83 NETMASK=$Ntm
84 GATEWAY=$Gtw
85 DNS1=223.5.5.5
86 DNS2=114.114.114.114
87
88 EOF
89
90 systemctl stop NetworkManager >/dev/null 2>&1
91 systemctl disable NetworkManager >/dev/null 2>&1
92 systemctl enable network.service >/dev/null 2>&1
93 Jdt
94 echo -e "\033[40;35;5m[ ## Network configuration succeeded ## ]\033[0m"
95 echo -e "\033[40;35;5m[ ##### Please restart the server ##### ]\033[0m"
96 }
97
98 OptSSH(){
99 echo "#########################################################"
100 echo -e "\033[40;34;5m[ 配置SSH 端口 关闭DNS 反向解析 ]\033[0m"
101 echo -e "\033[40;34;5m[ 关闭此终端后 请使用新SSH端口:$Pt 进行登陆 原端口失效 ]\033[0m"
102 read -p "Please enter the SSH port :" Pt
103 Jdt
104 sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
105 sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
106 sed -i "s/#Port 22/Port $Pt/" /etc/ssh/sshd_config
107 sed -i "s/^Port.*/Port $Pt/g" /etc/ssh/sshd_config
108 sed -i 's/#PrintMotd yes/PrintMotd yes/' /etc/ssh/sshd_config
109 case $SysVer in
110 6)
111 service sshd restart >/dev/null 2>&1
112 PanDuan
113 ;;
114 7)
115 systemctl restart sshd >/dev/null 2>&1
116 PanDuan
117 ;;
118 *)
119 echo -e "\033[41;33;5m System Version Error,Scripts only apply to Centos 6 and 7 versions \033[0m"
120 exit 110
121 ;;
122 esac
123 }
124
125
126 OffIPv6(){
127 clear
128 echo "####################################"
129 echo -e "\033[46;34;5m[ Shutdown IpV6 关闭IPv6 ]\033[0m"
130 Jdt
131 sed -i '/.*net-pf-10.*/d' /etc/modprobe.conf
132 sed -i '/.*ipv6.*/d' /etc/modprobe.conf
133 echo "alias net-pf-10 off" >> /etc/modprobe.conf
134 echo "alias ipv6 off" >> /etc/modprobe.conf
135 }
136
137
138 OffSE(){
139 clear
140 echo "####################################"
141 echo -e "\033[40;34;5m[ Shutdown selinux ]\033[0m"
142 Jdt
143 sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
144 setenforce 0 >/dev/null 2>&1
145 }
146
147
148 OFFfirewalld(){
149 clear
150 echo "####################################"
151 echo -e "\033[40;34;5m[ Shutdown Firewalld ]\033[0m"
152 Jdt
153
154 case $SysVer in
155 6)
156 service iptables stop >/dev/null 2>&1
157 chkconfig iptables off >/dev/null 2>&1
158 ;;
159 7)
160 systemctl stop firewalld >/dev/null 2>&1
161 systemctl disable firewalld >/dev/null 2>&1
162 ;;
163 *)
164 echo -e "\033[41;33;5m System Version Error,Scripts only apply to Centos 6 and 7 versions \033[0m"
165 exit 110
166 ;;
167 esac
168 }
169
170
171 TimeLock(){
172 clear
173 echo "####################################"
174 echo -e "\033[40;34;5m[ Configure TimeLock ]\033[0m"
175 Jdt
176 sed -i '/.*ntpdate.*/d' /var/spool/cron/root
177 echo "*/5 * * * * /usr/sbin/ntpdate 202.112.31.197 > /dev/null 2>&1" >> /var/spool/cron/root
178 case $SysVer in
179 6)
180 service crond restart >/dev/null 2>&1
181 ;;
182 7)
183 systemctl restart crond >/dev/null 2>&1
184 ;;
185 *)
186 echo -e "\033[41;33;5m System Version Error,Scripts only apply to Centos 6 and 7 versions \033[0m"
187 exit 110
188 ;;
189 esac
190 }
191
192
193 FileLimitsConf(){
194 cat >> /etc/security/limits.conf << COMMENTBLOCK
195 * soft nofile 102400
196 * hard nofile 102400
197 * soft nproc 102400
198 * hard nproc 102400
199 COMMENTBLOCK
200 }
201
202 LimitsFile(){
203 clear
204 echo "#####################################"
205 echo -e "\033[40;34;5m[ Configure LimitNumber ]\033[0m"
206 Jdt
207 shu1=`cat /etc/rc.local | grep ulimit | wc -l`
208 shu2=`cat /etc/security/limits.conf | grep nofile | wc -l`
209 if [ $shu1 -lt 1 ]
210 then
211 echo "ulimit -SHn 102400" >> /etc/rc.local
212 fi
213
214 if [ $shu2 -lt 2 ]
215 then
216 FileLimitsConf
217 fi
218
219 case $SysVer in
220 6)
221 sed -i 's/1024$/102400/' /etc/security/limits.d/20-nproc.conf
222 ;;
223 7)
224 sed -i 's/4096$/20480/' /etc/security/limits.d/20-nproc.conf
225 sed -i 's/^#DefaultLimitNOFILE=.*/DefaultLimitNOFILE=100000/g' /etc/systemd/system.conf
226 sed -i 's/^#DefaultLimitNPROC=.*/DefaultLimitNPROC=100000/g' /etc/systemd/system.conf
227 ;;
228 *)
229 echo -e "\033[41;33;5m System Version Error,Scripts only apply to Centos 6 and 7 versions \033[0m"
230 exit 110
231 ;;
232 esac
233
234 }
235
236
237 KernelFile(){
238 clear
239 echo "#####################################"
240 echo -e "\033[40;34;5m[ Optimize Kernel ]\033[0m"
241 Jdt
242 true > /etc/sysctl.conf
243 cat >> /etc/sysctl.conf << EIZ
244 net.ipv4.ip_forward = 0
245 net.ipv4.conf.default.rp_filter = 1
246 net.ipv4.conf.default.accept_source_route = 0
247 net.ipv4.conf.all.secure_redirects = 0
248 kernel.sysrq = 0
249 kernel.core_uses_pid = 1
250 net.ipv4.tcp_syncookies = 1
251 kernel.msgmnb = 65536
252 kernel.msgmax = 65536
253 kernel.shmmax = 68719476736
254 kernel.shmall = 4294967296
255 net.ipv4.tcp_max_tw_buckets = 6000
256 net.ipv4.tcp_sack = 1
257 net.ipv4.tcp_window_scaling = 1
258 net.ipv4.tcp_rmem = 4096 87380 4194304
259 net.ipv4.tcp_wmem = 4096 16384 4194304
260 net.core.wmem_default = 8388608
261 net.core.rmem_default = 8388608
262 net.core.rmem_max = 16777216
263 net.core.wmem_max = 16777216
264 net.core.netdev_max_backlog = 262144
265 net.core.somaxconn = 20480
266 net.ipv4.tcp_max_orphans = 3276800
267 net.ipv4.tcp_max_syn_backlog = 262144
268 net.ipv4.tcp_timestamps = 0
269 net.ipv4.tcp_synack_retries = 2
270 net.ipv4.tcp_syn_retries = 2
271 net.ipv4.tcp_tw_recycle = 0
272 net.ipv4.tcp_tw_reuse = 1
273 net.ipv4.tcp_mem = 94500000 915000000 927000000
274 net.ipv4.tcp_fin_timeout = 1
275 net.ipv4.tcp_keepalive_time = 30
276 net.ipv4.tcp_keepalive_probes=3
277 net.ipv4.tcp_orphan_retries=3
278 net.ipv4.ip_local_port_range = 1024 65500
279
280 EIZ
281
282 /sbin/sysctl -p
283 echo "内核优化的具体参数见上 如需修改请自行修改/etc/sysctl.conf文件"
284 echo "内核优化的具体参数见上 如需修改请自行修改/etc/sysctl.conf文件"
285 echo "内核优化的具体参数见上 如需修改请自行修改/etc/sysctl.conf文件"
286
287 }
288
289
290 RootEmail(){
291 clear
292 echo "#######################################################"
293 echo -e "\033[40;34;5m[ 禁止 You have new mail in /var/spool/mail/root 提示 ]\033[0m"
294 Jdt
295 sed -i '/.*MAILCHECK/d' /etc/profile
296 echo "unset MAILCHECK">> /etc/profile
297 source /etc/profile
298 }
299
300
301 #BieMing(){
302 #
303 #}
304
305 HisTory(){
306 #history modify
307 file_path="/var/log/Command"
308 file_name="Command.log"
309 ProFile=`cat /etc/profile | grep HISTORY_FILE | wc -l`
310 ComMand=`cat /var/spool/cron/root | grep history.sh | wc -l`
311
312 Group1(){
313 touch $file_path/$file_name
314 chown -R nobody:nobody $file_path
315 chmod 001 $file_path
316 chmod 002 $file_path/$file_name
317 chattr +a $file_path/$file_name
318 }
319 Group2(){
320 cat >> /etc/profile << EPP
321 export HISTORY_FILE=$file_path/$file_name
322 export PROMPT_COMMAND='{ date "+%y-%m-%d %T ## \$(who am i |awk "{print \\\$1,\\\$2,\\\$5}") ## \$(whoami) ## \$(history 1 | { read x cmd; echo "\$cmd"; })"; } >>\$HISTORY_FILE'
323 EPP
324 }
325
326 if [ ! -d $file_path ]
327 then
328 mkdir -p $file_path
329 Group1
330 else
331 if [ ! -f $file_path/$file_name ]
332 then
333 Group1
334 fi
335 fi
336 if [ $ProFile -lt 1 ]
337 then
338 Group2
339 else
340 sed -i '/.*HISTORY_FILE.*/d' /etc/profile
341 Group2
342 fi
343 if [ ! -f $file_path/history.sh ]
344 then
345 cat >> $file_path/history.sh << EOF
346 #!/bin/bash
347
348 #Time=\`date +%Y%m%d%H -d '-1 hours'\`
349 Time=\`date +%Y%m%d%H\`
350 logs_path="$file_path/"
351 logs_name="$file_name"
352 new_file="\$logs_path\$logs_name-\$Time"
353 old_file=\`find \$logs_path -mtime +30 -type f -name "Command.*"\`
354 chattr -a \$logs_path\$logs_name
355 mv \$logs_path\$logs_name \$new_file
356 chattr +a \$new_file
357 touch \$logs_path\$logs_name
358 chown -R nobody:nobody \$logs_path\$logs_name
359 chmod -R 002 \$logs_path\$logs_name
360 chattr +a \$logs_path\$logs_name
361 if [ ! -z \$old_file ]
362 then
363 echo "delet \$old_file \$Time" >> /var/log/messages
364 chattr -a \$old_file
365 rm -rf \$old_file
366 fi
367 EOF
368 chmod 100 $file_path/history.sh
369 fi
370 if [ $ComMand -lt 1 ]
371 then
372 echo "30 10 * * 6 /bin/bash $file_path/history.sh > /dev/null 2>&1" >> /var/spool/cron/root
373 fi
374 case $SysVer in
375 6)
376 service crond restart >/dev/null 2>&1
377 ;;
378 7)
379 systemctl restart crond >/dev/null 2>&1
380 ;;
381 *)
382 echo -e "\033[41;33;5m System Version Error,Scripts only apply to Centos 6 and 7 versions \033[0m"
383 exit 110
384 ;;
385 esac
386 source /etc/profile
387 if [ $? -eq 0 ]
388 then
389 echo "###########################################"
390 echo -e "\033[40;31;5m 配置完成 命令审计文件位于:/var/log/Command/Command.log \033[0m"
391 else
392 echo -e "\033[41;33;5m ERROR,Please To Check \033[0m"
393 exit 110
394 fi
395 }
396
397 case $Nmb in
398 1)
399 rm -rf /etc/udev/rules.d/70-persistent-net.rules >/dev/null 2>&1
400 echo "###########################################"
401 read -p "Please Input IPAddress :" Ipa
402 read -p "Please Input Netmask :" Ntm
403 read -p "Please Input Gateway :" Gtw
404 echo -e "\033[40;34;5m[ 配置中请稍候... 完成后请使用新地址 $Ipa 进行SSH登陆 ]\033[0m"
405 echo "###########################################"
406 case $SysVer in
407 6)
408 C6NetWork
409 ;;
410 7)
411 C7NetWork
412 ;;
413 *)
414 echo -e "\033[41;33;5m System Version Error,Scripts only apply to Centos 6 and 7 versions \033[0m"
415 exit 110
416 ;;
417 esac
418 ;;
419 2)
420 echo -e "\033[40;31;5m以下配置均可在进度条处 有10秒时间 按Ctrl+C结束 请按需优化\033[0m"
421 OptSSH
422 PanDuan
423 OffIPv6
424 PanDuan
425 OffSE
426 OFFfirewalld
427 PanDuan
428 TimeLock
429 PanDuan
430 LimitsFile
431 PanDuan
432 RootEmail
433 PanDuan
434 KernelFile
435 PanDuan
436 echo " #####################################"
437 echo " #####################################"
438 echo " 优化已完成 本次优化内容有:"
439 echo " 1、优化SSH服务"
440 echo " 2、关闭IPv6服务"
441 echo " 3、关闭Selinux 机制"
442 echo " 4、关闭iptables/firewalld"
443 echo " 5、设置时间同步"
444 echo " 6、优化内核参数"
445 echo " 7、关闭邮件提示"
446 ;;
447 3)
448 echo -e "\033[46;31;5m 此审计会记录30天内所有终端执行过的所有命令 \033[0m"
449 Jdt
450 HisTory
451 ;;
452 *)
453 echo -e "\033[41;33;5m Error, please check the first line variable \033[0m"
454 exit 110
455 ;;
456 esac
centos 7 & 6 优化脚本的更多相关文章
- centos一键优化脚本
centos一键优化脚本:细节:http://oldboy.blog.51cto.com/2561410/1336488网络状态优化:http://oldboy.blog.51cto.com/2561 ...
- CentOS6.5优化脚本以及检测优化脚本
一.tunning.sh #!/bin/bash # 系统优化脚本 # 使用于CentOS 6.4 x64系统 # Ver : 1.1.1 KCF=/etc/sysctl.conf # ------- ...
- CentOS6、7优化脚本完美版
#!/bin/bash SysVer=`cat /etc/redhat-release | awk -F'release' '{print $2}' | awk -F'[ .]+' '{print $ ...
- RHEL/CentOS通用性能优化、安全配置参考
RHEL/CentOS通用性能优化.安全配置参考 本文的配置参数是笔者在实际生产环境中反复实践总结的结果,完全适用绝大多数通用的高负载.安全性要求的网络服务器环境.故可以放心使用. 若有异议,欢迎联系 ...
- CentOS系统优化一键配置脚本
#!/usr/bin/env bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export P ...
- 6步骤实现CentOS系统环境精简优化
6步骤实现CentOS系统环境精简优化 发布时间:2014-11-03 14:59:27 编辑:AHLinux.com 第一步.删除不必要的自带软件包yum remove Deployment_G ...
- 生产环境下Centos 6.5优化配置 (装载)
本文 centos 6.5 优化 的项有18处: 1.centos6.5最小化安装后启动网卡 2.ifconfig查询IP进行SSH链接 3.更新系统源并且升级系统 4.系统时间更新和设定定时任 5. ...
- [转]Centos 6.5 优化 一些基础优化和安全设置
关于CentOS服务器的优化下文作为参考. 本文 centos 6.5 优化 的项有18处: 1.centos6.5最小化安装后启动网卡2.ifconfig查询IP进行SSH链接3.更新系统源并且升级 ...
- Centos 配置开机启动脚本启动 docker 容器
Centos 配置开机启动脚本启动 docker 容器 Intro 我们的 Centos 服务器上部署了好多个 docker 容器,因故重启的时候就会导致还得手动去手动重启这些 docker 容器,为 ...
随机推荐
- SIM900A—发送、接收中英文短信
文章目录 一.SMS简介 二.短信的控制模式与编码 1.Text Mode 2.PDU Mode 3.GSM编码 4.UCS2编码 三.收发英文短信 1.AT+CPMS查询短信数量 2.AT+CNMI ...
- SQL 练习6
查询在 SC 表存在成绩的学生信息 SELECT * from Student WHERE SId in (SELECT SId from SC)
- NOIP 模拟 $19\; \rm u$
题解 \(by\;zj\varphi\) 二维差分的题目 维护两个标记,一个向下传,一个向右下传: 对于每次更新,我们可以直接更新 \((r,c)+s,(r+l,c)-s\) ; \((r,c+1)- ...
- 获取SpringBean对象工具类
获取SpringBean工具类 SpringBeanUtil代码如下: package com.meeno.wzq.util; import org.springframework.beans.Bea ...
- jpa写原生sql-EntityManager
废话不多说 package com.meeno.trainsys.meeting.service; import com.google.common.collect.Lists; import com ...
- 解决springboot在mac电脑下启动过慢的问题
自从用了mac以后,springboot启动的时候一直卡在build环节10多秒 但是在linux和Windows环境下,启动只要6秒,后面查看了一下其他 人也遇到这种问题,原来是需要在hosts文件 ...
- C#基础知识---装箱与拆箱
一.定义 装箱:将值类型转化为引用类型,装箱一般会在堆上分配一块内存,用于存储要转换的值. 拆箱:将引用类型转化为值类型 注:.NET 2.0 引入的泛型其实在很大的程度上解决了装拆箱产生的类型转换问 ...
- mzy git学习,分支以及分支合并(四)
git 鼓励大量使用分支:最后进行master和分支之间的合并 git branch git branch 查看当前有多少分支,并且将当前在使用的分支用*标注出来. [一定要注意git的分支有从属概念 ...
- linux使用xampp安装MediaWiki环境
1.下载并安装xampp 下载xampp 在下载页面下载. 放置到相应目录 将xampp-linux-x64-5.6.3-0-installer.run文件复制到部署机器的/root目录下 安装 [r ...
- jquery mobile常用的data-role类型
data-role参数表: page 页面容器,其内部的mobile元素将会继承这个容器上所设置的属性 header 页面标题容器,这个容器内部可以包含文字.返回按钮.功能按钮等 ...