一键系统优化15项脚本,适用于Centos6.x
#!/bin/sh
################################################
#Author:nulige
# qqinfo:1034611705
# Date: 2015-6-8
#version:1.2
#实现功能:一键系统优化15项脚本,适用于Centos6.x
################################################ #Source function library. . /etc/init.d/functions #date
DATE=`date +"%y-%m-%d %H:%M:%S"`
#ip
IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
#hostname
HOSTNAME=`hostname -s`
#user
USER=`whoami`
#disk_check
DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
#cpu_average_check
cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'` #set LANG
export LANG=zh_CN.UTF-8 #Require root to run this script.
uid=`id | cut -d\( -f1 | cut -d= -f2`
if [ $uid -ne 0 ];then
action "Please run this script as root." /bin/false
exit 1
fi #"stty erase ^H"
\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
if [ $erase -lt 1 ];then
echo "stty erase ^H" >>/root/.bash_profile
source /root/.bash_profile
fi #Config Yum CentOS-Bases.repo and save Yum file
configYum(){
echo "================更新为国内YUM源=================="
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
ping -c 1 mirrors.aliyun.com >/dev/null
if [ $? -eq 0 ];then
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
else
echo "无法连接网络。"
exit $?
fi echo "==============保存YUM源文件======================"
sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
grep keepcache /etc/yum.conf
sleep 5 action "配置国内YUM完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #Charset zh_CN.UTF-8
initI18n(){
echo "================更改为中文字符集================="
\cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
>/etc/sysconfig/i18n
cat >>/etc/sysconfig/i18n<<EOF
LANG="zh_CN.UTF-8"
#LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
source /etc/sysconfig/i18n
echo '#cat /etc/sysconfig/i18n'
grep LANG /etc/sysconfig/i18n
action "更改字符集zh_CN.UTF-8完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #Close Selinux and Iptables
initFirewall(){
echo "============禁用SELINUX及关闭防火墙=============="
\cp /etc/selinux/config /etc/selinux/config.$(date +%F)
/etc/init.d/iptables stop
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
/etc/init.d/iptables status
echo '#grep SELINUX=disabled /etc/selinux/config '
grep SELINUX=disabled /etc/selinux/config
echo '#getenforce '
getenforce
action "禁用selinux及关闭防火墙完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #Init Auto Startup Service
initService(){
echo "===============精简开机自启动===================="
export LANG="en_US.UTF-8"
for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done
for B in rsyslog network sshd crond;do chkconfig $B on;done
echo '+--------which services on---------+'
chkconfig --list |grep 3:on
echo '+----------------------------------+'
export LANG="zh_CN.UTF-8"
action "精简开机自启动完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #Removal system and kernel version login before the screen display
initRemoval(){
echo "======去除系统及内核版本登录前的屏幕显示======="
#must use root user run scripts
if
[ $UID -ne 0 ];then
echo This script must use the root user ! ! !
sleep 2
exit 0
fi
>/etc/redhat-release
>/etc/issue
action "去除系统及内核版本登录前的屏幕显示" /bin/true
echo "================================================="
echo ""
sleep 2
} #Change sshd default port and prohibit user root remote login.
initSsh(){
echo "========修改ssh默认端口禁用root远程登录=========="
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
echo '+-------modify the sshd_config-------+'
echo 'Port 52113'
echo 'PermitEmptyPasswords no'
echo 'PermitRootLogin no'
echo 'UseDNS no'
echo '+------------------------------------+'
/etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
echo "================================================="
echo ""
sleep 2
} #time sync
syncSysTime(){
echo "================配置时间同步====================="
\cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
if [ $NTPDATE -eq 0 ];then
echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
fi
echo '#crontab -l'
crontab -l
action "配置时间同步完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #install tools
initTools(){
echo "#####安装系统补装工具(选择最小化安装minimal)#####"
ping -c 2 mirrors.aliyun.com
sleep 2
yum install tree nmap sysstat lrzsz dos2unix -y
sleep 2
rpm -qa tree nmap sysstat lrzsz dos2unix
sleep 2
action "安装系统补装工具(选择最小化安装minimal)" /bin/true
echo "================================================="
echo ""
sleep 2
} #add user and give sudoers
addUser(){
echo "===================新建用户======================"
#add user
while true
do
read -p "请输入新用户名:" name
NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
if [ ${#name} -eq 0 ];then
echo "用户名不能为空,请重新输入。"
continue
elif [ $NAME -eq 1 ];then
echo "用户名已存在,请重新输入。"
continue
fi
useradd $name
break
done
#create password
while true
do
read -p "为 $name 创建一个密码:" pass1
if [ ${#pass1} -eq 0 ];then
echo "密码不能为空,请重新输入。"
continue
fi
read -p "请再次输入密码:" pass2
if [ "$pass1" != "$pass2" ];then
echo "两次密码输入不相同,请重新输入。"
continue
fi
echo "$pass2" |passwd --stdin $name
break
done
sleep 1 #add visudo
echo "#####add visudo#####"
\cp /etc/sudoers /etc/sudoers.$(date +%F)
SUDO=`grep -w "$name" /etc/sudoers |wc -l`
if [ $SUDO -eq 0 ];then
echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
echo '#tail -1 /etc/sudoers'
grep -w "$name" /etc/sudoers
sleep 1
fi
action "创建用户$name并将其加入visudo完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #Adjust the file descriptor(limits.conf)
initLimits(){
echo "===============加大文件描述符===================="
LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
if [ $LIMIT -eq 0 ];then
\cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
echo '* - nofile 65535'>>/etc/security/limits.conf
fi
echo '#tail -1 /etc/security/limits.conf'
tail -1 /etc/security/limits.conf
ulimit -HSn 65535
echo '#ulimit -n'
ulimit -n
action "配置文件描述符为65535" /bin/true
echo "================================================="
echo ""
sleep 2
} #set ssh
initSsh(){
echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
service sshd restart
action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
echo "================================================="
echo ""
sleep 2
} #set the control-alt-delete to guard against the miSUSE
initRestart(){
sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
echo "================================================="
echo ""
sleep 2
} #Optimizing the system kernel
initSysctl(){
echo "================优化内核参数====================="
SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
if [ $SYSCTL -lt 10 ];then
\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
\cp /etc/rc.local /etc/rc.local.$(date +%F)
modprobe nf_conntrack
echo "modprobe nf_conntrack">> /etc/rc.local
modprobe bridge
echo "modprobe bridge">> /etc/rc.local
sysctl -p
action "内核调优完成" /bin/true
echo "================================================="
echo ""
sleep 2
} #setting history and login timeout
initHistory(){
echo "======设置默认历史记录数和连接超时时间======"
echo "TMOUT=300" >>/etc/profile
echo "HISTSIZE=5" >>/etc/profile
echo "HISTFILESIZE=5" >>/etc/profile
tail -3 /etc/profile
source /etc/profile
action "设置默认历史记录数和连接超时时间" /bin/true
echo "================================================="
echo ""
sleep 2
} #chattr file system
initChattr(){
echo "======锁定关键文件系统======"
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
/bin/mv /usr/bin/chattr /usr/bin/lock
action "锁定关键文件系统" /bin/true
echo "================================================="
echo ""
sleep 2
} #menu2
menu2(){
while true
do
clear
cat <<EOF
----------------------------------------
|****Please Enter Your Choice:[0-15]****|
----------------------------------------
(1) 新建一个用户并将其加入visudo
(2) 配置为国内YUM源镜像和保存YUM源文件
(3) 配置中文字符集
(4) 禁用SELINUX及关闭防火墙
(5) 精简开机自启动
(6) 去除系统及内核版本登录前的屏幕显示
(7) 修改ssh默认端口及禁用root远程登录
(8) 设置时间同步
(9) 安装系统补装工具(选择最小化安装minimal)
(10) 加大文件描述符
(11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
(12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
(13) 系统内核调优
(14) 设置默认历史记录数和连接超时时间
(15) 锁定关键文件系统
(0) 返回上一级菜单
EOF
read -p "Please enter your Choice[0-15]: " input2
case "$input2" in
0)
clear
break
;;
1)
addUser
;;
2)
configYum
;;
3)
initI18n
;;
4)
initFirewall
;;
5)
initService
;;
6)
initRemoval
;;
7)
initSsh
;;
8)
syncSysTime
;;
9)
initTools
;;
10)
initLimits
;;
11)
initSsh
;;
12)
initRestart
;;
13)
initSysctl
;;
14)
initHistory
;;
15)
initChattr
;;
*) echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Choice! |"
echo "----------------------------------"
for i in `seq -w 3 -1 1`
do
echo -ne "\b\b$i";
sleep 1;
done
clear
esac
done
}
#initTools
#menu
while true
do
clear
echo "========================================"
echo ' Linux Optimization '
echo "========================================"
cat << EOF
|-----------System Infomation-----------
| DATE :$DATE
| HOSTNAME :$HOSTNAME
| USER :$USER
| IP :$IPADDR
| DISK_USED :$DISK_SDA
| CPU_AVERAGE:$cpu_uptime
----------------------------------------
|****Please Enter Your Choice:[1-3]****|
----------------------------------------
(1) 一键优化
(2) 自定义优化
(3) 退出
EOF
#choice
read -p "Please enter your choice[0-3]: " input1 case "$input1" in
1)
addUser
configYum
initI18n
initFirewall
initService
initRemoval
initSsh
syncSysTime
initTools
initLimits
initSsh
initRestart
initSysctl
initHistory
initChattr
;; 2)
menu2
;;
3)
clear
break
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Choice! |"
echo "----------------------------------"
for i in `seq -w 3 -1 1`
do
echo -ne "\b\b$i";
sleep 1;
done
clear
esac
done
一键系统优化15项脚本,适用于Centos6.x的更多相关文章
- 适用于Centos6.x系统的15项优化脚本
1#!/bin/bash 2# Date: 2018-6-8 3#version:1.2 4#实现功能:一键系统优化15项脚本,适用于Centos6.x 5###################### ...
- centos6.x一键15项系统优化(转自努力哥)
#!/bin/sh ################################################ #Author:nulige # qqinfo: # Date: -- #vers ...
- CentOS 6一键系统优化 Shell 脚本
CentOS 6一键系统优化 Shell 脚本 脚本的内容如下: #!/bin/bash#author suzezhi#this script is only for CentOS 6#check t ...
- 新闻:融资600万 他用一套系统优化15大HR工作场景 精简入转调离 月开通214家 | IT桔子
新闻:融资600万 他用一套系统优化15大HR工作场景 精简入转调离 月开通214家 | IT桔子 功劳说不上
- 使用 PHP + shell 生成 一键设置权限的脚本。
linux 系统 支持PHP脚本一键设置环境.shell脚本一键设置环境.那么 我今天 使用 PHP + shell 生成 一键设置权限的脚本. 举例子:linux服务器 一键配置discuz网站环 ...
- 适用于Centos6/7,vsftp自动安装脚本
#!/bin/bash #vsftp install . /etc/rc.d/init.d/functions NUM=`rpm -q centos-release | awk -F '-' '{pr ...
- PowerShell添加或修改注册表开机启动项脚本
代码如下: $name = Read-Host "请输入开机启动项的名字(随便起)" $value = Read-Host "请输入开机启动项的值" try{ ...
- CentOS 6.x 一键安装PPTP VPN脚本
环境 CentOS 6.x 32位/64位XEN/KVM/OpenVZ 步骤 依次运行下列命令 #wget http://www.hi-vps.com/shell/vpn_centos6.sh #ch ...
- 一键cobbler批量安装脚本
前几天机房上架180台服务器,太多了,使用了cobbler批量安装,具体的看我上代码,我把配置cobbler的命令给堆积起来,也算是个脚本吧,欢迎拍砖指正,下面我上脚本: #!/bin/bash # ...
随机推荐
- SQLServer中比较末尾带有空格的字符串遇到的坑
最近发现SQLServer中比较字符串的时候 如果字符串末尾是空格 那么SQLServer会无视那些空格直接进行比较 这和程序中平时的字符串判断逻辑不统一 );set @a=N'happycat198 ...
- 关于TP3.2微信开发那点事(基础篇)
许久没有为博客更新内容,今天我将过去一周做的微信服务号的相关心得体会在此分享,具体如何申请成为服务号的相关流程文档都有,可根据要求完成: 开发第一步:开发前配置: AppID-->微信号的&qu ...
- JMeter学习(十七)JMeter测试Java
目的:对Java程序进行测试 目录 一.核心步骤 二.实例 三.JMeter Java Sampler介绍 四.自带Java Request Sampler 一.核心步骤 1.创建一个Java工程: ...
- [No000032]程序员的年龄天花板
程序员职业生涯中流行这这样一个定律:35岁定律,那35岁以上的老程序员都干吗去了呢?为了讨论程序员的职业寿命,我们先得给公司或者团队分分类.大概有这么三类: 外包型 项目型 产品型 咱们一一来说一下吧 ...
- 利用MySQL存储过程分割字符串
(转)http://tec.5lulu.com/detail/104krn1e6p2w78d77.html 现有一段字符串,如apple,banana,orange,pears,grape,要把它按照 ...
- 学习cocos 空程序
今天开始学习cocos代码,首先研究源码中的空程序. 在这个程序中,在main函数中,创建了一个Application: int APIENTRY _tWinMain(HINSTANCE hInsta ...
- HTML 学习笔记 JavaScript (变量)
变量是储存信息的容器. 实例 var x=2; var y=3; var z=x+y; 就像代数那样 x=2 y=3 z=x+y 在代数中,我们使用字母(比如 x)来保存值(比如 2).通过上面的表达 ...
- 理解java的finalize
基本预备相关知识 1 java的GC只负责内存相关的清理,所有其它资源的清理必须由程序员手工完成.要不然会引起资源泄露,有可能导致程序崩溃. 2 调用GC并不保证GC实际执行. 3 finalize抛 ...
- 花生壳动态IP域名解析之python自动提交公网IP
#!/usr/bin/env python import re import os import time import random ip_current = '' while True: myip ...
- DEDECMS之七 如何实现文章推荐排行榜
经常可以看到各种排行榜,这些文章列表的标题之前加了序号,前三条还有显眼样式 1.实现效果 2.实现方法 <ul class="hotPh1"> {dede:arclis ...