系统安装初始化脚本
发布时间:2020-12-15 17:07:38 所属栏目:安全 来源:网络整理
导读:本脚本使用范围:[root@lb01src]#cat/etc/redhat-releaseCentOSrelease6.7[root@lb01src]#viminitialization.sh#!/bin/bash############################################thisscriptfunctionis:#systemctlinitialization#USERYYYY-MM-DD-ACTION#brucefu20017
本脚本使用范围: [root@lb01src]#cat/etc/redhat-release CentOSrelease6.7 [root@lb01src]#viminitialization.sh #!/bin/bash ########################################### #thisscriptfunctionis: #systemctlinitialization #USERYYYY-MM-DD-ACTION #brucefu20017-08-08-Created #mail270064522@qq.com ############################################ #添加epel和rpmforge的外部yum扩展源 url_yum=https://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm cd/usr/local/src wget"$url_yum" rpm-ivhepel-release-latest-6.noarch.rpm #安装gcc基础库文件以及sysstat工具 yum-yinstallgccgcc-c++vim-enhancedunzipunrarsysstat #配置ntpdate自动对时 yuminstalllrzszntpdatesysstat-y echo'*/5****/usr/sbin/ntpdatetime.windows.com>/dev/null2>&1'>>/var/spool/cron/root echo'*/10****/usr/sbin/ntpdatetime.nist.gov>/dev/null2>&1'>>/var/spool/cron/root #设置字符集 sed-i's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#'/etc/sysconfig/i18n source/etc/sysconfig/i18n servicecrondrestart #ulimitkey ulimit-SHn65535 echo"ulimit-SHn65535">>/etc/rc.local cat>>/etc/security/limits.conf<<EOF *softnofile60000 *hardnofile65535 EOF #tunekernelparametres(内核参数优化) cat>>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout=2 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_keepalive_time=600 net.ipv4.ip_local_port_range=400065000 net.ipv4.tcp_max_syn_backlog=16384 net.ipv4.tcp_max_tw_buckets=36000 net.ipv4.route.gc_timeout=100 net.ipv4.tcp_syn_retries=1 net.ipv4.tcp_synack_retries=1 net.core.somaxconn=16384 net.core.netdev_max_backlog=16384 net.ipv4.tcp_max_orphans=16384 #一下参数是对iptables防火墙的优化,防火墙不开会有提示,可以忽略不理。 net.ipv4.ip_conntrack_max=25000000 net.ipv4.netfilter.ip_conntrack_max=25000000 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180 net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120 net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60 net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120 EOF /sbin/sysctl-p #forbidcontrol-alt-delete sed-i's@ca::ctrlaltdel:/sbin/shutdown-t3-rnow@#ca::ctrlaltdel:/sbin/shutdown-t3-rnow@'/etc/inittab #关闭SElinux sed-i's@SELINUX=enforcing@SELINUX=disabled@'/etc/selinux/config #forbidipv6address echo"aliasnet-pf-10off">>/etc/modprobe.conf echo"aliasipv6off">>/etc/modprobe.conf echo"installipv6/bin/true">>/etc/modprobe.conf echo"IPV6INIT=no">>/etc/sysconfig/network sed-i's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@'/etc/sysconfig/network chkconfigip6tablesoff #viminitialization echo"syntaxon">>/root/.vimrc echo"setnohlsearch">>/root/.vimrc #stopsystemctlservice chkconfigbluetoothoff chkconfigsendmailoff chkconfigkudzuoff chkconfignfslockoff chkconfigportmapoff chkconfigiptablesoff chkconfigautofsoff chkconfigyum-updatesdoff chkconfigpostfixoff chkconfigpcscdoff chkconfigalsasoundoff chkconfigsmboff #系统敏感权限设置 chmod400/etc/crontab chmod400/etc/securetty chmod600/boot/grub/grub.conf chmod600/etc/inittab chmod600/etc/login.defs #forbidUSB echo"installusb-storage/bin/true">>/etc/modprobe.d/usb-storage.conf #重启服务器 reboot (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |