案例名称:系统初始化
背景:10台已装有linux系统的服务器
需求:
1.设置时区同步
2.禁用selinux
3.清空防火墙策略
4.历史命令显示操作时间
5.禁止root远程登录
6.禁止定时任务发送邮件
7.设置最大打开文件数
8.减少Swap使用
9.系统内核参数优化
10.安装系统性能工具及其他
?
脚本具体内容
#!/bin/bash
#Set time zone and together time
if ls /etc/localtime >/dev/null 2>&1;then
rm -f /etc/localtime
fi
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
if ! crontab -l |grep ntp &>/dev/null;then
(echo "* 1 * * * ntpdate time.windows.com" >/var/spool/cron/root;crontab -l)|crontab
fi
#Stop selinux
sed -i ‘/SELINUX/{s/enforcing/disabled/}‘ /etc/selinux/config
#Stop firewall
if egrep "7.[0-9]" /etc/redhat-release >/dev/null 2>&1;then
systemctl stop firewalld
systemctl disable firewalld
elif egrep "6.[0-9]" /etc/redhat-release >/dev/null 2>&1;then
service iptables stop
chkconfig iptables off
fi
#Set History time format
if ! grep HISTTIMEFORMAT /etc/bashrc >/dev/null 2>&1;then
echo ‘export HISTTIMEFORMAT="%F %T `whoami` "‘ >>/etc/bashrc
source /etc/bashrc
fi
#Set ssh timeout
if ! grep "TMOUT=600" /etc/profile >/dev/null 2>&1;then
echo "export TMOUT=600" >>/etc/profile
source /etc/profile
fi
#forbidon root connect
#sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no‘ /etc/ssh/sshd_config
#systemctl reload sshd
#Forbidon crontab send mail
sed -i ‘s/MAILTO=root/MAILTO=""/‘ /etc/crontab
#Set max filenumbers
if ! grep "soft nofile 65535" /etc/security/limits.conf >/dev/null 2>&1;then
cat >>/etc/security/limits.conf<<EOF
* soft nofile 65535
* hard nofile 65535
EOF
fi
#System good
cat >>/etc/sysctl.conf <<EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 20480
EOF
#Swap
echo "0" >/proc/sys/vm/swappiness
#Install systems analysisyum -y install gcc c++ make autoconf vim sysstat net-tools iostat iftop iotp lrzsz >/dev/bull 2>&1
