- #!/bin/bash
- #
- #********************************************************************
- #encoding -*-utf8-*-
- #Author: zhangshang
- #Date: 2017-12-19
- #URL: http://blog.vservices.top/myblog
- #Description: The test script
- #Copyright (C): 2017 All rights reserved
- #QQ Numbers: 765030447
- #********************************************************************
- #查看系统版本
- Get_host_version=`cat /etc/centos-release | grep -i centos | grep -o "\<[[:digit:]]\+" |head -1`
- #查看内核版本
- kernel_version=`uname -r`
- #设置开机启动文件的权限
- chmod +x /etc/rc.d/rc.local
- #安装wget必备工具
- function Install_wget(){
- mount /dev/sr0 /mnt
- [ $? -ne 0 ] && { echo "未添加光盘源!退出脚本" ; kill -9 $$ ; }
- rpm -ivh /mnt/Packages/wget*
- cd /
- umount /mnt
- }
- #修改字符集位zh_CN.UTF-8
- function Modify_charaset(){
- echo 'export LANG=zh_CN.UTF-8' >>/etc/profile
- export LANG=zh_CN.UTF-8
- }
- #输出错误的系统版本
- function Error_system_version(){
- echo "未知的系统版本 $Get_host_version"
- }
- #备份操作的相关目录
- function Bakup_etc(){
- Now_of_time=`date +'%F_%H.%M'`
- back_path=/bak/initsys/
- mkdir -p $back_path
- tar -czf $back_path/etc.${Now_of_time}.tar.gz /etc
- }
- #关闭防火墙和selinux
- function Off_firewall_and_selinux(){
- #off firewall
- if [ "$Get_host_version" == 7 ]
- then
- systemctl stop firewalld &>/dev/null
- systemctl disable firewalld &>/dev/null
- elif [ "$Get_host_version" == 6 ]
- then
- service iptables stop &>/dev/null
- chkconfig iptables off &>/dev/null
- else
- Error_system_version
- return 1
- fi
- #off selinux
- sed -ri 's/^(SELINUX=).*$/\1disabled/g' /etc/selinux/config
- setenforce 0
- }
- #配置时区和时间
- function Set_timezone_and_time(){
- /usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
- #/usr/sbin/ntpdate 10.11.23.22 #设置ntp服务器同步,如果需要取消注释
- #hwclock -w #同步系统时间到硬件时间
- if [ "$Get_host_version" == '6' ]
- then
- cat > /etc/sysconfig/clock << EOF
- ZONE="Asia/Shanghai"
- UTC=false
- ARC=false
- EOF
- elif [ "$Get_host_version" == '7' ]
- then
- timedatectl set-local-rtc yes
- else
- Error_system_version
- fi
- }
- #隐藏系统版本
- function Shadow_system_version(){
- echo '' > /etc/issue
- echo '' > /etc/motd
- echo '' > /etc/redhat-release
- echo '' > /etc/centos-release
- }
- #测试外网是否连通
- function Test_network(){
- ping -c1 www.baidu.com &>/dev/null
- if [ $? -eq 0 ]
- then
- return 0
- else
- return 1
- fi
- }
- #设置系统最大句柄数
- function Set_handler_Num(){
- limit_count=`cat /etc/security/limits.conf | grep "^\*[[:blank:]]\+\(soft\|hard\)[[:blank:]]\+\(nofile\|nproc\)[[:blank:]]\+" | wc -l`
- if [ "$limit_count" -eq 0 ]
- then
- cat >> /etc/security/limits.conf << EOF
- * soft nofile 102400
- * hard nofile 102400
- * soft nproc 40960
- * hard nproc 40960
- EOF
- ulimit -n 102400 #设置文件打开数,并马上生效,
- else
- echo "已经添加过limit限制!"
- fi
- }
- #优化tcp连接
- function Set_tcp_kernel_arguments(){
- kernel_args=/etc/sysctl.d/tcp_optimization.conf
- flag_1=`cat $kernel_args 2>/dev/null | grep tcp_flag | awk '{print $2}'`
- flag_2=`cat $kernel_args 2>/dev/null | grep tcp_flag | wc -l`
- if [ "$flag_2" -gt 1 ]
- then
- echo "系统错误,TCP重复的优化参数,请查看 $kernel_args 是否正确!"
- return 1
- fi
- if [ "$flag_1" == 1 ]
- then
- echo "TCP内核参数已经优化过了。"
- return 1
- fi
- echo "#tcp_flag 1" >>$kernel_args
- touch $kernel_args
- echo "net.ipv4.tcp_syncookies = 1" >> $kernel_args #开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击
- echo "net.ipv4.tcp_tw_recycle = 1" >> $kernel_args #表示开启TCP连接中TIME-WAIT sockets的快速回收
- echo "net.ipv4.tcp_tw_reuse = 1" >> $kernel_args #表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接
- echo "net.ipv4.tcp_fin_timeout = 5" >> $kernel_args ##指定孤儿连接在内核中生存的时间为5秒
- echo "net.ipv4.tcp_keepalive_time = 1200" >> $kernel_args #表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省>是2小时,改为20分钟
- echo "net.ipv4.ip_local_port_range = 10000 65000" >> $kernel_args #表示用于向外连接的端口范围
- echo "net.ipv4.tcp_max_syn_backlog = 8192" >> $kernel_args #表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数
- echo "net.ipv4.tcp_max_tw_buckets = 5000" >> $kernel_args #表示系统同时保持TIME_WAIT的最大数量,如果超过这个数字,TIME_WAIT将立刻被清除并打印警告信息。
- sysctl -p $kernel_args &>/dev/null
- if [ $? != 0 ]
- then
- echo '读取Tcp内核参数错误!'
- fi
- }
- #禁用ssh的DNS功能
- function Disabled_sshd_dns(){
- #[ `grep "^#UseDNS \(no\|yes\)" /etc/ssh/sshd_config | wc -l` -eq 0 ] && { echo '已禁用该配置,Do nothing!' ; return 1; }
- sed -ri 's@#UseDNS (no|yes)@UseDNS no@g' /etc/ssh/sshd_config
- sed -ri 's@GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
- if [ "$Get_host_version" == '6' ]
- then
- service sshd restart
- elif [ "$Get_host_version" == '7' ]
- then
- systemctl restart sshd
- else
- Error_system_version
- fi
- }
- #配置网卡名称为eth*
- function Modify_network_card_name(){
- if [ "$Get_host_version" == '6' ] #修改Centos6 的网卡
- then
- Count_cart=`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' | wc -l`
- [ "$Count_cart" -eq 0 ] && { echo "没有网卡信息,请检查网卡驱动!" ; return 1; }
- count=1
- All_mac=`cat 70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' |grep -o "\([0-9a-fA-F]\{2\}:\)\{5\}[0-9a-fA-F]\{2\}"`
- for i in `$ALL_mac`
- do
- sed -ri 's@('$i'.*NAME=").*[[:digit:]]+"$@\1eth'$count'$"@' /etc/udev/rules.d/70-persistent-net.rules
- let count+=1
- done
- echo '修改网卡名成功,请查看配置!'
- echo "`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'`"
- elif [ "$Get_host_version" == '7' ] #修改Centos7 的网卡
- then
- boot_grub=/boot/grub2/grub.cfg
- grub_default_cfg=/etc/default/grub
- Name_count=`cat $boot_grub 2>/dev/null | grep "quiet[[:blank:]]\+net.ifnames" | wc -l`
- cp $grub_default_cfg ${grub_default_cfg}.`date +'%F_%H.%M'`
- [ $? -ne 0 ] && { echo "没有 $grub_default_cfg 这个文件" ; return 1; }
- if [ "$Name_count" -eq 0 ]
- then
- sed -ri 's/(GRUB_CMDLINE_LINUX=.*quiet)/\1 net.ifnames=0/g' $grub_default_cfg
- grub2-mkconfig -o $boot_grub
- if [ $? -eq 0 ]
- then
- echo '生成新的配置文件,生效需重启!'
- else
- echo "grub文件生成错误! $boot_grub 可能会产生错误!请检查"
- fi
- else
- echo '已经修改过grub参数,无需再次修改!Do nothing!'
- fi
- else
- Error_system_version
- fi
- }
- #配置yum仓库为aliyun
- function Modify_yumrepo(){
- repo_path=/etc/yum.repos.d/
- base_repo_count=`ls $repo_path | grep Alibase.repo | wc -l`
- epel_repo_count=`ls $repo_path | grep epel.repo | wc -l`
- mkdir -p ${repo_path}bak 2>/dev/null
- cd $repo_path
- Test_network
- [ $? -ne 0 ] && { echo '网络不通,退出函数!' ; return 1; }
- mv CentOS-* bak 2>/dev/null
- #根据系统版本添加源
- if [ "$Get_host_version" -eq 6 ]
- then
- if [ "$base_repo_count" -eq 0 ];then
- wget https://mirrors.aliyun.com/repo/Centos-6.repo -O ${repo_path}Alibase.repo
- else
- echo "已经添加过阿里源!"
- fi
- sleep 1
- if [ "$epel_repo_count" -ne 0 ];then
- wget https://mirrors.aliyun.com/repo/epel-6.repo -O ${repo_path}epel.repo
- else
- echo "已经添加过epel源!"
- fi
- yum clean all
- elif [ "$Get_host_version" -eq 7 ]
- then
- if [ "$base_repo_count" -eq 0 ];then
- wget https://mirrors.aliyun.com/repo/Centos-7.repo -O ${repo_path}Alibase.repo
- else
- echo "已经添加过阿里源!"
- fi
- sleep 1
- if [ "$epel_repo_count" -ne 0 ];then
- wget https://mirrors.aliyun.com/repo/epel-7.repo -O ${repo_path}epel.repo
- else
- echo "已经添加过epel源!"
- fi
- yum clean all
- else
- Error_system_version
- fi
- }
- #安装一些软件包
- function Install_some_packege(){
- packges="gcc glibc zlib openssl openssl-devel lrzsz lftp ftp telnet nmap-ncat net-snmp net-snmp-devel vim sysstat bash-completion wget lsof psmisc ntp"
- yum install -y $packges
- }
- #配置Bond
- function Config_Bond(){
- [ `ls /etc/sysconfig/network-scripts/ifcfg-Bond* 2>/dev/null | wc -l ` -ne 0 ] && { echo '已经配置了了Bond' ; return 1; }
- Net_card_name=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}'`
- Net_card_Num=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}' | wc -l`
- Named_eth_count=`echo $Net_card_name | grep -io eth | wc -l`
- [ "$Named_eth_count" -ne "$Net_card_Num" ] && { echo "网卡名并未变更为eth,或者已经添加过了聚合类型!配置失败!" ; return 1; }
- net_path=/etc/sysconfig/network-scripts/
- if [ "$Get_host_version" == '6' ]
- then
- service NetworkManager stop
- chkconfig NetworkManager off
- for i in $Net_card_name
- do
- cat >>${net_path}ifcfg-$i <<EOF
- DEVICE=$i
- BOOTPROTO=none
- MASTER=bond0
- SLAVE=yes
- USERCTL=no
- EOF
- done
- cat >>${net_path}ifcfg-Bond0 <<EOF
- DEVICE=bond0
- BOOTPROTO=none
- BONDING_OPTS="miimon=100 mode=0"
- DNS1=8.8.8.8
- IPADDR=172.18.30.2
- PREFIX=16
- GATEWAY=172.18.0.1
- ONBOOT=yes
- EOF
- service network restart
- elif [ "$Get_host_version" == '7' ]
- then
- nmcli con add type bond con-name Bond0 ifname Bond0 mode 0 ipv4.method manual ipv4.addresses 172.18.30.1 ipv4.gateway 172.18.0.1 ipv4.dns 8.8.8.8 &>/dev/null
- [ $? -eq 0 ] && nmcli con up Bond0
- for i in $Net_card_name
- do
- nmcli con add type bond-slave con-name $i-bond ifname $i master Bond0
- [ $? -eq 0 ] && nmcli con up $i-bond || echo "激活失败!"
- done
- else
- Error_system_version
- fi
- }
- #这里开始调用执行
- Bakup_etc #备份etc
- Off_firewall_and_selinux #关闭selinux
- Install_wget #安装wget
- Modify_charaset #修改全局字符集
- Set_timezone_and_time #设置时区和时间
- Set_handler_Num # 设置打开文件数
- Set_tcp_kernel_arguments #优化内核tcp连接
- Modify_yumrepo #修改yum仓库
- Install_some_packege #安装一些软件包
- Disabled_sshd_dns #禁用ssh的dns功能
- #Shadow_system_version #隐藏系统版本
- Modify_network_card_name #统一网卡名称为eth
- Config_Bond #配置Bond,默认ip为172.18.30.1,需要手动配置