centos6、7系统初始化脚本

时间:2023-12-16 12:44:14
  1. #!/bin/bash
  2. #
  3. #********************************************************************
  4. #encoding -*-utf8-*-
  5. #Author: zhangshang
  6. #Date: 2017-12-19
  7. #URL: http://blog.vservices.top/myblog
  8. #Description: The test script
  9. #Copyright (C): 2017 All rights reserved
  10. #QQ Numbers: 765030447
  11. #********************************************************************
  12. #查看系统版本
  13. Get_host_version=`cat /etc/centos-release | grep -i centos | grep -o "\<[[:digit:]]\+" |head -1`
  14. #查看内核版本
  15. kernel_version=`uname -r`
  16. #设置开机启动文件的权限
  17. chmod +x /etc/rc.d/rc.local
  18. #安装wget必备工具
  19. function Install_wget(){
  20. mount /dev/sr0 /mnt
  21. [ $? -ne 0 ] && { echo "未添加光盘源!退出脚本" ; kill -9 $$ ; }
  22. rpm -ivh /mnt/Packages/wget*
  23. cd /
  24. umount /mnt
  25. }
  26. #修改字符集位zh_CN.UTF-8
  27. function Modify_charaset(){
  28. echo 'export LANG=zh_CN.UTF-8' >>/etc/profile
  29. export LANG=zh_CN.UTF-8
  30. }
  31. #输出错误的系统版本
  32. function Error_system_version(){
  33. echo "未知的系统版本 $Get_host_version"
  34. }
  35. #备份操作的相关目录
  36. function Bakup_etc(){
  37. Now_of_time=`date +'%F_%H.%M'`
  38. back_path=/bak/initsys/
  39. mkdir -p $back_path
  40. tar -czf $back_path/etc.${Now_of_time}.tar.gz /etc
  41. }
  42. #关闭防火墙和selinux
  43. function Off_firewall_and_selinux(){
  44. #off firewall
  45. if [ "$Get_host_version" == 7 ]
  46. then
  47. systemctl stop firewalld &>/dev/null
  48. systemctl disable firewalld &>/dev/null
  49. elif [ "$Get_host_version" == 6 ]
  50. then
  51. service iptables stop &>/dev/null
  52. chkconfig iptables off &>/dev/null
  53. else
  54. Error_system_version
  55. return 1
  56. fi
  57. #off selinux
  58. sed -ri 's/^(SELINUX=).*$/\1disabled/g' /etc/selinux/config
  59. setenforce 0
  60. }
  61. #配置时区和时间
  62. function Set_timezone_and_time(){
  63. /usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
  64. #/usr/sbin/ntpdate 10.11.23.22 #设置ntp服务器同步,如果需要取消注释
  65. #hwclock -w #同步系统时间到硬件时间
  66. if [ "$Get_host_version" == '6' ]
  67. then
  68. cat > /etc/sysconfig/clock << EOF
  69. ZONE="Asia/Shanghai"
  70. UTC=false
  71. ARC=false
  72. EOF
  73. elif [ "$Get_host_version" == '7' ]
  74. then
  75. timedatectl set-local-rtc yes
  76. else
  77. Error_system_version
  78. fi
  79. }
  80. #隐藏系统版本
  81. function Shadow_system_version(){
  82. echo '' > /etc/issue
  83. echo '' > /etc/motd
  84. echo '' > /etc/redhat-release
  85. echo '' > /etc/centos-release
  86. }
  87. #测试外网是否连通
  88. function Test_network(){
  89. ping -c1 www.baidu.com &>/dev/null
  90. if [ $? -eq 0 ]
  91. then
  92. return 0
  93. else
  94. return 1
  95. fi
  96. }
  97. #设置系统最大句柄数
  98. function Set_handler_Num(){
  99. limit_count=`cat /etc/security/limits.conf | grep "^\*[[:blank:]]\+\(soft\|hard\)[[:blank:]]\+\(nofile\|nproc\)[[:blank:]]\+" | wc -l`
  100. if [ "$limit_count" -eq 0 ]
  101. then
  102. cat >> /etc/security/limits.conf << EOF
  103. * soft nofile 102400
  104. * hard nofile 102400
  105. * soft nproc 40960
  106. * hard nproc 40960
  107. EOF
  108. ulimit -n 102400 #设置文件打开数,并马上生效,
  109. else
  110. echo "已经添加过limit限制!"
  111. fi
  112. }
  113. #优化tcp连接
  114. function Set_tcp_kernel_arguments(){
  115. kernel_args=/etc/sysctl.d/tcp_optimization.conf
  116. flag_1=`cat $kernel_args 2>/dev/null | grep tcp_flag | awk '{print $2}'`
  117. flag_2=`cat $kernel_args 2>/dev/null | grep tcp_flag | wc -l`
  118. if [ "$flag_2" -gt 1 ]
  119. then
  120. echo "系统错误,TCP重复的优化参数,请查看 $kernel_args 是否正确!"
  121. return 1
  122. fi
  123. if [ "$flag_1" == 1 ]
  124. then
  125. echo "TCP内核参数已经优化过了。"
  126. return 1
  127. fi
  128. echo "#tcp_flag 1" >>$kernel_args
  129. touch $kernel_args
  130. echo "net.ipv4.tcp_syncookies = 1" >> $kernel_args #开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击
  131. echo "net.ipv4.tcp_tw_recycle = 1" >> $kernel_args #表示开启TCP连接中TIME-WAIT sockets的快速回收
  132. echo "net.ipv4.tcp_tw_reuse = 1" >> $kernel_args #表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接
  133. echo "net.ipv4.tcp_fin_timeout = 5" >> $kernel_args ##指定孤儿连接在内核中生存的时间为5秒
  134. echo "net.ipv4.tcp_keepalive_time = 1200" >> $kernel_args #表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省>是2小时,改为20分钟
  135. echo "net.ipv4.ip_local_port_range = 10000 65000" >> $kernel_args #表示用于向外连接的端口范围
  136. echo "net.ipv4.tcp_max_syn_backlog = 8192" >> $kernel_args #表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数
  137. echo "net.ipv4.tcp_max_tw_buckets = 5000" >> $kernel_args #表示系统同时保持TIME_WAIT的最大数量,如果超过这个数字,TIME_WAIT将立刻被清除并打印警告信息。
  138. sysctl -p $kernel_args &>/dev/null
  139. if [ $? != 0 ]
  140. then
  141. echo '读取Tcp内核参数错误!'
  142. fi
  143. }
  144. #禁用ssh的DNS功能
  145. function Disabled_sshd_dns(){
  146. #[ `grep "^#UseDNS \(no\|yes\)" /etc/ssh/sshd_config | wc -l` -eq 0 ] && { echo '已禁用该配置,Do nothing!' ; return 1; }
  147. sed -ri 's@#UseDNS (no|yes)@UseDNS no@g' /etc/ssh/sshd_config
  148. sed -ri 's@GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
  149. if [ "$Get_host_version" == '6' ]
  150. then
  151. service sshd restart
  152. elif [ "$Get_host_version" == '7' ]
  153. then
  154. systemctl restart sshd
  155. else
  156. Error_system_version
  157. fi
  158. }
  159. #配置网卡名称为eth*
  160. function Modify_network_card_name(){
  161. if [ "$Get_host_version" == '6' ] #修改Centos6 的网卡
  162. then
  163. Count_cart=`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' | wc -l`
  164. [ "$Count_cart" -eq 0 ] && { echo "没有网卡信息,请检查网卡驱动!" ; return 1; }
  165. count=1
  166. All_mac=`cat 70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' |grep -o "\([0-9a-fA-F]\{2\}:\)\{5\}[0-9a-fA-F]\{2\}"`
  167. for i in `$ALL_mac`
  168. do
  169. sed -ri 's@('$i'.*NAME=").*[[:digit:]]+"$@\1eth'$count'$"@' /etc/udev/rules.d/70-persistent-net.rules
  170. let count+=1
  171. done
  172. echo '修改网卡名成功,请查看配置!'
  173. echo "`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'`"
  174. elif [ "$Get_host_version" == '7' ] #修改Centos7 的网卡
  175. then
  176. boot_grub=/boot/grub2/grub.cfg
  177. grub_default_cfg=/etc/default/grub
  178. Name_count=`cat $boot_grub 2>/dev/null | grep "quiet[[:blank:]]\+net.ifnames" | wc -l`
  179. cp $grub_default_cfg ${grub_default_cfg}.`date +'%F_%H.%M'`
  180. [ $? -ne 0 ] && { echo "没有 $grub_default_cfg 这个文件" ; return 1; }
  181. if [ "$Name_count" -eq 0 ]
  182. then
  183. sed -ri 's/(GRUB_CMDLINE_LINUX=.*quiet)/\1 net.ifnames=0/g' $grub_default_cfg
  184. grub2-mkconfig -o $boot_grub
  185. if [ $? -eq 0 ]
  186. then
  187. echo '生成新的配置文件,生效需重启!'
  188. else
  189. echo "grub文件生成错误! $boot_grub 可能会产生错误!请检查"
  190. fi
  191. else
  192. echo '已经修改过grub参数,无需再次修改!Do nothing!'
  193. fi
  194. else
  195. Error_system_version
  196. fi
  197. }
  198. #配置yum仓库为aliyun
  199. function Modify_yumrepo(){
  200. repo_path=/etc/yum.repos.d/
  201. base_repo_count=`ls $repo_path | grep Alibase.repo | wc -l`
  202. epel_repo_count=`ls $repo_path | grep epel.repo | wc -l`
  203. mkdir -p ${repo_path}bak 2>/dev/null
  204. cd $repo_path
  205. Test_network
  206. [ $? -ne 0 ] && { echo '网络不通,退出函数!' ; return 1; }
  207. mv CentOS-* bak 2>/dev/null
  208. #根据系统版本添加源
  209. if [ "$Get_host_version" -eq 6 ]
  210. then
  211. if [ "$base_repo_count" -eq 0 ];then
  212. wget https://mirrors.aliyun.com/repo/Centos-6.repo -O ${repo_path}Alibase.repo
  213. else
  214. echo "已经添加过阿里源!"
  215. fi
  216. sleep 1
  217. if [ "$epel_repo_count" -ne 0 ];then
  218. wget https://mirrors.aliyun.com/repo/epel-6.repo -O ${repo_path}epel.repo
  219. else
  220. echo "已经添加过epel源!"
  221. fi
  222. yum clean all
  223. elif [ "$Get_host_version" -eq 7 ]
  224. then
  225. if [ "$base_repo_count" -eq 0 ];then
  226. wget https://mirrors.aliyun.com/repo/Centos-7.repo -O ${repo_path}Alibase.repo
  227. else
  228. echo "已经添加过阿里源!"
  229. fi
  230. sleep 1
  231. if [ "$epel_repo_count" -ne 0 ];then
  232. wget https://mirrors.aliyun.com/repo/epel-7.repo -O ${repo_path}epel.repo
  233. else
  234. echo "已经添加过epel源!"
  235. fi
  236. yum clean all
  237. else
  238. Error_system_version
  239. fi
  240. }
  241. #安装一些软件包
  242. function Install_some_packege(){
  243. packges="gcc glibc zlib openssl openssl-devel lrzsz lftp ftp telnet nmap-ncat net-snmp net-snmp-devel vim sysstat bash-completion wget lsof psmisc ntp"
  244. yum install -y $packges
  245. }
  246. #配置Bond
  247. function Config_Bond(){
  248. [ `ls /etc/sysconfig/network-scripts/ifcfg-Bond* 2>/dev/null | wc -l ` -ne 0 ] && { echo '已经配置了了Bond' ; return 1; }
  249. Net_card_name=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}'`
  250. Net_card_Num=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}' | wc -l`
  251. Named_eth_count=`echo $Net_card_name | grep -io eth | wc -l`
  252. [ "$Named_eth_count" -ne "$Net_card_Num" ] && { echo "网卡名并未变更为eth,或者已经添加过了聚合类型!配置失败!" ; return 1; }
  253. net_path=/etc/sysconfig/network-scripts/
  254. if [ "$Get_host_version" == '6' ]
  255. then
  256. service NetworkManager stop
  257. chkconfig NetworkManager off
  258. for i in $Net_card_name
  259. do
  260. cat >>${net_path}ifcfg-$i <<EOF
  261. DEVICE=$i
  262. BOOTPROTO=none
  263. MASTER=bond0
  264. SLAVE=yes
  265. USERCTL=no
  266. EOF
  267. done
  268. cat >>${net_path}ifcfg-Bond0 <<EOF
  269. DEVICE=bond0
  270. BOOTPROTO=none
  271. BONDING_OPTS="miimon=100 mode=0"
  272. DNS1=8.8.8.8
  273. IPADDR=172.18.30.2
  274. PREFIX=16
  275. GATEWAY=172.18.0.1
  276. ONBOOT=yes
  277. EOF
  278. service network restart
  279. elif [ "$Get_host_version" == '7' ]
  280. then
  281. nmcli con add type bond con-name Bond0 ifname Bond0 mode 0 ipv4.method manual ipv4.addresses 172.18.30.1 ipv4.gateway 172.18.0.1 ipv4.dns 8.8.8.8 &>/dev/null
  282. [ $? -eq 0 ] && nmcli con up Bond0
  283. for i in $Net_card_name
  284. do
  285. nmcli con add type bond-slave con-name $i-bond ifname $i master Bond0
  286. [ $? -eq 0 ] && nmcli con up $i-bond || echo "激活失败!"
  287. done
  288. else
  289. Error_system_version
  290. fi
  291. }
  292. #这里开始调用执行
  293. Bakup_etc #备份etc
  294. Off_firewall_and_selinux #关闭selinux
  295. Install_wget #安装wget
  296. Modify_charaset #修改全局字符集
  297. Set_timezone_and_time #设置时区和时间
  298. Set_handler_Num # 设置打开文件数
  299. Set_tcp_kernel_arguments #优化内核tcp连接
  300. Modify_yumrepo #修改yum仓库
  301. Install_some_packege #安装一些软件包
  302. Disabled_sshd_dns #禁用ssh的dns功能
  303. #Shadow_system_version #隐藏系统版本
  304. Modify_network_card_name #统一网卡名称为eth
  305. Config_Bond #配置Bond,默认ip为172.18.30.1,需要手动配置