centos系统初始化脚本

时间:2022-09-17 17:29:39
#!/bin/bash   
#========================================================================== 
#   FILE: Init.sh 
#  
#   DESCRIPTION: This script is used to install usual libs, 
#   close unnecessary services,optimize kernel parameters and so on 
#  
#   REVISION: 1.0  
#==========================================================================

set -o nounset                          # Treat unset variables as an error

# VARIABLES DEFINED
# SRV_ON="acpid crond iptables kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion"
SRV_ON="acpid crond kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion"

SRV_TEMP="/tmp/chkconfig_list.tmp" 

INSTALL_LIBS="gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel libxslt-devel libevent-devel libtool-ltdl bison libtool vim-enhanced salt-minion"

DONE="\e[0;32m\033[1mdone\e[m" 

# check os version
platform=`uname -i`
if [ $platform != "x86_64" ];then
	echo "this script is only for 64bit Operating System!"
exit 1
fi

cat << EOF
+---------------------------------------+
|   your system is CentOS 6 x86_64      |
|      start optimizing.......          |
+---------------------------------------
EOF

# add the third-party epel repo
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# lock user
passwd -l dbus
passwd -l vcsa
passwd -l games
passwd -l nobody
passwd -l avahi
passwd -l haldaemon
passwd -l gopher
passwd -l ftp
passwd -l mailnull
passwd -l pcap
passwd -l mail
passwd -l shutdown
passwd -l halt
passwd -l uucp
passwd -l operator
passwd -l sync
passwd -l adm
passwd -l lp

# install usual libs
yum -y install ${INSTALL_LIBS} 1>/dev/null 
echo -e "Install the usual libs ${DONE}." 
#echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root
sed -i 's/#master: salt/master: salt.enai.corp/' /etc/salt/minion
service salt-minion restart

# directory path
mkdir -p /data/scripts/shell

# set static route

# mount share

# set the file limit
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*           soft   nofile       65535
*           hard   nofile       65535
*           soft   nproc        65535
*           hard   nproc        65535
EOF

# set ssh
sed -i 's/#Port 22/Port 28290/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart

# tune kernel parametres
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
EOF
/sbin/sysctl -p

# stop some crontab
mkdir /etc/cron.daily.bak
mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak

# close all services and set necessary services on  
chkconfig  --list | awk '{print $1}' > ${SRV_TEMP} 
 
# close all services  
while read SERVICE 
do 
    chkconfig --level 345 ${SERVICE} off 1>/dev/null  
done < ${SRV_TEMP} 
 
# open necessary services  
for SRVS in ${SRV_ON} 
do 
    if [ -e /etc/init.d/${SRVS} ] 
    then  
        chkconfig --level 345 ${SRVS} on 1>/dev/null 
    else 
        echo -e "Service ${SRVS} is \e[0;31m\033[1mnot exits\e[m." 
    fi 
     
done 

# disable the ipv6
cat > /etc/modprobe.d/ipv6.conf << EOFI
alias net-pf-10 off
options ipv6 disable=1
EOFI
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network

cat << EOF
+-------------------------------------------------+
|               optimizer is done                 |
|   it's recommond to restart this server !       |
+-------------------------------------------------+
EOF

# init done,and reboot system  
echo -e "Do you want to \e[0;31m\033[1mreboot\e[m system now? [Y/N]:\t " 
read REPLY 
case $REPLY in  
    Y|y) 
        echo "The system will reboot now ..." 
        shutdown -r now  
        ;; 
    N|n) 
        echo "You must reboot later..." 
        source /etc/profile  
        ;; 
    *) 
        echo "You must input [Y/N]." 
        source /etc/profile  
        ;; 
esac 


====
cat > /etc/resolv.conf <<EOFD
nameserver 10.19.177.116
nameserver 10.19.31.157
nameserver 114.114.114.114
EOFD


106.75.32.81

hostname u04rdp01.yaya.corp

sed -i 's#HOSTNAME=10-19-22-157##HOSTNAME=u04rdp01.yaya.corp#g' /etc/sysconfig/network
sed -i 's##HOSTNAME=u04rdp01.yaya.corp#g' /etc/sysconfig/network