linux shell之简单一键优化脚本

#!/bin/sh

################################################

# this script is created by chocolee.

# e_mail:494379480@qq.com

# qqinfo:494379480

# blog:chocolee.blog.51cto.com

# version:1.0

################################################

#Source function library.

. /etc/init.d/functions

#date

DATE=`date +'%y-%m-%d %H:%M:%S'`

#ip

IPADDR=`grep 'IPADDR' /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `

#hostname

HOSTNAME=`hostname -s`

#user

USER=`whoami`

#disk_check

DISK_SDA=`df -h |grep -w '/' |awk '{print $5}'`

#cpu_average_check

cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`

#set LANG

export LANG=zh_CN.UTF-8

#Require root to run this script.

uid=`id | cut -d\( -f1 | cut -d= -f2`

if [ $uid -ne 0 ];then

action 'Please run this script as root.' /bin/false

exit 1

fi

#'stty erase ^H'

\cp /root/.bash_profile /root/.bash_profile_$(date +%F)

erase=`grep -wx 'stty erase ^H' /root/.bash_profile |wc -l`

if [ $erase -lt 1 ];then

echo 'stty erase ^H' >>/root/.bash_profile

source /root/.bash_profile

fi

#Config Yum CentOS-Bases.repo

configYum(){

echo '================更新为国内YUM源=================='

cd /etc/yum.repos.d/

\cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)

ping -c 1 www.163.com>/dev/null

if [ $? -eq 0 ];then

wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

else

echo '无法连接网络。'

exit $?

fi

\cp CentOS-Base-sohu.repo CentOS-Base.repo

action '配置国内YUM完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#Charset zh_CN.UTF-8

initI18n(){

echo '================更改为中文字符集================='

\cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)

echo 'LANG='zh_CN.UTF-8'' >/etc/sysconfig/i18n

source /etc/sysconfig/i18n

echo '#cat /etc/sysconfig/i18n'

grep LANG /etc/sysconfig/i18n

action '更改字符集zh_CN.UTF-8完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#Close Selinux and Iptables

initFirewall(){

echo '============禁用SELINUX及关闭防火墙=============='

\cp /etc/selinux/config /etc/selinux/config.$(date +%F)

/etc/init.d/iptables stop

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

setenforce 0

/etc/init.d/iptables status

echo '#grep SELINUX=disabled /etc/selinux/config '

grep SELINUX=disabled /etc/selinux/config

echo '#getenforce '

getenforce

action '禁用selinux及关闭防火墙完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#Init Auto Startup Service

initService(){

echo '===============精简开机自启动===================='

export LANG='en_US.UTF-8'

for A in `chkconfig --list |grep 3:on |awk '{print $1}' `;do chkconfig $A off;done

for B in rsyslog network sshd crond;do chkconfig $B on;done

echo '+--------which services on---------+'

chkconfig --list |grep 3:on

echo '+----------------------------------+'

export LANG='zh_CN.UTF-8'

action '精简开机自启动完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#Change sshd default port and prohibit user root remote login.

initSsh(){

echo '========修改ssh默认端口禁用root远程登录=========='

\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)

sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config

sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config

sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config

echo '+-------modify the sshd_config-------+'

echo 'Port 52113'

echo 'PermitEmptyPasswords no'

echo 'PermitRootLogin no'

echo 'UseDNS no'

echo '+------------------------------------+'

/etc/init.d/sshd reload && action '修改ssh默认参数完成' /bin/true || action '修改ssh参数失败' /bin/false

echo '================================================='

echo ''

sleep 2

}

#time sync

syncSysTime(){

echo '================配置时间同步====================='

\cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null

NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`

if [ $NTPDATE -eq 0 ];then

echo '#times sync by lee at $(date +%F)' >>/var/spool/cron/root

echo '*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1' >> /var/spool/cron/root

fi

echo '#crontab -l'

crontab -l

action '配置时间同步完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#install tools

initTools(){

echo '#####install tools#####'

yum groupinstall base -y

yum groupinstall core -y

yum groupinstall development libs -y

yum groupinstall development tools -y

echo 'install toos complete.'

sleep 1

}

#add user and give sudoers

addUser(){

echo '===================新建用户======================'

#add user

while true

do

read -p '请输入新用户名:' name

NAME=`awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`

if [ ${#name} -eq 0 ];then

echo '用户名不能为空，请重新输入。'

continue

elif [ $NAME -eq 1 ];then

echo '用户名已存在，请重新输入。'

continue

fi

useradd $name

break

done

#create password

while true

do

read -p '为 $name 创建一个密码:' pass1

if [ ${#pass1} -eq 0 ];then

echo '密码不能为空，请重新输入。'

continue

fi

read -p '请再次输入密码:' pass2

if [ '$pass1' != '$pass2' ];then

echo '两次密码输入不相同，请重新输入。'

continue

fi

echo '$pass2' |passwd --stdin $name

break

done

sleep 1

#add visudo

echo '#####add visudo#####'

\cp /etc/sudoers /etc/sudoers.$(date +%F)

SUDO=`grep -w '$name' /etc/sudoers |wc -l`

if [ $SUDO -eq 0 ];then

echo '$name ALL=(ALL) NOPASSWD: ALL' >>/etc/sudoers

echo '#tail -1 /etc/sudoers'

grep -w '$name' /etc/sudoers

sleep 1

fi

action '创建用户$name并将其加入visudo完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#Adjust the file descriptor(limits.conf)

initLimits(){

echo '===============加大文件描述符===================='

LIMIT=`grep nofile /etc/security/limits.conf |grep -v '^#'|wc -l`

if [ $LIMIT -eq 0 ];then

\cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)

echo '* - nofile 65535'>>/etc/security/limits.conf

fi

echo '#tail -1 /etc/security/limits.conf'

tail -1 /etc/security/limits.conf

ulimit -HSn 65535

echo '#ulimit -n'

ulimit -n

action '配置文件描述符为65535' /bin/true

echo '================================================='

echo ''

sleep 2

}

#Optimizing the system kernel

initSysctl(){

echo '================优化内核参数====================='

SYSCTL=`grep 'net.ipv4.tcp' /etc/sysctl.conf |wc -l`

if [ $SYSCTL -lt 10 ];then

\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)

cat >>/etc/sysctl.conf<>

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000 65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

fi

\cp /etc/rc.local /etc/rc.local.$(date +%F)

modprobe nf_conntrack

echo 'modprobe nf_conntrack'>> /etc/rc.local

modprobe bridge

echo 'modprobe bridge'>> /etc/rc.local

sysctl -p

action '内核调优完成' /bin/true

echo '================================================='

echo ''

sleep 2

}

#menu2

menu2(){

while true

do

clear

cat <>

----------------------------------------

|****Please Enter Your Choice:[0-9]****|

----------------------------------------

(1) 新建一个用户并将其加入visudo

(2) 配置为国内YUM源镜像

(3) 配置中文字符集

(4) 禁用SELINUX及关闭防火墙

(5) 精简开机自启动

(6) 修改ssh默认端口及禁用root远程登录

(7) 设置时间同步

(8) 加大文件描述符

(9) 内核调优

(0) 返回上一级菜单

EOF

read -p 'Please enter your Choice[0-9]: ' input2

case '$input2' in

0)

clear

break

;;

1)

addUser

;;

2)

configYum

;;

3)

initI18n

;;

4)

initFirewall

;;

5)

initService

;;

6)

initSsh

;;

7)

syncSysTime

;;

8)

initLimits

;;

9)

initSysctl

;;

*) echo '----------------------------------'

echo '| Warning!!! |'

echo '| Please Enter Right Choice! |'

echo '----------------------------------'

for i in `seq -w 3 -1 1`

do

echo -ne '\b\b$i';

sleep 1;

done

clear

esac

done

}

#initTools

#menu

while true

do

clear

echo '========================================'

echo ' Linux Optimization '

echo '========================================'

cat <>

|-----------System Infomation-----------

| DATE :$DATE

| HOSTNAME :$HOSTNAME

| USER :$USER

| IP :$IPADDR

| DISK_USED :$DISK_SDA

| CPU_AVERAGE:$cpu_uptime

----------------------------------------

|****Please Enter Your Choice:[1-3]****|

----------------------------------------

(1) 一键优化

(2) 自定义优化

(3) 退出

EOF

#choice

read -p 'Please enter your choice[0-3]: ' input1

case '$input1' in

1)

addUser

configYum

initI18n

initFirewall

initService

initSsh

syncSysTime

initLimits

initSysctl

;;

2)

menu2

;;

3)

clear

break

;;

*)

echo '----------------------------------'

echo '| Warning!!! |'

echo '| Please Enter Right Choice! |'

echo '----------------------------------'

for i in `seq -w 3 -1 1`

do

echo -ne '\b\b$i';

sleep 1;

done

clear

esac

done

本站仅提供存储服务，所有内容均由用户发布，如发现有害或侵权内容，请点击举报。