#!/bin/sh
################################################
# this script is created by chocolee.
# e_mail:494379480@qq.com
# qqinfo:494379480
# blog:chocolee.blog.51cto.com
# version:1.0
################################################
#Source function library.
.
/etc/init
.d
/functions
#date
DATE=`
date
+
'%y-%m-%d %H:%M:%S'
`
#ip
IPADDR=`
grep
'IPADDR'
/etc/sysconfig/network-scripts/ifcfg-eth0
|
cut
-d= -f 2 `
#hostname
HOSTNAME=`
hostname
-s`
#user
USER=`
whoami
`
#disk_check
DISK_SDA=`
df
-h |
grep
-w
'/'
|
awk
'{print $5}'
`
#cpu_average_check
cpu_uptime=`
cat
/proc/loadavg
|
awk
'{print $1,$2,$3}'
`
#set LANG
export
LANG=zh_CN.UTF-8
#Require root to run this script.
uid=`
id
|
cut
-d\( -f1 |
cut
-d= -f2`
if
[ $uid -
ne
0 ];
then
action
'Please run this script as root.'
/bin/false
exit
1
fi
#'stty erase ^H'
\
cp
/root/
.bash_profile
/root/
.bash_profile_$(
date
+%F)
erase=`
grep
-wx
'stty erase ^H'
/root/
.bash_profile |
wc
-l`
if
[ $erase -lt 1 ];
then
echo
'stty erase ^H'
>>
/root/
.bash_profile
source
/root/
.bash_profile
fi
#Config Yum CentOS-Bases.repo
configYum(){
echo
'================更新为国内YUM源=================='
cd
/etc/yum
.repos.d/
\
cp
CentOS-Base.repo CentOS-Base.repo.$(
date
+%F)
ping
-c 1 www.163.com>
/dev/null
if
[ $? -
eq
0 ];
then
wget http:
//mirrors
.163.com/.help
/CentOS6-Base-163
.repo
else
echo
'无法连接网络。'
exit
$?
fi
\
cp
CentOS-Base-sohu.repo CentOS-Base.repo
action
'配置国内YUM完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#Charset zh_CN.UTF-8
initI18n(){
echo
'================更改为中文字符集================='
\
cp
/etc/sysconfig/i18n
/etc/sysconfig/i18n
.$(
date
+%F)
echo
'LANG='
zh_CN.UTF-8
''
>
/etc/sysconfig/i18n
source
/etc/sysconfig/i18n
echo
'#cat /etc/sysconfig/i18n'
grep
LANG
/etc/sysconfig/i18n
action
'更改字符集zh_CN.UTF-8完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#Close Selinux and Iptables
initFirewall(){
echo
'============禁用SELINUX及关闭防火墙=============='
\
cp
/etc/selinux/config
/etc/selinux/config
.$(
date
+%F)
/etc/init
.d
/iptables
stop
sed
-i
's/SELINUX=enforcing/SELINUX=disabled/g'
/etc/selinux/config
setenforce 0
/etc/init
.d
/iptables
status
echo
'#grep SELINUX=disabled /etc/selinux/config '
grep
SELINUX=disabled
/etc/selinux/config
echo
'#getenforce '
getenforce
action
'禁用selinux及关闭防火墙完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#Init Auto Startup Service
initService(){
echo
'===============精简开机自启动===================='
export
LANG=
'en_US.UTF-8'
for
A
in
`chkconfig --list |
grep
3:on |
awk
'{print $1}'
`;
do
chkconfig $A off;
done
for
B
in
rsyslog network sshd crond;
do
chkconfig $B on;
done
echo
'+--------which services on---------+'
chkconfig --list |
grep
3:on
echo
'+----------------------------------+'
export
LANG=
'zh_CN.UTF-8'
action
'精简开机自启动完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#Change sshd default port and prohibit user root remote login.
initSsh(){
echo
'========修改ssh默认端口禁用root远程登录=========='
\
cp
/etc/ssh/sshd_config
/etc/ssh/sshd_config
.$(
date
+%F)
sed
-i
's/#Port 22/Port 52113/g'
/etc/ssh/sshd_config
sed
-i
's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g'
/etc/ssh/sshd_config
sed
-i
's/#PermitRootLogin yes/PermitRootLogin no/g'
/etc/ssh/sshd_config
sed
-i
's/#UseDNS yes/UseDNS no/g'
/etc/ssh/sshd_config
echo
'+-------modify the sshd_config-------+'
echo
'Port 52113'
echo
'PermitEmptyPasswords no'
echo
'PermitRootLogin no'
echo
'UseDNS no'
echo
'+------------------------------------+'
/etc/init
.d
/sshd
reload && action
'修改ssh默认参数完成'
/bin/true
|| action
'修改ssh参数失败'
/bin/false
echo
'================================================='
echo
''
sleep
2
}
#time sync
syncSysTime(){
echo
'================配置时间同步====================='
\
cp
/var/spool/cron/root
/var/spool/cron/root
.$(
date
+%F) 2>
/dev/null
NTPDATE=`
grep
ntpdate
/var/spool/cron/root
2>
/dev/null
|
wc
-l`
if
[ $NTPDATE -
eq
0 ];
then
echo
'#times sync by lee at $(date +%F)'
>>
/var/spool/cron/root
echo
'*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1'
>>
/var/spool/cron/root
fi
echo
'#crontab -l'
crontab
-l
action
'配置时间同步完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#install tools
initTools(){
echo
'#####install tools#####'
yum groupinstall base -y
yum groupinstall core -y
yum groupinstall development libs -y
yum groupinstall development tools -y
echo
'install toos complete.'
sleep
1
}
#add user and give sudoers
addUser(){
echo
'===================新建用户======================'
#add user
while
true
do
read
-p
'请输入新用户名:'
name
NAME=`
awk
-F
':'
'{print $1}'
/etc/passwd
|
grep
-wx $name 2>
/dev/null
|
wc
-l`
if
[ ${
#name} -eq 0 ];then
echo
'用户名不能为空,请重新输入。'
continue
elif
[ $NAME -
eq
1 ];
then
echo
'用户名已存在,请重新输入。'
continue
fi
useradd
$name
break
done
#create password
while
true
do
read
-p
'为 $name 创建一个密码:'
pass1
if
[ ${
#pass1} -eq 0 ];then
echo
'密码不能为空,请重新输入。'
continue
fi
read
-p
'请再次输入密码:'
pass2
if
[
'$pass1'
!=
'$pass2'
];
then
echo
'两次密码输入不相同,请重新输入。'
continue
fi
echo
'$pass2'
|
passwd
--stdin $name
break
done
sleep
1
#add visudo
echo
'#####add visudo#####'
\
cp
/etc/sudoers
/etc/sudoers
.$(
date
+%F)
SUDO=`
grep
-w
'$name'
/etc/sudoers
|
wc
-l`
if
[ $SUDO -
eq
0 ];
then
echo
'$name ALL=(ALL) NOPASSWD: ALL'
>>
/etc/sudoers
echo
'#tail -1 /etc/sudoers'
grep
-w
'$name'
/etc/sudoers
sleep
1
fi
action
'创建用户$name并将其加入visudo完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#Adjust the file descriptor(limits.conf)
initLimits(){
echo
'===============加大文件描述符===================='
LIMIT=`
grep
nofile
/etc/security/limits
.conf |
grep
-
v
'^#'
|
wc
-l`
if
[ $LIMIT -
eq
0 ];
then
\
cp
/etc/security/limits
.conf
/etc/security/limits
.conf.$(
date
+%F)
echo
'* - nofile 65535'
>>
/etc/security/limits
.conf
fi
echo
'#tail -1 /etc/security/limits.conf'
tail
-1
/etc/security/limits
.conf
ulimit
-HSn 65535
echo
'#ulimit -n'
ulimit
-n
action
'配置文件描述符为65535'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#Optimizing the system kernel
initSysctl(){
echo
'================优化内核参数====================='
SYSCTL=`
grep
'net.ipv4.tcp'
/etc/sysctl
.conf |
wc
-l`
if
[ $SYSCTL -lt 10 ];
then
\
cp
/etc/sysctl
.conf
/etc/sysctl
.conf.$(
date
+%F)
cat
>>
/etc/sysctl
.conf<>
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
\
cp
/etc/rc
.
local
/etc/rc
.
local
.$(
date
+%F)
modprobe nf_conntrack
echo
'modprobe nf_conntrack'
>>
/etc/rc
.
local
modprobe bridge
echo
'modprobe bridge'
>>
/etc/rc
.
local
sysctl -p
action
'内核调优完成'
/bin/true
echo
'================================================='
echo
''
sleep
2
}
#menu2
menu2(){
while
true
do
clear
cat
<>
----------------------------------------
|****Please Enter Your Choice:[0-9]****|
----------------------------------------
(1) 新建一个用户并将其加入visudo
(2) 配置为国内YUM源镜像
(3) 配置中文字符集
(4) 禁用SELINUX及关闭防火墙
(5) 精简开机自启动
(6) 修改
ssh
默认端口及禁用root远程登录
(7) 设置时间同步
(8) 加大文件描述符
(9) 内核调优
(0) 返回上一级菜单
EOF
read
-p
'Please enter your Choice[0-9]: '
input2
case
'$input2'
in
0)
clear
break
;;
1)
addUser
;;
2)
configYum
;;
3)
initI18n
;;
4)
initFirewall
;;
5)
initService
;;
6)
initSsh
;;
7)
syncSysTime
;;
8)
initLimits
;;
9)
initSysctl
;;
*)
echo
'----------------------------------'
echo
'| Warning!!! |'
echo
'| Please Enter Right Choice! |'
echo
'----------------------------------'
for
i
in
`
seq
-w 3 -1 1`
do
echo
-
ne
'\b\b$i'
;
sleep
1;
done
clear
esac
done
}
#initTools
#menu
while
true
do
clear
echo
'========================================'
echo
' Linux Optimization '
echo
'========================================'
cat
<>
|-----------System Infomation-----------
| DATE :$DATE
| HOSTNAME :$HOSTNAME
| USER :$USER
| IP :$IPADDR
| DISK_USED :$DISK_SDA
| CPU_AVERAGE:$cpu_uptime
----------------------------------------
|****Please Enter Your Choice:[1-3]****|
----------------------------------------
(1) 一键优化
(2) 自定义优化
(3) 退出
EOF
#choice
read
-p
'Please enter your choice[0-3]: '
input1
case
'$input1'
in
1)
addUser
configYum
initI18n
initFirewall
initService
initSsh
syncSysTime
initLimits
initSysctl
;;
2)
menu2
;;
3)
clear
break
;;
*)
echo
'----------------------------------'
echo
'| Warning!!! |'
echo
'| Please Enter Right Choice! |'
echo
'----------------------------------'
for
i
in
`
seq
-w 3 -1 1`
do
echo
-
ne
'\b\b$i'
;
sleep
1;
done
clear
esac
done
联系客服