#!/bin/bash #:*********************************************** #:Program:centos6_init_shell #: #:Author:yanconggod #: #:History:2017-01-10 #: #:Version:1.0 #:*********************************************** cat<<EOF +--------------------------------------------------------------+ |===WelcometoSysteminit===| +--------------------------------------------------------------+ EOF DATE=`date+%Y_%m_%d:%H_%M_%S` INIT_LOG=system_init_$DATE.log #0.yumresourceconfig #mv/etc/yum.repos.d/*/tmp/ #wget-P/etc/yum.repos.d/http://yum.xxx.xxx/{CentOS-Base.repo,epel.repo} yumcleanall yuminstallvimgccgcc-c++openssl-develpython-devellrzsztreeftptelnet-y #1.del_user_group_config USER=(admlpshutdownhaltuucpoperatorgamesgopher) foriin`echo${USER[*]}` do ifgrep-qs"$i"/etc/passwd;then /usr/sbin/userdel$i else echo"$iisnoexist" fi done GROUP=(admlpdip) foriiin`echo${GROUP[*]}` do ifgrep-qs"$ii"/etc/group;then /usr/sbin/groupdel$ii else echo"$iiisnoexist" fi done if["$?"=="0"];then echo"$DATE[del_user_group_config]is[success]">>/root/${INIT_LOG} fi #2.add_users_config #指定UID,密码不能明文显示 /usr/sbin/useradd-u1001-m-G10yanconggod sed-i'/yanconggod/s#\!\!#\$6\$nRS2zBCw\$9AuQZSdYJezLTyzinOQzfcp1je2EGAD5oL7d3JeAeSXKoVGd920\.vX\/dPFuyP\/C2VexJQa5PpPD\/wRfE0m\.9A\/#g'/etc/shadow USER1=(yanconggod) forylin`echo${USER1[*]}` do ifgrep-qs"$yl"/etc/passwd;then echo"$DATE$ylisaddedsuccess">>/root/${INIT_LOG} fi done #3.sudoer_config sed-i's/Defaultsrequiretty/#Defaultsrequiretty/g'/etc/sudoers echo-e"User_AliasSYSADMINS=yanconggod">>/etc/sudoers echo-e"SYSADMINSALL=(ALL)NOPASSWD:ALL">>/etc/sudoers echo"$DATE[sudoer_config]is[success]">>/root/${INIT_LOG} #4.limits_config echo"*softnofile65535">>/etc/security/limits.conf echo"*hardnofile65535">>/etc/security/limits.conf echo"*softnoproc65535">>/etc/security/limits.conf echo"*hardnoproc65535">>/etc/security/limits.conf sed-i'/1024/s/1024/65535/g'/etc/security/limits.d/90-nproc.conf echo"$DATE[limits_config]is[success]">>/root/${INIT_LOG} #5.sysctl_config echo"net.ipv4.tcp_syncookies=1">>/etc/sysctl.conf echo"net.ipv4.tcp_fin_timeout=30">>/etc/sysctl.conf echo"net.ipv4.tcp_tw_recycle=1">>/etc/sysctl.conf echo"net.ipv4.tcp_tw_reuse=1">>/etc/sysctl.conf echo"net.ipv4.tcp_max_syn_backlog=4096">>/etc/sysctl.conf echo"net.core.netdev_max_backlog=10240">>/etc/sysctl.conf echo"net.ipv4.icmp_echo_ignore_broadcasts=1">>/etc/sysctl.conf echo"net.core.somaxconn=2048">>/etc/sysctl.conf echo"net.core.wmem_default=8388608">>/etc/sysctl.conf echo"net.core.rmem_default=8388608">>/etc/sysctl.conf echo"net.core.rmem_max=16777216">>/etc/sysctl.conf echo"net.core.wmem_max=16777216">>/etc/sysctl.conf echo"net.ipv4.conf.all.rp_filter=1">>/etc/sysctl.conf echo"net.ipv4.tcp_keepalive_time=300">>/etc/sysctl.conf echo"net.ipv4.tcp_synack_retries=2">>/etc/sysctl.conf echo"net.ipv4.tcp_syn_retries=2">>/etc/sysctl.conf echo"net.ipv4.ip_local_port_range=500065000">>/etc/sysctl.conf sysctl-p echo"$DATE[sysctl_config]is[success]">>/root/${INIT_LOG} #6.history_config echo"exportHISTSIZE=2000">>/etc/profile source/etc/profile echo"$DATE[history_config]is[success]">>/root/${INIT_LOG} #7.pass_lengthandlogincountlimit #sed-i'25s/99999/90/g'/etc/login.defs #sed-i'27s/5/8/g'/etc/login.defs sed-i'5iauthrequired/lib64/security/pam_tally2.sodeny=5unlock_time=300'/etc/pam.d/system-auth #8.disable_selinux_config sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config setenforce0 echo"$DATE[disable_selinux_config]is[success]">>/root/${INIT_LOG} #9.ntp_config ntp_config_count=`crontab-l|grepntpdate|wc-l` if[${ntp_config_count}-eq0];then cat<<EOF>>/var/spool/cron/root */5****/usr/sbin/ntpdate-sntp1.aliyun.com>/dev/null2>&1 EOF fi if[$?=0];then echo"$DATE[ntp_config]is[success]">>/root/${INIT_LOG} fi #10.maxlogins_config echo"yanconggod-maxlogins10">>/etc/security/limits.conf echo"$DATE[maxlogins_config]is[success]">>/root/${INIT_LOG} #11.disbled_ipv6_config cat>>/etc/modprobe.d/disableipv6.conf<<EOF aliasnet-pf-10off optionsipv6disable=1 EOF echo"$DATE[disble_ipv6_config]is[success]">>/root/${INIT_LOG} #12.character_config cat>>/etc/sysconfig/i18n<<EOF LANG="en_US.UTF-8" SYSFONT="latarcyrheb-sun16" EOF #13.disable_service_config foriinauditdblk-availabilityip6tablesiptableslvm2-monitornetfsudev-post do chkconfig$ioff #iptables-F #iptables-X done echo"$DATE[disable_service_config]is[success]">>/root/${INIT_LOG} #15.DNSconfig MASK=`ifconfig|grep-w"inet"|grep-v127.0.0.1|awk-F':''{print$2}'|sed's/Bcast$//g'|awk-F'.''{print$1"."$2}'` echo$MASK if[$MASK="10.0"-o$MASK="10.1"] then cat>/etc/resolv.conf<<EOF nameserver10.0.0.1 #nameserver1.1.1.2 #nameserver1.1.1.3 EOF else : fi #16.sshd_config sed"s/#Port22/Port22/g"/etc/ssh/sshd_config-i sed"s/^#Protocol2/Protocol2/g"/etc/ssh/sshd_config-i sed"s/#UseDNSyes/UseDNSno/g"/etc/ssh/sshd_config-i #sed's/#PermitRootLoginyes/PermitRootLoginno/g'/etc/ssh/sshd_config-i #sed's/GSSAPIAuthenticationyes/GSSAPIAuthenticationno/g'/etc/ssh/sshd_config-i #sed's/GSSAPIAuthenticationyes/GSSAPIAuthenticationno/g'/etc/ssh/ssh_config-i /etc/init.d/sshdrestart echo"$DATE[sshd_config]is[success]">>/root/${INIT_LOG} #17.reboot_system read-p"Doyouwanttorebootthesystem?"want case$wantin yes) echo"rebootnow!" reboot ;; no) echo"initover!" ;; *) echo"pleaseuseageyesorno!thanks" ;; esac
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。