#!/bin/bash
#:***********************************************
#:Program:centos6_init_shell
#:
#:Author:yanconggod
#:
#:History:2017-01-10
#:
#:Version:1.0
#:***********************************************
cat<<EOF
+--------------------------------------------------------------+
|===WelcometoSysteminit===|
+--------------------------------------------------------------+
EOF
DATE=`date+%Y_%m_%d:%H_%M_%S`
INIT_LOG=system_init_$DATE.log
#0.yumresourceconfig
#mv/etc/yum.repos.d/*/tmp/
#wget-P/etc/yum.repos.d/http://yum.xxx.xxx/{CentOS-Base.repo,epel.repo}
yumcleanall
yuminstallvimgccgcc-c++openssl-develpython-devellrzsztreeftptelnet-y
#1.del_user_group_config
USER=(admlpshutdownhaltuucpoperatorgamesgopher)
foriin`echo${USER[*]}`
do
ifgrep-qs"$i"/etc/passwd;then
/usr/sbin/userdel$i
else
echo"$iisnoexist"
fi
done
GROUP=(admlpdip)
foriiin`echo${GROUP[*]}`
do
ifgrep-qs"$ii"/etc/group;then
/usr/sbin/groupdel$ii
else
echo"$iiisnoexist"
fi
done
if["$?"=="0"];then
echo"$DATE[del_user_group_config]is[success]">>/root/${INIT_LOG}
fi
#2.add_users_config
#指定UID,密码不能明文显示
/usr/sbin/useradd-u1001-m-G10yanconggod
sed-i'/yanconggod/s#\!\!#\$6\$nRS2zBCw\$9AuQZSdYJezLTyzinOQzfcp1je2EGAD5oL7d3JeAeSXKoVGd920\.vX\/dPFuyP\/C2VexJQa5PpPD\/wRfE0m\.9A\/#g'/etc/shadow
USER1=(yanconggod)
forylin`echo${USER1[*]}`
do
ifgrep-qs"$yl"/etc/passwd;then
echo"$DATE$ylisaddedsuccess">>/root/${INIT_LOG}
fi
done
#3.sudoer_config
sed-i's/Defaultsrequiretty/#Defaultsrequiretty/g'/etc/sudoers
echo-e"User_AliasSYSADMINS=yanconggod">>/etc/sudoers
echo-e"SYSADMINSALL=(ALL)NOPASSWD:ALL">>/etc/sudoers
echo"$DATE[sudoer_config]is[success]">>/root/${INIT_LOG}
#4.limits_config
echo"*softnofile65535">>/etc/security/limits.conf
echo"*hardnofile65535">>/etc/security/limits.conf
echo"*softnoproc65535">>/etc/security/limits.conf
echo"*hardnoproc65535">>/etc/security/limits.conf
sed-i'/1024/s/1024/65535/g'/etc/security/limits.d/90-nproc.conf
echo"$DATE[limits_config]is[success]">>/root/${INIT_LOG}
#5.sysctl_config
echo"net.ipv4.tcp_syncookies=1">>/etc/sysctl.conf
echo"net.ipv4.tcp_fin_timeout=30">>/etc/sysctl.conf
echo"net.ipv4.tcp_tw_recycle=1">>/etc/sysctl.conf
echo"net.ipv4.tcp_tw_reuse=1">>/etc/sysctl.conf
echo"net.ipv4.tcp_max_syn_backlog=4096">>/etc/sysctl.conf
echo"net.core.netdev_max_backlog=10240">>/etc/sysctl.conf
echo"net.ipv4.icmp_echo_ignore_broadcasts=1">>/etc/sysctl.conf
echo"net.core.somaxconn=2048">>/etc/sysctl.conf
echo"net.core.wmem_default=8388608">>/etc/sysctl.conf
echo"net.core.rmem_default=8388608">>/etc/sysctl.conf
echo"net.core.rmem_max=16777216">>/etc/sysctl.conf
echo"net.core.wmem_max=16777216">>/etc/sysctl.conf
echo"net.ipv4.conf.all.rp_filter=1">>/etc/sysctl.conf
echo"net.ipv4.tcp_keepalive_time=300">>/etc/sysctl.conf
echo"net.ipv4.tcp_synack_retries=2">>/etc/sysctl.conf
echo"net.ipv4.tcp_syn_retries=2">>/etc/sysctl.conf
echo"net.ipv4.ip_local_port_range=500065000">>/etc/sysctl.conf
sysctl-p
echo"$DATE[sysctl_config]is[success]">>/root/${INIT_LOG}
#6.history_config
echo"exportHISTSIZE=2000">>/etc/profile
source/etc/profile
echo"$DATE[history_config]is[success]">>/root/${INIT_LOG}
#7.pass_lengthandlogincountlimit
#sed-i'25s/99999/90/g'/etc/login.defs
#sed-i'27s/5/8/g'/etc/login.defs
sed-i'5iauthrequired/lib64/security/pam_tally2.sodeny=5unlock_time=300'/etc/pam.d/system-auth
#8.disable_selinux_config
sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
setenforce0
echo"$DATE[disable_selinux_config]is[success]">>/root/${INIT_LOG}
#9.ntp_config
ntp_config_count=`crontab-l|grepntpdate|wc-l`
if[${ntp_config_count}-eq0];then
cat<<EOF>>/var/spool/cron/root
*/5****/usr/sbin/ntpdate-sntp1.aliyun.com>/dev/null2>&1
EOF
fi
if[$?=0];then
echo"$DATE[ntp_config]is[success]">>/root/${INIT_LOG}
fi
#10.maxlogins_config
echo"yanconggod-maxlogins10">>/etc/security/limits.conf
echo"$DATE[maxlogins_config]is[success]">>/root/${INIT_LOG}
#11.disbled_ipv6_config
cat>>/etc/modprobe.d/disableipv6.conf<<EOF
aliasnet-pf-10off
optionsipv6disable=1
EOF
echo"$DATE[disble_ipv6_config]is[success]">>/root/${INIT_LOG}
#12.character_config
cat>>/etc/sysconfig/i18n<<EOF
LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
#13.disable_service_config
foriinauditdblk-availabilityip6tablesiptableslvm2-monitornetfsudev-post
do
chkconfig$ioff
#iptables-F
#iptables-X
done
echo"$DATE[disable_service_config]is[success]">>/root/${INIT_LOG}
#15.DNSconfig
MASK=`ifconfig|grep-w"inet"|grep-v127.0.0.1|awk-F':''{print$2}'|sed's/Bcast$//g'|awk-F'.''{print$1"."$2}'`
echo$MASK
if[$MASK="10.0"-o$MASK="10.1"]
then
cat>/etc/resolv.conf<<EOF
nameserver10.0.0.1
#nameserver1.1.1.2
#nameserver1.1.1.3
EOF
else
:
fi
#16.sshd_config
sed"s/#Port22/Port22/g"/etc/ssh/sshd_config-i
sed"s/^#Protocol2/Protocol2/g"/etc/ssh/sshd_config-i
sed"s/#UseDNSyes/UseDNSno/g"/etc/ssh/sshd_config-i
#sed's/#PermitRootLoginyes/PermitRootLoginno/g'/etc/ssh/sshd_config-i
#sed's/GSSAPIAuthenticationyes/GSSAPIAuthenticationno/g'/etc/ssh/sshd_config-i
#sed's/GSSAPIAuthenticationyes/GSSAPIAuthenticationno/g'/etc/ssh/ssh_config-i
/etc/init.d/sshdrestart
echo"$DATE[sshd_config]is[success]">>/root/${INIT_LOG}
#17.reboot_system
read-p"Doyouwanttorebootthesystem?"want
case$wantin
yes)
echo"rebootnow!"
reboot
;;
no)
echo"initover!"
;;
*)
echo"pleaseuseageyesorno!thanks"
;;
esac版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。