干货！超实用的 Linux 初始化脚本

乖乖流氓兔

咸鱼今天给大家分享一个无论是学习还是工作中都很实用的 Linux 系统初始化脚本，其实就是各种命令的集合
 
完整代码在文章最后哦
 
定义相关变量
 

 
 
配置 yum 镜像源

 
 
获取阿里云 yum 镜像源

 
 
判断函数是否执行成功

 
 
写入一行配置

 
 
修改配置

 
 
配置系统时区

 
 
配置 dns 服务器

 
 
修改最大文件描述符限制

 
 
关闭系统不需要的服务

 
 
内核参数优化相关

 
 
安装常用工具

 
 
关闭 SELinux

 
 
主函数

 
 
完整脚本

1. #环境变量
2. PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
3. export PATH
5. #当前时间
6. current_time=$(date +%Y%m%d)
8. #阿里的DNS
9. dns_server=223.5.5.5
11. if [[ ! -z `uname -r|grep 'el6'` ]]
12.   then
13.   kernel_version=el6
14.   yum_repo=http://mirrors.aliyun.com/repo/Centos-6.repo
15. elif [[ ! -z `uname -r|grep 'el7'` ]]
16.   then
17.   kernel_version=el7
18.   yum_repo=http://mirrors.aliyun.com/repo/Centos-7.repo
19. else
20.   echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m"
21.   exit
22. fi
24. function add_yum_repo(){
25.   local item="Add Aliyun Yum Mirrors"
26.   yum clean all
27.   cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.${current_time} && \
28.   curl -o /etc/yum.repos.d/CentOS-Base.repo ${yum_repo} > /dev/null 2>&1
29.   show_result $? "${item}"
30.   yum makecache
31. }
33. function show_result(){
34.   if [ "$1" -eq 0 ]
35.     then
36.       echo -e "\e[32m$2 is Success .   [ OK ] \e[0m"
37.     else
38.       echo -e "\e[31m$2 is Fail .   [ FAIL ] \e[0m"
39.   fi
40. }
42. function add_newconfig_tofile(){
43.   local SearchResult=`grep "$1" "$2"`
44.   if [ -z "${SearchResult}" ]
45.     then
46.     echo "$1" >> $2
47.   fi
48. }
50. function add_config_tofile(){
51.   local keywords=`echo $1| awk -F "[= ]+" '{print $1}'`
52.   local SearchResult=`grep "^${keywords}" "$2"`
53.   if [ -z "${SearchResult}" ] #空为真，非空为假
54.     then
55.     echo $1 >> $2
56.   else
57.     sed -i "s/^${keywords}.*/$1/" $2
58.   fi
59. }
61. function config_localtime(){
62.   local item="Config SH As Location"
63.   rm -f /etc/localtime
64.   ln -s  /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
65.   show_result $? "${item}"
66. }
68. function config_dns_addr(){
69.   local item="Config DNS Address"
70.   cp /etc/resolv.conf /etc/resolv.conf.${current_time} && \
71.   echo "nameserver ${dns_server}" > /etc/resolv.conf
72.   show_result $? "${item}"
73. }
75. function maximum_file_dspt(){
76.   local item="Maximum File Descriptor"
77.   cp /etc/security/limits.conf /etc/security/limits.conf.${current_time} && \
78.   echo "*           soft    nofile          100000
79. *           hard    nofile          100000
80. *           soft    nproc           65535
81. *           hard    nproc           65535
82. *           soft    core            unlimited
83. *           hard    core            unlimited" > /etc/security/limits.conf
84.   show_result $? "${item}"
85. }
88. function shutdown_nonuse_srv(){
89.   local item="Shutdown Unused Services"
90.   if [[ "${kernel_version}" == el6 ]]
91.       then
92.     for i in `chkconfig --list | awk '{print $1}'`
93.       do
94.       chkconfig --level 2345 $i off > /dev/null 2>&1
95.       done
96.     for ii in crond network rsyslog sshd sysstat haldaemon
97.       do
98.       chkconfig --level 2345 $ii on > /dev/null 2>&1
99.       done
100.     show_result $? "${item}"
101.   elif [[ "${kernel_version}" == el7 ]]
102.     then
103.     systemctl disable postfix > /dev/null 2>&1
104.     show_result $? "${item}"
105.   else
106.     echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m"
107.   fi
108. }
110. function optimize_kel_args(){
111.   local item="Optimize Kernel Arguments"
112.   cp /etc/sysctl.conf /etc/sysctl.conf.${current_time} > /dev/null 2>&1
113.   arch_ratio=$([[ ! -z $(uname -a | grep x86_64) ]] && expr 64 / 32 || expr 32 / 32)
114.   memory_size=$(free -b| awk 'NR==2{print $2}')
115.   nf_conntrack_size=$(expr ${memory_size} / 16384 / ${arch_ratio})
116.   #开启反向路径过滤
117.   add_config_tofile "net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.conf
118.   add_config_tofile "net.ipv4.conf.all.rp_filter = 1" /etc/sysctl.conf
119.   #处理无源路由包
120.   add_config_tofile "net.ipv4.conf.all.accept_source_route = 0" /etc/sysctl.conf
121.   add_config_tofile "net.ipv4.conf.default.accept_source_route = 0" /etc/sysctl.conf
122.   #core文件名中添加pid作为扩展名
123.   add_config_tofile "kernel.core_uses_pid = 1" /etc/sysctl.conf
124.   #开启syn洪水攻击保护
125.   add_config_tofile "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf
126.   #修改消息队列长度
127.   add_config_tofile "kernel.msgmnb = 65536" /etc/sysctl.conf
128.   add_config_tofile "kernel.msgmax = 65536" /etc/sysctl.conf
129.   #修改最大内存共享段大小bytes
130.   add_config_tofile "kernel.shmmax = 68719476736" /etc/sysctl.conf
131.   add_config_tofile "kernel.shmall = 4294967296" /etc/sysctl.conf
132.   #timewait数量默认18000
133.   add_config_tofile "net.ipv4.tcp_max_tw_buckets = 600" /etc/sysctl.conf
134.   add_config_tofile "net.ipv4.tcp_sack = 1" /etc/sysctl.conf
135.   add_config_tofile "net.ipv4.tcp_window_scaling = 1" /etc/sysctl.conf
136.   add_config_tofile "net.ipv4.tcp_rmem = 4096 87380 16777216" /etc/sysctl.conf
137.   add_config_tofile "net.ipv4.tcp_wmem = 4096 65536 16777216" /etc/sysctl.conf
138.   add_config_tofile "net.core.rmem_default = 8388608" /etc/sysctl.conf
139.   add_config_tofile "net.core.wmem_max = 16777216" /etc/sysctl.conf
140.   #未收到客户端确认信息连接请求的最大值
141.   add_config_tofile "net.ipv4.tcp_max_syn_backlog = 262144" /etc/sysctl.conf
142.   #放弃建立连接之前发送的synack包
143.   add_config_tofile "net.ipv4.tcp_syn_retries = 2" /etc/sysctl.conf
144.   #开启重用，允许time—wait socket 重新用语新的tcp连接
145.   add_config_tofile "net.ipv4.tcp_tw_reuse = 1" /etc/sysctl.conf
146.   add_config_tofile "net.ipv4.tcp_fin_timeout = 1" /etc/sysctl.conf
147.   #防止简单的ddos攻击
148.   add_config_tofile "net.ipv4.tcp_max_orphans = 3276800" /etc/sysctl.conf
149.   #启用timewait快速收回
150.   add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf
151.   #keeptime启用时tcp发送keepalive消息的频度，默认2h
152.   add_config_tofile "net.ipv4.tcp_keepalive_time = 600" /etc/sysctl.conf
153.   #允许系统打开的端口范围
154.   add_config_tofile "net.ipv4.ip_local_port_range = 1024 65535" /etc/sysctl.conf
155.     #资源回收
156.     add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf
157.     #路由转发
158.     add_config_tofile "net.ipv4.ip_forward = 1" /etc/sysctl.conf
159.   #修改防火墙连接跟踪表大小，默认65535
160.   add_config_tofile "net.netfilter.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf
161.   add_config_tofile "net.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf
162.   #解禁ping
163.   add_config_tofile "net.ipv4.icmp_echo_ignore_all = 0" /etc/sysctl.conf
164.       modprobe bridge
165.   sysctl -p > /dev/null 2>&1
166.   show_result $? "${item}"
167. }
169. function install_pkgs(){
170.   local item="Install Common Pkgs"
171.   yum -y groupinstall "Development libraries" > /dev/null 2>&1
172.   yum -y groupinstall "Development tools" > /dev/null 2>&1
173.   yum -y install sysstat  tree  lrzsz  telnet wget net-tools tcpdump lsof vim ntp > /dev/null 2>&1
174.   show_result $? "${item}"
175. }
177. function shutdown_selinux(){
178.   local item="Shutdown Selinux "
179.   setenforce 0 > /dev/null 2>&1
180.   cp /etc/selinux/config /etc/selinux/config.${current_time} && \
181.   sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config
182.   show_result $? "${item}"
183. }
185. function main(){
186.   echo -e '\033[34;1m开始初始化操作系统中......\033[0m'
187.   add_yum_repo
188.   install_pkgs
189.   config_localtime
190.   config_dns_addr
191.   maximum_file_dspt
192.   shutdown_nonuse_srv
193.   shutdown_selinux
194.   optimize_kel_args
195.   echo -e '\033[34;1m服务器系统初始化已完成！\033[0m'
196. }
198. main

复制代码

 

来源:https://www.cnblogs.com/edisonfish/p/17175575.html
免责声明：由于采集信息均来自互联网，如果侵犯了您的权益，请联系我们【E-Mail:cb@itdo.tech】 我们会及时删除侵权内容，谢谢合作！