centos6.x 初始化脚本

kuyjhtgrf

#!/bin/bash   #:***********************************************   #:Program:centos6_init_shell   #:   #:Author:yanconggod   #:   #:History:2017-01-10   #:   #:Version:1.0   #:***********************************************   cat <<EOF   +--------------------------------------------------------------+   |          === Welcome to  System init ===                     |   +--------------------------------------------------------------+   EOF     DATE=`date +%Y_%m_%d:%H_%M_%S`   INIT_LOG=system_init_$DATE.log     #0.yum resource config   #mv /etc/yum.repos.d/* /tmp/   #wget -P /etc/yum.repos.d/ http://yum.xxx.xxx/{CentOS-Base.repo,epel.repo}   yum clean all   yum install vim gcc gcc-c++ openssl-devel python-devel lrzsz tree ftp telnet -y       #1.del_user_group_config   USER=(adm lp shutdown halt uucp operator games gopher)   for i in `echo ${USER }`   do       if grep -qs "$i" /etc/passwd;then           /usr/sbin/userdel $i       else           echo "$i is no exist"       fi   done   GROUP=(adm lp dip)   for ii in `echo ${GROUP }`   do       if grep -qs "$ii" /etc/group;then           /usr/sbin/groupdel $ii       else           echo "$ii is no exist"       fi   done   if [ "$?" == "0" ];then       echo "$DATE [del_user_group_config] is [success]"  >> /root/${INIT_LOG}   fi   #2.add_users_config   #指定UID，密码不能明文显示   /usr/sbin/useradd -u 1001 -m -G 10 yanconggod   sed -i '/yanconggod/s#\!\!#\$6\$nRS2zBCw\$9AuQZSdYJezLTyzinOQzfcp1je2EGAD5oL7d3JeAeSXKoVGd920\.vX\/dPFuyP\/C2VexJQa5PpPD\/wRfE0m\.9A\/#g' /etc/shadow       USER1=(yanconggod)   for yl in `echo ${USER1 }`   do       if grep -qs "$yl" /etc/passwd;then           echo "$DATE $yl is added success" >>/root/${INIT_LOG}       fi   done   #3.sudoer_config   sed -i 's/Defaults    requiretty/#Defaults    requiretty/g' /etc/sudoers   echo -e "User_Alias SYSADMINS = yanconggod" >> /etc/sudoers   echo -e "SYSADMINS       ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers   echo "$DATE [sudoer_config] is [success]" >>/root/${INIT_LOG}   #4.limits_config   echo "*                soft   nofile          65535" >>/etc/security/limits.conf   echo "*                hard   nofile          65535" >>/etc/security/limits.conf   echo "*                soft   noproc          65535" >>/etc/security/limits.conf   echo "*                hard   noproc          65535" >>/etc/security/limits.conf   sed -i '/1024/s/1024/65535/g' /etc/security/limits.d/90-nproc.conf   echo "$DATE [limits_config] is [success]" >>/root/${INIT_LOG}   #5.sysctl_config   echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf   echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf   echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf   echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf   echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf   echo "net.core.netdev_max_backlog = 10240" >> /etc/sysctl.conf   echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf   echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf   echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf   echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf   echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf   echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf   echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf   echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf   echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf   echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf   echo "net.ipv4.ip_local_port_range = 5000    65000 " >> /etc/sysctl.conf   sysctl -p   echo "$DATE [sysctl_config] is [success]" >>/root/${INIT_LOG}   #6.history_config   echo "export HISTSIZE=2000" >> /etc/profile   source /etc/profile   echo "$DATE [history_config] is [success]" >>/root/${INIT_LOG}   #7.pass_length and login count limit   #sed -i '25s/99999/90/g' /etc/login.defs   #sed -i '27s/5/8/g' /etc/login.defs   sed -i '5i auth        required      /lib64/security/pam_tally2.so deny=5 unlock_time=300' /etc/pam.d/system-auth   #8.disable_selinux_config   sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config   setenforce 0   echo "$DATE [disable_selinux_config] is [success]" >>/root/${INIT_LOG}   #9.ntp_config   ntp_config_count=`crontab -l | grep ntpdate|wc -l`   if [ ${ntp_config_count} -eq 0 ];then   cat  <<EOF   >> /var/spool/cron/root    */5 * * * * /usr/sbin/ntpdate -s ntp1.aliyun.com >/dev/null 2>&1 EOF fi     if [ $? = 0 ];then       echo "$DATE [ntp_config] is [success]" >>/root/${INIT_LOG}   fi   #10.maxlogins_config   echo "yanconggod          -       maxlogins       10" >> /etc/security/limits.conf   echo "$DATE [maxlogins_config] is [success]" >>/root/${INIT_LOG}   #11.disbled_ipv6_config   cat >>/etc/modprobe.d/disableipv6.conf << EOF alias net-pf-10 off   options ipv6 disable=1   EOF echo "$DATE [disble_ipv6_config] is [success]" >>/root/${INIT_LOG} #12.character_config   cat >> /etc/sysconfig/i18n << EOF LANG="en_US.UTF-8"   SYSFONT="latarcyrheb-sun16"   EOF #13.disable_service_config   for i in auditd blk-availability ip6tables iptables lvm2-monitor netfs udev-post   do   chkconfig $i off   #iptables -F   #iptables -X   done   echo "$DATE [disable_service_config] is [success]" >>/root/${INIT_LOG}   #15.DNS config   MASK=`ifconfig | grep -w "inet" | grep -v 127.0.0.1|awk -F':' '{print $2}'|sed 's/ Bcast$//g'| awk -F'.' '{print $1"."$2}'`       echo $MASK   if [ $MASK = "10.0" -o $MASK = "10.1" ]   then   cat > /etc/resolv.conf << EOF   nameserver 10.0.0.1 #nameserver 1.1.1.2   #nameserver 1.1.1.3   EOF else       :   fi   #16.sshd_config   sed "s/#Port 22/Port 22/g" /etc/ssh/sshd_config -i   sed "s/^#Protocol 2/Protocol 2/g" /etc/ssh/sshd_config -i   sed "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config -i   #sed 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config -i   #sed 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config -i   #sed 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/ssh_config -i   /etc/init.d/sshd restart   echo "$DATE [sshd_config] is [success]" >>/root/${INIT_LOG}   #17. reboot_system read -p "Do you want to reboot the system?" want                       case $want in                                        yes)                                    echo "reboot now!"                                    reboot                                    ;;                                        no)                                    echo "init over!"                                    ;;                                        *)                                    echo "please useage yes or no! thanks"                                    ;;                           esac