美文网首页
Linux Centos 7 简单初始化脚本

Linux Centos 7 简单初始化脚本

作者: 豆芽_yw | 来源:发表于2019-05-11 13:45 被阅读0次
    #!/bin/bash
    #初始化 yum
    #sed -i 's/mirrorlist/#mirrorlist/g ; s/#baseurl/baseurl/g' /etc/yum.repos.d/CentOS-Base.repo
    #阿里源
    curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
    curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    yum makecache
    yum -y install bash-completion
    yum -y install /sbin/ifconfig
    yum -y install /usr/bin/vim
    yum -y install lsof
     yum -y install epel-release
    #获取网卡
    ifcfg=`ifconfig |awk -F: 'NR==1 {print $1}'`
    
    #输出IP信息
    IP=`ifconfig | egrep -o "(\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>\.){3}\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>"`
    sed -i 's/dhcp/none/g' /etc/sysconfig/network-scripts/ifcfg-$ifcfg
    
    for i in $IP
    do
       HEAD=` echo $i  | awk -F. '{ print $1 }'`
       H2=` echo $i  | awk -F. '{ print $2 }'`
       H3=` echo $i  | awk -F. '{ print $3 }'`
       END=` echo $i | awk -F. '{print $4}'`
    #判断ip 网关 子网掩码
        if (( $HEAD != 255 )) && (( $END != 255 )) && (( $HEAD !=127 )) ;then
            echo IPADDR=\"$i\" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
        fi
    
    #第二个if是避免出现255.0.0.0
        if [ $HEAD -eq 255 ] ;then
            if [ $H2 -eq 255 ] ;then
                 echo NETMASK=\"$i\" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
            fi
        fi
    done
    
    echo GATEWAY="192.168.25.2" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
    echo DNS1="114.114.114.114" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
    echo DNS2="8.8.8.8"  >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
    
    
    
    #关闭防火墙/SELINUX
    systemctl stop firewalld.service
    systemctl disable firewalld.service
    setenforce 0
    sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
    
    #修改特殊命令权限
    chmod 700 /usr/bin/ping
    chmod 700 /usr/bin/who
    chmod 700 /usr/bin/w
    #优化sshd配置
    #密码只允许错误3次
    #认证时间不能超过20秒
    sed -i "s/#MaxAuthTries 6/MaxAuthTries 3/" /etc/ssh/sshd_config
    sed -i "/LoginGraceTime/cLoginGraceTime 20" /etc/ssh/sshd_config
    
    #关闭UseDNS
    sed -i "/UseDNS/cUseDNS no" /etc/ssh/sshd_config
    
    #300秒后关闭无动作用户 (exit) [user]
    echo "TMOUT=300" >> /etc/profile
    
    #使 /etc/profile 配置生效
    source /etc/profile
    
    #在 /etc/sysctl.conf 中配置开启 syncookie
    echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf
    
    #保护历史安全
    chattr +a /root/.bash_history
    chattr +i /root/.bash_history
    
    #重启网卡
    service network restart
    
    #重启sshd
    systemctl restart sshd
    
    

    相关文章

      网友评论

          本文标题:Linux Centos 7 简单初始化脚本

          本文链接:https://www.haomeiwen.com/subject/fxbzoqtx.html