CentOS7系统初始化脚本2

作者: jeffrey_hjf | 来源:发表于2020-11-17 13:23 被阅读0次

[root@linux-node1 ~]# cat optimize.sh

!/bin/bash

Optimize the system after installation

PASSWD=reid
NETIP=192.168.56.11
PROTOBOOT=static
HOSTNAME=linux-node1.example.com
DNS1=192.168.56.2
NTPSERVER=ntp1.aliyun.com
YUMREPO=http://mirrors.aliyun.com/repo/Centos-7.repo
EPELREPO=http://mirrors.aliyun.com/repo/epel-7.repo
SSH_PORT=22122

in case of some bad behaviours

CHATTR=chenhao

Open the port for iptabeles input or maybe stop iptables

PORTS=80,22,21,8088

record the system user,ip addresse,shell command and detail

HISTDIR=/usr/etc/.history

the welcome info

cat << EOF
+------------------------------------------------------------------+
| ********** Welcome to CentOS 7.x System init ********** |
+------------------------------------------------------------------+
EOF
[ whoami != "root" ] && echo "please use root" && exit 1
function format() {
echo -e "\033[32m Success!!!\033[0m\n"
echo "#########################################################"
}

change the root passwd

echo "set root passwd"
echo $PASSWD | passwd root --stdin &> /dev/null
format

change network setting

echo ""> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "TYPE=Ethernet" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "NAME=eth0" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "DEVICE=eth0" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "ONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "BOOTPROTO= $PROTOBOOT" >> /etc/sysconfig/network-scripts/ifcfg-eth0 echo "IPADDR=$ NETIP" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "NETMASK=255.255.255.0" >> /etc/sysconfig/network-scripts/ifcfg-eth0

systemctl restart network

format

stop NetworkManager

systemctl stop NetworkManager
systemctl diable NetworkManager
format

add route

route add default gateway $DNS1 echo "route add default gateway$ DNS1" >/etc/profile.d/add-route.sh
format

change the hostname

echo "set hostname"
hostname $HOSTNAME && echo "$ HOSTNAME" > /etc/hostname
format

change the dns

echo "set DNS"
echo "" > /etc/resolv.conf
echo "nameserver $DNS1" > /etc/resolv.conf

echo "nameserver $DNS2" >> /etc/resolv.conf

ping -c 3 www.baidu.com &> /dev/null || echo "Network is unreachable" || exit 3
format

diable selinux

echo "disable selinux"
[ getenforce != "Disabled" ] && setenforce 0 &> /dev/null && sed -i s/"^SELINUX=.*$"/"SELINUX=disabled"/g /etc/sysconfig/selinux
format

update yum repo

echo "set yum mirrors"
cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.bak
curl -o /etc/yum.repos.d/CentOS-Base.repo $YUMREPO &> /dev/null curl -o /etc/yum.repos.d/epel.repo$ EPELREPO &> /dev/null
mv /var/cache/yum /tmp
yum clean all &> /dev/null && yum makecache &> /dev/null
format

install the basic command

yum install vim wget openssl-devel ntpdate make gcc-c++ ncurses-devel net-snmp sysstat lrzsz zip unzip tree net-tools lftp -y

yum -y groupinstall "Development Tools" "Server Platform Development" &> /dev/null

format

change ssh port

echo "set sshd"

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

sed -i s/"^Port 22"/"Port $SSH_PORT"/g /etc/ssh/sshd_config

sed -i s/"^UseDNS yes"/"UseDNS no"/g /etc/ssh/sshd_config

service sshd restart &> /dev/null

lock the important file($CHATTR -i to disable)

echo "chattr files"

chattr +i /etc/passwd

chattr +i /etc/inittab

chattr +i /etc/group

chattr +i /etc/shadow

chattr +i /etc/gshadow

chattr +i /etc/resolv.conf

chattr +i /etc/hosts

chattr +i /etc/fstab

mv /usr/bin/chattr /usr/bin/$CHATTR

character set

echo "set LANG"

sed -i s/"^LANG=.*$"/"LANG=zh_CN.UTF-8"/ /etc/locale.conf

source /etc/locale.conf

update timezone

echo "set ntptime"
mv /etc/localtime /tmp
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate $NTPSERVER &> /dev/null echo "*/5 * * * * /usr/sbin/ntpdate$ NTPSERVER &>/dev/null" >> /etc/crontab
hwclock -w
format

set the system limit

echo "Set ulimit 65535"
cat << EOF > /etc/security/limits.conf

soft nofile 65535
hard nofile 65535
soft nproc 65535
hard nproc 65535
EOF
sed -i 's/65535/1024000/g' /etc/security/limits.d/90-nproc.conf
format

system audit and trouleshooting

echo "set history"
cat >> /etc/profile.d/system-audit.sh << EOF
USER_IP=who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'
if [ -z $USER_IP ] then USER_IP=`hostname` fi if [ ! -d$ HISTDIR ]
then
mkdir -p $HISTDIR chmod 777$ HISTDIR
fi
if [ ! -d $HISTDIR/$ {LOGNAME} ]
then
mkdir -p $HISTDIR/$ {LOGNAME}
chmod 300 $HISTDIR/$ {LOGNAME}
fi
export HISTSIZE=2000
DT=date +%Y%m%d_%H%M%S
export HISTFILE=" $HISTDIR/$ {LOGNAME}/ ${USER_IP}.history.$ DT"
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] "
chmod 600 $HISTDIR/$ {LOGNAME}/.history 2>/dev/null

ulimit -SHn 65535
ulimit -SHu unlimited
ulimit -SHd unlimited
ulimit -SHm unlimited
ulimit -SHs unlimited
ulimit -SHt unlimited
ulimit -SHv unlimited
EOF
source /etc/profile.d/system-audit.sh
format

show the system info

echo "Set login message."
echo "This is Product Server" > /etc/issue
format

iptables setting

echo "set iptables"
systemctl stop firewalld
systemctl disable firewalld
format

iptables -F

iptables -A INPUT -p tcp -m multiport --dports $SSH_PORT,$ PORTS -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

service iptables save &> /dev/null

reboot the system after setting

reboot

网友评论

本文标题：CentOS7系统初始化脚本2

本文链接：https://www.haomeiwen.com/subject/vjyxiktx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！