咸鱼今天给大家分享一个无论是学习还是工作中都很实用的 Linux 系统初始化脚本,其实就是各种命令的集合

 

完整代码在文章最后哦

 

定义相关变量

 干货!超实用的 Linux 初始化脚本

 

 

配置 yum 镜像源

干货!超实用的 Linux 初始化脚本

 

 

获取阿里云 yum 镜像源

干货!超实用的 Linux 初始化脚本

 

 

判断函数是否执行成功

干货!超实用的 Linux 初始化脚本

 

 

写入一行配置

干货!超实用的 Linux 初始化脚本

 

 

修改配置

干货!超实用的 Linux 初始化脚本

 

 

配置系统时区

干货!超实用的 Linux 初始化脚本

 

 

配置 dns 服务器

干货!超实用的 Linux 初始化脚本

 

 

修改最大文件描述符限制

干货!超实用的 Linux 初始化脚本

 

 

关闭系统不需要的服务

干货!超实用的 Linux 初始化脚本

 

 

内核参数优化相关

干货!超实用的 Linux 初始化脚本

 

 

安装常用工具

干货!超实用的 Linux 初始化脚本

 

 

关闭 SELinux

干货!超实用的 Linux 初始化脚本

 

 

主函数

干货!超实用的 Linux 初始化脚本

 

 

完整脚本

#环境变量
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export PATH

#当前时间
current_time=$(date +%Y%m%d)

#阿里的DNS
dns_server=223.5.5.5 

if [[ ! -z `uname -r|grep 'el6'` ]]
  then
  kernel_version=el6
  yum_repo=http://mirrors.aliyun.com/repo/Centos-6.repo
elif [[ ! -z `uname -r|grep 'el7'` ]]
  then
  kernel_version=el7
  yum_repo=http://mirrors.aliyun.com/repo/Centos-7.repo
else
  echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m"
  exit
fi

function add_yum_repo(){
  local item="Add Aliyun Yum Mirrors"
  yum clean all
  cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.${current_time} && \
  curl -o /etc/yum.repos.d/CentOS-Base.repo ${yum_repo} > /dev/null 2>&1
  show_result $? "${item}"
  yum makecache
}

function show_result(){
  if [ "$1" -eq 0 ]
    then
      echo -e "\e[32m$2 is Success .   [ OK ] \e[0m"
    else
      echo -e "\e[31m$2 is Fail .   [ FAIL ] \e[0m"
  fi
}

function add_newconfig_tofile(){
  local SearchResult=`grep "$1" "$2"`
  if [ -z "${SearchResult}" ]
    then
    echo "$1" >> $2
  fi
}

function add_config_tofile(){
  local keywords=`echo $1| awk -F "[= ]+" '{print $1}'`
  local SearchResult=`grep "^${keywords}" "$2"`
  if [ -z "${SearchResult}" ] #空为真,非空为假
    then
    echo $1 >> $2
  else
    sed -i "s/^${keywords}.*/$1/" $2
  fi
}

function config_localtime(){
  local item="Config SH As Location"
  rm -f /etc/localtime
  ln -s  /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
  show_result $? "${item}"
}

function config_dns_addr(){
  local item="Config DNS Address"
  cp /etc/resolv.conf /etc/resolv.conf.${current_time} && \
  echo "nameserver ${dns_server}" > /etc/resolv.conf
  show_result $? "${item}"
}

function maximum_file_dspt(){
  local item="Maximum File Descriptor"
  cp /etc/security/limits.conf /etc/security/limits.conf.${current_time} && \
  echo "*           soft    nofile          100000
*           hard    nofile          100000
*           soft    nproc           65535
*           hard    nproc           65535
*           soft    core            unlimited
*           hard    core            unlimited" > /etc/security/limits.conf
  show_result $? "${item}"
}


function shutdown_nonuse_srv(){
  local item="Shutdown Unused Services"
  if [[ "${kernel_version}" == el6 ]]
      then
    for i in `chkconfig --list | awk '{print $1}'`
      do
      chkconfig --level 2345 $i off > /dev/null 2>&1
      done
    for ii in crond network rsyslog sshd sysstat haldaemon
      do
      chkconfig --level 2345 $ii on > /dev/null 2>&1
      done
    show_result $? "${item}"
  elif [[ "${kernel_version}" == el7 ]]
    then
    systemctl disable postfix > /dev/null 2>&1
    show_result $? "${item}"
  else
    echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m"
  fi
}

function optimize_kel_args(){
  local item="Optimize Kernel Arguments"
  cp /etc/sysctl.conf /etc/sysctl.conf.${current_time} > /dev/null 2>&1
  arch_ratio=$([[ ! -z $(uname -a | grep x86_64) ]] && expr 64 / 32 || expr 32 / 32)
  memory_size=$(free -b| awk 'NR==2{print $2}')
  nf_conntrack_size=$(expr ${memory_size} / 16384 / ${arch_ratio})
  #开启反向路径过滤
  add_config_tofile "net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.conf
  add_config_tofile "net.ipv4.conf.all.rp_filter = 1" /etc/sysctl.conf
  #处理无源路由包
  add_config_tofile "net.ipv4.conf.all.accept_source_route = 0" /etc/sysctl.conf
  add_config_tofile "net.ipv4.conf.default.accept_source_route = 0" /etc/sysctl.conf
  #core文件名中添加pid作为扩展名
  add_config_tofile "kernel.core_uses_pid = 1" /etc/sysctl.conf
  #开启syn洪水攻击保护
  add_config_tofile "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf
  #修改消息队列长度
  add_config_tofile "kernel.msgmnb = 65536" /etc/sysctl.conf
  add_config_tofile "kernel.msgmax = 65536" /etc/sysctl.conf
  #修改最大内存共享段大小bytes
  add_config_tofile "kernel.shmmax = 68719476736" /etc/sysctl.conf
  add_config_tofile "kernel.shmall = 4294967296" /etc/sysctl.conf
  #timewait数量默认18000
  add_config_tofile "net.ipv4.tcp_max_tw_buckets = 600" /etc/sysctl.conf
  add_config_tofile "net.ipv4.tcp_sack = 1" /etc/sysctl.conf
  add_config_tofile "net.ipv4.tcp_window_scaling = 1" /etc/sysctl.conf
  add_config_tofile "net.ipv4.tcp_rmem = 4096 87380 16777216" /etc/sysctl.conf
  add_config_tofile "net.ipv4.tcp_wmem = 4096 65536 16777216" /etc/sysctl.conf
  add_config_tofile "net.core.rmem_default = 8388608" /etc/sysctl.conf
  add_config_tofile "net.core.wmem_max = 16777216" /etc/sysctl.conf
  #未收到客户端确认信息连接请求的最大值
  add_config_tofile "net.ipv4.tcp_max_syn_backlog = 262144" /etc/sysctl.conf
  #放弃建立连接之前发送的synack包
  add_config_tofile "net.ipv4.tcp_syn_retries = 2" /etc/sysctl.conf
  #开启重用,允许time—wait socket 重新用语新的tcp连接
  add_config_tofile "net.ipv4.tcp_tw_reuse = 1" /etc/sysctl.conf
  add_config_tofile "net.ipv4.tcp_fin_timeout = 1" /etc/sysctl.conf
  #防止简单的ddos攻击
  add_config_tofile "net.ipv4.tcp_max_orphans = 3276800" /etc/sysctl.conf
  #启用timewait快速收回
  add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf
  #keeptime启用时tcp发送keepalive消息的频度,默认2h
  add_config_tofile "net.ipv4.tcp_keepalive_time = 600" /etc/sysctl.conf
  #允许系统打开的端口范围
  add_config_tofile "net.ipv4.ip_local_port_range = 1024 65535" /etc/sysctl.conf
    #资源回收
    add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf
    #路由转发
    add_config_tofile "net.ipv4.ip_forward = 1" /etc/sysctl.conf 
  #修改防火墙连接跟踪表大小,默认65535
  add_config_tofile "net.netfilter.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf
  add_config_tofile "net.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf
  #解禁ping
  add_config_tofile "net.ipv4.icmp_echo_ignore_all = 0" /etc/sysctl.conf
      modprobe bridge
  sysctl -p > /dev/null 2>&1
  show_result $? "${item}"
}

function install_pkgs(){
  local item="Install Common Pkgs"
  yum -y groupinstall "Development libraries" > /dev/null 2>&1
  yum -y groupinstall "Development tools" > /dev/null 2>&1
  yum -y install sysstat  tree  lrzsz  telnet wget net-tools tcpdump lsof vim ntp > /dev/null 2>&1
  show_result $? "${item}"
}

function shutdown_selinux(){
  local item="Shutdown Selinux "
  setenforce 0 > /dev/null 2>&1
  cp /etc/selinux/config /etc/selinux/config.${current_time} && \
  sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config
  show_result $? "${item}"
}

function main(){
  echo -e '\033[34;1m开始初始化操作系统中......\033[0m'
  add_yum_repo
  install_pkgs
  config_localtime
  config_dns_addr
  maximum_file_dspt
  shutdown_nonuse_srv
  shutdown_selinux
  optimize_kel_args
  echo -e '\033[34;1m服务器系统初始化已完成!\033[0m'
}

main