咸鱼今天给大家分享一个无论是学习还是工作中都很实用的 Linux 系统初始化脚本,其实就是各种命令的集合
完整代码在文章最后哦
定义相关变量
配置 yum 镜像源
获取阿里云 yum 镜像源
判断函数是否执行成功
写入一行配置
修改配置
配置系统时区
配置 dns 服务器
修改最大文件描述符限制
关闭系统不需要的服务
内核参数优化相关
安装常用工具
关闭 SELinux
主函数
完整脚本
#环境变量 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin export PATH #当前时间 current_time=$(date +%Y%m%d) #阿里的DNS dns_server=223.5.5.5 if [[ ! -z `uname -r|grep 'el6'` ]] then kernel_version=el6 yum_repo=http://mirrors.aliyun.com/repo/Centos-6.repo elif [[ ! -z `uname -r|grep 'el7'` ]] then kernel_version=el7 yum_repo=http://mirrors.aliyun.com/repo/Centos-7.repo else echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m" exit fi function add_yum_repo(){ local item="Add Aliyun Yum Mirrors" yum clean all cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.${current_time} && \ curl -o /etc/yum.repos.d/CentOS-Base.repo ${yum_repo} > /dev/null 2>&1 show_result $? "${item}" yum makecache } function show_result(){ if [ "$1" -eq 0 ] then echo -e "\e[32m$2 is Success . [ OK ] \e[0m" else echo -e "\e[31m$2 is Fail . [ FAIL ] \e[0m" fi } function add_newconfig_tofile(){ local SearchResult=`grep "$1" "$2"` if [ -z "${SearchResult}" ] then echo "$1" >> $2 fi } function add_config_tofile(){ local keywords=`echo $1| awk -F "[= ]+" '{print $1}'` local SearchResult=`grep "^${keywords}" "$2"` if [ -z "${SearchResult}" ] #空为真,非空为假 then echo $1 >> $2 else sed -i "s/^${keywords}.*/$1/" $2 fi } function config_localtime(){ local item="Config SH As Location" rm -f /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime show_result $? "${item}" } function config_dns_addr(){ local item="Config DNS Address" cp /etc/resolv.conf /etc/resolv.conf.${current_time} && \ echo "nameserver ${dns_server}" > /etc/resolv.conf show_result $? "${item}" } function maximum_file_dspt(){ local item="Maximum File Descriptor" cp /etc/security/limits.conf /etc/security/limits.conf.${current_time} && \ echo "* soft nofile 100000 * hard nofile 100000 * soft nproc 65535 * hard nproc 65535 * soft core unlimited * hard core unlimited" > /etc/security/limits.conf show_result $? "${item}" } function shutdown_nonuse_srv(){ local item="Shutdown Unused Services" if [[ "${kernel_version}" == el6 ]] then for i in `chkconfig --list | awk '{print $1}'` do chkconfig --level 2345 $i off > /dev/null 2>&1 done for ii in crond network rsyslog sshd sysstat haldaemon do chkconfig --level 2345 $ii on > /dev/null 2>&1 done show_result $? "${item}" elif [[ "${kernel_version}" == el7 ]] then systemctl disable postfix > /dev/null 2>&1 show_result $? "${item}" else echo -e "\e[31mUnidentified Kernel version: $(uname -r). Only support for kernel el6/el7\e[0m" fi } function optimize_kel_args(){ local item="Optimize Kernel Arguments" cp /etc/sysctl.conf /etc/sysctl.conf.${current_time} > /dev/null 2>&1 arch_ratio=$([[ ! -z $(uname -a | grep x86_64) ]] && expr 64 / 32 || expr 32 / 32) memory_size=$(free -b| awk 'NR==2{print $2}') nf_conntrack_size=$(expr ${memory_size} / 16384 / ${arch_ratio}) #开启反向路径过滤 add_config_tofile "net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.conf.all.rp_filter = 1" /etc/sysctl.conf #处理无源路由包 add_config_tofile "net.ipv4.conf.all.accept_source_route = 0" /etc/sysctl.conf add_config_tofile "net.ipv4.conf.default.accept_source_route = 0" /etc/sysctl.conf #core文件名中添加pid作为扩展名 add_config_tofile "kernel.core_uses_pid = 1" /etc/sysctl.conf #开启syn洪水攻击保护 add_config_tofile "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf #修改消息队列长度 add_config_tofile "kernel.msgmnb = 65536" /etc/sysctl.conf add_config_tofile "kernel.msgmax = 65536" /etc/sysctl.conf #修改最大内存共享段大小bytes add_config_tofile "kernel.shmmax = 68719476736" /etc/sysctl.conf add_config_tofile "kernel.shmall = 4294967296" /etc/sysctl.conf #timewait数量默认18000 add_config_tofile "net.ipv4.tcp_max_tw_buckets = 600" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_sack = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_window_scaling = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_rmem = 4096 87380 16777216" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_wmem = 4096 65536 16777216" /etc/sysctl.conf add_config_tofile "net.core.rmem_default = 8388608" /etc/sysctl.conf add_config_tofile "net.core.wmem_max = 16777216" /etc/sysctl.conf #未收到客户端确认信息连接请求的最大值 add_config_tofile "net.ipv4.tcp_max_syn_backlog = 262144" /etc/sysctl.conf #放弃建立连接之前发送的synack包 add_config_tofile "net.ipv4.tcp_syn_retries = 2" /etc/sysctl.conf #开启重用,允许time—wait socket 重新用语新的tcp连接 add_config_tofile "net.ipv4.tcp_tw_reuse = 1" /etc/sysctl.conf add_config_tofile "net.ipv4.tcp_fin_timeout = 1" /etc/sysctl.conf #防止简单的ddos攻击 add_config_tofile "net.ipv4.tcp_max_orphans = 3276800" /etc/sysctl.conf #启用timewait快速收回 add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf #keeptime启用时tcp发送keepalive消息的频度,默认2h add_config_tofile "net.ipv4.tcp_keepalive_time = 600" /etc/sysctl.conf #允许系统打开的端口范围 add_config_tofile "net.ipv4.ip_local_port_range = 1024 65535" /etc/sysctl.conf #资源回收 add_config_tofile "net.ipv4.tcp_tw_recycle = 0" /etc/sysctl.conf #路由转发 add_config_tofile "net.ipv4.ip_forward = 1" /etc/sysctl.conf #修改防火墙连接跟踪表大小,默认65535 add_config_tofile "net.netfilter.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf add_config_tofile "net.nf_conntrack_max = ${nf_conntrack_size}" /etc/sysctl.conf #解禁ping add_config_tofile "net.ipv4.icmp_echo_ignore_all = 0" /etc/sysctl.conf modprobe bridge sysctl -p > /dev/null 2>&1 show_result $? "${item}" } function install_pkgs(){ local item="Install Common Pkgs" yum -y groupinstall "Development libraries" > /dev/null 2>&1 yum -y groupinstall "Development tools" > /dev/null 2>&1 yum -y install sysstat tree lrzsz telnet wget net-tools tcpdump lsof vim ntp > /dev/null 2>&1 show_result $? "${item}" } function shutdown_selinux(){ local item="Shutdown Selinux " setenforce 0 > /dev/null 2>&1 cp /etc/selinux/config /etc/selinux/config.${current_time} && \ sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config show_result $? "${item}" } function main(){ echo -e '\033[34;1m开始初始化操作系统中......\033[0m' add_yum_repo install_pkgs config_localtime config_dns_addr maximum_file_dspt shutdown_nonuse_srv shutdown_selinux optimize_kel_args echo -e '\033[34;1m服务器系统初始化已完成!\033[0m' } main
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:干货!超实用的 Linux 初始化脚本 - Python技术站