Chinaunix首页 | 论坛 | 博客

随风飘云wkgbc.blog.chinaunix.net

首页 |  博文目录 |  关于我

随风飘云

  • 博客访问: 1155838
  • 博文数量: 150
  • 博客积分: 2739
  • 博客等级: 少校
  • 技术积分: 2392
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-07 12:28
文章分类

全部博文(150)

文章存档

2015年(2)

2014年(16)

2013年(10)

2012年(58)

2011年(64)

我的朋友
最近访客
推荐博文
相关博文
linux系统安装后需要做的事情

分类: LINUX

2012-02-12 18:16:34

    linux系统安装后初始化:
   来源:http://linuxeye.blog.51cto.com/4371937/772738
   来源:  http://kerry.blog.51cto.com/172631/555535
   
  1. #!/bin/bash 
  2. #by gg
  3. #BLOG: http:// wkgbc.blog.chinaunix.net
  4. #系统瘦身 
  5. yum -y groupremove "FTP Server" "Text-based Internet" "Windows File Server" "PostgreSQL Database" "News Server" "DNS Name Server" "Web Server" "Dialup Networking Support" "Mail Server" "Office/Productivity" "Ruby" "Office/Productivity" "Sound and Video" "X Window System" "X Software Development" "Printing Support" "OpenFabrics Enterprise Distribution"
  6. #安装依赖包 
  7. yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel nss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced
  8. #关闭不必要的服务 
  9. chkconfig --list | awk '{print "chkconfig " $1 " off"}' > /tmp/chkconfiglist.sh;/bin/sh /tmp/chkconfiglist.sh;rm -rf /tmp/chkconfiglist.sh
  10. chkconfig crond on
  11. chkconfig irqbalance on
  12. chkconfig network on
  13. chkconfig sshd on
  14. chkconfig syslog on
  15. chkconfig iptables on
  16. setenforce 0
  17. sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/sysconfig/selinux
  18. #i18n
  19. sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
  20. #修改启动模式 
  21. sed -i 's/id:.*$/id:3:initdefault:/g' /etc/inittab
  22. #关闭不需要的tty 
  23. sed -i 's/3:2345:respawn/#3:2345:respawn/g' /etc/inittab
  24. sed -i 's/4:2345:respawn/#4:2345:respawn/g' /etc/inittab
  25. sed -i 's/5:2345:respawn/#5:2345:respawn/g' /etc/inittab
  26. sed -i 's/6:2345:respawn/#6:2345:respawn/g' /etc/inittab
  27. sed -i 's/ca::ctrlaltdel/#ca::ctrlaltdel/g' /etc/inittab
  28. /sbin/init q
  29. #修改PS1 
  30. echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile
  31. #修改shell命令的history记录个数 
  32. sed -i 's/HISTSIZE=.*$/HISTSIZE=100/g' /etc/profile
  33. source /etc/profile
  34. #记录每个命令 
  35. mkdir /root/logs
  36. echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> \$HOME/logs/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile
  37. #密码输错5次锁定180s 
  38. sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
  39. #alias设置 
  40. sed -i '7a alias vi=vim' /root/.bashrc
  41. #调整Linux的最大文件打开数 
  42. echo "* soft nofile 60000" >> /etc/security/limits.conf
  43. echo "* hard nofile 65535" >> /etc/security/limits.conf
  44. echo "ulimit -SH 65535" >> /etc/rc.local
  45. #关闭ipv6 
  46. sed -i 's/NETWORKING_IPV6=.*$/NETWORKING_IPV6=no/g' /etc/sysconfig/network
  47. #网络参数进行调整 
  48. sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
  49. echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
  50. echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
  51. echo 'net.ipv4.ip_local_port_range = 1024 65000' >> /etc/sysctl.conf
  52. sysctl -p
  53. #校正时间 
  54. /usr/sbin/ntpdate ntp.api.bz
  55. echo '*/5 * * * * /usr/sbin/ntpdate ntp.api.bz' > /var/spool/cron/root;chmod 600 /var/spool/cron/root
  56. /sbin/service crond restart
  57. #iptables配置 
  58. sed -i 's/IPTABLES_MODULES="ip_conntrack_netbios_ns"/#IPTABLES_MODULES="ip_conntrack_netbios_ns"/g' /etc/sysconfig/iptables-config
  59. cat > /etc/sysconfig/iptables << EOF 
  60. # Firewall configuration written by system-config-securitylevel 
  61. # Manual customization of this file is not recommended. 
  62. *filter 
  63. :INPUT DROP [0:0] 
  64. :FORWARD ACCEPT [0:0] 
  65. :OUTPUT ACCEPT [0:0] 
  66. -A INPUT -i lo -ACCEPT 
  67. -A INPUT -m state --state RELATED,ESTABLISHED -ACCEPT 
  68. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -ACCEPT 
  69. -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -ACCEPT 
  70. -A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -ACCEPT 
  71. -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -ACCEPT 
  72. -A INPUT -p udp -m udp --dport 20 -ACCEPT 
  73. COMMIT 
  74. EOF 
  75. /sbin/service atd start
  76. echo "/sbin/service iptables stop" | at now+3minutes
  77. /sbin/service iptables restart
  1. 此脚本用于新装Linux的相关配置工作,比如禁掉iptable和SElinux及ipv6,优化系统内核,停掉一些没必要启动的系统服务等。此脚本尤其适全大批新安装的Centsos系列的服务器,脚本代码如下所示(此脚本在Centos5.5_x64下已通过):

  3. #!/bin/bash
  4. # by gg
  5. # MAIL:wkgbc123@163.com
  6. # BLOG:
  7. cat << EOF
  8. +--------------------------------------------------------------+
  9. | === Welcome to Centos System init === |
  10. +--------------------------------------------------------------+
  11. +--------------------------by kerry----------------------------+
  12. EOF

  14. #set ntp
  15. yum -y install ntp
  16. echo "* 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /etc/crontab
  17. service crond restart
  18. #set ulimit
  19. echo "ulimit -SHn 102400" >> /etc/rc.local
  20. #set locale
  21. #true > /etc/sysconfig/i18n
  22. #cat >>/etc/sysconfig/i18n<<EOF
  23. #LANG="zh_CN.GB18030"
  24. #SUPPORTED="zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en"
  25. #SYSFONT="latarcyrheb-sun16"
  26. #EOF
  27. #set sysctl
  28. true > /etc/sysctl.conf
  29. cat >> /etc/sysctl.conf << EOF
  30. net.ipv4.ip_forward = 0
  31. net.ipv4.conf.default.rp_filter = 1
  32. net.ipv4.conf.default.accept_source_route = 0
  33. kernel.sysrq = 0
  34. kernel.core_uses_pid = 1
  35. net.ipv4.tcp_syncookies = 1
  36. kernel.msgmnb = 65536
  37. kernel.msgmax = 65536
  38. kernel.shmmax = 68719476736
  39. kernel.shmall = 4294967296
  40. net.ipv4.tcp_max_tw_buckets = 6000
  41. net.ipv4.tcp_sack = 1
  42. net.ipv4.tcp_window_scaling = 1
  43. net.ipv4.tcp_rmem = 4096 87380 4194304
  44. net.ipv4.tcp_wmem = 4096 16384 4194304
  45. net.core.wmem_default = 8388608
  46. net.core.rmem_default = 8388608
  47. net.core.rmem_max = 16777216
  48. net.core.wmem_max = 16777216
  49. net.core.netdev_max_backlog = 262144
  50. net.core.somaxconn = 262144
  51. net.ipv4.tcp_max_orphans = 3276800
  52. net.ipv4.tcp_max_syn_backlog = 262144
  53. net.ipv4.tcp_timestamps = 0
  54. net.ipv4.tcp_synack_retries = 1
  55. net.ipv4.tcp_syn_retries = 1
  56. net.ipv4.tcp_tw_recycle = 1
  57. net.ipv4.tcp_tw_reuse = 1
  58. net.ipv4.tcp_mem = 94500000 915000000 927000000
  59. net.ipv4.tcp_fin_timeout = 1
  60. net.ipv4.tcp_keepalive_time = 1200
  61. net.ipv4.ip_local_port_range = 1024 65535
  62. EOF
  63. /sbin/sysctl -p
  64. echo "sysctl set OK!!"
  65. #close ctrl+alt+del
  66. sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
  67. #set purview
  68. chmod 600 /etc/passwd
  69. chmod 600 /etc/shadow
  70. chmod 600 /etc/group
  71. chmod 600 /etc/gshadow
  72. #disable ipv6
  73. cat << EOF
  74. +--------------------------------------------------------------+
  75. | === Welcome to Disable IPV6 === |
  76. +--------------------------------------------------------------+
  77. EOF
  78. echo "alias net-pf-10 off" >> /etc/modprobe.conf
  79. echo "alias ipv6 off" >> /etc/modprobe.conf
  80. /sbin/chkconfig --level 35 ip6tables off
  81. echo "ipv6 is disabled!"
  82. #disable selinux
  83. sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
  84. echo "selinux is disabled,you must reboot!"
  85. #vim
  86. sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
  87. echo 'syntax on' > /root/.vimrc
  88. #zh_cn
  89. sed -i -e 's/^LANG=.*/LANG="en"/' /etc/sysconfig/i18n
  90. #init_ssh
  91. ssh_cf="/etc/ssh/sshd_config"
  92. sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
  93. #sed -i "s/#Port 22/Port 65535/" $ssh_cf
  94. sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
  95. #client
  96. sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf
  97. service sshd restart
  98. echo "ssh is init is ok.............."
  99. #chkser
  100. #tunoff services
  101. #--------------------------------------------------------------------------------
  102. cat << EOF
  103. +--------------------------------------------------------------+
  104. | === Welcome to Tunoff services === |
  105. +--------------------------------------------------------------+
  106. EOF
  107. #---------------------------------------------------------------------------------
  108. for i in `ls /etc/rc3.d/S*`
  109. do
  110.               CURSRV=`echo $i|cut -c 15-`
  111. echo $CURSRV
  112. case $CURSRV in
  113.           crond | irqbalance | microcode_ctl | network | random | sshd | syslog | local )
  114.       echo "Base services, Skip!"
  115.       ;;
  116.       *)
  117.           echo "change $CURSRV to off"
  118.           chkconfig --level 235 $CURSRV off
  119.           service $CURSRV stop
  120.       ;;
  121. esac
  122. done
  123. echo "service is init is ok.............."

  125. 本脚本摘录自《构建高可用Linux服务器》(机械工业出版社) 一书,转载麻烦注明出处,谢谢。
       以上两个脚本内容都是一样的。


阅读(991) | 评论(2) | 转发(0) |
0

上一篇:免费web日志分析工具

下一篇:rsync+inotify配置

给主人留下些什么吧!~~

随风飘云2012-02-14 16:31:24

thanks

回复 | 举报

随风飘云2012-02-12 18:28:52

,thanks 老男孩

回复 | 举报
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6