Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1131758
  • 博文数量: 150
  • 博客积分: 2739
  • 博客等级: 少校
  • 技术积分: 2392
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-07 12:28
文章分类

全部博文(150)

文章存档

2015年(2)

2014年(16)

2013年(10)

2012年(58)

2011年(64)

分类: LINUX

2012-02-12 18:16:34

    linux系统安装后初始化:
   来源:http://linuxeye.blog.51cto.com/4371937/772738
   来源:  http://kerry.blog.51cto.com/172631/555535
   
  1. #!/bin/bash 
  2. #by gg
  3. #BLOG: http:// wkgbc.blog.chinaunix.net
  4. #系统瘦身 
  5. yum -y groupremove "FTP Server" "Text-based Internet" "Windows File Server" "PostgreSQL Database" "News Server" "DNS Name Server" "Web Server" "Dialup Networking Support" "Mail Server" "Office/Productivity" "Ruby" "Office/Productivity" "Sound and Video" "X Window System" "X Software Development" "Printing Support" "OpenFabrics Enterprise Distribution"
  6. #安装依赖包 
  7. yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel nss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced
  8. #关闭不必要的服务 
  9. chkconfig --list | awk '{print "chkconfig " $1 " off"}' > /tmp/chkconfiglist.sh;/bin/sh /tmp/chkconfiglist.sh;rm -rf /tmp/chkconfiglist.sh
  10. chkconfig crond on
  11. chkconfig irqbalance on
  12. chkconfig network on
  13. chkconfig sshd on
  14. chkconfig syslog on
  15. chkconfig iptables on
  16. setenforce 0
  17. sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/sysconfig/selinux
  18. #i18n
  19. sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
  20. #修改启动模式 
  21. sed -i 's/id:.*$/id:3:initdefault:/g' /etc/inittab
  22. #关闭不需要的tty 
  23. sed -i 's/3:2345:respawn/#3:2345:respawn/g' /etc/inittab
  24. sed -i 's/4:2345:respawn/#4:2345:respawn/g' /etc/inittab
  25. sed -i 's/5:2345:respawn/#5:2345:respawn/g' /etc/inittab
  26. sed -i 's/6:2345:respawn/#6:2345:respawn/g' /etc/inittab
  27. sed -i 's/ca::ctrlaltdel/#ca::ctrlaltdel/g' /etc/inittab
  28. /sbin/init q
  29. #修改PS1 
  30. echo 'PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\$ \[\e[33;40m\]"' >> /etc/profile
  31. #修改shell命令的history记录个数 
  32. sed -i 's/HISTSIZE=.*$/HISTSIZE=100/g' /etc/profile
  33. source /etc/profile
  34. #记录每个命令 
  35. mkdir /root/logs
  36. echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> \$HOME/logs/\`hostname\`.\`whoami\`.history-timestamp'" >> /root/.bash_profile
  37. #密码输错5次锁定180s 
  38. sed -i '4a auth required pam_tally2.so deny=5 unlock_time=180' /etc/pam.d/system-auth
  39. #alias设置 
  40. sed -i '7a alias vi=vim' /root/.bashrc
  41. #调整Linux的最大文件打开数 
  42. echo "* soft nofile 60000" >> /etc/security/limits.conf
  43. echo "* hard nofile 65535" >> /etc/security/limits.conf
  44. echo "ulimit -SH 65535" >> /etc/rc.local
  45. #关闭ipv6 
  46. sed -i 's/NETWORKING_IPV6=.*$/NETWORKING_IPV6=no/g' /etc/sysconfig/network
  47. #网络参数进行调整 
  48. sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
  49. echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
  50. echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
  51. echo 'net.ipv4.ip_local_port_range = 1024 65000' >> /etc/sysctl.conf
  52. sysctl -p
  53. #校正时间 
  54. /usr/sbin/ntpdate ntp.api.bz
  55. echo '*/5 * * * * /usr/sbin/ntpdate ntp.api.bz' > /var/spool/cron/root;chmod 600 /var/spool/cron/root
  56. /sbin/service crond restart
  57. #iptables配置 
  58. sed -i 's/IPTABLES_MODULES="ip_conntrack_netbios_ns"/#IPTABLES_MODULES="ip_conntrack_netbios_ns"/g' /etc/sysconfig/iptables-config
  59. cat > /etc/sysconfig/iptables << EOF 
  60. # Firewall configuration written by system-config-securitylevel 
  61. # Manual customization of this file is not recommended. 
  62. *filter 
  63. :INPUT DROP [0:0] 
  64. :FORWARD ACCEPT [0:0] 
  65. :OUTPUT ACCEPT [0:0] 
  66. -A INPUT -i lo -ACCEPT 
  67. -A INPUT -m state --state RELATED,ESTABLISHED -ACCEPT 
  68. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -ACCEPT 
  69. -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -ACCEPT 
  70. -A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -ACCEPT 
  71. -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -ACCEPT 
  72. -A INPUT -p udp -m udp --dport 20 -ACCEPT 
  73. COMMIT 
  74. EOF 
  75. /sbin/service atd start
  76. echo "/sbin/service iptables stop" | at now+3minutes
  77. /sbin/service iptables restart
  1. 此脚本用于新装Linux的相关配置工作,比如禁掉iptable和SElinux及ipv6,优化系统内核,停掉一些没必要启动的系统服务等。此脚本尤其适全大批新安装的Centsos系列的服务器,脚本代码如下所示(此脚本在Centos5.5_x64下已通过):

  2. #!/bin/bash
  3. # by gg
  4. # MAIL:wkgbc123@163.com
  5. # BLOG:
  6. cat << EOF
  7. +--------------------------------------------------------------+
  8. | === Welcome to Centos System init === |
  9. +--------------------------------------------------------------+
  10. +--------------------------by kerry----------------------------+
  11. EOF

  12. #set ntp
  13. yum -y install ntp
  14. echo "* 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /etc/crontab
  15. service crond restart
  16. #set ulimit
  17. echo "ulimit -SHn 102400" >> /etc/rc.local
  18. #set locale
  19. #true > /etc/sysconfig/i18n
  20. #cat >>/etc/sysconfig/i18n<<EOF
  21. #LANG="zh_CN.GB18030"
  22. #SUPPORTED="zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en"
  23. #SYSFONT="latarcyrheb-sun16"
  24. #EOF
  25. #set sysctl
  26. true > /etc/sysctl.conf
  27. cat >> /etc/sysctl.conf << EOF
  28. net.ipv4.ip_forward = 0
  29. net.ipv4.conf.default.rp_filter = 1
  30. net.ipv4.conf.default.accept_source_route = 0
  31. kernel.sysrq = 0
  32. kernel.core_uses_pid = 1
  33. net.ipv4.tcp_syncookies = 1
  34. kernel.msgmnb = 65536
  35. kernel.msgmax = 65536
  36. kernel.shmmax = 68719476736
  37. kernel.shmall = 4294967296
  38. net.ipv4.tcp_max_tw_buckets = 6000
  39. net.ipv4.tcp_sack = 1
  40. net.ipv4.tcp_window_scaling = 1
  41. net.ipv4.tcp_rmem = 4096 87380 4194304
  42. net.ipv4.tcp_wmem = 4096 16384 4194304
  43. net.core.wmem_default = 8388608
  44. net.core.rmem_default = 8388608
  45. net.core.rmem_max = 16777216
  46. net.core.wmem_max = 16777216
  47. net.core.netdev_max_backlog = 262144
  48. net.core.somaxconn = 262144
  49. net.ipv4.tcp_max_orphans = 3276800
  50. net.ipv4.tcp_max_syn_backlog = 262144
  51. net.ipv4.tcp_timestamps = 0
  52. net.ipv4.tcp_synack_retries = 1
  53. net.ipv4.tcp_syn_retries = 1
  54. net.ipv4.tcp_tw_recycle = 1
  55. net.ipv4.tcp_tw_reuse = 1
  56. net.ipv4.tcp_mem = 94500000 915000000 927000000
  57. net.ipv4.tcp_fin_timeout = 1
  58. net.ipv4.tcp_keepalive_time = 1200
  59. net.ipv4.ip_local_port_range = 1024 65535
  60. EOF
  61. /sbin/sysctl -p
  62. echo "sysctl set OK!!"
  63. #close ctrl+alt+del
  64. sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
  65. #set purview
  66. chmod 600 /etc/passwd
  67. chmod 600 /etc/shadow
  68. chmod 600 /etc/group
  69. chmod 600 /etc/gshadow
  70. #disable ipv6
  71. cat << EOF
  72. +--------------------------------------------------------------+
  73. | === Welcome to Disable IPV6 === |
  74. +--------------------------------------------------------------+
  75. EOF
  76. echo "alias net-pf-10 off" >> /etc/modprobe.conf
  77. echo "alias ipv6 off" >> /etc/modprobe.conf
  78. /sbin/chkconfig --level 35 ip6tables off
  79. echo "ipv6 is disabled!"
  80. #disable selinux
  81. sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
  82. echo "selinux is disabled,you must reboot!"
  83. #vim
  84. sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
  85. echo 'syntax on' > /root/.vimrc
  86. #zh_cn
  87. sed -i -e 's/^LANG=.*/LANG="en"/' /etc/sysconfig/i18n
  88. #init_ssh
  89. ssh_cf="/etc/ssh/sshd_config"
  90. sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
  91. #sed -i "s/#Port 22/Port 65535/" $ssh_cf
  92. sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
  93. #client
  94. sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf
  95. service sshd restart
  96. echo "ssh is init is ok.............."
  97. #chkser
  98. #tunoff services
  99. #--------------------------------------------------------------------------------
  100. cat << EOF
  101. +--------------------------------------------------------------+
  102. | === Welcome to Tunoff services === |
  103. +--------------------------------------------------------------+
  104. EOF
  105. #---------------------------------------------------------------------------------
  106. for i in `ls /etc/rc3.d/S*`
  107. do
  108.               CURSRV=`echo $i|cut -c 15-`
  109. echo $CURSRV
  110. case $CURSRV in
  111.           crond | irqbalance | microcode_ctl | network | random | sshd | syslog | local )
  112.       echo "Base services, Skip!"
  113.       ;;
  114.       *)
  115.           echo "change $CURSRV to off"
  116.           chkconfig --level 235 $CURSRV off
  117.           service $CURSRV stop
  118.       ;;
  119. esac
  120. done
  121. echo "service is init is ok.............."

  122. 本脚本摘录自《构建高可用Linux服务器》(机械工业出版社) 一书,转载麻烦注明出处,谢谢。
       以上两个脚本内容都是一样的。


阅读(923) | 评论(2) | 转发(0) |
给主人留下些什么吧!~~

随风飘云2012-02-14 16:31:24

thanks

随风飘云2012-02-12 18:28:52

,thanks 老男孩