Lnamp和Lamp自动配置脚本-ly

网站运维与管理cyz.blog.chinaunix.net

首页　| 　博文目录　| 　关于我

ly_cyz

博客访问： 254733
博文数量： 188
博客积分： 0
博客等级：民兵
技术积分： -30
用户组：普通用户
注册时间： 2017-03-29 11:17

文章分类

全部博文（188）

Shell脚本（9）
网站性能优化（19）
邮件服务器（7）
电脑知识（2）
Oracle/Mysql（16）
Unix/Linux（74）

SCSA（2）

Url重写（1）

服务器配置管理（14）

运维监控（16）

CDN缓存技术（7）
集群/存储备份（9）
网络安全（18）

网络知识（4）
Windows技术（32）
未分配的博文（2）

文章存档

2013年（8）

2012年（5）

2011年（13）

2010年（26）

2009年（63）

2008年（20）

2007年（32）

2006年（21）

我的朋友

相关博文

Lnamp和Lamp自动配置脚本

分类： Python/Ruby

2011-07-26 08:59:20

#!/bin/bash
#######################################################################
# File: Autoconfig.sh #
# Description: Linux Security Configuration Tool #
# Language: GNU Bourne-Again Shell #
# Version: 2.0 #
# Date: 2011-7-21 #
# Corp.: #
# Author: changyuzeng #
### END INIT INFO #
#######################################################################
#change yum source
if [ ! -f /etc/yum.repos.d/CentOS-Base-163.repo ] && [ ! -f /etc/yum.repos.d/CentOS-Base-sohu.repo ];then
cd /etc/yum.repos.d/
wget
wget
yum makecache > /dev/null 2>&1
fi
############### Install dialog###############
echo "Dialog now instaling,please wait..."
yum -y install dialog > /dev/null 2>&1
#Ntp server
yum install -y ntp > /dev/null 2>&1
echo '0 23 * * * /usr/sbin/ntpdate 210.72.145.44' > /tmp/crontab2.tmp
crontab /tmp/crontab2.tmp
#timezone
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime > /dev/null 2>&1
#Disable SeLinux
if [ -s /etc/selinux/config ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
fi
INSTALL_SRC=/usr/local/src
lamp_log=/root/lamp_install.log
sed -i '6c ulimit -SHn 65535' /etc/rc.local
###path###
stat=`grep -n '/usr/local/apache' /etc/profile`
if [ $? = 1 ];then
sed -i '/export PATH/i PATH=$PATH:/usr/local/mysql/bin:/usr/local/apache/sbin:/usr/local/php/bin:/usr/local/php/sbin:/usr/local/bin' /etc/profile
source /etc/profile
fi
stat=`grep -n '/usr/local/mysql/lib' /etc/ld.so.conf`
if [ $? = 1 ];then
sed -i '/include/a /lib\n/usr/lib\n/usr/local/lib\n/usr/local/mysql/lib/\n/usr/local/php/lib' /etc/ld.so.conf
ldconfig
fi
#######################################################################
V_DELUSER="adm lp sync shutdown halt news uucp operator games gopher ftp"
V_DELGROUP="adm lp news uucp games gopher floppy dip pppusers slipusers"
V_PASSMINLEN=8
V_HISTSIZE=50
V_TMOUT=600
V_GROUPNAME=wheel
V_SERVICE="bluetooth cups firstboot hidd ip6tables kudzu nfslock portmap"
V_TTY="5|6"
V_SUID=(
'/usr/bin/chage'
'/usr/bin/gpasswd'
'/usr/bin/wall'
'/usr/bin/chfn'
'/usr/bin/chsh'
'/usr/bin/newgrp'
'/usr/bin/write'
'/usr/sbin/usernetctl'
'/bin/traceroute'
'/bin/mount'
'/bin/umount'
'/sbin/netreport'
)
###########################################################################
install_init() {
clear
echo "========================================================================="
echo "A tool to auto-compile & install Nginx+MySQL+PHP on Linux "
echo ""
echo "For more information please Contact administrators"
echo "========================================================================="
set main domain name
domain=""
echo "Please input domain:"
read -p "(Default domain: ):" domain
if [ "$domain" = "" ]; then
domain=""
fi
echo "==========================="
echo domain="$domain"
echo "==========================="
#set webroot
webroot=/data/webroot
echo "Please input webroot:"
read -p "(Default webroot: /data/weboot):" webroot
if [ "$webroot" = "" ]; then
webroot=/data/webroot
fi
echo "==========================="
echo webroot=$webroot
echo "==========================="
#set mysql root password
echo "==========================="
mysqlrootpwd="bitauto123"
echo "Please input the root password of mysql:"
read -p "(Default password: bitauto123):" mysqlrootpwd
if [ "$mysqlrootpwd" = "" ]; then
mysqlrootpwd="bitauto123"
fi
echo "==========================="
echo mysqlrootpwd="$mysqlrootpwd"
echo "==========================="
get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "Press any key to start..."
char=`get_char`
#webroot log
if [ ! -d $webroot ];then
mkdir $webroot
chown $webroot -R
fi
if [ ! -d /var/logs ];then
mkdir -p /var/logs
chown -R www:www /var/logs
fi
#################uninstall php mysql httpd#############################
echo "Uninstall system package 'php mysql httpd' "
yum -y erase php* mysql* httpd* > /dev/null 2>&1
#########################################################
# #
# Download and Uncompress lamp source packet #
# #
#####################Uncompress file#####################
if [ ! -d /usr/local/src ];then
mkdir /usr/local/src
fi
if [ ! -f /usr/local/src/software.tar ];then
echo "Download Lamp && Lnmp source packet..."
cd /usr/local/src
wget
tar zxvf software.tar.gz -C $INSTALL_SRC
mv software.tar.gz software.tar > /dev/null 2>&1
fi
echo "Uncompress Lamp && Lnmp source packet..."
sleep 5
for i in $INSTALL_SRC/*gz
do
tar -xzf $i -C $INSTALL_SRC
done
for i in $INSTALL_SRC/*.tar.bz2
do
tar -xjf $i -C $INSTALL_SRC
done
for i in $INSTALL_SRC/*.zip
do
unzip -o $i
done
##################create user and group############
for a in www mysql;do
id $a >/dev/null 2>&1
if [ $? != 0 ];then
groupadd $a && useradd $a -g $a -s /sbin/nologin -d /dev/null -M -c "for $a"
echo "www and mysql user has been added to your system..."
fi
done
######################edit test.php################
touch $webroot/test.php
cat << EOF > $webroot/test.php
phpinfo();
?>
EOF
################Base develop Environment###########
yum -y install zlib zlib-devel libxml2-devel curl curl-devel libidn-devel e2fsprogs-devel keyutils-libs-devel libselinux-devel libsepol-devel krb5-devel openssl-devel curl*
yum -y install gcc gcc-c++ flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel expat-devel openssl-devel gettext-devel libtool* flex aspell-devel gmp-devel freetype-devel
}
install_apache() {
echo "+------------------------------------------------------+"
echo "+ We will install apache service on the local computer +"
echo "+------------------------------------------------------+"
if [ -s "$INSTALL_SRC/httpd-2.2.19.tar.gz" ] && [ -d "$INSTALL_SRC/httpd-2.2.19" ];then
echo "httpd-2.2.19.tar.gz [found]"
cd $INSTALL_SRC/httpd-2.2.19
cd srclib/apr
./configure --prefix=/usr/local/apr --enable-threads --enable-other-child --enable-static
make && make install
cd ../apr-util
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
cd ../..
./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-rewrite --enable-mods-shared=all --enable-rewrite --enable-static --enable-cache --enable-threads --disable-version
make &&make install
if [ $? = 0 ];then
\cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
sed -i '2 a # chkconfig: 2345 50 90' /etc/init.d/httpd
sed -i '3 a\# description: Activates/Deactivates Apache Web Server' /etc/init.d/httpd
chkconfig --add httpd
chkconfig httpd on
sed -i 's#User daemon#User www#' /usr/local/apache/conf/httpd.conf
sed -i 's#Group daemon#Group www#' /usr/local/apache/conf/httpd.conf
sed -i '$ a\ServerTokens Prod' /usr/local/apache/conf/httpd.conf
sed -i 's#ErrorLog "logs/error_log"#ErrorLog "/var/logs/error_log"#' /usr/local/apache/conf/httpd.conf
sed -i 's#CustomLog "logs/access_log" common#CustomLog "/var/logs/access_log" common#' /usr/local/apache/conf/httpd.conf
sed -i 's/#ServerName '$domain':80/g' /usr/local/apache/conf/httpd.conf
sed -i 's#DocumentRoot "/usr/local/apache/htdocs"# DocumentRoot "'$webroot'"#' /usr/local/apache/conf/httpd.conf
sed -i 's###' /usr/local/apache/conf/httpd.conf
echo "test apache running!" >> $lamp_log
/usr/local/apache/bin/apachectl -t >> $lamp_log
/usr/local/apache/bin/apachectl start >> $lamp_log
fi
fi
echo "=============================="
echo " apache install finished "
echo "=============================="
}
install_mysql() {
##################################################install && configure mysql#############################################
echo "+------------------------------------------------------+"
echo "+ We will install mysql service on the local computer +"
echo "+------------------------------------------------------+"
if [ -s "$INSTALL_SRC/mysql-5.5.14.tar.gz" ] && [ -d "$INSTALL_SRC/mysql-5.5.14" ];then
echo " Mysql installing now..." >> $lamp_log
cd $INSTALL_SRC/libiconv-1.13.1
./configure --prefix=/usr/local
make && make install >> $lamp_log
cd ../
cd libmcrypt-2.5.8/
./configure
make && make install >> $lamp_log
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make&&make install >> $lamp_log
cd ../../
cd mhash-0.9.9.9/
./configure
make&&make install >> $lamp_log
cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make&&make install >> $lamp_log
cd ../
mkdir -p /data/mysql
chown -R mysql.mysql /data/mysql
cd cmake-2.8.4/
./bootstrap
gmake && gmake install >> $lamp_log
cd ../
cd mysql-5.5.14/
cmake . \
-DSYSCONFDIR=/etc \
-DCMAKE_INSTALL_PREFIX:PATH=/usr/local/mysql \
-DCOMMUNITY_BUILD:BOOL=ON \
-DENABLED_PROFILING:BOOL=ON \
-DENABLE_DEBUG_SYNC:BOOL=OFF \
-DMYSQL_DATADIR:PATH=/data/mysql \
-DWITH_MYISAM_STORAGE_ENGINE=1
-DWITH_INNOBASE_STORAGE_ENGINE=1
-DWITH_ARCHIVE_STORAGE_ENGINE=1
-DWITH_BLACKHOLE_STORAGE_ENGINE=1
-DDEFAULT_CHARSET=utf8
-DDEFAULT_COLLATION=utf8_general_ci
-DWITH_EXTRA_CHARSETS:STRING=all \
-DWITH_SSL:STRING=bundled \
-DWITH_UNIT_TESTS:BOOL=OFF \
-DWITH_ZLIB:STRING=bundled \
-LH
make
make install >> $lamp_log
if [ $? = 0 ];then
\cp support-files/my-huge.cnf /etc/my.cnf
sed -i '30 a \open_files_limit = 10240\nmax_connections = 5000' /etc/my.cnf
chown -R root.mysql /usr/local/mysql/
/usr/local/mysql/scripts/mysql_install_db \
--defaults-file=/etc/my.cnf \
--basedir=/usr/local/mysql \
--datadir=/data/mysql \
--user=mysql
chown -R mysql.mysql /data/mysql
\cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --add mysqld
echo "test mysql running!" >> $lamp_log
/etc/init.d/mysqld start
/etc/init.d/mysqld status >> $lamp_log
mysqladmin -u root password $mysqlrootpwd
#./bin/mysql_secure_installation
fi
else
echo" mysql install failed"
fi
echo "=============================="
echo " mysql install finished "
echo "=============================="
}
install_apache-php() {
echo "+------------------------------------------------------------+"
echo "+ We will install "apache php" service on the local computer +"
echo "+------------------------------------------------------------+"
if [ -s "$INSTALL_SRC/php-5.3.6.tar.gz" ] && [ -d "$INSTALL_SRC/php-5.3.6" ];then
echo "php will installing..." >> $lamp_log
cd $INSTALL_SRC/php-5.3.6
./configure --prefix=/usr/local/php --with-config-file-path=/etc --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir=/usr/lib --with-zlib --with-libxml-dir --enable-xml --disable-rpath --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --with-openssl --enable-zend-multibyte --with-bz2 --enable-exif --without-pear
make ZEND_EXTRA_LIBS='-liconv' >> $lamp_log
make install >> $lamp_log
if [ $? = 0 ];then
\cp php.ini-production /etc/php.ini
ln -s /usr/local/php/etc/php.ini /etc/php.ini
cd ../
cd memcache-3.0.6
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install >> $lamp_log
cd ../
cd eaccelerator-0.9.6.1/
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make && make install >> $lamp_log
cd ../
cd PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql
make && make install >> $lamp_log
cd ../
cd ImageMagick-6.6.9
./configure
make && make install >> $lamp_log
cd ../
cd imagick-3.1.0b1/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install >> $lamp_log
###zend configure#######
bit=`uname -m`
echo $bit
if [ $bit == i686 ]
then
\cp /usr/local/src/ZendGuardLoader-php-5.3-linux-glibc23-i386/php-5.3.x/ZendGuardLoader.so /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
else
cp /usr/local/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
fi
sed -i 's#; extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#' /etc/php.ini
sed -i 's#output_buffering = Off#output_buffering = On#' /etc/php.ini
sed -i "s#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g" /etc/php.ini
sed -i "s#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g" /etc/php.ini
sed -i '/;date.timezone/c date.timezone = Asia/Shanghai' /etc/php.ini
sed -i "s#magic_quotes_gpc = Off#magic_quotes_gpc = On#g" /etc/php.ini
mkdir /usr/local/eaccelerator_cache > /dev/null 2>&1
sed -i '$ c ; End:\n\[eaccelerator]\nzend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"\neaccelerator.shm_size="64"\neaccelerator.cache_dir="/usr/local/eaccelerator_cache"\neaccelerator.enable="1"\neaccelerator.optimizer="1"\neaccelerator.check_mtime="1"\neaccelerator.debug="0"\neaccelerator.filter=""\neaccelerator.shm_max="0"\neaccelerator.shm_ttl="3600"\neaccelerator.shm_prune_period="3600"\neaccelerator.shm_only="0"\neaccelerator.compress="1"\neaccelerator.compress_level="9"\n\[Zend Optimizer]\nzend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/ZendGuardLoader.so"\nzend_optimizer.optimization_level=1\nzend_optimizer.encoder_loader=0' /etc/php.ini
sed -i 's#DirectoryIndex index.html#& index.php#' /usr/local/apache/conf/httpd.conf
sed -i '356 c\ AddType application/x-httpd-php-source .php' /usr/local/apache/conf/httpd.conf
sed -i '357 c\ AddType application/x-httpd-php .php' /usr/local/apache/conf/httpd.conf
#sed -i '53 c LoadModule php5_module modules/libphp5.so' /usr/local/apache/conf/httpd.conf
ldconfig
/etc/init.d/httpd restart
echo "---test "apache-php" status----" >> $lamp_log
/usr/local/php/bin/php -v >> $lamp_log
fi
fi
echo "========================== Check install ================================"
echo "CentOS/RadHat auto configure "
echo "========================================================================="
echo ""
echo "For more information please visit http:///"
echo ""
echo "Lamp status manage:"
echo " /etc/init.d/httpd {start|stop|reload|restart|kill|status}"
echo " /etc/init.d/mysqld {start|stop|reload|restart|kill|status}"
echo ""
echo "phpinfo : "
echo "default mysql root password:$mysqlrootpwd"
echo "mysql security configure: mysql_secure_installation"
echo "The path of some dirs:"
echo "mysql dir: /usr/local/mysqld"
echo "php dir: /usr/local/php"
echo "apache dir: /usr/local/apache"
echo "web dir : $webroot"
echo "log dir : /var/logs"
echo ""
echo "========================================================================="
}
install_nginx-php() {
echo "+-----------------------------------------------------------+"
echo "+ We will install "nginx php" service on the local computer +"
echo "+-----------------------------------------------------------+"
if [ -s "$INSTALL_SRC/php-5.3.6.tar.gz" ] && [ -d "$INSTALL_SRC/php-5.3.6" ];then
echo " php-5.3.6.tar.gz [found]"
cd $INSTALL_SRC/php-5.3.6
./configure --prefix=/usr/local/php --with-config-file-path=/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir=/usr/lib --with-zlib --with-libxml-dir --enable-xml --disable-rpath --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --with-openssl --enable-zend-multibyte --with-bz2 --enable-exif --without-pear --enable-fpm --with-fpm-user=www --with-fpm-group=www
make ZEND_EXTRA_LIBS='-liconv' >> $lamp_log
make install >> $lamp_log
if [ $? = 0 ];then
\cp php.ini-production /etc/php.ini
ln -s /usr/local/php/etc/php.ini /etc/php.ini
\cp /usr/local/src/php-fpm.conf /usr/local/php/etc/php-fpm.conf
\cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod 755 /etc/init.d/php-fpm
chkconfig --add php-fpm
chkconfig php-fpm on
/etc/init.d/php-fpm start >> $lamp_log
cd ../
cd memcache-3.0.6
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install >> $lamp_log
cd ../
cd eaccelerator-0.9.6.1/
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make && make install >> $lamp_log
cd ../
cd PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql
make && make install >> $lamp_log
cd ../
cd ImageMagick-6.6.9
./configure
make && make install >> $lamp_log
cd ../
cd imagick-3.1.0b1/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install >> $lamp_log
###zend configure#######
bit=`uname -m`
echo $bit
if [ $bit == i686 ]
then
\cp /usr/local/src/ZendGuardLoader-php-5.3-linux-glibc23-i386/php-5.3.x/ZendGuardLoader.so /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
else
\cp /usr/local/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
fi
sed -i 's#; extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#' /etc/php.ini
sed -i 's#output_buffering = Off#output_buffering = On#' /etc/php.ini
sed -i "s#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g" /etc/php.ini
sed -i "s#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g" /etc/php.ini
sed -i '/;date.timezone/c date.timezone = Asia/Shanghai' /etc/php.ini
sed -i "s#magic_quotes_gpc = Off#magic_quotes_gpc = On#g" /etc/php.ini
mkdir /usr/local/eaccelerator_cache > /dev/null 2>&1
#############zend && eaccelerator opimization################
cat >>/etc/php.ini<
[eaccelerator]
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/usr/local/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
[Zend Optimizer]
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/ZendGuardLoader.so"
zend_optimizer.optimization_level=1
zend_optimizer.encoder_loader=0
EOF
echo "---test "nginx-php" status----" >> $lamp_log
/usr/local/php/bin/php -v >> $lamp_log
fi
fi
echo "CentOS/RadHat auto configure "
echo "========================================================================="
echo ""
echo "For more information please visit http:///"
echo ""
echo "lnmp status manage:"
echo " /etc/init.d/nginx {start|stop|reload|restart|kill|status}"
echo " /etc/init.d/mysqld {start|stop|reload|restart|kill|status}"
echo "phpinfo : "
echo "default mysql root password:$mysqlrootpwd"
echo "mysql security configure: mysql_secure_installation"
echo "The path of some dirs:"
echo "mysql dir: /usr/local/mysql"
echo "php dir: /usr/local/php"
echo "nginx dir: /usr/local/apache"
echo "web dir : $webroot"
echo "log dir : /var/logs"
echo ""
echo "========================================================================="
}
install_nginx() {
echo "+------------------------------------------------------+"
echo "+ We will install nginx service on the local computer +"
echo "+------------------------------------------------------+"
if [ -s "$INSTALL_SRC/nginx-1.0.4.tar.gz" ] && [ -d "$INSTALL_SRC/nginx-1.0.4" ];then
echo " nginx-1.0.4.tar.gz [found]"
cd $INSTALL_SRC/pcre-8.12
./configure
make && make install >> $lamp_log
cd ../
cd nginx-1.0.4/
#disable version
sed -i 's/#define NGINX_VERSION "1.0.8"/#define NGINX_VERSION "1.8"/' src/core/nginx.h
sed -i 's#nginx/#bitautotech/#' src/core/nginx.h
sed -i 's#Server: nginx#Server: bitautotech#' src/http/ngx_http_header_filter_module.c
sed -i '28s/nginx/bitautech/' src/http/ngx_http_special_response.c
sed -i '21a \"
http://" CRLF\' src/http/ngx_http_special_response.c
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install >> $lamp_log
if [ $? = 0 ];then
mkdir -p /var/logs
chown -R www:www /var/logs
\cp /usr/local/src/nginx.conf /usr/local/nginx/conf/nginx.conf
sed -i 's#root /data/webroot/bitauto#root '$webroot'#' /usr/local/nginx/conf/nginx.conf
sed -i 's#server_name ;#server_name '$domain';#' /usr/local/nginx/conf/nginx.conf
\cp /usr/local/src/nginx /etc/init.d/nginx
chmod +x /etc/init.d/nginx
chkconfig -add nginx
chkconfig nginx on
/etc/init.d/nginx start
echo "---test nginx status----" >> $lamp_log
/usr/local/nginx/sbin/nginx -t >> $lamp_log
fi
fi
echo ""
echo "=============================="
echo " nginx install finished "
echo "=============================="
echo ""
}
#################################################################################
#make the dialog menu
dialog \
--separate-output \
--checklist " Linux auto configuration tool" \
20 60 15 \
\
0 "Delete unwanted user and group" on \
1 "Change password limit(PASS_MIN_LEN=8)" on \
2 "Set auto loginout time(10min)" on \
3 "Remove Linux version infomation" on \
4 "Refused root ssh,Use SU" off \
5 "Stop Unnecessary Services" on \
6 "Optimize Kernel parameters" on \
7 "Change history limit(HISTSIZE=50)" on \
8 "Change ssh port(port 10001)" on \
9 "Lock Account file(passwd,shadow,group,gshadow...)" on \
10 "Chmod init.d rights(Permissions:700)" on \
11 "Remove SUID " on \
12 "Other Security Configure" on \
13 "Install and configure LAMP" off \
14 "Install and configure LNMP" off \
2>output
in=$(
echo $in
#the function of confirm
function Confirm()
{
#text height witdh
dialog --yesno "Are you sure to configure ...?" 6 36
if [ $? -eq 0 ]
then
isConfirmed=0
return 0
else
isConfirmed=1
return 1
fi
}
#whether confirm of not
if [ -n "$in" ]
then
Confirm
if [ $? -eq 1 ]
then
clear
exit 1
fi
fi
#configure
for i in $in
do
case $i in
"0")
echo "**********delete unwanted user and group...***********"
for i in $V_DELUSER ;do
echo "deleting $i";
userdel $i ;
done
for i in $V_DELGROUP ;do
echo "deleting $i";
groupdel $i;
done
;;
"1")
echo "**************change password limit ...***************"
echo "/etc/login.defs"
echo "PASS_MIN_LEN $V_PASSMINLEN"
sed -i "/^PASS_MIN_LEN/s/5/$V_PASSMINLEN/" /etc/login.defs
;;
"2")
echo "**************change login timeout ...****************"
echo "/etc/profile"
echo "TMOUT=$V_TMOUT"
sed -i "/^HISTSIZE/a\TMOUT=$V_TMOUT" /etc/profile
;;
"3")
echo "**************remove system version...****************"
\cp /etc/issue /etc/issue.bak
\cp /etc/issue.net /etc/issue.net.bak
rm -f /etc/issue /etc/issue.net
touch /etc/issue /etc/issue.net
echo "cat /etc/issue"
cat /etc/issue
echo "cat /etc/issue.net"
cat /etc/issue.net
;;
"4")
echo "*****************denied root login,use SU ...*****************"
echo "/etc/ssh/sshd_config"
echo "PermitRootLogin no"
sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
###set wheel group env#########
sed -i '23c#if [ "$EUID" = "0" ]; then' /etc/profile
sed -i '23agid=`/usr/bin/id -g`\nif [ $gid -eq 10 ];then' /etc/profile
source /etc/profile
chmod +w /etc/sudoers
sed -i '93a %wheel ALL=(ALL) NOPASSWD: ALL' /etc/sudoers
chmod -w /etc/sudoers
####create su user###
useradd -g 10 bitnms
echo bitauto123 |passwd --stdin "bitnms"
/etc/init.d/sshd reload
echo "permit $V_GROUPNAME use su ..."
echo "/etc/pam.d/su"
echo "auth sufficient /lib/security/pam_rootok.so debug"
echo "auth required /lib/security/pam_wheel.so group=$V_GROUPNAME"
if egrep "auth sufficient /lib/security/pam_rootok.so debug" /etc/pam.d/su > /dev/null
then
echo 'warning:existed'
else
echo 'auth sufficient /lib/security/pam_rootok.so debug' >> /etc/pam.d/su
echo "auth required /lib/security/pam_wheel.so group=${V_GROUPNAME}" >> /etc/pam.d/su
fi
;;
"5")
echo "**************close services autostart ...*************"
for i in $V_SERVICE ;do
chkconfig $i off;
done
;;
"6")
echo "***************change kernel parameters****************"
\cp /etc/sysctl.conf /etc/sysctl.conf.bak
echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 600" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
cho "net.core.netdev_max_backlog = 30000" >> /etc/syscte.conf
echo "net.ipv4.tcp_no_metrics_save = 1" >> /etc/sysctl.conf
echo "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_orphans = 8000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 10240" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf
echo "fs.file-max = 65535" >> /etc/sysctl.conf
echo "modprobe ip_conntrack" >> /etc/rc.local
modprobe ip_conntrack
echo "nepv4.conf.all.send_redirectst.ipv4.netfilter.ip_conntrack_max = 655360" >> /etc/sysctl.conf
echo "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 600" >> /etc/sysctl.conf
sysctl -p
;;
"7")
echo "************change history limit ...******************"
echo "/etc/profile"
echo "HISTSIZE $V_HISTSIZE"
sed -i "/^HISTSIZE/s/1000/$V_HISTSIZE/" /etc/profile
;;
"8")
echo "*****************Change ssh port.*****************"
echo "/etc/ssh/sshd_config"
echo "Port 10001" >> /etc/ssh/sshd_config
/etc/init.d/sshd reload
;;
"9")
echo "*****************lock user&services ...***************"
echo "chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/services"
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/services
;;
"10")
echo "***********init script only for root ...**************"
echo "chmod -R 700 /etc/init.d/*"
echo "chmod 600 /etc/grub.conf"
echo "chattr +i /etc/grub.conf"
chmod -R 700 /etc/init.d/*
chmod 600 /etc/grub.conf
chattr +i /etc/grub.conf
;;
"11")
echo "******************remove SUID ...*********************"
echo "/usr/bin/chage /usr/bin/gpasswd ..."
for i in ${V_SUID[@]};
do
chmod a-s $i
done
;;
"12")
echo "********************Other security set******************"
echo "change tty in /etc/inittab"
echo "#5:2345:respawn:/sbin/mingetty tty5"
echo "#6:2345:respawn:/sbin/mingetty tty6"
sed -i '/^[$V_TTY]:2345/s/^/#/' /etc/inittab
echo "change /etc/host.conf"
echo "order bind,hosts" > /etc/host.conf
echo "multi on" >> /etc/host.conf
echo "nospoof on" >> /etc/host.conf
echo "close ctrl+alt+del to restart server ..."
echo "/etc/inittab"
echo "#ca::ctrlaltdel:/sbin/shutdown -t3 -r now"
sed -i '/^ca::/s/^/#/' /etc/inittab
;;
"13")
echo "*******************LAMP******************"
install_init
install_mysql
for soft in apache php ;do
case $soft in
apache)
install_apache;;
php)
install_apache-php;;
esac
done
;;
"14")
echo "********************LNMP******************"
install_init
for soft in mysql nginx php;do
case $soft in
mysql)
install_mysql;;
nginx)
install_nginx;;
php)
install_nginx-php;;
esac
done
;;
esac
done

阅读(1273) | 评论(0) | 转发(0) |

上一篇：hyper-v的虚拟机无法做nlb的问题解决

下一篇：Snort安装配置

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6