生產環境Linux系統初始化腳本

火星人 @ 2014-03-08 , reply:0


下面介紹的是生產環境Linux(CentOS,RHEL)系統初始化的shell腳本,去除不需要的服務,做些優化、安全和管理相關的配置等等.不一定適應所有的生產環境,還是要根據自己的實際業務應用來做些調整.可以把此腳本整合在PXE中,或其他自動化安裝系統的工具中.具體內容詳見腳本.

centos_sys_init.sh

  1. 001 #!/bin/bash
  2. 002 #
  3. 003 # Script Name: centos_sys_init.sh
  4. 004 # Description: fits CentOS and RHEL series
  5. 005 #
  6. 006 # Author: Xinggang Wang - OpsEye.com
  7. 007 # Create Date: 2010-09-16
  8. 008 # Last Modified: 2011-09-19
  9. 009
  10. 010 # turnoff services of no need
  11. 011 chkconfig="/sbin/chkconfig"
  12. 012 services=`$chkconfig --list|awk '{print $1}'`
  13. 013
  14. 014 for i in $services
  15. 015 do
  16. 016 case $i in
  17. 017 crond|irqbalance|microcode_ctl|network|sshd|syslog|random| \
  18. 018 lm_sensors|lvm2-monitor|mdmonitor|readahead_early|smartd| \
  19. 019 ipmi|iscsi|iscsid|local)
  20. 020 $chkconfig --level 2345 $i on
  21. 021 ;;
  22. 022 *)
  23. 023 $chkconfig $i off
  24. 024 /sbin/service $i stop &>/dev/null
  25. 025 ;;
  26. 026 esac
  27. 027
  28. 028 done
  29. 029
  30. 030 # disable ipv6
  31. 031 cat >>/etc/modprobe.conf <<EOF
  32. 032 alias net-pf-10 off
  33. 033 alias ipv6 off
  34. 034 EOF
  35. 035
  36. 036 # disable selinux
  37. 037 sed -i '/^SELINUX=/s/.*/SELINUX

    =disabled/' /etc/selinux/config
  38. 038
  39. 039 # delete some users of no need
  40. 040 for i in adm lp shutdown halt news uucp games operator gopher
  41. 041 do
  42. 042 /usr/sbin/userdel $i 2>/dev/null
  43. 043 done
  44. 044
  45. 045 # delete some groups of no need
  46. 046 for i in adm lp news uucp games dip
  47. 047 do
  48. 048 /usr/sbin/groupdel $i 2>/dev/null
  49. 049 done
  50. 050
  51. 051 # set start level 3
  52. 052 grep -q 'id:5' /etc/inittab && sed -i '/^id:/s/5/3/' /etc/inittab
  53. 053
  54. 054 # disable ctrl alt del
  55. 055 sed -i '/^ca::ctrlaltdel:/s/^/#/' /etc/inittab
  56. 056
  57. 057 # sysctl.conf
  58. 058 cat >

    /etc/sysctl.conf<<eof
  59. 059 net.ipv4.ip_forward = 0
  60. 060 net.ipv4.conf.default.rp_filter = 1
  61. 061 net.ipv4.conf.default.accept_source_route = 0
  62. 062 kernel.sysrq = 0
  63. 063 kernel.core_uses_pid = 1
  64. 064 net.ipv4.tcp_syncookies = 1
  65. 065 kernel.msgmnb = 65536
  66. 066 kernel.msgmax = 65536
  67. 067 kernel.shmmax = 68719476736
  68. 068 kernel.shmall = 4294967296

  69. 069 net.ipv4.tcp_max_tw_buckets = 6000
  70. 070 net.ipv4.tcp_sack = 1
  71. 071 net.ipv4.tcp_window_scaling = 1
  72. 072 net.ipv4.tcp_rmem = 4096 87380 4194304
  73. 073 net.ipv4.tcp_wmem = 4096 16384 4194304
  74. 074 net.core.wmem_default = 8388608
  75. 075 net.core.rmem_default = 8388608
  76. 076 net.core.rmem_max = 16777216
  77. 077 net.core.wmem_max = 16777216
  78. 078 net.core.netdev_max_backlog = 262144
  79. 079 net.core.somaxconn = 262144
  80. 080 net.ipv4.tcp_max_orphans = 3276800
  81. 081 net.ipv4.tcp_max_syn_backlog = 262144
  82. 082 net.ipv4.tcp_timestamps = 0
  83. 083 net.ipv4.tcp_synack_retries = 1
  84. 084 net.ipv4.tcp_syn_retries = 1
  85. 085 net.ipv4.tcp_tw_recycle = 1
  86. 086 net.ipv4.tcp_tw_reuse = 1
  87. 087 net.ipv4.tcp_mem = 94500000 915000000 927000000
  88. 088 net.ipv4.tcp_fin_timeout = 1
  89. 089 net.ipv4.tcp_keepalive_time

    = 1200
  90. 090 net.ipv4.ip_local_port_range = 1024 65535
  91. 091 eof
  92. 092
  93. 093 sysctl -p &>/dev/null
  94. 094
  95. 095 # limits.conf
  96. 096 echo '* - nofile 65535' >> /etc/security/limits.conf
  97. 097
  98. 098 # configure the vim editor
  99. 099 cp /usr/share/vim/vim70/vimrc_example.vim /root/.vimrc
  100. 100 cat >>/root/.vimrc <<eof
  101. 101 set shiftwidth=4
  102. 102 ""set encoding=prc
  103. 103 set encoding=utf-8 fileencodings

    =utf-8,gbk,gb2312
  104. 104 set nu
  105. 105 set nuw=1
  106. 106 set tabstop=4
  107. 107 ""set ai
  108. 108 hi LineNr ctermfg=DarkCyan ctermbg=black
  109. 109 hi PmenuSel ctermfg=blue ctermbg=grey
  110. 110 eof
  111. 111
  112. 112 sed -i '/^set mouse=a/s/^/"/' /root/.vimrc
  113. 113 sed -i '/filetype plugin indent on/s/^/"""/' /root/.vimrc
  114. 114 sed -i '/set backup/s/^/"""/' /root/.vimrc
  115. 115
  116. 116 cat >>

    /root/.bashrc<<eof
  117. 117 alias vi='vim'
  118. 118 eof
  119. 119
  120. 120 # history custom
  121. 121 cat >>/etc/profile<<eof
  122. 122 export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S]"
  123. 123 export HISTSIZE=4096
  124. 124 HISTDIR=/var/log/.hist
  125. 125 DATE=\$(date %Y%m%d)
  126. 126 [ ! -d \$HISTDIR ] && { mkdir -p \$HISTDIR ;chmod 777 \$HISTDIR ;}
  127. 127 export HISTFILE="\$HISTDIR/\$USER.\$DATE"
  128. 128 chmod 600 \$HISTDIR/* 2>/dev/null
  129. 129
  130. 130 eof
  131. 131
  132. 132 # dns
  133. 133 cat >/etc/resolv.conf<<EOF
  134. 134 nameserver 8.8.8.8
  135. 135 EOF
  136. 136
  137. 137 # ntp
  138. 138 chmod s /usr/sbin/ntpdate
  139. 139 /usr/sbin/ntpdate time.nist.gov;/sbin/clock -w
  140. 140
  141. 141 cat >/var/spool/cron/root<<EOF
  142. 142 # CRONTAB
  143. 143 SHELL=/bin/bash
  144. 144 TZ="Asia/Shanghai"
  145. 145 PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
  146. 146 MAILTO=""
  147. 147 #
  148. 148 1 0 * * * /usr/sbin/ntpdate time.nist.gov;/sbin/clock -w
  149. 149 EOF
  150. 150
  151. 151 cat >>/etc/rc.local <<EOF
  152. 152 /usr/sbin/ntpdate time.nist.gov;/sbin/clock -w
  153. 153 EOF
  154. 154
  155. 155 # ssh-key
  156. 156 mkdir -p /root/.ssh
  157. 157 chmod 700 /root/.ssh
  158. 158 cat >/root/.ssh/authorized_keys<<EOF
  159. 159 your ssh private key
  160. 160 EOF
  161. 161
  162. 162 # ssh config
  163. 163 sed -i '/^UseDNS yes/d;/^PasswordAuthentication yes/d' /etc/ssh/sshd_config
  164. 164 sed -i -e '/^#PasswordAuthentication/a PasswordAuthentication no' -e '/^#UseDNS yes/a UseDNS no' /etc/ssh/sshd_config

  165. 165 sed -i '/^GSSAPIAuthentication/s/^/#/;/^GSSAPICleanupCredentials/s/^/#/' /etc/ssh/sshd_config
  166. 166
  167. 167 # restart
  168. 168 init 6
  169. 169
  170. 170 exit 0




[火星人 via ] 生產環境Linux系統初始化腳本已經有283次圍觀

http://www.coctec.com/docs/linux/show-post-45823.html