LINUX 系统初始化脚本
#!/bin/bash
######the system first start configuretion #####for install
####copy right by donglei##############
#1、配置sysctl
mv /etc/sysctl.conf /etc/sysctl.bak
echo "############################the new config for sysctl ###########
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kern.maxfiles = 65536
kern.maxfilesperproc = 32768
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_max = 262144
net.inet.udp.checksum = 1
net.inet.tcp.syncookies = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_intvl = 2
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
chmod 644 /etc/sysctl.conf
#2、配置ipv6
echo "##########ipv6-disabled###########
alias net-pf-10 off
alias ipv6 off" >> /etc/modprobe.d/dist.conf
echo "##############ipv6-disabled#########
NETWORKING_IPV6=no" >> /etc/sysconfig/network
/sbin/chkconfig ip6tables off
#3、配置系统时钟
echo "##############system_clock###########
01 * * * * root ntpdate 172.17.1.150; hwclock --systohc" >>/etc/crontab
#4、配置bash环境,每次命令行显示当前位置和时间,当前仅仅针对root设置
echo "export PS1='\033[1;33m\H \033[1;34m[\w] \033[1;35m\D{%D %T}\n\[\033[1;36m\]\u@pts/\l \[\033[00m\]\$ '" >> /root/.bashrc
#5、配置系统服务启动项
for i in `ls /etc/rc3.d/S*`
do
servi=`echo $i|cut -c 15-`
case $servi in
cpuspeed | crond | irqbalance | microcode_ctl | sendmail)
;;
*)
echo "change $servi to off" >>./log.log
chkconfig $servi off
service $servi stop
;;
esac
done
#6、配置系统默认语言环境
mv /etc/sysconfig/i18n /etc/sysconfig/i18n.bak
echo "#########set new language by admin#######
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16" " >/etc/sysconfig/i18n
chmod 644 /etc/sysconfig/i18n
#7、配置selinux
sed -i -e 's/^SELINUX=.*/LANG="SELINUX=disabled/' -e 's/^SELINUXTYPE=.*/SELINUXTYPE=disabled/' /etc/sysconfig/selinux
#8、关闭iptables
service iptables stop
chkconfig iptables off
#9、配置root用户不能直接登录系统
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
grep -Ev '^$|^#' /etc/ssh/sshd_config.bak >/etc/ssh/sshd_config
chmod 600 /etc/ssh/sshd_config
sed /PermitRootLogin/d /etc/ssh/sshd_config
sed /ClientAliveCountMax/d /etc/ssh/sshd_config
echo "######ssh security config#######
PermitRootLogin no
ClientAliveCountMax 10 " >>/etc/ssh/sshd_config
service sshd restart
最新文章
- Nancy之结合TinyFox调试备忘
- MySQL时间段查询,无数据补0
- Linux Kernel Version Numbering
- Delphi Dll示例
- [转载] 每个 Python 程序员都要知道的日志实践
- 运用socket实现简单的服务器客户端交互
- MVC学习系列——ModelBinder扩展
- CygWin模拟Linux环境进行Ant批量打包
- Selenium 高阶应用之WebDriverWait 和 expected_conditions
- 关于 String.intern() 的思考
- 【BZOJ4403】序列统计(组合数学,卢卡斯定理)
- 解决:Vue刷新/载入页面,出现双括号闪现后消失
- postgreSql——时区问题
- 20155318 《网络攻防》 Exp7 网络欺诈防范
- Windows虚拟内存不足问题的处理
- SQLServer2012 (非)聚集索引存储探究
- PAT天梯赛L2-004 这是二叉搜索树吗【递归】
- XSS 防范XSS 攻击的措施
- ML(4): 决策树分类
- __inline定义的内联函数和宏的区别