CentOS系统初始化脚本
ALIYUN_YUM () {
yum install wget -y
grep "mirrors.aliyun.com" /etc/yum.repos.d/CentOS-Base.repo
if [ $? -ne 0 ];then
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sleep 2
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum makecache
else
echo -e "\033[44;37m Aliyun yum repos is set \033[0m"
fi
}
DISABLE_SELINUX () {
grep "SELINUX=disabled" /etc/selinux/config
if [ $? -ne 0 ];then
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
else
echo -e "\033[44;37m SELINUX is disable \033[0m"
fi
}
TIME_ZONE () {
\cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
}
NTP_SET () {
grep ntpdate /etc/crontab
if [ $? -ne 0 ];then
echo "0 3 * * * root /usr/sbin/ntpdate time1.aliyun.com" >> /etc/crontab
else
echo -e "\033[44;37m ntpdate is set \033[0m"
fi
}
DISABLE_SERVICE (){
systemctl disable firewalld.service
systemctl stop firewalld.service
systemctl disable iptables.service
systemctl stop iptables.service
systemctl disable NetworkManager.service
systemctl stop NetworkManager.service
systemctl stop postfix
systemctl disable postfix
systemctl stop rpcbind
systemctl disable rpcbind
}
LIMIT_CONF () {
grep "* soft nofile 65535" /etc/security/limits.conf
if [ $? -ne 0 ];then
echo "* soft nofile 65535" >> /etc/security/limits.conf
else
sleep 1
fi
grep "* hard nofile 65535" /etc/security/limits.conf
if [ $? -ne 0 ];then
echo "* hard nofile 65535" >> /etc/security/limits.conf
else
sleep 1
fi
grep "* soft nproc 65535" /etc/security/limits.conf
if [ $? -ne 0 ];then
echo "* soft nproc 65535" >> /etc/security/limits.conf
else
sleep 1
fi
}
DISABLE_IPV6 () {
grep "net.ipv6.conf.all.disable_ipv6" /etc/sysctl.conf
if [ $? -ne 0 ];then
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
else
echo -e "\033[44;37m IPV6 is disable \033[0m"
fi
grep "net.ipv6.conf.default.disable_ipv6" /etc/sysctl.conf
if [ $? -ne 0 ];then
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
else
echo -e "\033[44;37m IPV6 is disable \033[0m"
fi
}
SSH_CONF () {
grep "^Port" /etc/ssh/sshd_config
if [ $? -ne 0 ];then
echo "Port 12222" >> /etc/ssh/sshd_config
else
echo -e "\033[44;37m ssh port is set \033[0m"
fi
grep "^UseDNS no" /etc/ssh/sshd_config
if [ $? -ne 0 ];then
echo "UseDNS no" >> /etc/ssh/sshd_config
else
echo -e "\033[44;37m UseDNS is set \033[0m"
fi
grep "^Protocol 2" /etc/ssh/sshd_config
if [ $? -ne 0 ];then
echo "Protocol 2" >> /etc/ssh/sshd_config
else
echo -e "\033[44;37m Protocol is set \033[0m"
fi
}
PROFILE () {
grep ^umask /etc/profile
if [ $? -ne 0 ];then
echo "umask 027" >> /etc/profile
else
echo -e "\033[44;37m umask is set \033[0m"
fi
grep HISTTIMEFORMAT /etc/profile
if [ $? -ne 0 ];then
echo "export HISTTIMEFORMAT=\"%F %T \`whoami\` \"" >> /etc/profile
else
echo -e "\033[44;37m histime format is set \033[0m"
fi
}
FILE_SEC () {
chmod 700 /usr/bin
chmod 700 /bin/ping
chmod 700 /usr/bin/vim
chmod 700 /usr/bin/vi
chmod 700 /bin/netstat
chmod 700 /usr/bin/tail
chmod 700 /usr/bin/less
chmod 700 /usr/bin/head
chmod 700 /bin/cat
chmod 700 /bin/uname
chmod 500 /bin/ps
chown root:root /etc/hosts.allow
chown root:root /etc/hosts.deny
chmod 644 /etc/hosts.deny
chmod 644 /etc/hosts.allow
chown root:root /etc/passwd
chown root:root /etc/shadow
chown root:root /etc/group
chown root:root /etc/gshadow
chmod 0644 /etc/group
chmod 0644 /etc/passwd
chmod 0644 /etc/exports
chmod 0644 /etc/inetd.conf
chmod 0644 /etc/services
chmod 0400 /etc/shadow
chmod 0400 /etc/gshadow
chmod 0600 /etc/securetty
chmod 0664 /etc/ftpusers
}
INSTALL_DEV_SOFT_PACK () {
yum groupinstall "Development Tools" -y
yum install epel-release bash-completion -y
yum install vim pcre pcre-devel gzip gzip-devel cmake ncurses ncurses-devel bzip2-devel curl-devel openldap-devel libevent-devel gd gd-devel libxpm-dev bzip2 bzip2-devel zlib zlib-devel libxml2 libxml2-devel libjpeg libjpeg-devel libpng libpng-devel freetype-devel openldap-devel openldap-servers openldap-clients libmcrypt libmcrypt-devel openssl openssl-devel net-tools cmake htop iotop ntpdate tree tcpdump iptraf sysstat net-tools cmake htop iotop ntpdate tree tcpdump iptraf sysstat ntpdate -y
}
case "$1" in
init)
ALIYUN_YUM
DISABLE_SELINUX
TIME_ZONE
NTP_SET
DISABLE_SERVICE
LIMIT_CONF
DISABLE_IPV6
SSH_CONF
PROFILE
INSTALL_DEV_SOFT_PACK
;;
help|*)
echo -e "\033[44;37m Usage: $0 {init|help} \033[0m"
echo -e "\033[44;37m init - system init \033[0m"
echo -e "\033[44;37m help - this screen \033[0m"
exit 1
;;
esac