1. #!/bin/bash
2. #Date：2018-5-20 13:14:00
3. #Author Blog:
4. #  https://www.yangxingzhen.com
5. #  https://www.i7ti.cn
6. #Author WeChat：
7. #  微信公众号：小柒博客
8. #Author mirrors site:
9. #  https://mirrors.yangxingzhen.com
10. #About the Author
11. # BY：YangXingZhen
12. # Mail：xingzhen.yang@yangxingzhen.com
13. # QQ：675583110
14. #Automatic configuration system initialization
15. 
16. source /etc/init.d/functions
17. 
18. System_Version=$(awk -F. '{print $1}' /etc/redhat-release |awk '{print $NF}')
19. Software="lrzsz openssh-server ntp ntpdate cmake gcc gcc-c++ zlib zlib-devel openssl openssl-devel pcre pcre-devel curl rsync gd perl sysstat man mtr openssl-perl subversion nscd"
20. 
21. # 检查脚本运行用户是否为Root
22. if [ $(id -u) != 0 ];then
23.   echo -e "\033[31mError! You must be root to run this script! \033[0m"
24.   exit 1
25. fi
26. 
27. function set_config_yum () {
28. # 配置系统使用163yum源
29. if [ ${System_Version} -eq 7 ];then
30.   yum -y install wget
31.   mkdir -p /etc/yum.repos.d/bak
32.   \mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
33.   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
34.   yum clean all
35.   yum makecache
36. else
37.   yum -y install wget
38.   mkdir -p /etc/yum.repos.d/bak
39.   \mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
40.   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
41.   yum clean all
42.   yum makecache
43. fi
44. }
45. 
46. function set_install_soft (){
47. # 安装epel源
48. yum -y install epel-release
49. # 安装bash命令tab自动补全组件
50. yum -y install bash-completion
51. # 安装vim编辑器
52. yum -y install vim screen lrzsz tree psmisc
53. # 安装压缩解压工具
54. yum -y install zip unzip bzip2 gdisk
55. # 安装网络及性能监控工具
56. yum -y install telnet net-tools sysstat iftop lsof iotop htop dstat
57. # 安装源码编译工具及开发组件
58. yum -y install ${Software}
59. # 禁用不需要的服务
60. systemctl stop postfix.service
61. systemctl disable postfix
62. systemctl disable auditd
63. systemctl disable kdump
64. # 设置系统默认编辑器为vim
65. grep -qw "vim" /etc/profile
66. [ $? -ne 0 ] && echo "alias vi=vim" >>/etc/profile
67. source /etc/profile >/dev/null
68. }
69. 
70. function set_config_user (){
71. # 删除无效用户
72. userdel adm
73. userdel lp
74. userdel shutdown
75. userdel operator
76. userdel games
77. userdel uucp
78. # 删除无效用户组
79. groupdel adm
80. groupdel lp
81. groupdel games
82. }
83. 
84. function set_config_open_file () {
85. # 修改ulimit参数
86. \cp /etc/security/limits.conf /etc/security/limits.conf.bak
87. cat >>/etc/security/limits.conf <<EOF
88. * soft nproc 65535
89. * hard nproc 65535
90. * soft nofile 65535
91. * hard nofile 65535
92. EOF
93. echo "ulimit -SHn 65535" >> /etc/profile
94. echo "ulimit -SHn 65535" >> /etc/rc.local
95. }
96. 
97. function set_config_ntp (){
98. # 配置时区及时间同步
99. if [ "`cat /etc/crontab | grep ntpdate`" = "" ]; then
100.  echo "10 * * * * root /usr/sbin/ntpdate cn.pool.ntp.org >> /var/log/ntpdate.log" >> /etc/crontab
101. fi
102. rm -rf /etc/localtime
103. ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
104. ntpdate cn.pool.ntp.org && hwclock -w
105. }
106. 
107. function set_config_sshd (){
108. # 配置SSH
109. sed -i "s/\#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
110. sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
111. }
112. 
113. function set_close_iptables (){
114. # 配置Selinux、Iptables(Firewalld)
115. if [ ${System_Version} -eq 7 ];then
116.  systemctl stop firewalld.service
117.  systemctl disable firewalld.service
118.  sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
119.  setenforce 0
120. else
121.  /etc/init.d/iptables stop
122.  chkconfig iptables off
123.  sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
124.  setenforce 0
125. fi
126. }
127. 
128. function set_config_passwd (){
129. # 设置密码最小过期天数
130. sed -i "/PASS_MIN_DAYS/s/0/80/" /etc/login.defs
131. # 设置密码最小长度
132. sed -i "/PASS_MIN_LEN/s/5/12/" /etc/login.defs
133. }
134. 
135. System_Value="net.ipv6.conf.all.disable_ipv6 = 1
136. net.ipv6.conf.default.disable_ipv6 = 1
137. net.core.netdev_max_baklog =  32768
138. net.core.somaxconn = 32768
139. net.core.wmem_default = 8388608
140. net.core.rmem_default = 8388608
141. net.core.rmem_max = 16777216
142. net.core.wmem_max = 16777216
143. net.ipv4.ip_forward = 1
144. net.ipv4.tcp_max_syn_baklog = 65536
145. net.ipv4.tcp_timestamps = 0
146. net.ipv4.tcp_synack_retries = 2
147. net.ipv4.tcp_syn_retries = 2
148. net.ipv4.tcp_tw_recycle = 1
149. net.ipv4.tcp_tw_len = 1
150. net.ipv4.tcp_tw_reuse = 1
151. net.ipv4.tcp_mem = 94500000 915000000 927000000
152. net.ipv4.tcp_max_orphans = 3276800
153. net.ipv4.tcp_fin_timeout = 120
154. net.ipv4.tcp_keepalive_time = 120
155. net.ipv4.ip_local_port_range = 1024 65535
156. net.nf_conntrack_max = 16404388
157. net.netfilter.nf_conntrack_tcp_timeout_established = 10800
158. net.ipv4.tcp_max_tw_buckets = 30000
159. fs.file-max = 655350
160. kernel.sysrq = 0"
161. 
162. function set_config_kernel (){
163. # 配置内核参数
164. Sysctl_File="/etc/sysctl.conf"
165. if [ ${System_Version} -eq 6 ];then
166.  /etc/init.d/sshd restart
167.  if [ ! -f ${Sysctl_File} ];then
168.    touch ${Sysctl_File}
169.  fi
170.  if [ $(grep -wc "net.ipv4.tcp_max_tw_buckets" ${Sysctl_File}) -eq 0 ];then
171.    echo "${System_Value}" >${Sysctl_File}   
172.    /sbin/sysctl -p >/dev/null
173.  fi
174. else
175.  systemctl restart sshd.service
176.  if [ ! -f ${Sysctl_File} ];then
177.    touch ${Sysctl_File}
178.  fi
179.  if [ $(grep -wc "net.ipv4.tcp_max_tw_buckets" ${Sysctl_File}) -eq 0 ];then
180.    echo "${System_Value}" >${Sysctl_File}   
181.    /sbin/sysctl -p >/dev/null
182.  fi
183. fi
184. }
185. 
186. function main (){
187. set_config_yum
188. set_install_soft
189. set_config_user
190. set_config_open_file
191. set_config_ntp
192. set_config_sshd
193. set_close_iptables
194. set_config_passwd
195. set_config_kernel
196. }
197. 
198. main