• LINUX 系统初始化脚本

    #!/bin/bash
    ######the system first start configuretion #####for install 
    ####copy right by donglei##############
    #1、配置sysctl
    mv /etc/sysctl.conf  /etc/sysctl.bak
    echo "############################the new config for sysctl ###########
    net.ipv4.ip_forward = 0
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    kernel.sysrq = 0
    kernel.core_uses_pid = 1
    net.ipv4.tcp_syncookies = 1
    kernel.msgmnb = 65536
    kernel.msgmax = 65536
    kernel.shmmax = 68719476736
    kernel.shmall = 4294967296
    kern.maxfiles = 65536
    kern.maxfilesperproc = 32768
    net.core.rmem_default = 262144
    net.core.wmem_default = 262144
    net.core.rmem_max = 262144
    net.core.wmem_max = 262144
    net.inet.udp.checksum = 1
    net.inet.tcp.syncookies = 1
    net.ipv4.tcp_synack_retries = 2
    net.ipv4.tcp_syn_retries = 2
    net.ipv4.tcp_keepalive_time = 30
    net.ipv4.tcp_keepalive_probes = 2
    net.ipv4.tcp_keepalive_intvl = 2
    net.ipv4.tcp_fin_timeout = 30
    net.ipv4.tcp_tw_reuse = 1 
    kernel.sem = 250 32000 100 128
    fs.file-max = 65536
    net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
    chmod 644 /etc/sysctl.conf
    #2、配置ipv6
    echo "##########ipv6-disabled########### 
    alias net-pf-10 off
    alias ipv6 off" >> /etc/modprobe.d/dist.conf
    echo "##############ipv6-disabled#########
    NETWORKING_IPV6=no" >> /etc/sysconfig/network
    /sbin/chkconfig ip6tables off
    #3、配置系统时钟
    echo "##############system_clock###########
    01 * * * * root ntpdate 172.17.1.150; hwclock --systohc" >>/etc/crontab
    #4、配置bash环境,每次命令行显示当前位置和时间,当前仅仅针对root设置
    echo "export  PS1='33[1;33mH 33[1;34m[w] 33[1;35mD{%D %T} [33[1;36m]u@pts/l [33[00m]$ '" >> /root/.bashrc 
    #5、配置系统服务启动项
    for i in `ls /etc/rc3.d/S*`
    do
    servi=`echo $i|cut -c 15-`
    case $servi in
    cpuspeed | crond | irqbalance | microcode_ctl | sendmail)
    ;;
    *)
    echo "change $servi to off" >>./log.log
    chkconfig $servi off
    service $servi stop
    ;;
    esac
    done
    #6、配置系统默认语言环境
    mv /etc/sysconfig/i18n  /etc/sysconfig/i18n.bak
    echo "#########set new language by admin#######
    LANG="zh_CN.UTF-8"
    SUPPORTED="zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"
    SYSFONT="latarcyrheb-sun16" " >/etc/sysconfig/i18n
    chmod 644 /etc/sysconfig/i18n
    #7、配置selinux
    sed -i -e 's/^SELINUX=.*/LANG="SELINUX=disabled/' -e 's/^SELINUXTYPE=.*/SELINUXTYPE=disabled/' /etc/sysconfig/selinux
    #8、关闭iptables
    service iptables stop 
    chkconfig iptables off
    #9、配置root用户不能直接登录系统
    mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
    grep -Ev '^$|^#' /etc/ssh/sshd_config.bak >/etc/ssh/sshd_config
    chmod 600 /etc/ssh/sshd_config
    sed /PermitRootLogin/d /etc/ssh/sshd_config 
    sed /ClientAliveCountMax/d /etc/ssh/sshd_config 
    echo "######ssh security config#######
    PermitRootLogin no
    ClientAliveCountMax 10 " >>/etc/ssh/sshd_config
    service sshd restart
  • 相关阅读:
    myeclipse的software updates菜单报配置错误的解决办法
    打造自己公司的myeclipse 笔记
    基于Spring可扩展Schema提供自定义配置支持(spring配置文件中 配置标签支持)
    帝国CMS 列表模版显示新闻正文
    IE、Firefox兼容form target当前页iframe,javascript动态创建表单对象form设置name属性
    oracle 创建表用户/空间/临时表空间设置用户默认表空间 为用户授权操作实例
    ORACLE 启动问题 LRM00109
    帝国CMS灵动标签e:loop的使用
    php5 配置pdo 查看PHP5扩展目录
    java 获取当前路径的三种方式。实测
  • 原文地址:https://www.cnblogs.com/cxchanpin/p/6994130.html
Copyright © 2020-2023  润新知