#!/bin/bash
# Used for other system-environment update!
echo -e '
�33[35m~~请使用root权限运行此脚本~~�33[0m
'
read -n 1 -p "Sure?(y/n):" sure
echo
if [ $sure == 'y' ]
then
echo -e '
�33[32mcontinue......�33[0m
'
else
exit 126
fi
echo -e "�33[34m[请输入nginx配置文件所在目录路径]:�33[0m" && read nginx_conf_dir
echo -e "�33[34m[请输入php配置文件所在目录路径]:�33[0m" && read php_conf_dir
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0
for i in {adm,games,lp,operator,systemd-network,dbus,polkitd,halt}
do /usr/sbin/userdel -r $i
done
/usr/sbin/useradd -M www;/usr/sbin/useradd -M ops
openssl rand -base64 8 >/home/ops.pass;openssl rand -base64 8 >/home/www.pass
cat /home/ops.pass | passwd --stdin ops
cat /home/www.pass | passwd --stdin www
mkdir -p /data/{bak,bin,logs,package,soft,store,tmp,upload,www}
echo '
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 62144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
' >>/etc/sysctl.conf
sysctl -p
echo '
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
' >> /etc/security/limits.conf
sed -i 's/env_reset$/env_reset,pwfeedback/g' /etc/sudoers
echo '
ops ALL=(ALL) NOPASSWD: ALL
www ALL=(ALL) NOPASSWD: /bin/whoami,/usr/bin/pwd,!/usr/bin/chattr,!/usr/bin/yum,!/usr/bin/chmod,!/usr/bin/rm
' >> /etc/sudoers
/usr/bin/chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
#args1:是nginx配置文件目录
sed -i 's/^#user nobody;/user www;/g' $nginx_conf_dir
#args2:是php-fpm配置文件目录
sed -i 's/^user = nobody$/user = www/g;s/^group = nobody$/group = www/g' $php_conf_dir