注意EOF不能有空格tab键
#get os version
release=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release))
#
#configure yum base source and epel source
cd /etc/yum.repos.d/
test -d /etc/yum.repos.d/bak || mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
if [ $release == 6 ];then
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
fi
if [ $release == 7 ];then
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
fi
yum clean all
yum makecache
#install base rpm package
yum -y install nc git vim iftop iotop dstat tcpdump
yum -y install ipmitool bind-libs bind-utils
yum -y install libselinux-python ntpdate
yum -y tree nmap sysstat lrzsz dos2unix unix2dos
#update rpm package and kernel
#yum update
#rm -rf /etc/yum.repos.d/CentOS*
#vim优化
cat >>/etc/vimrc<<EOF
set ic
set ai
EOF
#alias
cat >>/etc/bashrc<<EOF
alias grep='grep --color=auto'
alias ll='ls -l --time-style=long-iso'
alias iptable='iptables -L -n --line-number'
EOF
#update ulimit configure
if [ $release == 6 ];then
test -f /etc/security/limits.d/90-nproc.conf && rm -rf /etc/security/limits.d/90-nproc.conf && touch /etc/security/limits.d/90-nproc.conf
fi
if [ $release == 7 ];then
test -f /etc/security/limits.d/20-nproc.conf && rm -rf /etc/security/limits.d/20-nproc.conf && touch /etc/security/limits.d/20-nproc.conf
fi
>/etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
#set timezone
test -f /etc/localtime && rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#set LANG
if [ $release == 6 ];then
sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n
fi
if [ $release == 7 ];then
sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/locale.conf
fi
#uptime time
if [ $release == 6 ];then
/usr/sbin/ntpdate -b ntp1.aliyun.com
grep -q ntpdate /var/spool/cron/root
if [ $? -ne 0 ];then
echo "* * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >>/var/spool/cron/root
chmod 600 /var/spool/cron/root
fi
/etc/init.d/crond restart
fi
if [ $release == 7 ];then
yum -y install chrony
>/etc/chrony.conf
cat >>/etc/chrony.conf <<EOF
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
EOF
systemctl restart chronyd
systemctl enable chronyd
fi
#clean iptables default rules
if [ $release == 6 ];then
/sbin/iptables -F
/etc/inti.d/iptables save
chkconfig ip6tables off
fi
if [ $release == 7 ];then
systemctl disable firewalld
systemctl stop firewalld
fi
#disable unused service
chkconfig auditd off
#disable ipv6
cd /etc/modprobe.d/ && touch ipv6.conf
>/etc/modprobe.d/ipv6.conf
cat >>/etc/modprobe.d/ipv6.conf<<EOF
alias net-pf-10 off
alias ipv6 off
EOF
#disable selinux
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
#update record command
sed -i 's/^HISTSIZE=.*$/HISTSIZE=100000/' /etc/profile
grep -q 'HISTTIMEFORMAT' /etc/profile
if [ $? -eq 0 ];then
sed -i 's/HISTTIMEFORMAT=.*$/HISTTIMEFORMAT="%F %T "/' /etc/profile
else
echo 'HISTTIMEFORMAT="%F %T "' >> /etc/profile
fi
source /etc/profile
#set dns
>/etc/resolv.conf
cat >> /etc/resolv.conf <<EOF
nameserver 114.114.114.114
EOF
#ssh优化
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
#内核优化
sed -i 's/net.ipv4.tcp_syncookies.*/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
cat >>/etc/sysctl.conf <<EOF
kernel.core_uses_pid=1
kernel.core_pattern=/tmp/core-%e-%p
fs.suid_dumpable=2
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_timestamps=1
EOF
sysctl -p