#!/bin/bash #========================================================================== # FILE: Init.sh # # DESCRIPTION: This script is used to install usual libs, # close unnecessary services,optimize kernel parameters and so on # # REVISION: 1.0 #========================================================================== set -o nounset # Treat unset variables as an error # VARIABLES DEFINED # SRV_ON="acpid crond iptables kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion" SRV_ON="acpid crond kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion" SRV_TEMP="/tmp/chkconfig_list.tmp" INSTALL_LIBS="gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel libxslt-devel libevent-devel libtool-ltdl bison libtool vim-enhanced salt-minion" DONE="e[0;32m 33[1mdonee[m" # check os version platform=`uname -i` if [ $platform != "x86_64" ];then echo "this script is only for 64bit Operating System!" exit 1 fi cat << EOF +---------------------------------------+ | your system is CentOS 6 x86_64 | | start optimizing....... | +--------------------------------------- EOF # add the third-party epel repo rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # lock user passwd -l dbus passwd -l vcsa passwd -l games passwd -l nobody passwd -l avahi passwd -l haldaemon passwd -l gopher passwd -l ftp passwd -l mailnull passwd -l pcap passwd -l mail passwd -l shutdown passwd -l halt passwd -l uucp passwd -l operator passwd -l sync passwd -l adm passwd -l lp # install usual libs yum -y install ${INSTALL_LIBS} 1>/dev/null echo -e "Install the usual libs ${DONE}." #echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root sed -i 's/#master: salt/master: salt.enai.corp/' /etc/salt/minion service salt-minion restart # directory path mkdir -p /data/scripts/shell # set static route # mount share # set the file limit echo "ulimit -SHn 65535" >> /etc/rc.local cat >> /etc/security/limits.conf << EOF * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 EOF # set ssh sed -i 's/#Port 22/Port 28290/' /etc/ssh/sshd_config sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config service sshd restart # tune kernel parametres cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 1 EOF /sbin/sysctl -p # stop some crontab mkdir /etc/cron.daily.bak mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak # close all services and set necessary services on chkconfig --list | awk '{print $1}' > ${SRV_TEMP} # close all services while read SERVICE do chkconfig --level 345 ${SERVICE} off 1>/dev/null done < ${SRV_TEMP} # open necessary services for SRVS in ${SRV_ON} do if [ -e /etc/init.d/${SRVS} ] then chkconfig --level 345 ${SRVS} on 1>/dev/null else echo -e "Service ${SRVS} is e[0;31m 33[1mnot exitse[m." fi done # disable the ipv6 cat > /etc/modprobe.d/ipv6.conf << EOFI alias net-pf-10 off options ipv6 disable=1 EOFI echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network cat << EOF +-------------------------------------------------+ | optimizer is done | | it's recommond to restart this server ! | +-------------------------------------------------+ EOF # init done,and reboot system echo -e "Do you want to e[0;31m 33[1mreboote[m system now? [Y/N]: " read REPLY case $REPLY in Y|y) echo "The system will reboot now ..." shutdown -r now ;; N|n) echo "You must reboot later..." source /etc/profile ;; *) echo "You must input [Y/N]." source /etc/profile ;; esac ==== cat > /etc/resolv.conf <<EOFD nameserver 10.19.177.116 nameserver 10.19.31.157 nameserver 114.114.114.114 EOFD 106.75.32.81 hostname u04rdp01.yaya.corp sed -i 's#HOSTNAME=10-19-22-157##HOSTNAME=u04rdp01.yaya.corp#g' /etc/sysconfig/network sed -i 's##HOSTNAME=u04rdp01.yaya.corp#g' /etc/sysconfig/network