##################################################
# CentOS6.5 #
# initialize the Linux system to deploy lnmp #
# 2016/10/30 22:58 #
# author:kangjie #
# original article #
# original article #
##################################################
#!/bin/sh
#向自动化运维迈进
#定义文件位置
LOG_PATH=/server/initlog
LOG_FILE=$LOG_PATH/init.log
i=0
#如果文件夹不存在,则创建
[ ! -d /server/tools ] && mkdir -p /server/tools
[ ! -d $LOG_PATH ] && mkdir -p $LOG_PATH
#判断命令执行是否成功
#check status then wirite to log
function check(){
if [ $? != 0 ]
then
echo "××××-operate $1 Failed!!!-×××" >> $LOG_FILE
else
echo "√√√-operate $1 Success-√√√" >> $LOG_FILE
fi
}
#关闭防火墙,禁止开机启动(仅限于没有公网的情况)
#iptables
function iptable(){
/etc/init.d/iptables stop
check iptables
chkconfig iptables off
check chkconfig-iptables
((i++))
}
#关闭selinux,修改配置文件后,同时设置临时生效
#selinux disable the selinux
function selinux(){
status=`grep SELINUX= /etc/selinux/config | tail -1 | awk -F '=' '{print $2}'`
if [ $status != disabled ]
then
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
status=`grep SELINUX= /etc/selinux/config | tail -1 | awk -F '=' '{print $2}'`
if [ $status == disabled ]
then
echo "√√√-Modify selinux config success-√√√-" >> $LOG_FILE
else
echo "××××-Modify selinux config Failed!!!-××××" >> $LOG_FILE
fi
else
echo "Selinx config already Modified" >> $LOG_FILE
fi
setenforce 0 #关闭selinux
check setenfore
((i++))
}
#添加系统用户,修改密码
#add user and change password
function adduser(){
userdel -r kangjie >/dev/null 2>&1
useradd kangjie
check adduser
echo "123456" | passwd --stdin kangjie && history -c
check "change user password"
((i++))
}
#更新yum源为163yum源
#yum update 163
function yumsource(){
cd /etc/yum.repos.d/
/bin/mv CentOS-Base.repo CentOS-Base.repo.ori
/bin/mv CentOS6-Base-163.repo CentOS-Base.repo
check yum-update
((i++))
}
#安装系统监控软件
#software sysstat
function soft(){
yum install sysstat -y
check sysstat
((i++))
}
#精简开机启动项,虚拟机上设置后无法开机,需要在真实环境中测试
#Msconfig something the matter
function Msconfig(){
for a in `chkconfig --list | grep "3:on" | awk '{print $1}' | grep -vE "crond|network|sshd|rsyslog"`;
do
chkconfig $a off;
done
check Msconfig
((i++))
}
#更改ssh登录端口、禁止root用户登录,禁止空密码,禁用DNS登录
#sshd
function changesshd(){
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
sed -i 's%#Port 22%Port 22222%' /etc/ssh/sshd_config
sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config
sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sshd_config
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
egrep "UseDNS|22222|RootLogin|EmptyPass" /etc/ssh/sshd_config >> $LOG_FILE
((i++))
}
#给kangjie用户赋予高的权限
#sudouser
function sudouser(){
cp /etc/sudoers /etc/sudoers.ori
echo "kangjie ALL=(ALL) ALL" >>/etc/sudoers
tail -1 /etc/sudoers >> $LOG_FILE
((i++))
}
#更改字符集,支持国标,鸡肋
#lang something the matter
function lang(){
echo ' LANG="zh_CN.GB18030"' >/etc/sysconfig/i18n
source /etc/sysconfig/i18n
echo $LANG >> $LOG_FILE
((i++))
}
#定时任务校准时间 ,虚拟机无效,需要手动更改时区和时间
#crontab something the matter
function cron(){
echo '*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l >> $LOG_FILE
((i++))
}
#修改系统文件描述符
#limits
function limit(){
echo '* - nofile 65535 ' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf >> $LOG_FILE
((i++))
}
#修改vim配置,显示行号等内容
#注意:使用EOF时,其后不能跟多余的空格,否则报错
#vimrc
function vimrc(){
cp /etc/vimrc /etc/vimrc.ori
cat >>/etc/vimrc<<EOF
set nu
syntax on
set autoindent
set smartindent
set tabstop=4
set shiftwidth=4
set showmatch
set cursorline
EOF
check vimrc
((i++))
}
#修改系统内核参数,sysctl -p 使参数生效
#来源:oldboy51cto博客
#sysctl.conf
#sysctl.conf
function sys(){
cp /etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"` #备份
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_time=1200
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.ip_local_port_range = 1024 65535
EOF
sysctl -p
check sysctl
((i++))
}
#配置邮件,使用126邮箱发送邮件
#mail
function mailset(){
cat >>/etc/mail.rc<<EOF
set from=13888888888@126.com
set smtp=smtp.126.com
set smtp-auth-user=13888888888@126.com
set smtp-auth-password=888888
set smtp-auth=login
EOF
#取得主机的IP地址
a=`ifconfig | grep 'inet addr:'|grep -v '127.0.0.1'|awk -F '[ :]+' '{print $4}'`
echo "This is a test mail from $a" | mail -s "deploy linux" 88888888@qq.com
}
#发邮件
function Mail(){
mail -s "***Linux Deploy Report***" 888888888@qq.com < $LOG_FILE
}
#主函数
#main
function main(){
echo "Deploy Linux *****`date +"%Y-%m-%d_%H-%M-%S"`*****">>$LOG_FILE
iptable
selinux
adduser
yumsource
soft
mailset
#Msconfig
changesshd
sudouser
#lang
cron
limit
vimrc
sys
#统计执行过的函数的个数
echo "ALL steps=$i" >> $LOG_FILE
Mail
}
main