CentOS6.5优化脚本以及检测优化脚本

一、tunning.sh

#!/bin/bash
# 系统优化脚本
# 使用于CentOS 6.4 x64系统
# Ver : 1.1.1

KCF=/etc/sysctl.conf

# ------- kernel Tcp/ip options config --------
kernel_conf(){
if [ `grep $1 $KCF | wc -l` -eq 0 ]
    then
        echo "$1 = $2" >> $KCF
elif [ `grep $1 $KCF | wc -l` -gt 1 ]
    then
        sed -i /$1/d $KCF
        echo "$1 = $2" >> $KCF
else
    if [ `grep $1 $KCF | awk '{print $3}'` -ne $2 ]
        then
             sed -i s# `grep $1 $KCF | awk '{print $3}'`#$2#g
    else
        echo -e "--- You hava right 33[32m $1 33[0m config"
    fi
fi
}

# ------- kernel Local_Port_Range config --------
port_range_conf(){
if [ `grep $1 $KCF | wc -l` -eq 0 ]
    then
        echo "$1 = $2 $3" >> $KCF
elif [ `grep $1 $KCF | wc -l` -gt 1 ]
    then
        sed -i /$1/d $KCF
        echo "$1 = $2 $3" >> $KCF
else
    if [ `grep $1 $KCF | awk '{print $3}'` -ne $2 ] || [ `grep $1 $KCF | awk '{print $4}'` -ne $3 ]
        then
             sed -i s# `grep $1 $KCF | awk '{print $3}'`#$2#g
             sed -i s# `grep $1 $KCF | awk '{print $4}'`#$3#g
    else
        echo -e "--- You hava right 33[32m $1 33[0m config"
    fi
fi
}

# ------- kernel Tcp rmen/wmen options config --------
tcp_mem_conf(){
if [ `grep $1 $KCF | wc -l` -eq 0 ]
    then
        echo "$1 = $2 $3 $4" >> $KCF
else
    sed -i /$1/d $KCF
    echo "$1 = $2 $3 $4" >> $KCF
    echo -e "--- You hava right 33[32m $1 33[0m config"
fi
}

# TurnOFF the SELinux
sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config
setenforce 0

# set some service not start when system run
export LANG="en"
for srv_name in `chkconfig --list|grep 3:on|awk '{print $1}'`;
do 
 chkconfig $srv_name off;
done

for name in crond irqbalance messagebus haldaemon network rsyslog sshd sysstat udev-post ntpd;
do
 chkconfig $name on ;
done

# NetworkManager Server config
if [ `/sbin/chkconfig --list | grep NetworkManager | wc -l` -ne 0 ]
    then
        /sbin/chkconfig NetworkManager on
        /sbin/chkconfig --list NetworkManager
else
    echo -e "--- NetworkManager server is not in , Will skip !" 
fi

# Edit limits.conf
if [ `grep -E -v "^#|^$" /etc/security/limits.conf | wc -l` -eq 0 ]
    then
    cat >>/etc/security/limits.conf <<EOF
*	soft	noproc	65535
*	hard	noproc	65535
*	soft	nofile	1048576
*	hard	nofile	1048576
EOF
else
    echo "PLS check limit.conf configuation"
fi

sleep 2

# Clear system information
echo "Welcome to Server" >/etc/issue

# Kernel configuation. be fit for Nginx Apache application service.
echo  -e "#For web server" >>$KCF
kernel_conf fs.file-max 1048576
kernel_conf net.ipv4.tcp_fin_timeout 30
kernel_conf net.ipv4.tcp_timestamps 1
kernel_conf net.ipv4.tcp_tw_reuse 1
kernel_conf net.ipv4.tcp_tw_recycle 1
kernel_conf net.ipv4.tcp_window_scaling 1
kernel_conf net.ipv4.tcp_sack 1
port_range_conf net.ipv4.ip_local_port_range 1024 65535
tcp_mem_conf net.ipv4.tcp_rmem 4096 4096 16777216
tcp_mem_conf net.ipv4.tcp_wmem 4096 4096 16777216

sysctl -p

ulimit -SHn 1048576
echo -e "

Warning:

--You must command ulimit -SHn 1048576 if you don't restart system !

"
sleep 5

 二、检测优化脚本

#!/bin/bash
# 系统优化项检查脚本。

export LANG="en"

SERESULT=`getenforce`
UMRESULT=`ulimit -n`
FWCURRENT=`service iptables status | grep "Firewall is not running" | wc -l`
FWSTART=`chkconfig --list iptables | awk '{print $5}'| awk -F : '{print $2}'`
FILE_MAX=`grep "fs.file-max" /etc/sysctl.conf|awk '{print $3}'`
FINTIMEOUT=`grep "tcp_fin_timeout" /etc/sysctl.conf | awk '{print $3}'`
REUSE=`grep "tcp_tw_reuse" /etc/sysctl.conf | awk '{print $3}'`
RECYCLE=`grep "tcp_tw_recycle" /etc/sysctl.conf | awk '{print $3}'`
TCPTIME=`grep "tcp_timestamps" /etc/sysctl.conf | awk '{print $3}'`
PORTRANGE_MIN=`grep "ip_local_port_range" /etc/sysctl.conf | awk '{print $3}'`
PORTRANGE_MAX=`grep "ip_local_port_range" /etc/sysctl.conf | awk '{print $4}'`
TCPWINDOW=`grep "tcp_window_scaling" /etc/sysctl.conf | awk '{print $3}'`
TCPSACK=`grep "tcp_sack" /etc/sysctl.conf | awk '{print $3}'`

# Check SELinux Configure
if [ $SERESULT = 'Disabled' ] 
   then echo -e "The SElinux is $SERESULT "..................."33[32m PASS 33[0m"
else
   echo -e "The SElinux is $SERESULT "..................."33[31m FAILED 33[0m"
fi

# Check ulimit Configure
if [ $UMRESULT -ge 65535 ]
   then echo -e "The ulimit is $UMRESULT"........................"33[32m PASS 33[0m"
else
   echo -e "The ulimit is $UMRESULT"....................."33[31m FAILED 33[0m"
fi

# Check IPTABLES RUNNING & CONFIGURE
if [ $FWCURRENT -eq 0 ]
   then echo -e "The Ipteblas is running "..................."33[31m FAILED 33[0m"
elif [ $FWSTART = 'on' ]
   then echo -e "The iptables you must stop "..................."33[31m FAILED 33[0m"
else 
   echo -e "The iptables is not running"................"33[32m PASS 33[0m"
fi

# Check Kernel File Open Max Configure
if [ `grep "fs.file-max" /etc/sysctl.conf| wc -l` -ne 0  ] 
then 
  if [ $FILE_MAX -eq 1048576 ] 
    then echo -e "fs.file-max is $FILE_MAX"....................."33[32m PASS 33[0m"
  else
    echo -e "fs.file-max is $FILE_MAX"...................."33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m fs.file-max not configure,please check! 33[0m"
fi

# Check Kernel Fin_timeout Configure
if [ `grep "tcp_fin_timeout" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $FINTIMEOUT -eq 30 ]
   then echo -e "tcp_fin_timeout is $FINTIMEOUT"......................"33[32m PASS 33[0m"
  else
   echo -e "tcp_fin_timeout is  $FINTIMEOUT"........................"33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m FIN_timeout not config ,please check! 33[0m"
fi

# Check Kernel TCP reuse Configure
if [ `grep "tcp_tw_reuse" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $REUSE -eq 1 ]
   then echo -e "tcp_tw_reuse is $REUSE"......................."33[32m PASS 33[0m"
  else
   echo -e "tcp_tw_reuse is $REUSE".........................."33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m TCP_TW_REUSE not config ,please check! 33[0m"
fi

# Check Kernel TCP recycle Configure
if [ `grep "tcp_tw_recycle" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $RECYCLE -eq 1 ]
   then echo -e "tcp_tw_recycle is $RECYCLE"....................."33[32m PASS 33[0m"
  else
   echo -e "tcp_tw_recycle is $RECYCLE"........................"33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m TCP_TW_RECYCLE not config ,please check! 33[0m"
fi

# Check Kernel TCP timestamps Configure
if [ `grep "tcp_timestamps" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $TCPTIME -eq 1 ]
   then echo -e "tcp_timestamps is $TCPTIME"......................"33[32m PASS 33[0m"
  else
   echo -e "tcp_timestamps is $TCPTIME"........................."33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m TCP timestamps not config ,please check! 33[0m"
fi

# Check IPv4 Port Range configure
if [ `grep "ip_local_port_range" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $PORTRANGE_MIN -eq 1024 ] && [ $PORTRANGE_MAX -eq 65535 ]
   then echo -e "ip_local_port_range is $PORTRANGE_MIN $PORTRANGE_MAX"........"33[32m PASS 33[0m"
  else
   echo -e "ip_local_port_range is $PORTRANGE_MIN $PORTRANGE_MAX"........"33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m ip_local_port_range not config ,please check! 33[0m"
fi

# Check TCP_WINDOW Configure
if [ `grep "tcp_window_scaling" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $TCPWINDOW -eq 1 ]
   then echo -e "TCP_WINDOW is $TCPWINDOW"........................."33[32m PASS 33[0m"
  else
   echo -e "TCP_WINDOW is $TCPWINDOW"............................"33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m TCP_WINDOW not config ,please check! 33[0m"
fi

# Check tcp_sack Configure
if [ `grep "tcp_sack" /etc/sysctl.conf| wc -l` -ne 0  ]
then
  if [ $TCPSACK -eq 1 ]
   then echo -e "tcp_sack Time is $TCPSACK "..................."33[32m PASS 33[0m"
  else
   echo -e "tcp_sack Time is $TCPSACK "......................"33[31m FAILED 33[0m"
  fi
else
  echo -e "33[34m tcp_sack Time not config ,please check! 33[0m"
fi