• centos_6.7_系统初始化


     #!/bin/bash
     #****************************************************************#
     # ScriptName: acfuninit.sh
     # version 1.1
     # Author: *****
     # Create Date: 2015-7-31
     # Modify Author:******
     # Modify Date: 2015-12-23
     # Function: acfun CentOS 6.7 init shell (use on kickstart)
     #***************************************************************#
     # 设置颜色参数
     GC="33[1;32m"
     BC="33[1;34m"
     RC="33[1;31m"
     EC="33[0m"
     __detect_result() {
         if [ $? -eq 0 ]; then
             echo -e "${GC}[  OK  ]${EC}"
             echo ""
         else
             echo -e "${RC}[FAILED]${EC}"
             echo ""
         fi
     }
     # 关闭图形界面
     clear;echo -en "${BC}Linux X11 is disabled...    ${EC}";sleep 1
     sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
     __detect_result
     # SSH 配置
     echo -en "${BC}SSH is config...    ${EC}";sleep 1
     sed -i 's/#ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config
     sed -i 's/#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
     sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
     sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
     sed -i 's/#Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config
     sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
     rm -fr /root/.ssh/ 2>/dev/null
     __detect_result
     # 添加系统管理员组
     echo -en "${BC}group & user is created...  ${EC}";sleep 1
     getent group xxadmin > /dev/null || groupadd -g 1000 xxadmin 2>/dev/null
     if [ $(grep -c "%xxadmin" /etc/sudoers) == 0 ]; then 
         echo "%xxadmin   ALL=(ALL)  NOPASSWD: ALL" >> /etc/sudoers
     fi
     if [ $(grep -c "hostkeeper" /etc/passwd) == 0 ]; then
         useradd -u 1000 -g xxadmin -p '123456' -c "hostkeeper user" hostkeeper
     fi
     mkdir /home/hostkeeper/.ssh/ && echo 'ssh-rsa ********************************************
     -----END RSA PRIVATE KEY-----' > /home/hostkeeper/.ssh/id_rsa && chown -R hostkeeper:xxadmin /home/hostkeeper/.ssh && chmod 400 /home/hostkeeper/.ssh/*
     __detect_result
     # 字符编码设置为 UTF-8
     echo -en "${BC}LANG is en_US.UTF8...    ${EC}";sleep 1
     sed -i 's/LANG=.*/LANG="en_US.UTF-8"/g' /etc/sysconfig/i18n
     __detect_result
     # 清空 iptables 规则
     echo -en "${BC}iptables is optimize...    ${EC}";sleep 1
     iptables='/etc/sysconfig/iptables'
     if [ ! -f ${iptables} ] || [ $(grep -c '-F' ${iptables}) == 0 ]; then
         sed -i 's/-A FORWARD -j REJECT --reject-with icmp-host-prohibited/-A FORWARD -j REJECT --reject-with icmp-host-prohibited
    -F/g' $iptables
     fi
     __detect_result
     # 关闭 SElinux
     echo -en "${BC}Selinux is disabled...    ${EC}";sleep 1
     if [ $(getenforce) != 'Diabled' ]; then
         sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
         sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
     fi
     __detect_result
     # 配置 VIM
     #echo -en "${BC}vimrc is config...    ${EC}";sleep 1
     #echo "set paste" >> /etc/vimrc
     #echo "filetype on" >> /etc/vimrc
     #
     #__detect_result
     # 配置 security bash
     echo -en "${BC}acfun_bashenv.sh is config...    ${EC}";sleep 1
     cat > /etc/profile.d/acfun_bashenv.sh <<EOF
     # for security set
     alias chgrp='chgrp --preserve-root'
     alias chown='chown --preserve-root'
     alias chmod='chmod --preserve-root'
     alias rm='rm -i --preserve-root'
     # for history set
     HISTTIMEFORMAT='[%F %T] '
     HISTSIZE=2000
     # set vim set
     export EDITOR=vim
     alias vi='vim'
     EOF
     __detect_result
     # 配置 limit.conf
     echo -en "${BC}limits.conf is optimize...    ${EC}";sleep 1
     login='/etc/pam.d/login'
     if [ $(grep -c "pam_limits.so" ${login}) == 0 ]; then
         echo "session    required     pam_limits.so" >> ${login}
     fi
     limits='/etc/security/limits.conf'
     if [ $(grep -c "* soft nofile 655360" ${limits}) == 0 ]; then
         echo "* soft nofile 655360" >> ${limits}
         echo "* hard nofile 655360" >> ${limits}
         echo "* soft nproc  131072" >> ${limits}
         echo "* hard nproc  131072" >> ${limits}
         echo "# End of file" >> ${limits}
     fi
     nproc='/etc/security/limits.d/90-nproc.conf'
     if [ ! -f ${nproc} ] || [ $(grep -c 'nproc' ${nproc}) == 0 ];then
         echo '* soft nproc 131072' >> ${nproc}
     else
         sed -i 's/*.*soft.*nproc.*/*          soft    nproc     131072/g' ${nproc}
     fi
     __detect_result
     # 配置 sysctl.conf
     #echo -en "${BC}sysctl.conf is optimize...    ${EC}";sleep 1
     #sysctl='/etc/sysctl.conf'
     #if [ $(grep -c "net.ipv4.tcp_syncookies = 0" ${sysctl}) == 0 ]; then
     # {
     #    sed -i 's/net.ipv4.tcp_syncookies = 1/net.ipv4.tcp_syncookies = 0/g' ${sysctl}
     #    echo "net.ipv4.conf.all.arp_ignore = 1" >> ${sysctl}
     #    echo "net.ipv4.conf.all.arp_announce = 2" >> ${sysctl}
     #    echo "net.ipv4.conf.lo.arp_ignore = 1" >> ${sysctl}
     #    echo "net.ipv4.conf.lo.arp_announce = 2" >> ${sysctl}
     #    echo "net.core.rmem_default = 262144" >> ${sysctl}
     #    echo "net.core.wmem_default = 262144" >> ${sysctl}
     #    echo "net.core.netdev_max_backlog = 10000" >> ${sysctl}
     #    echo "net.core.rmem_max = 16777216" >> ${sysctl}
     #    echo "net.core.wmem_max = 16777216" >> ${sysctl}
     #    echo "net.ipv4.tcp_rmem = 8192 87380 16777216" >> ${sysctl}
     #    echo "net.ipv4.tcp_wmem = 8192 65536 16777216" >> ${sysctl}
     #    echo "net.ipv4.tcp_mem = 8388608 12582912 16777216" >> ${sysctl}
     #    echo "net.ipv4.tcp_max_syn_backlog = 4096" >> ${sysctl}
     #    echo "net.ipv4.tcp_synack_retries = 2" >> ${sysctl}
     #    echo "net.nf_conntrack_max = 8553600" >> ${sysctl}
     #    echo "net.netfilter.nf_conntrack_max = 8553600" >> ${sysctl}
     #    echo "net.netfilter.nf_conntrack_tcp_timeout_established = 60" >> ${sysctl}
     #}
     #fi
     #__detect_result
     # 建立数据目录
     echo -en "${BC}data file is create...    ${EC}";sleep 1
     mkdir -p /opt/logs
     mkdir -p /opt/package
     mkdir -p /opt/javaserver
     mkdir -p /opt/data/mysqldata
     mkdir -p /opt/data/redis
     mkdir -p /opt/data/zookeeper
     mkdir -p /opt/script
     mkdir -p /opt/backup
     __detect_result
     # 搭建rsync服务
     echo -e "${BC}create rsync server...    ${EC}";sleep 1
     touch /etc/rsyncd.conf
     if [ $(grep -c "rsync" /etc/rsyncd.conf) == 0 ]; then
     cat > /etc/rsyncd.conf <<EOF
     uid = root
     gid = root
     use chroot = no
     max connections = 10
     strict modes = yes
     pid file = /var/run/rsyncd.pid
     lock file = /var/run/rsync.lock
     log file = /opt/logs/rsyncd.log
     EOF
     fi 
     if [ $(grep -c "/usr/bin/rsync --daemon" /etc/rc.local) == 0 ]; then 
         echo '/usr/bin/rsync --daemon' >> /etc/rc.local
     fi
     /usr/bin/rsync --daemon
     __detect_result
     # 安装java服务
     echo -e "${BC}install oracle java...    ${EC}";sleep 1
     wget -P /tmp/ --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.rpm
     rpm -ivh /tmp/jdk-8u45-linux-x64.rpm
     echo "" >>/etc/profile
     echo "# java jdk config" >> /etc/profile
     echo "JAVA_HOME=/usr/java/jdk1.8.0_45" >> /etc/profile
     echo "PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH" >> /etc/profile
     echo "CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib/rt.jar" >> /etc/profile
     echo "export JAVA_HOME PATH CLASSPATH" >> /etc/profile
     source /etc/profile
     __detect_result
     # 关闭服务
     echo -e "${BC}services is optimize...    ${EC}";sleep 1
     chkconfig --level 35 abrt-ccpp off 2>/dev/null
     chkconfig --level 35 abrtd off 2>/dev/null
     chkconfig --level 35 acpid off 2>/dev/null
     chkconfig --level 35 atd off 2>/dev/null
     chkconfig --level 35 certmonger off 2>/dev/null
     chkconfig --level 35 cpuspeed off 2>/dev/null
     chkconfig --level 35 cups off 2>/dev/null
     chkconfig --level 35 mcelogd off 2>/dev/null
     chkconfig --level 35 mdmonitor off 2>/dev/null
     chkconfig --level 35 nfslock off 2>/dev/null
     chkconfig --level 35 ip6tables off 2>/dev/null
     chkconfig --level 35 postfix off 2>/dev/null
     service abrt-ccpp stop 2>/dev/null
     service abrtd stop 2>/dev/null
     service acpid stop 2>/dev/null
     service atd stop 2>/dev/null
     service certmonger stop 2>/dev/null
     service cpuspeed stop 2>/dev/null
     service cups stop 2>/dev/null
     service mcelogd stop 2>/dev/null
     service mdmonitor stop 2>/dev/null
     service nfslock stop 2>/dev/null
     service ip6tables stop 2>/dev/null
     service postfix stop 2>/dev/null
     __detect_result
     # 添加 yum 软件源
     echo -en "${BC}yum source is install...    ${EC}";sleep 1
     rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
     yum install yum-priorities -y
     epel='/etc/yum.repos.d/epel.repo'
     if [ $(grep -c "priority=10" ${epel}) == 0 ]; then
         sed -i 's/enabled = 1/enabled = 1
    priority = 10/g' ${epel}
     fi
     __detect_result
     # YUM 安装相关服务
     echo -e "${BC}packages is installed...    ${EC}";sleep 1
     yum -e 0 -d 0 -y -q install iftop iotop ipmitool wget telnet vim xinetd dmidecode redhat-lsb ntp openssl bash man gcc gcc-c++ make sysstat nc lrzsz parted mtr iptraf strace 2>/dev/null
     __detect_result
     # 初始安装关闭DHCP引导
     echo -e "${BC}DHCP BOOT is disabled...    ${EC}";sleep 1
     ipmitool -I open chassis bootdev disk options=persistent,efiboot
     __detect_result
     echo "system init finished!"
     echo ""
     echo "reboot after 1 minutes!"
     shutdown -r +1
     
  • 相关阅读:
    freeswitch 对接IMS
    freeswitch对接北京移动IMS
    多台 FreeSWITCH 服务器级联
    FreeSWITCH代码分析
    软交换freeswitch系统概要和源代码分析初步
    SQL*Net message from client
    FreeSwitch下配置DID的方法
    FreeSWITCH实现多人来电思路
    SIP开源项目opensip,Freeswitch
    运行 FreeSWITCH
  • 原文地址:https://www.cnblogs.com/xmanblue/p/5741224.html
Copyright © 2020-2023  润新知