linux系统初始化脚本

#!/bin/bash

#make by Jeck

. /etc/init.d/functions

export LANG="en_US.UTF-8"

#生成local.repo文件

function local.repo() {

cat > /tmp/local.repo <<EOF

[sever]

name=yum

baseurl=file:///media

enabled=1

gpgcheck=0

EOF

}

#生成localnet.repo文件

function localnet.repo() {

source=`sed s/[[:space:]]//g /etc/issue | head -1 |cut -b 1-6 | tr  '[:upper:]' '[:lower:]'`

cat > /tmp/$source.repo <<EOF

[sever]

name=localnet

baseurl=http://192.168.254.1/$source

gpgchek=1

enabled=1

gpgkey=http://192.168.254.1/$source/RPM-GPG-KEY-redhat-release

EOF

}

#生成CentOS6-Base-163.repo文件

function 163.repo() {

cat > /tmp/CentOS6-Base-163.repo <<EOF

# CentOS-Base.repo

#

# The mirror system uses the connecting IP address of the client and the

# update status of each mirror to pick mirrors that are updated to and

# geographically close to the client.  You should use this for CentOS updates

# unless you are manually picking other mirrors.

#

# If the mirrorlist= does not work for you, as a fall back you can try the 

# remarked out baseurl= line instead.

#

#

[base]

name=CentOS-\$releasever - Base - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/os/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=\$releasever&arch=\$basearch&repo=os

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#released updates 

[updates]

name=CentOS-\$releasever - Updates - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/updates/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=\$releasever&arch=\$basearch&repo=updates

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful

[extras]

name=CentOS-\$releasever - Extras - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/extras/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=\$releasever&arch=\$basearch&repo=extras

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages

[centosplus]

name=CentOS-\$releasever - Plus - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=\$releasever&arch=\$basearch&repo=centosplus

gpgcheck=1

enabled=0

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users

[contrib]

name=CentOS-\$releasever - Contrib - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/contrib/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=\$releasever&arch=\$basearch&repo=contrib

gpgcheck=1

enabled=0

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

EOF

}

#yum源配置

function yum-source() {

rm -f /etc/yum.repos.d/*

read -t 5 -p "do you want to build local.repo : _(y/n)" m

case $m in

y)

local.repo

cp -f /tmp/local.repo /etc/yum.repos.d/ && action "local.repo build " /bin/true

;;

n)

echo "the local.repo is in /tmp ,you can copy by hand"

;;

*)

echo "you input error,please input y/n" 

;;

esac

read  -p "do you want to build l63.repo or localnet.repo : _(localnet/163)" n

case $n in

163)

         wget -P /tmp  http://mirrors.163.com/.help/CentOS6-Base-163.repo &>/dev/null

        if [ $? -eq 0 ];then

action "download CentOS6-Base-163.repo" /bin/true

cp -f /tmp/CentOS6-Base-163.repo /etc/yum.repos.d/

                [ $? -eq 0 ] && action "CentOS6-Base-163.repo build " /bin/true || action "CentOS6-Base-163.repo build " /bin/false  

        else

163.repo

                cp -f /tmp/CentOS6-Base-163.repo /etc/yum.repos.d 

[ $? -eq 0 ] && action "CentOS6-Base-163.repo build " /bin/true || action "CentOS6-Base-163.repo build " /bin/false

        fi

;;

localnet)

localnet_name=`sed s/[[:space:]]//g /etc/issue | head -1 |cut -b 1-6 | tr  '[:upper:]' '[:lower:]'`

wget -P /tmp http://192.168.254.1/${localnet_name}.repo &>/dev/null

if [ $? -eq 0 ];then

cp -f /tmp/${localnet_name}.repo /etc/yum.repos.d/

[ $? -eq 0 ] && action " create localnet.repo" /bin/true || action "create localnet.repo " /bin/false

else

localnet.repo

cp -f /tmp/${localnet_name}.repo /etc/yum.repos.d

[ $? -eq 0 ] && action " create localnet.repo" /bin/true || action "create localnet.repo " /bin/false

fi

;;

*)

echo "you input error,please input localnet/163" 

;;

esac

yum clean all &>/dev/null

yum makecache &>/dev/null

sleep 1

}

function hostname() {

read  -t 5 -p "do you want to set hostname:_(y/n)" rs

case $rs in

y)

read -p "please input your hostname:__" HOSTNAME_NEW

HOSTNAME_OLD=`tail -1 /etc/sysconfig/network | awk -F"=" '{print $2}'`

sed -i "s/HOSTNAME=${HOSTNAME_OLD}/HOSTNAME=${HOSTNAME_NEW}/g"  /etc/sysconfig/network

HOSTNAME=`tail -1 /etc/sysconfig/network | awk -F"=" '{print $2}'`

action "your hostname is ${HOSTNAME}" /bin/true

;;

*)

sleep 1

esac

}

#selinux 配置

function selinux() {

selinux_status=` cat /etc/sysconfig/selinux | grep -v ^# | grep -v ta | awk -F "=" '{print $2}'| grep -v ^$`

if [ ${selinux_status} == "enforcing" ];then

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

sleep 1

setenforce 0

action "selinux is `cat /etc/sysconfig/selinux | grep -v ^# | grep -v ta | awk -F "=" '{print $2}'| grep -v ^$` " /bin/true

fi

}

#防火墙iptables配置

function iptables() {

service iptables restart &>/dev/null

/sbin/iptables -F

service iptables save  &>/dev/null

service iptables stop  &>/dev/null

chkconfig iptables off  &>/dev/null

action "iptables is stop" /bin/true

}

#服务启动配置

function service() {

 for service in `chkconfig --list  | grep 3:on | awk  '{print $1}'`; do chkconfig $service off ; done

 for service in network rsyslog crond sshd;do chkconfig $service on;done

 [ $? -eq 0 ] && action "the service is OK" /bin/true 

 echo "the `chkconfig --list  | grep 3:on | awk  '{print $1}' | tr '\n' ','` is on now "

}

#系统语言环境配置

function language() {

language_old=`cat /etc/sysconfig/i18n  | awk -F"=" '{print $2}' | head -1 `

language_new="en_US.UTF-8"

sed -i "s/LANG=${language_old}/LANG=${language_new}/g" /etc/sysconfig/i18n

language=`cat /etc/sysconfig/i18n  | awk -F"=" '{print $2}' | head -1`

[ $? -eq 0 ] && action "system language is ${language} " /bin/true || action "system language is ${language_new} " /bin/false

. /etc/sysconfig/i18n

export LANG=zh_CN

 }

 #ntp时间同步配置

 function ntp() {

zone_old=`cat /etc/sysconfig/clock | awk -F"=" '{print $2}'`

zone_new='Asia/Shanghai'

sed -i "s#ZONE=${zone_old}#ZONE=${zone_new}#g" /etc/sysconfig/clock

rm -fr /etc/localtime

cp -f  /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 

/usr/sbin/ntpdate pool.ntp.org &>/dev/null

[ $? -eq 0 ] && action "the time update now `date +%F-%H:%M:%S` " /bin/true || action "the time update now `date +%F-%H:%M:%S`" /bin/false

  echo '#time sync by fuzj at 2014-10-1'>>/var/spool/cron/root

echo '*/10 * * * * 192.168.254.199 pool.ntp.org >/dev/null 2>&1'>>/var/spool/cron/root

 }

#内核参数配置

function kernal() {

cat >> /etc/sysctl.conf <<EOF

net.ipv4.tcp_fin_timeout = 2

        net.ipv4.tcp_tw_reuse = 1

        net.ipv4.tcp_tw_recycle = 1

        net.ipv4.tcp_keepalive_time = 600

        net.ipv4.ip_local_port_range = 4000 65000

        net.ipv4.tcp_max_syn_backlog = 16384

        net.ipv4.tcp_max_tw_buckets = 36000

        net.ipv4.route.gc_timeout = 100

        net.ipv4.tcp_syn_retries = 1

        net.ipv4.tcp_synack_retries = 1

        net.core.somaxconn = 16384

        net.core.netdev_max_backlog = 16384

        net.ipv4.tcp_max_orphans = 16384

        net.netfilter.nf_conntrack_max = 25000000

        net.netfilter.nf_conntrack_tcp_timeout_established = 180

        net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

        net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

        net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

[ $? -eq 0 ] && action "the kernal is OK " /bin/true

}

function ssh ()

{

sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

useradd fuzj

 echo "fuzj123" | passwd --stdin fuzj &> /dev/null

 /etc/init.d/sshd restart &> /dev/null && action "ssh is config ok ,please used fuzj login "

}

#下载必备常用软件

function software() {

yum install lrzsz wget elinks -y &>/dev/null

[ $? -eq 0 ] && action "lrzsz wget elinks install" /bin/true || action "lrzsz wget elinks install" /bin/false

}

#下面开始执行综上的函数

echo "============================ hostname config =========================="

hostname

sleep 1

echo "============================ yum config ==============================="

yum-source

sleep 2

echo "=========================== selinux config ============================"

selinux

sleep 2

echo "========================== iptables config ============================="

iptables

sleep 2

echo "========================== service config =============================="

service

sleep 2

echo "========================== language config ============================="

language

sleep 2

echo "========================== kernal config ==============================="

kernal

sleep 2

echo "========================== date update config =========================="

ntp

sleep 2

echo "========================== ssh config =========================="

ssh

sleep 2

echo "========================== software config ============================="

software

sleep 2

jishi(){

tput sc

count=11

while true;  

do

        if [ $count -gt 0 ];then

                let count--;

                sleep 1;

                tput rc

                tput ed

                echo -n -e "\033[;36m  ....$count \033[0m"

        else

                reboot;

        fi

done

}

echo -e "\033[;31m system config is ok, it need to reboot \033[0m"

 echo -e "\033[;34m Press enter to continue reboot!\033[0m"

read -t 5 -p "" a

jishi