注:执行后需要重启机器 #!/bin/sh #****************************************************************# # ScriptName: CentOS6_init.sh # Author:823431818@qq.com # Create Date: 2014-05-17 # Modify Author: # Modify Date: 2016-09-18 # Function: #***************************************************************# change_password_len() { echo "Change PASS_MIN_LEN to 10" /bin/awk '($1 ~ /^PASS_MIN_LEN/) { $2="10" } {print}' /etc/login.defs >/tmp/login.defs /bin/mv -f /tmp/login.defs /etc/login.defs } modify_chkconfig() { echo "::Modify chkconfig for the system..." for a in `chkconfig --list|grep 0:|awk '{print $1}'` do case "$a" in "sshd" ) STATUS=on;; "crond" ) STATUS=on;; "network" ) STATUS=on;; "rsyslog" ) STATUS=on;; "irqbalance" ) STATUS=on;; * ) STATUS=off;; esac /sbin/chkconfig --level 345 $a $STATUS done echo "::End modify chkconfig" } disable_selinux() { echo "::Disable selinux" [ -e /etc/selinux/config ] && sed -r -i '/^SELINUX=/s/.*/SELINUX=disabled/' /etc/selinux/config echo "::End disable selinux" } change_inittab() { echo "::Change inittab" sed -r -i '/^id/s/.*/id:3:initdefault:/' /etc/inittab echo "::End change inittab" } modify_timezone() { cat <<- EOF >/etc/sysconfig/clock ZONE="Asia/Shanghai" UTC=false ARC=false EOF cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime sed -i 's/^[ \t]*//' /etc/sysconfig/clock } function set_keyboard() { cat <<- EOF >/etc/sysconfig/keyboard KEYBOARDTYPE="pc" KEYTABLE="us" EOF sed -i 's/^[ \t]*//' /etc/sysconfig/keyboard } function set_nofile_limits() { echo "::Change nofile limits" sed -i 's#session required pam_loginuid.so#session required pam_loginuid.so\nsession required pam_limits.so#' /etc/pam.d/login sed -i '$a * - nofile 65536' /etc/security/limits.conf echo "::End change nofile\n" } change_banner() { echo "::Change Banner" for FILE in /etc/issue /etc/motd /etc/issue.net; do cp -f ${FILE} ${FILE}.tmp egrep -vi "red hat|kernel|fedora" ${FILE}.tmp > ${FILE} rm -f ${FILE}.tmp done if [ "`grep -i authorized /etc/issue`" == "" ]; then echo "Authorized users only. All activity may be monitored and reported." >> /etc/issue fi if [ "`grep -i authorized /etc/motd`" == "" ]; then echo "Authorized users only. All activity may be monitored and reported." >> /etc/motd fi chown root:root /etc/motd /etc/issue /etc/issue.net chmod 644 /etc/motd /etc/issue /etc/issue.net echo "::End change banner" } change_profile() { echo "::Change the /etc/profile file" echo "umask 022" >>/etc/profile echo "TMOUT=6000" >>/etc/profile echo "export TMOUT" >>/etc/profile echo "::End change profile" } change_sshd_config() { echo "::Change sshd_config" sed -i 's/#MaxAuthTries 6/MaxAuthTries 5/' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config echo "::End change sshd_config" } change_lang() { echo "::Change i18n config" sed -r -i '/^LANG=/s/.*/LANG="en_US.UTF-8"/' /etc/sysconfig/i18n echo "::End change i18n config" } change_ntp() { echo "/usr/sbin/ntpdate -u clepsydra.dec.com tick.ucla.edu ntp.nasa.gov" >> /etc/rc.local echo "0 2 * * * /usr/sbin/ntpdate -u clepsydra.dec.com tick.ucla.edu ntp.nasa.gov >/dev/null" >> /etc/crontab } change_sysctl () { cat <<- EOF >/etc/sysctl.conf net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 fs.file-max = 655350 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_fin_timeout = 5 net.ipv4.tcp_max_syn_backlog = 20000 net.core.somaxconn = 65535 net.core.netdev_max_backlog = 65535 EOF sysctl -p } function linux_secure() { export LANG="en_US" change_password_len modify_chkconfig disable_selinux modify_timezone set_keyboard change_banner change_profile change_inittab set_nofile_limits change_sshd_config change_lang change_ntp change_sysctl echo "All done!!" } linux_secure
CentOS6系统初始化脚本
原创
©著作权归作者所有:来自51CTO博客作者wpf926的原创作品,请联系作者获取转载授权,否则将追究法律责任
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
CentOS7.9系统初始化安装配置操作
CentOS7.9系统初始化安装配置
sed 配置文件 重启 -
CentOS6&7系统初始化脚本
CentOS6和CentOS7系统初始化脚本
初始化 系统 CentOS6 -
Centos6安装zabbix2.4初始化部署
Centos6安装zabbix2.4初始化部署
监控系统 zabbix监控 zabbix2.4