shell 一键优化系统(centos7)脚本

!/bin/bash

#########################################################

Created Time: Tue Aug 7 01:29:09 2018

version:1.0 by：kingle Mail: kingle122@vip.qq.com

基于oldboy书籍优化编写

实现功能：一键系统优化15项脚本，适用于Centos7.x

#########################################################

Source function library.

. /etc/init.d/functions

date

DATE=date +"%y-%m-%d %H:%M:%S"

ip

IPADDR=grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-br0|cut -d= -f 2

hostname

HOSTNAME=hostname -s

user

USER=whoami

disk_check

DISK_SDA=df -h |grep -w "/" |awk '{print $5}'

cpu_average_check

cpu_uptime=cat /proc/loadavg|awk '{print $1,$2,$3}'

set LANG

export LANG=zh_CN.UTF-8

Require root to run this script.

uid=id | cut -d\( -f1 | cut -d= -f2
if [ $uid -ne 0 ];then
action "Please run this script as root." /bin/false
exit 1
fi

"stty erase ^H"

\cp /root/.bash_profile /root/.bash_profile_ $(date +%F) erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l` if [$ erase -lt 1 ];then
echo "stty erase ^H" >>/root/.bash_profile
source /root/.bash_profile
fi

Config Yum CentOS-Bases.repo and save Yum file

configYum(){
echo "================更新为国内YUM源=================="
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo. $(date +%F) ping -c 1 mirrors.aliyun.com >/dev/null if [$ ? -eq 0 ];then
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
else
echo "无法连接网络。"
exit $?
fi
echo "==============保存YUM源文件======================"
sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
grep keepcache /etc/yum.conf
sleep 5
action "配置国内YUM完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Charset zh_CN.UTF-8

initI18n(){
echo "================更改为中文字符集================="
\cp /etc/locale.conf /etc/locale.conf.$(date +%F)

/etc/locale.conf
cat >>/etc/locale.conf<<EOF
LANG="zh_CN.UTF-8"

LANG="en_US.UTF-8"

SYSFONT="latarcyrheb-sun16"
EOF
source /etc/locale.conf
echo '#cat /etc/locale.conf'
grep LANG /etc/locale.conf
action "更改字符集zh_CN.UTF-8完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Close Selinux and Iptables

initFirewall(){
echo "============禁用SELINUX及关闭防火墙=============="
\cp /etc/selinux/config /etc/selinux/config.$(date +%F)
service firewalld stop
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo '#grep SELINUX=disabled /etc/selinux/config '
grep SELINUX=disabled /etc/selinux/config
echo '#getenforce '
getenforce
action "禁用selinux及关闭防火墙完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Init Auto Startup Service

initService(){
echo "===============精简开机自启动===================="
export LANG="en_US.UTF-8"
for A in chkconfig --list |grep 3:on |awk '{print $1}';do chkconfig $A off;done for B in rsyslog network sshd crond sysstat;do chkconfig$ B on;done
echo '+--------which services on---------+'
chkconfig --list |grep 3:on
echo '+----------------------------------+'
export LANG="zh_CN.UTF-8"
action "精简开机自启动完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Removal system and kernel version login before the screen display

initRemoval(){
echo "======去除系统及内核版本登录前的屏幕显示======="

must use root user run scripts

if
[ $UID -ne 0 ];then
echo This script must use the root user ! ! !
sleep 2
exit 0
fi
>/etc/redhat-release
>/etc/issue
action "去除系统及内核版本登录前的屏幕显示" /bin/true
echo "================================================="
echo ""
sleep 2
}

Change sshd default port and prohibit user root remote login.

initSsh(){
echo "========修改ssh默认端口禁用root远程登录=========="
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config. $(date +%F) sed -i 's/#Port 22/Port 52113/g' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config sed -i 's/^GSSAPIAuthentication yes$ /GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
echo '+-------modify the sshd_config-------+'
echo 'Port 52113'
echo 'PermitEmptyPasswords no'
echo 'PermitRootLogin no'
echo 'UseDNS no'
echo '+------------------------------------+'
service sshd restart && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
echo "================================================="
echo ""
sleep 2
}

time sync

syncSysTime(){
echo "================配置时间同步====================="
\cp /var/spool/cron/root /var/spool/cron/root. $(date +%F) 2>/dev/null NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l` if [$ NTPDATE -eq 0 ];then
echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >> /var/spool/cron/root
fi
echo '#crontab -l'
crontab -l
action "配置时间同步完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

install tools

initTools(){
echo "#####安装升级系统补装工具及重要工具升级(选择最小化安装minimal)#####"
ping -c 2 mirrors.aliyun.com
sleep 2
yum install tree nmap sysstat lrzsz dos2unix wget git -y
sleep 2
rpm -qa tree nmap sysstat lrzsz dos2unix
sleep 2
yum install openssl openssh bash -y
sleep 2
action "安装升级系统补装工具及重要工具升级(选择最小化安装minimal)" /bin/true
echo "================================================="
echo ""
sleep 2
}

add user and give sudoers

addUser(){
echo "===================新建用户======================"

add user

while true
do
read -p "请输入新用户名:" name
NAME=awk -F':' '{print $1}' /etc/passwd|grep -wx $name 2>/dev/null|wc -l
if [ ${#name} -eq 0 ];then echo "用户名不能为空，请重新输入。" continue elif [$ NAME -eq 1 ];then
echo "用户名已存在，请重新输入。"
continue
fi
useradd $name
break
done

create password

while true
do
read -p "为 $name 创建一个密码:" pass1 if [$ {#pass1} -eq 0 ];then
echo "密码不能为空，请重新输入。"
continue
fi
read -p "请再次输入密码:" pass2
if [ " $pass1" != "$ pass2" ];then
echo "两次密码输入不相同，请重新输入。"
continue
fi
echo " $pass2" |passwd --stdin$ name
break
done
sleep 1

add visudo

echo "#####add visudo#####"
\cp /etc/sudoers /etc/sudoers. $(date +%F) SUDO=`grep -w "$ name" /etc/sudoers |wc -l`
if [ $SUDO -eq 0 ];then echo "$ name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
echo '#tail -1 /etc/sudoers'
grep -w " $name" /etc/sudoers sleep 1 fi action "创建用户$ name并将其加入visudo完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

Adjust the file descriptor(limits.conf)

initLimits(){
echo "===============加大文件描述符===================="
LIMIT=grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l
if [ $LIMIT -eq 0 ];then \cp /etc/security/limits.conf /etc/security/limits.conf.$ (date +%F)
echo '* - nofile 65535'>>/etc/security/limits.conf
fi
echo '#tail -1 /etc/security/limits.conf'
tail -1 /etc/security/limits.conf
ulimit -HSn 65535
echo '#ulimit -n'
ulimit -n
action "配置文件描述符为65535" /bin/true
echo "================================================="
echo ""
sleep 2
}

set the control-alt-delete to guard against the miSUSE

initRestart(){
sed -i 's#exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
action "将ctrl alt delete键进行屏蔽，防止误操作的时候服务器重启" /bin/true
echo "================================================="
echo ""
sleep 2
}

Optimizing the system kernel

initSysctl(){
echo "================优化内核参数====================="
SYSCTL=grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l
if [ $SYSCTL -lt 10 ];then \cp /etc/sysctl.conf /etc/sysctl.conf.$ (date +%F)
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
fi
\cp /etc/rc.local /etc/rc.local.$(date +%F)
modprobe nf_conntrack
echo "modprobe nf_conntrack">> /etc/rc.local
modprobe bridge
echo "modprobe bridge">> /etc/rc.local
sysctl -p
action "内核调优完成" /bin/true
echo "================================================="
echo ""
sleep 2
}

setting history and login timeout

initHistory(){
echo "======设置默认历史记录数和连接超时时间======"
echo "TMOUT=300" >>/etc/profile
echo "HISTSIZE=100" >>/etc/profile
echo "HISTFILESIZE=100" >>/etc/profile
tail -3 /etc/profile
source /etc/profile
action "设置默认历史记录数和连接超时时间" /bin/true
echo "================================================="
echo ""
sleep 2
}

chattr file system

initChattr(){
echo "======锁定关键文件系统======"
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
/bin/mv /usr/bin/chattr /usr/bin/lock
action "锁定关键文件系统" /bin/true
echo "================================================="
echo ""
sleep 2
}
del_file(){
echo "======定时清理邮件任务======"
[ -f /server/scripts/ ] || mkdir -p /server/scripts/
echo "find /var/spool/postfix/maildrop/ -type f|xargs rm -f" >/server/scripts/del_file.sh
echo '#this is del mail task by kingle at 2018-8-8' >>/var/spool/cron/root
echo "*/1 * * * * /bin/bash /server/scripts/del_file.sh &>/dev/null" >>/var/spool/cron/root
echo "================================================="
echo ""
sleep 2
}
hide_info(){
echo "======！！隐藏系统信息！！======"
echo "======此项注意不要自己忘记了那就没救了======"
echo "======不建议使用======"
Version_information=cat /etc/issue|grep "CentOS"

/etc/issue
/etc/issue.net
if [ cat /etc/issue|grep cent|wc -l -eq 0 -a cat /etc/issue|grep cent|wc -l -eq 0 ];then
echo "======清除成功====="
else
/etc/issue
/etc/issue.net
fi
echo "$Version_information"
echo "=====认准本系统版本======"
sleep 10
echo "================================================="
}
grub_md5(){
echo "======grub_md5加密======"
echo "======命令行输入：/sbin/grub-md5-crypt 进行交互式加密======"
echo "把密码写入/etc/grub.conf 格式：password --MD5 密码"
echo ""
sleep 10
}

menu2

menu2(){
while true
do
clear
cat <<EOF

|Please Enter Your Choice:[0-15]|

(1) 新建一个用户并将其加入visudo
(2) 配置为国内YUM源镜像和保存YUM源文件
(3) 配置中文字符集
(4) 禁用SELINUX及关闭防火墙
(5) 精简开机自启动
(6) 去除系统及内核版本登录前的屏幕显示
(7) 修改ssh默认端口及禁用root远程登录
(8) 设置时间同步
(9) 安装系统补装工具(选择最小化安装minimal)
(10) 加大文件描述符
(11) 禁用GSSAPI来认证，也禁用DNS反向解析，加快SSH登陆速度
(12) 将ctrl alt delete键进行屏蔽，防止误操作的时候服务器重启
(13) 系统内核调优
(14) 设置默认历史记录数和连接超时时间
(15) 锁定关键文件系统
(16) 定时清理邮件任务
(17) 隐藏系统信息
(18) grub_md5加密
(0) 返回上一级菜单

EOF
read -p "Please enter your Choice[0-15]: " input2
case "$input2" in

clear
break
;;

addUser
;;

configYum
;;

initI18n
;;

initFirewall
;;

initService
;;

initRemoval
;;

initSsh
;;

syncSysTime
;;

initTools
;;

initLimits
;;

initRestart
;;

initSysctl
;;

initHistory
;;

initChattr
;;

del_file
;;

hide_info
;;

grub_md5
;;
*) echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Choice! |"
echo "----------------------------------"
for i in seq -w 3 -1 1
do
echo -ne "\b\b$i";
sleep 1;
done
clear
esac
done
}

initTools

|Please Enter Your Choice:[1-3]|

(1) 一键优化
(2) 自定义优化
(3) 退出
EOF

choice

read -p "Please enter your choice[0-3]: " input1
case "$input1" in

addUser
configYum
initI18n
initFirewall
initService
initRemoval
initSsh
syncSysTime
initTools
initLimits
initRestart
initSysctl
initHistory
initChattr
;;

menu2
;;

clear
break
;;
*)
echo "----------------------------------"
echo "| Warning!!! |"
echo "| Please Enter Right Choice! |"
echo "----------------------------------"
for i in seq -w 3 -1 1
do
echo -ne "\b\b$i";
sleep 1;
done
clear
esac
done

最后编辑于：2019.03.04 15:05:39

人面猴
序言：七十年代末，一起剥皮案震惊了整个滨河市，随后出现的几起案子，更是在滨河造成了极大的恐慌，老刑警刘岩，带你破解...
沈念sama阅读 227,572评论 6赞 531
死咒
序言：滨河连续发生了三起死亡事件，死亡现场离奇诡异，居然都是意外死亡，警方通过查阅死者的电脑和手机，发现死者居然都...
沈念sama阅读 98,071评论 3赞 414
救了他两次的神仙让他今天三更去死
文/潘晓璐我一进店门，熙熙楼的掌柜王于贵愁眉苦脸地迎上来，“玉大人，你说我怎么就摊上这事。” “怎么了？”我有些...
开封第一讲书人阅读 175,409评论 0赞 373
道士缉凶录：失踪的卖姜人
文/不坏的土叔我叫张陵，是天一观的道长。经常有香客问我，道长，这世上最难降的妖魔是什么？我笑而不...
开封第一讲书人阅读 62,569评论 1赞 307
港岛之恋（遗憾婚礼）
正文为了忘掉前任，我火速办了婚礼，结果婚礼上，老公的妹妹穿的比我还像新娘。我一直安慰自己，他们只是感情好，可当我...
茶点故事阅读 71,360评论 6赞 404
恶毒庶女顶嫁案：这布局不是一般人想出来的
文/花漫我一把揭开白布。她就那样静静地躺着，像睡着了一般。火红的嫁衣衬着肌肤如雪。梳的纹丝不乱的头发上，一...
开封第一讲书人阅读 54,895评论 1赞 321
城市分裂传说
那天，我揣着相机与录音，去河边找鬼。笑死，一个胖子当着我的面吹牛，可吹牛的内容都是我干的。我是一名探鬼主播，决...
沈念sama阅读 42,979评论 3赞 440
双鸳鸯连环套：你想象不到人心有多黑
文/苍兰香墨我猛地睁开眼，长吁一口气：“原来是场噩梦啊……” “哼！你这毒妇竟也来了？” 一声冷哼从身侧响起，我...
开封第一讲书人阅读 42,123评论 0赞 286
万荣杀人案实录
序言：老挝万荣一对情侣失踪，失踪者是张志新（化名）和其女友刘颖，没想到半个月后，有当地人在树林里发现了一具尸体，经...
沈念sama阅读 48,643评论 1赞 333
护林员之死
正文独居荒郊野岭守林人离奇死亡，尸身上长有42处带血的脓包…… 初始之章·张勋以下内容为张勋视角年9月15日...
茶点故事阅读 40,559评论 3赞 354
白月光启示录
正文我和宋清朗相恋三年，在试婚纱的时候发现自己被绿了。大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
茶点故事阅读 42,742评论 1赞 369
活死人
序言：一个原本活蹦乱跳的男人离奇死亡，死状恐怖，灵堂内的尸体忽然破棺而出，到底是诈尸还是另有隐情，我是刑警宁泽，带...
沈念sama阅读 38,250评论 5赞 356
日本核电站爆炸内幕
正文年R本政府宣布，位于F岛的核电站，受9级特大地震影响，放射性物质发生泄漏。R本人自食恶果不足惜，却给世界环境...
茶点故事阅读 43,981评论 3赞 346
男人毒药：我在死后第九天来索命
文/蒙蒙一、第九天我趴在偏房一处隐蔽的房顶上张望。院中可真热闹，春花似锦、人声如沸。这庄子的主人今日做“春日...
开封第一讲书人阅读 34,363评论 0赞 25
一桩弑父案，背后竟有这般阴谋
文/苍兰香墨我抬头看了看天上的太阳。三九已至，却和暖如春，着一层夹袄步出监牢的瞬间，已是汗流浃背。一阵脚步声响...
开封第一讲书人阅读 35,622评论 1赞 280
情欲美人皮
我被黑心中介骗来泰国打工，没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留，地道东北人。一个月前我还...
沈念sama阅读 51,354评论 3赞 390
代替公主和亲
正文我出身青楼，却偏偏与公主长得像，于是被迫代替她去往敌国和亲。传闻我的和亲对象是个残疾皇子，可洞房花烛夜当晚...
茶点故事阅读 47,707评论 2赞 370