当前位置 : 主页 > 操作系统 > centos >

CentOS系统初始化脚本

来源：互联网收集：自由互联发布时间：2022-06-21

系统初始化脚本是刚安装完操作系统之后运行的脚本，主要功能是将系统环境进行优化，并更改常用设置，统一系统环境配置，该脚本重复运行不会修改多次，运行完成后最好重启一下

系统初始化脚本是刚安装完操作系统之后运行的脚本，主要功能是将系统环境进行优化，并更改常用设置，统一系统环境配置，该脚本重复运行不会修改多次，运行完成后最好重启一下系统。

脚本功能：

1. 安装EPEL源并安装常用的lib库

2. 开启必要的服务，关于服务的策略是将所有的服务设置为off，只将必要的系统服务设置为on，具体开启的服务需要根据实际环境配置

3. 关闭SELinux

4. 将LANG设置为en_US.UTF-8

5. 将历史命令记录设置为100

6. 记录每个登陆用户运行的命令，除了root（或者用户有sudo权限）其他用户都无法修改和删除用户的历史命令日志文件，确保安全

7. 修改系统的hard/soft限制

8. 优化常用内核参数

9. 同步系统时间，将ntp加入cron

10. 创建默认的运维人员账户，给予sudo权限，并设置下次登陆强制修改密码

11. 设置完毕后重启系统

功能演示：

1. 运行脚本输出，每项设置成功都会输出绿色done，如果设置开启的服务不存在，则会用红色 not exits标出，已有的用户不会重复添加，最后提示是否立刻重启：

CentOS系统初始化脚本_bash

CentOS系统初始化脚本_centos_02

新增的运维账号首次登陆需修改密码，默认密码在脚本中修改：

CentOS系统初始化脚本_初始化脚本_03

可以查看所有登陆用户的运行命令：

CentOS系统初始化脚本_bash_04

CentOS系统初始化脚本_初始化脚本_05

除了root（或者用户有sudo权限）其他用户都无权限修改或删除命令日志文件

CentOS系统初始化脚本_centos_06

CentOS系统初始化脚本_初始化脚本_07

脚本源代码：

#!/bin/bash

#===============================================================================

# FILE: linux_init.sh

# DESCRIPTION: This script is used to install usual libs, close unnecessary services，optimize kernel parameters and so on

# BLOG: http://waydee.blog.51cto.com/#

# CREATED: 2012-4-17 11:27:19

# REVISION: 1.0

#===============================================================================

set -o nounset # Treat unset variables as an error

############# VARIABLES DEFINED #############

SRV_TEMP="/tmp/chkconfig_list.tmp" #SRV_TEMP keep result from chkconfig command

SRV_ON="NetworkManager acpid auditd crond haldaemon iptables irqbalance kudzu lvm2-monitor mcstrans messagebus microcode_ctl netfs network portmap readahead_early restorecond smartd sshd syslog xfs xinetd yum-updatesd" #add services to this VARIABLES if you want to start them when linux start

INSTALL_LIBS="gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel nss_ldap openldap openldap-devel openldap-clients libxslt-devel libevent-devel libtool-ltdl bison libtool vim-enhanced" # the libs files will be used later

HISTORY_DIR="/var/log/.history" #the dir where to log user command

DONE="\e[0;32m\033[1mdone\e[m"

ADMIN_USER="test1 test2 test3" #default users who are administrators

DEFAULT_PASSWD="123456" #set the default password for administrators,it will be changed when user first login

# install EPEL

if [ ! -e /etc/yum.repos.d/epel.repo ]

then

rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm 1>/dev/null

echo -e "Install EPEL source ${DONE}."

# install usual libs

yum -y install ${INSTALL_LIBS} 1>/dev/null

echo -e "Install the usual libs ${DONE}."

# close all services and set necessary services on

chkconfig --list | awk '{print $1}' > ${SRV_TEMP}

# close all services

while read SERVICE

chkconfig --level 345 ${SERVICE} off 1>/dev/null

done < ${SRV_TEMP}

#open necessary services

for SRVS in ${SRV_ON}

if [ -e /etc/init.d/${SRVS} ]

then

chkconfig --level 345 ${SRVS} on 1>/dev/null

else

echo -e "Service ${SRVS} is \e[0;31m\033[1mnot exits\e[m."

done

#check if the server is vmware virtual machine

chkconfig --list|grep vmware* 2>&1 /dev/null

GREP_STATUS=$?

if [[ ${GREP_STATUS} == 0 ]]

then

chkconfig --level 345 vmware on 1>/dev/null

chkconfig --level 345 vmware-USBArbitrator on 1>/dev/null

chkconfig --level 345 vmware-workstation-server on 1>/dev/null

chkconfig --level 345 vmware-wsx-server on 1>/dev/null

chkconfig --level 345 vmamqpd on 1>/dev/null

echo -e "Stop unnecessary services ${DONE}."

# set selinux disabled

sed -i s/SELINUX=enforcing/SELINUX=disabled/ /etc/selinux/config

echo -e "Set SELinux disabled ${DONE}."

# set LANG en_US.UTF-8

sed -i s/LANG=.*$/LANG="en_US.UTF-8"/ /etc/sysconfig/i18n

echo -e "Set LANG en_US.UTF-8 ${DONE}."

# set history 100

sed -i s/HISTSIZE=.*/HISTSIZE=100/ /etc/profile

echo -e "Set history 100 ${DONE}."

#log every command for every user

if [ ! -d ${HISTORY_DIR} ]

then

mkdir -p ${HISTORY_DIR}

chmod -R 1777 ${HISTORY_DIR}

# use PROMPT_COMMAND to log every user command

more /etc/profile |grep PROMPT_COMMAND 2>&1 >/dev/null

COMMAND_STATUS=$?

if [[ ${COMMAND_STATUS} != 0 ]]

then

# export HISTORY_FILE="${HISTORY_DIR}/`date '+%y-%m-%d'`-`whoami`.log"

cat>>/etc/profile<<EOF

#log every user command

export HISTORY_FILE="/var/log/.history/\`whoami\`-\`date '+%y-%m-%d'\`.log"

export PROMPT_COMMAND='{ date "+%y-%m-%d %H:%M:%S - \$(who am i |awk "{print \\\$1\" \"\\\$2\" \"\\\$5}") - \$(history 1 | { read x cmd; echo "\$cmd"; })"; } >> \$HISTORY_FILE'

EOF

echo -e "Log user command ${DONE}."

more /etc/rc.local|fgrep "ulimit -SHn 65535" 2>&1 >/dev/null

ULIMIT_STATUS=$?

if [[ ${ULIMIT_STATUS} != 0 ]]

then

#set linux limit

echo "* soft nofile 60000" >> /etc/security/limits.conf

echo "* hard nofile 65535" >> /etc/security/limits.conf

echo "ulimit -SHn 65535" >> /etc/rc.local

echo -e "Set hard/soft limit ${DONE}."

echo "source /etc/profile" >>/etc/rc.local

echo "source /etc/profile" >> /root/.bash_profile

#linux kernel optimize

cat >/etc/sysctl.conf<<EOF

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

#net.bridge.bridge-nf-call-ip6tables = 0

#net.bridge.bridge-nf-call-iptables = 0

#net.bridge.bridge-nf-call-arptables = 0

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

net.core.rmem_max = 873200

net.core.wmem_max = 873200

net.ipv4.tcp_wmem = 8192 436600 873200

net.ipv4.tcp_rmem = 8192 436600 873200

net.ipv4.tcp_mem = 786432 1048576 1572864

net.ipv4.ip_local_port_range = 1024 65000

net.ipv4.tcp_max_tw_buckets = 180000

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.tcp_keepalive_intvl = 15

net.ipv4.tcp_retries1 = 3

net.ipv4.tcp_retries2 = 15

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_max_orphans = 131072

net.core.somaxconn = 1024

net.core.netdev_max_backlog = 1000

net.ipv4.tcp_max_syn_backlog = 20480

net.ipv4.tcp_synack_retries = 3

net.ipv4.tcp_syn_retries = 3

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_keepalive_time = 1800

net.ipv4.tcp_sack = 1

net.ipv4.tcp_timestamps = 0

EOF

#make optimize effect

sysctl -p 1>/dev/null

echo -e "Optimize kernel ${DONE}."

#time set

/usr/sbin/ntpdate ntp.fudan.edu.cn 1>/dev/null

#add to cron job

more /var/spool/cron/root |grep "ntp.fudan.edu.cn" 2>&1>/dev/null

NTP_STATUS=$?

if [[ ${NTP_STATUS} != 0 ]]

then

cat >> /var/spool/cron/root<<EOF

#time set

*/5 * * * * /usr/sbin/ntpdate ntp.fudan.edu.cn

EOF

echo -e "Time ntpdate set ${DONE}."

#add default administrators

for ADMIN in ${ADMIN_USER}

if cat /etc/passwd |awk -F: '{print $1}'|grep ${ADMIN} 2>&1 >/dev/null

then

echo -e "User ${ADMIN} has been \e[0;32m\033[1madded\e[m."

else

#add new user, change password when user login

useradd ${ADMIN}

echo "${DEFAULT_PASSWD}" | passwd --stdin ${ADMIN} 2>&1 >/dev/null

usermod -L ${ADMIN}

chage -d 0 ${ADMIN}

usermod -U ${ADMIN}

echo -e "Add User \e[0;32m\033[1m${ADMIN}\e[m done."

#add user to sudoers file

echo "${ADMIN} ALL=(ALL) ALL" >> /etc/sudoers

done

#init done,and reboot system

echo -e "Do you want to \e[0;31m\033[1mreboot\e[m system now? [Y/N]:\t "

read REPLY

case $REPLY in

Y|y)

echo "The system will reboot now ..."

shutdown -r now

;;

N|n)

echo "You must reboot later..."

source /etc/profile

;;

echo "You must input [Y/N]."

source /etc/profile

;;

esac

【文章原创作者：武汉网站制作公司 http://www.wh5w.com提供，感恩】

上一篇：Linux 添加服务详解
下一篇：没有了

网友评论

相关栏目

CentOS系统初始化脚本

相关文章