centos6、7系统初始化脚本

#!/bin/bash
#
#********************************************************************
#encoding  -*-utf8-*-
#Author:        zhangshang
#Date:         2017-12-19
#URL:         http://blog.vservices.top/myblog
#Description：    The test script
#Copyright (C):     2017 All rights reserved
#QQ Numbers: 765030447
#********************************************************************
#查看系统版本 
Get_host_version=`cat /etc/centos-release | grep -i centos | grep -o "\<[[:digit:]]\+" |head -1`
#查看内核版本
kernel_version=`uname -r`
#设置开机启动文件的权限
chmod +x /etc/rc.d/rc.local
#安装wget必备工具
function Install_wget(){
    mount /dev/sr0 /mnt
    [ $? -ne 0 ] && { echo "未添加光盘源！退出脚本" ； exit 1 ; }
    rpm -ivh /mnt/Packages/wget*
    cd /
    umount /mnt    
}
#修改字符集位zh_CN.UTF-8
function Modify_charaset(){
    echo 'export LANG=zh_CN.UTF-8' >>/etc/profile
    export LANG=zh_CN.UTF-8
}
#输出错误的系统版本
function Error_system_version(){
    echo "未知的系统版本 $Get_host_version"
}
#备份操作的相关目录
function Bakup_etc(){
    Now_of_time=`date +'%F_%H.%M'`
    back_path=/bak/initsys/
    mkdir -p $back_path
    tar -czf $back_path/etc.${Now_of_time}.tar.gz /etc
}
#关闭防火墙和selinux
function Off_firewall_and_selinux(){
    #off firewall
    if [ "$Get_host_version" == 7 ]
        then
        systemctl stop firewalld &>/dev/null
        systemctl disable firewalld &>/dev/null
    elif [ "$Get_host_version" == 6 ]
        then
        service iptables stop &>/dev/null
        chkconfig iptables off &>/dev/null
    else
        Error_system_version
        return 1
    fi
    #off selinux
    sed -ri 's/^(SELINUX=).*$/\1disabled/g' /etc/selinux/config
    setenforce 0
}
#配置时区和时间
function Set_timezone_and_time(){
    /usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
    #/usr/sbin/ntpdate 10.11.23.22 #设置ntp服务器同步，如果需要取消注释
    #hwclock -w #同步系统时间到硬件时间
    if [ "$Get_host_version" == '6' ]
        then
        cat > /etc/sysconfig/clock << EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
    elif [ "$Get_host_version" == '7' ] 
        then
        timedatectl set-local-rtc yes
    else
        Error_system_version
    fi    
}
#隐藏系统版本
function Shadow_system_version(){
    echo '' > /etc/issue
    echo '' > /etc/motd
    echo '' > /etc/redhat-release
    echo '' > /etc/centos-release
}
#测试外网是否连通
function Test_network(){
    ping -c1 www.baidu.com &>/dev/null
    if [ $? -eq 0 ]
        then
        return 0
    else
        return 1
    fi
}
#设置系统最大句柄数
function Set_handler_Num(){
    limit_count=`cat /etc/security/limits.conf | grep "^\*[[:blank:]]\+\(soft\|hard\)[[:blank:]]\+\(nofile\|nproc\)[[:blank:]]\+" | wc -l`
    if [ "$limit_count" -eq 0 ]
        then
        cat >> /etc/security/limits.conf << EOF
*   soft   nofile   102400 
*   hard   nofile   102400
*   soft   nproc    40960
*   hard   nproc    40960
EOF
        ulimit -n 102400 #设置文件打开数,并马上生效，
    else
        echo "已经添加过limit限制!"
    fi
}
#优化tcp连接
function Set_tcp_kernel_arguments(){
    kernel_args=/etc/sysctl.d/tcp_optimization.conf
    flag_1=`cat $kernel_args 2>/dev/null | grep tcp_flag | awk '{print $2}'`
    flag_2=`cat $kernel_args 2>/dev/null | grep tcp_flag | wc -l`
    if [ "$flag_2" -gt 1 ]
        then
        echo "系统错误，TCP重复的优化参数，请查看 $kernel_args 是否正确!"
        return 1
    fi
    if [ "$flag_1" == 1 ]
        then
        echo "TCP内核参数已经优化过了。"
        return 1
    fi
    echo "#tcp_flag    1" >>$kernel_args
    touch $kernel_args
    echo "
    net.ipv4.tcp_syncookies = 1 #SYN等待队列溢出，启用cookie，可防少量ddos
    net.ipv4.tcp_tw_resue = 1 #重用TIME_WAIT套接字用于新的TCP链接
    net.ipv4.tcp_tw_recycle = 1 #启用TIME_WAIT套接字快速回收
    net.ipv4.tcp_keepalive_time = 1200 #tcp keepalive消息的频度,默认2小时
    net.ipv4.tcp_fin_timeout = 5 #指定孤儿连接在内核中生存的时间为5秒
    net.ipv4.ip_local_port_range = 10000 65000 #配置可用端口
    net.ipv4.tcp_max_syn_backlog = 262144 #表示SYN队列的长度
    net.ipv4.tcp_max_tw_buckets = 5000 #超过数量的TIME_WAIT将立刻被清除并打印警告信息
    net.core.netdev_max_backlog = 262144 #当网络接口接收数据包的速率比内核处理速率快时，允许送到缓冲队列的数据包最大数目。
    net.core.somaxconn = 40000 #用于存放已经建立好的TCP连接，等待服务端应用listener accept进行处理
    " >>$kernel_args
    sysctl -p $kernel_args &>/dev/null
    if [ $? != 0 ]
        then
        echo '读取Tcp内核参数错误！'
    fi
}
#优化swap
function Set_kernel_swap(){
     kernel_args=/etc/sysctl.d/swap.conf
    echo "vm.swappiness = 0" >>$kernel_args
    sysctl -p $kernel_args &>/dev/null
    if [ $? != 0 ]
        then
        echo '读取Tcp内核参数错误！'
    fi
}
#禁用ssh的DNS功能
function Disabled_sshd_dns(){
    #[ `grep "^#UseDNS \(no\|yes\)" /etc/ssh/sshd_config | wc -l` -eq 0 ] && { echo '已禁用该配置，Do nothing！' ; return 1; }
    sed -ri 's@#UseDNS (no|yes)@UseDNS no@g' /etc/ssh/sshd_config
    sed -ri 's@GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
    if [ "$Get_host_version" == '6' ]
        then
        service sshd restart
    elif [ "$Get_host_version" == '7' ] 
        then
        systemctl restart sshd
    else
        Error_system_version
    fi
}
#配置网卡名称为eth*
function Modify_network_card_name(){
    if [ "$Get_host_version" == '6' ] #修改Centos6 的网卡
        then
        Count_cart=`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' | wc -l`
        [ "$Count_cart" -eq 0 ] && { echo "没有网卡信息，请检查网卡驱动！" ; return 1; }
        count=1
        All_mac=`cat 70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' |grep -o "\([0-9a-fA-F]\{2\}:\)\{5\}[0-9a-fA-F]\{2\}"`
        for i in `$ALL_mac`
            do
            sed -ri 's@('$i'.*NAME=").*[[:digit:]]+"$@\1eth'$count'$"@' /etc/udev/rules.d/70-persistent-net.rules
            let count+=1
            done
        echo '修改网卡名成功,请查看配置!'
        echo "`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'`"
    elif [ "$Get_host_version" == '7' ] #修改Centos7 的网卡
        then
        boot_grub=/boot/grub2/grub.cfg
        grub_default_cfg=/etc/default/grub
        Name_count=`cat  $boot_grub 2>/dev/null | grep "quiet[[:blank:]]\+net.ifnames" | wc -l`
        cp $grub_default_cfg ${grub_default_cfg}.`date +'%F_%H.%M'`
        [ $? -ne 0 ] && { echo "没有 $grub_default_cfg 这个文件" ; return 1; }
        if [ "$Name_count" -eq 0 ]
            then
            sed -ri 's/(GRUB_CMDLINE_LINUX=.*quiet)/\1 net.ifnames=0/g' $grub_default_cfg
            grub2-mkconfig -o $boot_grub
            if [ $? -eq 0 ]
                then
                echo '生成新的配置文件，生效需重启！'
            else
                echo "grub文件生成错误！ $boot_grub 可能会产生错误！请检查"
            fi
        else
            echo '已经修改过grub参数，无需再次修改！Do nothing！'
        fi
    else
        Error_system_version
    fi
}
#配置yum仓库为aliyun
function Modify_yumrepo(){
    repo_path=/etc/yum.repos.d/
    base_repo_count=`ls $repo_path | grep Alibase.repo | wc -l`
    epel_repo_count=`ls $repo_path | grep epel.repo | wc -l`
    mkdir -p ${repo_path}bak 2>/dev/null
    cd $repo_path
    Test_network
    [ $? -ne 0 ] && { echo '网络不通,退出函数！' ; return 1; }
    mv CentOS-* bak 2>/dev/null
    #根据系统版本添加源
    if [ "$Get_host_version" -eq 6 ]
        then
        if [ "$base_repo_count" -eq 0 ];then
            wget https://mirrors.aliyun.com/repo/Centos-6.repo -O ${repo_path}Alibase.repo
        else
            echo "已经添加过阿里源！"
        fi
        sleep 1
        if [ "$epel_repo_count" -eq 0 ];then
            wget https://mirrors.aliyun.com/repo/epel-6.repo -O ${repo_path}epel.repo
        else
            echo "已经添加过epel源！"
        fi
        yum clean all
    elif [ "$Get_host_version" -eq 7 ]
        then
        if [ "$base_repo_count" -eq 0 ];then
            wget https://mirrors.aliyun.com/repo/Centos-7.repo -O ${repo_path}Alibase.repo
        else
            echo "已经添加过阿里源！"
        fi
        sleep 1
        if [ "$epel_repo_count" -eq 0 ];then
            wget https://mirrors.aliyun.com/repo/epel-7.repo -O ${repo_path}epel.repo
        else
            echo "已经添加过epel源！"
        fi
        yum clean all   
    else
        Error_system_version
    fi
}
#安装一些软件包
function Install_some_packege(){
packges="gcc glibc zlib openssl openssl-devel lrzsz lftp ftp telnet nmap-ncat net-snmp net-snmp-devel vim sysstat bash-completion wget lsof psmisc ntp"
yum install -y $packges
}
#配置Bond
function Config_Bond(){
    [ `ls /etc/sysconfig/network-scripts/ifcfg-Bond* 2>/dev/null | wc -l ` -ne 0 ] && { echo '已经配置了了Bond' ; return 1; }
    Net_card_name=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}'`
    Net_card_Num=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}' | wc -l`
    Named_eth_count=`echo $Net_card_name | grep -io eth | wc -l`
    [ "$Named_eth_count" -ne "$Net_card_Num" ] && { echo "网卡名并未变更为eth，或者已经添加过了聚合类型！配置失败！" ; return 1; }
    net_path=/etc/sysconfig/network-scripts/
    if [ "$Get_host_version" == '6' ]
        then
        service NetworkManager stop
        chkconfig NetworkManager off
        for i in $Net_card_name
            do
            cat >>${net_path}ifcfg-$i <<EOF
DEVICE=$i
BOOTPROTO=none
MASTER=bond0
SLAVE=yes        
USERCTL=no
EOF
            done
        cat >>${net_path}ifcfg-Bond0 <<EOF
DEVICE=bond0
BOOTPROTO=none
BONDING_OPTS="miimon=100 mode=0"
DNS1=8.8.8.8
IPADDR=172.18.30.2
PREFIX=16
GATEWAY=172.18.0.1
ONBOOT=yes
EOF
        service network restart
    elif [ "$Get_host_version" == '7' ]
        then
        nmcli con add type bond con-name Bond0 ifname Bond0 mode 0 ipv4.method manual ipv4.addresses 172.18.30.1 ipv4.gateway 172.18.0.1 ipv4.dns 8.8.8.8 &>/dev/null
        [ $? -eq 0 ] && nmcli con up Bond0
        for i in $Net_card_name
            do
            nmcli con add type bond-slave con-name $i-bond ifname $i master Bond0
            [ $? -eq 0 ] && nmcli con up $i-bond || echo "激活失败！"
            done
    else
        Error_system_version
    fi
} 
#这里开始调用执行
Bakup_etc   #备份etc
Off_firewall_and_selinux  #关闭selinux
Install_wget #安装wget
Modify_charaset  #修改全局字符集
Set_timezone_and_time  #设置时区和时间
Set_handler_Num   # 设置打开文件数
Set_tcp_kernel_arguments  #优化内核tcp连接
Set_kernel_swap #优化swap
Modify_yumrepo   #修改yum仓库
Install_some_packege #安装一些软件包
Disabled_sshd_dns #禁用ssh的dns功能
#Shadow_system_version #隐藏系统版本
Modify_network_card_name   #统一网卡名称为eth
Config_Bond    #配置Bond，默认ip为172.18.30.1，需要手动配置