#!/bin/bash
#
#********************************************************************
#encoding -*-utf8-*-
#Author: zhangshang
#Date: 2017-12-19
#URL: http://blog.vservices.top/myblog
#Description: The test script
#Copyright (C): 2017 All rights reserved
#QQ Numbers: 765030447
#********************************************************************
#查看系统版本
Get_host_version=`cat /etc/centos-release | grep -i centos | grep -o "\<[[:digit:]]\+" |head -1`
#查看内核版本
kernel_version=`uname -r`
#设置开机启动文件的权限
chmod +x /etc/rc.d/rc.local
#安装wget必备工具
function Install_wget(){
mount /dev/sr0 /mnt
[ $? -ne 0 ] && { echo "未添加光盘源!退出脚本" ; exit 1 ; }
rpm -ivh /mnt/Packages/wget*
cd /
umount /mnt
}
#修改字符集位zh_CN.UTF-8
function Modify_charaset(){
echo 'export LANG=zh_CN.UTF-8' >>/etc/profile
export LANG=zh_CN.UTF-8
}
#输出错误的系统版本
function Error_system_version(){
echo "未知的系统版本 $Get_host_version"
}
#备份操作的相关目录
function Bakup_etc(){
Now_of_time=`date +'%F_%H.%M'`
back_path=/bak/initsys/
mkdir -p $back_path
tar -czf $back_path/etc.${Now_of_time}.tar.gz /etc
}
#关闭防火墙和selinux
function Off_firewall_and_selinux(){
#off firewall
if [ "$Get_host_version" == 7 ]
then
systemctl stop firewalld &>/dev/null
systemctl disable firewalld &>/dev/null
elif [ "$Get_host_version" == 6 ]
then
service iptables stop &>/dev/null
chkconfig iptables off &>/dev/null
else
Error_system_version
return 1
fi
#off selinux
sed -ri 's/^(SELINUX=).*$/\1disabled/g' /etc/selinux/config
setenforce 0
}
#配置时区和时间
function Set_timezone_and_time(){
/usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#/usr/sbin/ntpdate 10.11.23.22 #设置ntp服务器同步,如果需要取消注释
#hwclock -w #同步系统时间到硬件时间
if [ "$Get_host_version" == '6' ]
then
cat > /etc/sysconfig/clock << EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
elif [ "$Get_host_version" == '7' ]
then
timedatectl set-local-rtc yes
else
Error_system_version
fi
}
#隐藏系统版本
function Shadow_system_version(){
echo '' > /etc/issue
echo '' > /etc/motd
echo '' > /etc/redhat-release
echo '' > /etc/centos-release
}
#测试外网是否连通
function Test_network(){
ping -c1 www.baidu.com &>/dev/null
if [ $? -eq 0 ]
then
return 0
else
return 1
fi
}
#设置系统最大句柄数
function Set_handler_Num(){
limit_count=`cat /etc/security/limits.conf | grep "^\*[[:blank:]]\+\(soft\|hard\)[[:blank:]]\+\(nofile\|nproc\)[[:blank:]]\+" | wc -l`
if [ "$limit_count" -eq 0 ]
then
cat >> /etc/security/limits.conf << EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 40960
* hard nproc 40960
EOF
ulimit -n 102400 #设置文件打开数,并马上生效,
else
echo "已经添加过limit限制!"
fi
}
#优化tcp连接
function Set_tcp_kernel_arguments(){
kernel_args=/etc/sysctl.d/tcp_optimization.conf
flag_1=`cat $kernel_args 2>/dev/null | grep tcp_flag | awk '{print $2}'`
flag_2=`cat $kernel_args 2>/dev/null | grep tcp_flag | wc -l`
if [ "$flag_2" -gt 1 ]
then
echo "系统错误,TCP重复的优化参数,请查看 $kernel_args 是否正确!"
return 1
fi
if [ "$flag_1" == 1 ]
then
echo "TCP内核参数已经优化过了。"
return 1
fi
echo "#tcp_flag 1" >>$kernel_args
touch $kernel_args
echo "
net.ipv4.tcp_syncookies = 1 #SYN等待队列溢出,启用cookie,可防少量ddos
net.ipv4.tcp_tw_resue = 1 #重用TIME_WAIT套接字用于新的TCP链接
net.ipv4.tcp_tw_recycle = 1 #启用TIME_WAIT套接字快速回收
net.ipv4.tcp_keepalive_time = 1200 #tcp keepalive消息的频度,默认2小时
net.ipv4.tcp_fin_timeout = 5 #指定孤儿连接在内核中生存的时间为5秒
net.ipv4.ip_local_port_range = 10000 65000 #配置可用端口
net.ipv4.tcp_max_syn_backlog = 262144 #表示SYN队列的长度
net.ipv4.tcp_max_tw_buckets = 5000 #超过数量的TIME_WAIT将立刻被清除并打印警告信息
net.core.netdev_max_backlog = 262144 #当网络接口接收数据包的速率比内核处理速率快时,允许送到缓冲队列的数据包最大数目。
net.core.somaxconn = 40000 #用于存放已经建立好的TCP连接,等待服务端应用listener accept进行处理
" >>$kernel_args
sysctl -p $kernel_args &>/dev/null
if [ $? != 0 ]
then
echo '读取Tcp内核参数错误!'
fi
}
#优化swap
function Set_kernel_swap(){
kernel_args=/etc/sysctl.d/swap.conf
echo "vm.swappiness = 0" >>$kernel_args
sysctl -p $kernel_args &>/dev/null
if [ $? != 0 ]
then
echo '读取Tcp内核参数错误!'
fi
}
#禁用ssh的DNS功能
function Disabled_sshd_dns(){
#[ `grep "^#UseDNS \(no\|yes\)" /etc/ssh/sshd_config | wc -l` -eq 0 ] && { echo '已禁用该配置,Do nothing!' ; return 1; }
sed -ri 's@#UseDNS (no|yes)@UseDNS no@g' /etc/ssh/sshd_config
sed -ri 's@GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
if [ "$Get_host_version" == '6' ]
then
service sshd restart
elif [ "$Get_host_version" == '7' ]
then
systemctl restart sshd
else
Error_system_version
fi
}
#配置网卡名称为eth*
function Modify_network_card_name(){
if [ "$Get_host_version" == '6' ] #修改Centos6 的网卡
then
Count_cart=`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' | wc -l`
[ "$Count_cart" -eq 0 ] && { echo "没有网卡信息,请检查网卡驱动!" ; return 1; }
count=1
All_mac=`cat 70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' |grep -o "\([0-9a-fA-F]\{2\}:\)\{5\}[0-9a-fA-F]\{2\}"`
for i in `$ALL_mac`
do
sed -ri 's@('$i'.*NAME=").*[[:digit:]]+"$@\1eth'$count'$"@' /etc/udev/rules.d/70-persistent-net.rules
let count+=1
done
echo '修改网卡名成功,请查看配置!'
echo "`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'`"
elif [ "$Get_host_version" == '7' ] #修改Centos7 的网卡
then
boot_grub=/boot/grub2/grub.cfg
grub_default_cfg=/etc/default/grub
Name_count=`cat $boot_grub 2>/dev/null | grep "quiet[[:blank:]]\+net.ifnames" | wc -l`
cp $grub_default_cfg ${grub_default_cfg}.`date +'%F_%H.%M'`
[ $? -ne 0 ] && { echo "没有 $grub_default_cfg 这个文件" ; return 1; }
if [ "$Name_count" -eq 0 ]
then
sed -ri 's/(GRUB_CMDLINE_LINUX=.*quiet)/\1 net.ifnames=0/g' $grub_default_cfg
grub2-mkconfig -o $boot_grub
if [ $? -eq 0 ]
then
echo '生成新的配置文件,生效需重启!'
else
echo "grub文件生成错误! $boot_grub 可能会产生错误!请检查"
fi
else
echo '已经修改过grub参数,无需再次修改!Do nothing!'
fi
else
Error_system_version
fi
}
#配置yum仓库为aliyun
function Modify_yumrepo(){
repo_path=/etc/yum.repos.d/
base_repo_count=`ls $repo_path | grep Alibase.repo | wc -l`
epel_repo_count=`ls $repo_path | grep epel.repo | wc -l`
mkdir -p ${repo_path}bak 2>/dev/null
cd $repo_path
Test_network
[ $? -ne 0 ] && { echo '网络不通,退出函数!' ; return 1; }
mv CentOS-* bak 2>/dev/null
#根据系统版本添加源
if [ "$Get_host_version" -eq 6 ]
then
if [ "$base_repo_count" -eq 0 ];then
wget https://mirrors.aliyun.com/repo/Centos-6.repo -O ${repo_path}Alibase.repo
else
echo "已经添加过阿里源!"
fi
sleep 1
if [ "$epel_repo_count" -eq 0 ];then
wget https://mirrors.aliyun.com/repo/epel-6.repo -O ${repo_path}epel.repo
else
echo "已经添加过epel源!"
fi
yum clean all
elif [ "$Get_host_version" -eq 7 ]
then
if [ "$base_repo_count" -eq 0 ];then
wget https://mirrors.aliyun.com/repo/Centos-7.repo -O ${repo_path}Alibase.repo
else
echo "已经添加过阿里源!"
fi
sleep 1
if [ "$epel_repo_count" -eq 0 ];then
wget https://mirrors.aliyun.com/repo/epel-7.repo -O ${repo_path}epel.repo
else
echo "已经添加过epel源!"
fi
yum clean all
else
Error_system_version
fi
}
#安装一些软件包
function Install_some_packege(){
packges="gcc glibc zlib openssl openssl-devel lrzsz lftp ftp telnet nmap-ncat net-snmp net-snmp-devel vim sysstat bash-completion wget lsof psmisc ntp"
yum install -y $packges
}
#配置Bond
function Config_Bond(){
[ `ls /etc/sysconfig/network-scripts/ifcfg-Bond* 2>/dev/null | wc -l ` -ne 0 ] && { echo '已经配置了了Bond' ; return 1; }
Net_card_name=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}'`
Net_card_Num=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}' | wc -l`
Named_eth_count=`echo $Net_card_name | grep -io eth | wc -l`
[ "$Named_eth_count" -ne "$Net_card_Num" ] && { echo "网卡名并未变更为eth,或者已经添加过了聚合类型!配置失败!" ; return 1; }
net_path=/etc/sysconfig/network-scripts/
if [ "$Get_host_version" == '6' ]
then
service NetworkManager stop
chkconfig NetworkManager off
for i in $Net_card_name
do
cat >>${net_path}ifcfg-$i <<EOF
DEVICE=$i
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
EOF
done
cat >>${net_path}ifcfg-Bond0 <<EOF
DEVICE=bond0
BOOTPROTO=none
BONDING_OPTS="miimon=100 mode=0"
DNS1=8.8.8.8
IPADDR=172.18.30.2
PREFIX=16
GATEWAY=172.18.0.1
ONBOOT=yes
EOF
service network restart
elif [ "$Get_host_version" == '7' ]
then
nmcli con add type bond con-name Bond0 ifname Bond0 mode 0 ipv4.method manual ipv4.addresses 172.18.30.1 ipv4.gateway 172.18.0.1 ipv4.dns 8.8.8.8 &>/dev/null
[ $? -eq 0 ] && nmcli con up Bond0
for i in $Net_card_name
do
nmcli con add type bond-slave con-name $i-bond ifname $i master Bond0
[ $? -eq 0 ] && nmcli con up $i-bond || echo "激活失败!"
done
else
Error_system_version
fi
}
#这里开始调用执行
Bakup_etc #备份etc
Off_firewall_and_selinux #关闭selinux
Install_wget #安装wget
Modify_charaset #修改全局字符集
Set_timezone_and_time #设置时区和时间
Set_handler_Num # 设置打开文件数
Set_tcp_kernel_arguments #优化内核tcp连接
Set_kernel_swap #优化swap
Modify_yumrepo #修改yum仓库
Install_some_packege #安装一些软件包
Disabled_sshd_dns #禁用ssh的dns功能
#Shadow_system_version #隐藏系统版本
Modify_network_card_name #统一网卡名称为eth
Config_Bond #配置Bond,默认ip为172.18.30.1,需要手动配置
文档更新时间: 2019-03-27 11:18 作者:张尚