1 #!/bin/sh
2 ################################################
3 #Author:nulige
4 # qqinfo:1034611705
5 # Date: 2015-6-8
6 #version:1.2
7 #实现功能:一键系统优化15项脚本,适用于Centos6.x
8 ################################################
9
10 #Source function library.
11
12 . /etc/init.d/functions
13
14 #date
15 DATE=`date +"%y-%m-%d %H:%M:%S"`
16 #ip
17 IPADDR=`grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d= -f 2 `
18 #hostname
19 HOSTNAME=`hostname -s`
20 #user
21 USER=`whoami`
22 #disk_check
23 DISK_SDA=`df -h |grep -w "/" |awk \'{print $5}\'`
24 #cpu_average_check
25 cpu_uptime=`cat /proc/loadavg|awk \'{print $1,$2,$3}\'`
26
27 #set LANG
28 export LANG=zh_CN.UTF-8
29
30 #Require root to run this script.
31 u cut -d\( -f1 | cut -d= -f2`
32 if [ $uid -ne 0 ];then
33 action "Please run this script as root." /bin/false
34 exit 1
35 fi
36
37 #"stty erase ^H"
38 \cp /root/.bash_profile /root/.bash_profile_$(date +%F)
39 erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
40 if [ $erase -lt 1 ];then
41 echo "stty erase ^H" >>/root/.bash_profile
42 source /root/.bash_profile
43 fi
44
45 #Config Yum CentOS-Bases.repo and save Yum file
46 configYum(){
47 echo "================更新为国内YUM源=================="
48 cd /etc/yum.repos.d/
49 \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
50 ping -c 1 mirrors.aliyun.com >/dev/null
51 if [ $? -eq 0 ];then
52 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
53 else
54 echo "无法连接网络。"
55 exit $?
56 fi
57
58 echo "==============保存YUM源文件======================"
59 sed -i \'s#keepcache=0#keepcache=1#g\' /etc/yum.conf
60 grep keepcache /etc/yum.conf
61 sleep 5
62
63 action "配置国内YUM完成" /bin/true
64 echo "================================================="
65 echo ""
66 sleep 2
67 }
68
69 #Charset zh_CN.UTF-8
70 initI18n(){
71 echo "================更改为中文字符集================="
72 \cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
73 >/etc/sysconfig/i18n
74 cat >>/etc/sysconfig/i18n<<EOF
75
76 #
77 SYSFONT="latarcyrheb-sun16"
78 EOF
79 source /etc/sysconfig/i18n
80 echo \'#cat /etc/sysconfig/i18n\'
81 grep LANG /etc/sysconfig/i18n
82 action "更改字符集zh_CN.UTF-8完成" /bin/true
83 echo "================================================="
84 echo ""
85 sleep 2
86 }
87
88 #Close Selinux and Iptables
89 initFirewall(){
90 echo "============禁用SELINUX及关闭防火墙=============="
91 \cp /etc/selinux/config /etc/selinux/config.$(date +%F)
92 /etc/init.d/iptables stop
93 sed -i \'s/SELINUX=enforcing/SELINUX=disabled/g\' /etc/selinux/config
94 setenforce 0
95 /etc/init.d/iptables status
96 echo \'#grep SELINUX=disabled /etc/selinux/config \'
97 grep SELINUX=disabled /etc/selinux/config
98 echo \'#getenforce \'
99 getenforce
100 action "禁用selinux及关闭防火墙完成" /bin/true
101 echo "================================================="
102 echo ""
103 sleep 2
104 }
105
106 #Init Auto Startup Service
107 initService(){
108 echo "===============精简开机自启动===================="
109 export
110 for A in `chkconfig --list |grep 3:on |awk \'{print $1}\' `;do chkconfig $A off;done
111 for B in rsyslog network sshd crond;do chkconfig $B on;done
112 echo \'+--------which services on---------+\'
113 chkconfig --list |grep 3:on
114 echo \'+----------------------------------+\'
115 export
116 action "精简开机自启动完成" /bin/true
117 echo "================================================="
118 echo ""
119 sleep 2
120 }
121
122 #Removal system and kernel version login before the screen display
123 initRemoval(){
124 echo "======去除系统及内核版本登录前的屏幕显示======="
125 #must use root user run scripts
126 if
127 [ $UID -ne 0 ];then
128 echo This script must use the root user ! ! !
129 sleep 2
130 exit 0
131 fi
132 >/etc/redhat-release
133 >/etc/issue
134 action "去除系统及内核版本登录前的屏幕显示" /bin/true
135 echo "================================================="
136 echo ""
137 sleep 2
138 }
139
140 #Change sshd default port and prohibit user root remote login.
141 initSsh(){
142 echo "========修改ssh默认端口禁用root远程登录=========="
143 \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
144 sed -i \'s/#Port 22/Port 52113/g\' /etc/ssh/sshd_config
145 sed -i \'s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g\' /etc/ssh/sshd_config
146 sed -i \'s/#PermitRootLogin yes/PermitRootLogin no/g\' /etc/ssh/sshd_config
147 sed -i \'s/#UseDNS yes/UseDNS no/g\' /etc/ssh/sshd_config
148 echo \'+-------modify the sshd_config-------+\'
149 echo \'Port 52113\'
150 echo \'PermitEmptyPasswords no\'
151 echo \'PermitRootLogin no\'
152 echo \'UseDNS no\'
153 echo \'+------------------------------------+\'
154 /etc/init.d/sshd reload && action "修改ssh默认参数完成" /bin/true || action "修改ssh参数失败" /bin/false
155 echo "================================================="
156 echo ""
157 sleep 2
158 }
159
160 #time sync
161 syncSysTime(){
162 echo "================配置时间同步====================="
163 \cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
164 NTPDATE=`grep ntpdate /var/spool/cron/root 2>/dev/null |wc -l`
165 if [ $NTPDATE -eq 0 ];then
166 echo "#times sync by lee at $(date +%F)" >>/var/spool/cron/root
167 echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >> /var/spool/cron/root
168 fi
169 echo \'#crontab -l\'
170 crontab -l
171 action "配置时间同步完成" /bin/true
172 echo "================================================="
173 echo ""
174 sleep 2
175 }
176
177 #install tools
178 initTools(){
179 echo "#####安装系统补装工具(选择最小化安装minimal)#####"
180 ping -c 2 mirrors.aliyun.com
181 sleep 2
182 yum install tree nmap sysstat lrzsz dos2unix -y
183 sleep 2
184 rpm -qa tree nmap sysstat lrzsz dos2unix
185 sleep 2
186 action "安装系统补装工具(选择最小化安装minimal)" /bin/true
187 echo "================================================="
188 echo ""
189 sleep 2
190 }
191
192 #add user and give sudoers
193 addUser(){
194 echo "===================新建用户======================"
195 #add user
196 while true
197 do
198 read -p "请输入新用户名:" name
199 NAME=`awk -F\':\' \'{print $1}\' /etc/passwd|grep -wx $name 2>/dev/null|wc -l`
200 if [ ${#name} -eq 0 ];then
201 echo "用户名不能为空,请重新输入。"
202 continue
203 elif [ $NAME -eq 1 ];then
204 echo "用户名已存在,请重新输入。"
205 continue
206 fi
207 useradd $name
208 break
209 done
210 #create password
211 while true
212 do
213 read -p "为 $name 创建一个密码:" pass1
214 if [ ${#pass1} -eq 0 ];then
215 echo "密码不能为空,请重新输入。"
216 continue
217 fi
218 read -p "请再次输入密码:" pass2
219 if [ "$pass1" != "$pass2" ];then
220 echo "两次密码输入不相同,请重新输入。"
221 continue
222 fi
223 echo "$pass2" |passwd --stdin $name
224 break
225 done
226 sleep 1
227
228 #add visudo
229 echo "#####add visudo#####"
230 \cp /etc/sudoers /etc/sudoers.$(date +%F)
231 SUDO=`grep -w "$name" /etc/sudoers |wc -l`
232 if [ $SUDO -eq 0 ];then
233 echo "$name ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
234 echo \'#tail -1 /etc/sudoers\'
235 grep -w "$name" /etc/sudoers
236 sleep 1
237 fi
238 action "创建用户$name并将其加入visudo完成" /bin/true
239 echo "================================================="
240 echo ""
241 sleep 2
242 }
243
244 #Adjust the file descriptor(limits.conf)
245 initLimits(){
246 echo "===============加大文件描述符===================="
247 LIMIT=`grep nofile /etc/security/limits.conf |grep -v "^#"|wc -l`
248 if [ $LIMIT -eq 0 ];then
249 \cp /etc/security/limits.conf /etc/security/limits.conf.$(date +%F)
250 echo \'* - nofile 65535\'>>/etc/security/limits.conf
251 fi
252 echo \'#tail -1 /etc/security/limits.conf\'
253 tail -1 /etc/security/limits.conf
254 ulimit -HSn 65535
255 echo \'#ulimit -n\'
256 ulimit -n
257 action "配置文件描述符为65535" /bin/true
258 echo "================================================="
259 echo ""
260 sleep 2
261 }
262
263 #set ssh
264 initSsh(){
265 echo "======禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度======="
266 sed -i \'s/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/\' /etc/ssh/sshd_config
267 sed -i \'s/#UseDNS yes/UseDNS no/\' /etc/ssh/sshd_config
268 service sshd restart
269 action "禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度" /bin/true
270 echo "================================================="
271 echo ""
272 sleep 2
273 }
274
275 #set the control-alt-delete to guard against the miSUSE
276 initRestart(){
277 sed -i \'s#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#\' /etc/init/control-alt-delete.conf
278 action "将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启" /bin/true
279 echo "================================================="
280 echo ""
281 sleep 2
282 }
283
284 #Optimizing the system kernel
285 initSysctl(){
286 echo "================优化内核参数====================="
287 SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
288 if [ $SYSCTL -lt 10 ];then
289 \cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
290 cat >>/etc/sysctl.conf<<EOF
291 net.ipv4.tcp_fin_timeout = 2
292 net.ipv4.tcp_tw_reuse = 1
293 net.ipv4.tcp_tw_recycle = 1
294 net.ipv4.tcp_syncookies = 1
295 net.ipv4.tcp_keepalive_time = 600
296 net.ipv4.ip_local_port_range = 4000 65000
297 net.ipv4.tcp_max_syn_backlog = 16384
298 net.ipv4.tcp_max_tw_buckets = 36000
299 net.ipv4.route.gc_timeout = 100
300 net.ipv4.tcp_syn_retries = 1
301 net.ipv4.tcp_synack_retries = 1
302 net.core.somaxconn = 16384
303 net.core.netdev_max_backlog = 16384
304 net.ipv4.tcp_max_orphans = 16384
305 net.netfilter.nf_conntrack_max = 25000000
306 net.netfilter.nf_conntrack_tcp_timeout_established = 180
307 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
308 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
309 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
310 EOF
311 fi
312 \cp /etc/rc.local /etc/rc.local.$(date +%F)
313 modprobe nf_conntrack
314 echo "modprobe nf_conntrack">> /etc/rc.local
315 modprobe bridge
316 echo "modprobe bridge">> /etc/rc.local
317 sysctl -p
318 action "内核调优完成" /bin/true
319 echo "================================================="
320 echo ""
321 sleep 2
322 }
323
324 #setting history and login timeout
325 initHistory(){
326 echo "======设置默认历史记录数和连接超时时间======"
327 echo "TMOUT=300" >>/etc/profile
328 echo "HISTSIZE=5" >>/etc/profile
329 echo "HISTFILESIZE=5" >>/etc/profile
330 tail -3 /etc/profile
331 source /etc/profile
332 action "设置默认历史记录数和连接超时时间" /bin/true
333 echo "================================================="
334 echo ""
335 sleep 2
336 }
337
338 #chattr file system
339 initChattr(){
340 echo "======锁定关键文件系统======"
341 chattr +i /etc/passwd
342 chattr +i /etc/inittab
343 chattr +i /etc/group
344 chattr +i /etc/shadow
345 chattr +i /etc/gshadow
346 /bin/mv /usr/bin/chattr /usr/bin/lock
347 action "锁定关键文件系统" /bin/true
348 echo "================================================="
349 echo ""
350 sleep 2
351 }
352
353 #menu2
354 menu2(){
355 while true
356 do
357 clear
358 cat <<EOF
359 ----------------------------------------
360 |****Please Enter Your Choice:[0-15]****|
361 ----------------------------------------
362 (1) 新建一个用户并将其加入visudo
363 (2) 配置为国内YUM源镜像和保存YUM源文件
364 (3) 配置中文字符集
365 (4) 禁用SELINUX及关闭防火墙
366 (5) 精简开机自启动
367 (6) 去除系统及内核版本登录前的屏幕显示
368 (7) 修改ssh默认端口及禁用root远程登录
369 (8) 设置时间同步
370 (9) 安装系统补装工具(选择最小化安装minimal)
371 (10) 加大文件描述符
372 (11) 禁用GSSAPI来认证,也禁用DNS反向解析,加快SSH登陆速度
373 (12) 将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启
374 (13) 系统内核调优
375 (14) 设置默认历史记录数和连接超时时间
376 (15) 锁定关键文件系统
377 (0) 返回上一级菜单
378 EOF
379 read -p "Please enter your Choice[0-15]: " input2
380 case "$input2" in
381 0)
382 clear
383 break
384 ;;
385 1)
386 addUser
387 ;;
388 2)
389 configYum
390 ;;
391 3)
392 initI18n
393 ;;
394 4)
395 initFirewall
396 ;;
397 5)
398 initService
399 ;;
400 6)
401 initRemoval
402 ;;
403 7)
404 initSsh
405 ;;
406 8)
407 syncSysTime
408 ;;
409 9)
410 initTools
411 ;;
412 10)
413 initLimits
414 ;;
415 11)
416 initSsh
417 ;;
418 12)
419 initRestart
420 ;;
421 13)
422 initSysctl
423 ;;
424 14)
425 initHistory
426 ;;
427 15)
428 initChattr
429 ;;
430 *) echo "----------------------------------"
431 echo "| Warning!!! |"
432 echo "| Please Enter Right Choice! |"
433 echo "----------------------------------"
434 for i in `seq -w 3 -1 1`
435 do
436 echo -ne "\b\b$i";
437 sleep 1;
438 done
439 clear
440 esac
441 done
442 }
443 #initTools
444 #menu
445 while true
446 do
447 clear
448 echo "========================================"
449 echo \' Linux Optimization \'
450 echo "========================================"
451 cat << EOF
452 |-----------System Infomation-----------
453 | DATE :$DATE
454 | HOSTNAME :$HOSTNAME
455 | USER :$USER
456 | IP :$IPADDR
457 | DISK_USED :$DISK_SDA
458 | CPU_AVERAGE:$cpu_uptime
459 ----------------------------------------
460 |****Please Enter Your Choice:[1-3]****|
461 ----------------------------------------
462 (1) 一键优化
463 (2) 自定义优化
464 (3) 退出
465 EOF
466 #choice
467 read -p "Please enter your choice[0-3]: " input1
468
469 case "$input1" in
470 1)
471 addUser
472 configYum
473 initI18n
474 initFirewall
475 initService
476 initRemoval
477 initSsh
478 syncSysTime
479 initTools
480 initLimits
481 initSsh
482 initRestart
483 initSysctl
484 initHistory
485 initChattr
486 ;;
487
488 2)
489 menu2
490 ;;
491 3)
492 clear
493 break
494 ;;
495 *)
496 echo "----------------------------------"
497 echo "| Warning!!! |"
498 echo "| Please Enter Right Choice! |"
499 echo "----------------------------------"
500 for i in `seq -w 3 -1 1`
501 do
502 echo -ne "\b\b$i";
503 sleep 1;
504 done
505 clear
506 esac
507 done