文章目录
-
-
- 脚本简介
- 脚本注解
- 执行方式
- 脚本内容
-
脚本简介
- 基于运维统一脚本中,6、基础环境配置下的初始化服务器配置选项
- 使用yum安装(yum仓库),系统版本Centos7
脚本注解
- 该脚本为了在新安装的Centos7服务器上快速完成初始化的操作
初始化设置一下内容
- 设置主机名**(执行脚本时填写)**
- 设置ssh超时时间**(执行脚本时填写)**
- 是否禁止root远程登录**(执行脚本时填写)**
- 是否在修改完成后进行检查配置**(执行脚本时填写)**
- 安装系统性能分析工具及其他**(执行脚本时填写)**
- 添加阿里云yum仓库(已添加的话则不会添加)
- 时区设置,并同步时间
- 设置selinx策略模式(disable)
- 设置防火墙firewalld(关闭)
- 设置禁止定时任务向发送邮件
- 设置最大打开文件数(65535)
- 禁用SWAP使用
- 系统内核优化
- 修改history历史命令的输出格式
执行方式
sh init_server.sh run|check
- run == 开始设置初始化服务器的配置
- check == 检查初始化服务器的相关配置
脚本内容
#!/bin/bash
#所有者:北城半夏
#
#当前版本
#v1.0.1
#服务器系统配置初始化脚本
#################################################################################
info(){
echo -e "\033[35m 【`hostname` `date '+%Y-%m-%d %H:%M:%S'`】\033[0m" "\033[36m$1\033[0m "
}
info1(){
echo -e "\033[36m $1 \033[0m "
}
info2(){
echo -e "\033[34m 【`hostname` `date '+%Y-%m-%d %H:%M:%S'`】\033[0m" "\033[35m$1\033[0m "
}
info3(){
echo -e "\033[36m------------------------------------------------------------------------------\033[0m"
}
info4(){
echo -e "\033[32m $1 \033[0m "
}
info5(){
info1 "=============================================================================="
}
info6(){
echo -e "\033[33m 【`hostname` `date '+%Y-%m-%d %H:%M:%S'`】\033[0m" "\033[91m$1\033[0m "
}
info7(){
echo -e "\033[35m 【`hostname` `date '+%Y-%m-%d %H:%M:%S'`】\033[0m" "\033[32m$1\033[0m "
}
info8(){
echo -e "\033[31m 【`hostname` `date '+%Y-%m-%d %H:%M:%S'`】\033[0m" "\033[35m$1\033[0m "
}
info9(){
echo -e "\033[32m 【`hostname` `date '+%Y-%m-%d %H:%M:%S'`】\033[0m" "\033[36m$1\033[0m "
}
#yum源
aliyun_yum(){
echo ""
info "官方网站下载最新版(CentOS7)"
ls /etc/yum.repos.d/*.repo
if [ $? -eq 0 ];then
[ -d /etc/yum.repos.d/bak ] || mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
fi
if [ `rpm -qa|grep ^wget|wc -l` -eq 1 ];then
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
else
curl http://mirrors.aliyun.com/repo/Centos-7.repo -o /etc/yum.repos.d/CentOS-Base.repo
fi
yum makecache >/dev/null
[ $? -eq 0 ] && info "Aliyun yum 源加载成功"
}
run_set_system(){
info5
# 设置时区并同步时间
read -p "设置ssh超时时间(600):" time
read -p "是否禁止root用户远程登录(yes),默认允许:" ban
read -p "是否安装基础安装包(vim,wget...),默认允许安装(yes):" install
read -p "是否检查基础设置是否成功(yes/no),默认自动检查:" check_system
read -p "设置主机名称(myos):" hostname_name
info "重新加载yum仓库,请等待!!!"
yum makecache >/dev/null
local repolost_num=`yum repolist|grep repolist|awk -F: '{print $2}'|cut -c2`
local check_system=${check_system:-yes}
local tmout_time=${time:-600}
local ban_root=${ban:-no}
local install_run=${install:-yes}
local hostname_name=${hostname_name:-myos}
#判断
if [ $repolost_num -eq 0 ];then
read -p "检测到没有yum仓库,是否添加阿里云yum仓库(yes/no),默认添加:" aliyun_yum_1
aliyun_yum_2=${aliyun_yum_1:-yes}
if [ ${aliyun_yum_2} == "yes" ] ;then
aliyun_yum
fi
fi
#设置主机名
info6 "设置主机名${hostname_name}"
hostnamectl set-hostname ${hostname_name}
info6 "设置时区,并同步时间"
time=`timedatectl |grep "Time zone"|awk '{print $3}'`
if [ ${time} == "Asia/Shanghai" ];then
info7 "当前时区:${time}"
else
info7 "当前时区:${time}"
info "Set time zone to Shanghai"
timedatectl set-timezone Asia/Shanghai
info `timedatectl |grep "Time zone"|awk '{print $3}'`
fi
#ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#if [ `crontab -l |grep ntpdate|wc -l` -eq 0 ]; then
# echo "* 1 * * * ntpdate ntp1.aliyun.com >/dev/null 2>&1"
#fi
# 禁用selinux
info6 "设置selinux策略模式"
selinux=`sestatus |grep "SELinux status" |awk '{print $3}'`
if [ ${selinux} == disabled ];then
echo -e "\033[32m selinux禁用成功 \033[0m"
else
info6 "Disable SELinux"
setenforce 0
# sed -i 's/^SELINUX=.\*/SELINUX=disabled/' /etc/selinux/config
sed -i '/^SELINUX/s/enforcing/disabled/' /etc/selinux/config
[ $? -eq 0 ] && info9 "设置selinux策略的状态disabled成功,重启生效"
fi
# 关闭防火墙
info6 "开始关闭防火墙"
if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then
systemctl stop firewalld >/dev/null
systemctl disable firewalld >/dev/null
elif egrep "6.[0-9]" /etc/redhat-release &>/dev/null; then
service iptables stop >/dev/null
chkconfig iptables off >/dev/null
fi
[ $? -eq 0 ] && info9 "firewalld 关闭成功"
# 历史命令显示操作时间
info6 "修改history历史命令的输出格式"
if ! grep HISTTIMEFORMAT /etc/bashrc; then
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrc >/dev/null
fi
[ $? -eq 0 ] && info9 "history历史命令的输出格式已设置"
# SSH超时时间
info6 "设置ssh超时时间"
if ! grep "TMOUT=${tmout_time}" /etc/profile &>/dev/null; then
echo "export TMOUT=${tmout_time}" >> /etc/profile
fi
[ $? -eq 0 ] && info9 "超时时间设置:TMOUT=${tmout_time}"
# 禁止root远程登录
if [ ${ban_root} == "yes" ];then
info6 "禁止root远程登录"
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
[ $? -eq 0 ] && info9 "禁止root远程登录,设置成功"
fi
# 禁止定时任务向发送邮件
info6 "设置禁止定时任务向发送邮件"
sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab
[ $? -eq 0 ] && info9 "禁止定时任务向发送邮件设置成功"
# 设置最大打开文件数
info6 "设置最大打开文件数"
if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
ulimit -n 65535
ulimit -SHn 65535
fi
[ $? -eq 0 ] && info9 "设置最大打开文件数"
# 禁用SWAP使用
Free=`free -h|grep -i swap|awk '{print $2}'|cut -c 1`
if [ ${Free} -eq 0 ];then
info7 "Swap禁用成功"
else
info7 "Swap未禁用"
info "Disable swap"
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
info "Disable swap success"
fi
swapoff -a
echo "0" > /proc/sys/vm/swappiness
# 安装系统性能分析工具及其他
if [ ${install_run} == "yes" ];then
info6 "安装系统性能分析工具及其他,请等待!!!"
yum -y install ${rpm_name} >/dev/null
[ $? -eq 0 ] && info9 "安装系统基础工具:\n ${rpm_name} install success"
fi
# 系统内核优化
local system_num=`egrep "tcp_syncookies|tcp_max_tw_buckets|max_syn_backlog|netdev_max_backlog|tcp_fin_timeout" /etc/sysctl.conf |wc -l `
if [ ${system_num} -eq 0 ];then
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 20480
net.ipv4.tcp_max_syn_backlog = 20480
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_fin_timeout = 20
EOF
fi
if [ ${check_system} == "yes" ];then
check_system_run_check
fi
}
#基础环境检查
check_system_run_check(){
#定义变量
local sorf=`ulimit -n`
local hard=`ulimit -Hn`
local selinux=`sestatus |grep "SELinux status" |awk '{print $3}'`
local time=`timedatectl |grep "Time zone"|awk '{print $3}'`
local selinux=`sestatus |grep "SELinux status" |awk '{print $3}'`
local firewalld=`systemctl status firewalld|awk '/Active/{print $2}'`
local tmount=`grep TMOUT /etc/profile | awk '{print $2}'`
local Free=`free -h|grep -i swap|awk '{print $2}'|cut -c 1`
local rpm=`rpm -qa | egrep "^wget|^net-tools|^vim|^sysstat|^bash-completion|^net-tools|^lrzsz" `
local num=`rpm -qa | egrep "^wget|^net-tools|^vim|^sysstat|^bash-completion|^net-tools|^lrzsz" |wc -l `
local num_01=`for((i=0;i<$num;i++)); do echo $i; done`
echo ""
info5
info8 "时区检查"
if [ ${time} == "Asia/Shanghai" ];then
info7 "当前时区:${time}"
info3
info4 "时间同步服务"
chronyc sources -V
info3
else
info7 "当前时区:${time}"
info3
info4 "时间同步服务"
chronyc sources -V
info3
fi
info3
info8 "selinux策略模式"
if [ ${selinux} == disabled ];then
info7 "selinux禁用成功,${selinux}"
else
info7 "selinux尚未禁用,${selinux}"
fi
info3
info8 "firewalld防火墙"
if [ $firewalld == "inactive" ];then
info7 "firewalld禁用成功 \033[0m"
else
info7 "firewalld尚未禁用 \033[0m"
fi
if [ ! -z $tmount ];then
info3
info8 "ssh超时时间"
info7 "${tmount}"
fi
local ssh_port=`ss -ntulp | grep sshd|awk 'NR==1{print $5}' |awk -F: '{print $2}'`
if [ ! -z $ssh_port ];then
info3
info8 "ssh端口"
info7 "${ssh_port}"
fi
info3
info8 "文件描述符"
info7 "最大警告值:soft ${sorf}"
info7 " 阈值:hard ${hard}"
info3
info8 "交换分区"
if [ ${Free} -eq 0 ];then
info7 "Swap禁用成功"
else
info7 "Swap未禁用"
info7 "交换分区总total: `free -h|grep -i swap|awk '{print $2}'`"
fi
info3
info8 "基础工具"
for i in $rpm ;do rpm_check[${#rpm_check[*]}]=$i ;done
info4 "查看${rpm_name}\n 是否安装:"
for i in $num_01
do
info6 "${rpm_check[i]}"
done
info3
info8 "系统内核优化"
cat /etc/sysctl.conf |grep -v "^#" |sed 's/^[ \t]*//g'
info5
}
log(){
info6 "执行脚本的方式: sh $0 run|check"
}
if [ $# -ne 1 ];then
log
else
if [ $1 == check ];then
check_system_run_check
elif [ $1 == run ];then
run_set_system
fi
fi