首页 > 代码库 > 系统优化脚本(此脚本为原始脚本,未按照shell规范写)
系统优化脚本(此脚本为原始脚本,未按照shell规范写)
系统优化脚本
#!/bin/sh
user=alan
#shutdown iptables
chkconfig iptables off && /etc/init.d/iptables stop
#shutdown selinux
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config
cat /etc/selinux/config
setenforce 0
getenforce &&
#create a user
useradd $user
echo "123456"|passwd --stdin $user
#Modify the yum source
cd /etc/yum.repos.d
/bin/mv CentOS-Base.repo CentOS-Base.repo.bak
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
/bin/mv CentOS6-Base-163.repo CentOS-Base.repo &&
#install lrzsz sysstat
yum -y install lrzsz sysstat >/dev/null 2>&1
yum -y groupinstall ±x software development >/dev/null 2>&1 °&&
#Close unnecessary services
for n in `chkconfig --list|grep 3:on|awk ‘{print $1}‘`;do chkconfig --level 3 $n off;done
for m in crond network rsyslog sshd;do chkconfig --level 3 $m on;done
#Set the SSH service
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cat>>/etc/ssh/sshd_config<<EOF
Port 51332
PermitRootLogin no
PermitEmptyPasswords no
UseDNS no
EOF
#Set sudoers
cp /etc/sudoers /etc/sudoers.bak
echo "$user ALL=(ALL) ALL">>/etc/sudoers
#Set LANG
echo ‘LANG="en_US.UTS-8"‘>/etc/sysconfig/i18n
#Time synchronization
/usr/sbin/ntpdate time.windows.com
echo "*/5 * * * * /usr/sbin/ntpdate time.windows.com >/dev/null 2>&1 ">>/var/spool/cron/root
#Set limits
echo °* - nofile 65535±>>/etc/security/limits.conf
#seo sysctl
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下为防火墙优化,未开启会报错,忽略即可
net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
>/dev/null 2>&1
sysctl -p优化结果检查脚本
#!/bin/sh user=alan #check iptables /etc/init.d/iptables status #check selinux getenforce ##check user id $user #check yum ls -l /etc/yum.repos.d #check app rpm -qa lrzsz sysstat #check services chkconfig --list|grep 3:on #check ssh tail -5 /etc/ssh/sshd_config #check sudoer tail -1 /etc/sudoers #check ntp date crontab -l #check limits tail -1 /etc/security/limits.conf
本文出自 “Alan wake” 博客,请务必保留此出处http://alanwake.blog.51cto.com/6881848/1420807
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。