#!/bin/bash

##############################################################

# File Name: optimization.sh

# Version: V1.0

# Author: jiege

# Organization: http://jiege3324.blog.51cto.com/

# Created Time : 2017-04-14 14:26:08

# Description: Linux system initialization

# E.g: /bin/sh optimization.sh 192.168.169.11

##############################################################

. /etc/init.d/functions

if [ $# -ne 1 ];then

    Msg "Please enter the ip address passed to the script!"

    exit 1

fi

ipaddr=$1

# Defined result function

function Msg(){

        if [ $? -eq 0 ];then

          action "$1" /bin/true

        else

          action "$1" /bin/false

        fi

}

# Defined Time Synchronization Functions

function Time(){

        echo "#time sync by jiege at $(date +%F)" >>/var/spool/cron/root

        echo ‘*/5 * * * * /usr/sbin/ntpdate time.nist.gov &>/dev/null‘ >>/var/spool/cron/root

        Msg "Time Synchronization"

}

# Defined IP function

function ConfigIP(){

        #Suffix=`ifconfig eth1|awk -F "[ .]+" ‘NR==2 {print $6}‘`

        Suffix=`echo $ipaddr |awk -F "." ‘{print $4}‘`

    cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

USERCTL=no

IPV6INIT=no

IPADDR=192.168.169.$Suffix

NETMASK=255.255.255.0

GATEWAY=192.168.169.2

DNS1=192.168.169.2

NAME="System eth0"

EOF

        Msg "config eth0"

    cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF

DEVICE=eth1

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

USERCTL=no

IPV6INIT=no

IPADDR=192.168.10.$Suffix

NETMASK=255.255.255.0

NAME="System eth1"

EOF

        Msg "config eth1"

}

# Defined Yum source Functions

function UpdateYumSource(){

        YumDir=/etc/yum.repos.d

        repoDir=http://mirrors.aliyun.com/repo/Centos-6.repo

        epelDir=http://mirrors.aliyun.com/repo/epel-6.repo

        [ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori} 

        #wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null &&\

        #wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null &&\

        wget -O $YumDir/CentOS-Base.repo $repoDir &>/dev/null &&\

        wget -O $YumDir/epel.repo $epelDir &>/dev/null &&\

        #清空yum缓存,建立yum缓存

        yum clean all && yum makecache &&\

        #然后使用如下命令将系统更新到最新

        # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*       #导入签名KEY到RPM

        # yum  upgrade -y     #更新系统内核到最新

        Msg "YUM source"

}

#Install the base package (tree nmap sysstat lrzsz telnet dos2unix)

function InstallBasePackage() {

    yum  install -y tree nmap sysstat lrzsz dos2unix telnet &>/dev/null &&\

    Msg "Base packages"

}

#Lock critical file systems()

function LockCriticalFile() {

    chattr +i /etc/passwd &&\

    chattr +i /etc/inittab &&\

    chattr +i /etc/group &&\

    chattr +i /etc/shadow &&\

    chattr +i /etc/gshadow &&\

    Msg "Lock files"

}

# Defined Hide the system version number Functions

function HideVersion(){

        [ -f "/etc/issue" ] && >/etc/issue

        Msg "Hide issue" 

        [ -f "/etc/issue.net" ] && > /etc/issue.net

        Msg "Hide issue.net"

}

# Defined OPEN FILES Functions

function openfiles(){

        [ -f "/etc/security/limits.conf" ] && {

        echo ‘*  -  nofile  65535‘ >> /etc/security/limits.conf

        Msg "open files"

        }

}

#Defined Stop iptables Functions

function StopIptables() {

        [ -f "/etc/init.d/iptables" ] && {

        /etc/init.d/iptables stop

        chkconfig iptables off

        Msg "stop iptables"

        }

}

#Defined Close SELinux Functions

function CloseSELinux(){

        [ -f "/etc/selinux/config" ] && {

        sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config

        setenforce 0

        Msg "Close SELinux"

        }

}

#Defined Modify the remote login configuration on the SSH server 

function ModifySSHConfig(){

        [ -f "/etc/ssh/sshd_config" ] && {

        cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori

        sed ‘13i Port 6666\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no‘ /etc/ssh/sshd_config

        /etc/init.d/sshd reload

        Msg "Modify ssh config"

        }

}

#Kernel parameter optimization

function KernelParameterOpti() {

cat >>/etc/sysctl.conf <<EOF

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time =600

net.ipv4.ip_local_port_range = 4000    65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

#以下参数是对iptables防火墙的优化，防火墙不开会有提示，可以忽略不理

net.ipv4.ip_conntrack_max = 25000000

net.ipv4.netfilter.ip_conntrack_max = 25000000

net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180

net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120

net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60

net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120

EOF

    #使配置文件生效

    sysctl –p &>/dev/null &&\

    Msg "Kernel parameter optimization"

}

# Defined System Startup Services Functions

function boot(){

        for n in `chkconfig --list|grep "3:on"|awk ‘{print $1}‘|grep -vE "crond|network|rsyslog|sshd|sysstat"` 

          do 

           chkconfig $n off

        done

        Msg "BOOT config"

}

# Defined main Functions

function main(){

        ConfigIP

        ClonedNetworkOpti

        Time

        UpdateYumSource

        InstallBasePackage

        CloseSELinux

        StopIptables

        openfiles

        boot

        KernelParameterOpti        

        HideVersion       

        LockCriticalFile   

}

centos6x新装一键优化脚本