centos 服務器初始化腳本
Linux 服務器初始化腳本
#/bin/bash
# 設置時區並同步時間
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
if ! crontab -l |grep ntpdate &>/dev/null ; then
(echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontab
fi
# 禁用selinux
sed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config
# 關閉防火牆
if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then
systemctl stop firewalld
systemctl disable firewalld
elif egrep "6.[0-9]" /etc/redhat-release &>/dev/null; then
service iptables stop
chkconfig iptables off
fi
# 歷史命令顯示操作時間
if ! grep HISTTIMEFORMAT /etc/bashrc; then
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrc
fi
# SSH超時時間
if ! grep "TMOUT=600" /etc/profile &>/dev/null; then
echo "export TMOUT=600" >> /etc/profile
fi
# 禁止root遠程登錄
cp /etc/ssh/sshd_config /etc/ssh/sshd_config-`date +%Y%m%d%H`
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config && service sshd restart
# 禁止定時任務向發送郵件
sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab
# 禁止普通用戶使用crontab
echo root >/etc/cron.allow
# 設置最大打開文件數
if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then
cat >> /etc/security/limits.conf << EOF
* soft nofile 500000
* hard nofile 500000
root soft nofile 500000
root hard nofile 500000
* soft nproc 65535
* hard nproc 65535
* soft core 0
* hard core 0
* soft stack unlimited
* hard stack unlimited
* soft memlock unlimited
* hard memlock unlimited
EOF
fi
cat <<EOF>> /etc/security/limits.conf
EOF
# 系統內核優化
cat >> /etc/sysctl.conf << EOF
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv6.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh3 = 4096
kernel.softlockup_panic = 1
net.ipv6.conf.all.disable_ipv6=0
net.ipv6.conf.default.disable_ipv6=0
net.ipv6.conf.lo.disable_ipv6=0
kernel.numa_balancing = 0
kernel.shmmax = 68719476736
kernel.printk = 5
## elight-ops
net.ipv6.conf.eth0.accept_dad = 0
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 1
#net.ipv4.neigh.default.gc_stale_time=120
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.tcp_synack_retries=2
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
#net.nf_conntrack_max=1048576
#net.netfilter.nf_conntrack_max=1048576
#net.bridge.bridge-nf-call-iptables=1
net.core.netdev_max_backlog = 655350
net.core.somaxconn = 65535
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.ip_local_port_range = 15000 65000
net.ipv4.tcp_max_syn_backlog = 3240000
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.ipv4.tcp_mem = 12582912 12582912 12582912
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_tw_buckets = 20480
net.ipv4.tcp_congestion_control = cubic
net.ipv4.ip_forward = 1
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_keepalive_time = 200
net.netfilter.nf_conntrack_max=200000
net.netfilter.nf_conntrack_tcp_timeout_time_wait=2
fs.file-max=655360
vm.max_map_count=500000net.ipv4.tcp_sack=0
net.ipv4.tcp_max_orphans=655360
vm.swappiness=10
vm.overcommit_memory = 1
kernel.sysrq = 1
EOF
cat <<EOF>> /etc/profile.d/skydong-ops.sh
### by author:albert-dong
alias grep='grep --color=auto'
alias ls='ls -hF --color=auto'
alias la='ls -ahF --color=auto'
alias dir='ls --color=auto --format=long'
alias ll='ls -l --color=auto'
alias drop='f(){ sync;sleep 3; echo 3 > /proc/sys/vm/drop_caches; free -h;}; f'
alias p100='ping -c 100 -i 0.01'
alias tarl='f(){ tar -tvf $1;};f'
alias size='f(){ du -sh $1* | sort -hr; }; f'
alias cd='f(){ cd $1;ls -lrtkh;};f'
alias nets='netstat -ntlp
### 歷史記錄
HISTSIZE=
HISTFILESIZE=
#USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
#export HISTTIMEFORMAT="%F %T [${USER_IP}] `whoami`: "
alias cman='man -M /usr/share/man/zh_CN'
alias sd='sudo su - '
alias fsh='/usr/bin/fish'
alias ll='ls -l --color=auto'
export PS1='\[\033[1;33;1m\][\[\033[0;32;1m\]\u@\h \[\033[1;33;1m\]\W\[\033[1;33;1m\]]\[\033[1;33;1m\]\$\[\033[0m\]'
#export PS1="[\u@\h \W \A]\$ "
export HISTCONTROL=ignorespace:erasedups:ignoredups
HISTIGNORE="&:[ ]*:exit:chattr:ls:bg:fg:history:clear:vim:chattr:vi:mysql:useradd:chpasswd"
#eval "$(thefuck --alias)"
source /etc/profile.d/bash_completion.sh
EOF
# 減少SWAP使用
echo "0" > /proc/sys/vm/swappiness
# 安裝系統性能分析工具及其他
yum install gcc make bc tcpdump nmap autoconf vim sysstat net-tools iostat iftop htop atop本文由 Readfog 進行 AMP 轉碼,版權歸原作者所有。
來源:https://mp.weixin.qq.com/s/eV3UvIeMXmycYG_aw7TGZg