- A+
所属分类:Linux
vim sys.sh #!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH # Check if user is root if [ $(id -u) != "0" ]; then echo "Error: You must be root to run this script, please use root to optimization system" exit 1 fi #Install epel yum install epel-release ntpdate yum-cron vim wget ncurses ncurses-devel git gcc -y rm -f /etc/localtime; sudo ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ntpdate -u cn.pool.ntp.org #/usr/sbin/ntpdate -u cn.ntp.org.cn >/dev/null 2>&1 #security update sed -i 's/update_cmd = default/update_cmd = security/' /etc/yum/yum-cron.conf; sed -i 's/apply_updates = no/apply_updates =yes/' /etc/yum/yum-cron.conf; systemctl start yum-cron; systemctl enable yum-cron; #Password sed -i "s/PASS_MAX_DAYS.*/PASS_MAX_DAYS 60/" /etc/login.defs sed -i "s/PASS_MIN_LEN.*/PASS_MIN_LEN 8/" /etc/login.defs chage -M 90 -W 15 root #Configuration account #sed -i "91a\futuremove ALL=(ALL) ALL" /etc/sudoers #Modify SSH port sed -i 's/#Port.*/Port 65322/' /etc/ssh/sshd_config; sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config; #Close SElinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && setenforce 0 #Add firewall rules systemctl start firewalld firewall-cmd --zone=public --add-port=65322/tcp --permanent;firewall-cmd --reload; systemctl enable firewalld; systemctl restart sshd #Add Swap dd if=/dev/zero of=/opt/swapfile bs=1024M count=8; mkswap /opt/swapfile; swapon /opt/swapfile; chmod 600 /opt/swapfile; echo /opt/swapfile swap swap defaults 0 0 >> /etc/fstab; #User log tee -a /etc/profile <<-'EOF' PS1="`whoami`@`hostname`:"'[$PWD]' PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\\$ " history USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` if [ "$USER_IP" = "" ] then USER_IP=`hostname` fi if [ ! -d /tmp/dbasky ] then mkdir /tmp/dbasky chmod 777 /tmp/dbasky fi if [ ! -d /tmp/dbasky/${LOGNAME} ] then mkdir /tmp/dbasky/${LOGNAME} chmod 300 /tmp/dbasky/${LOGNAME} fi export HISTSIZE=4096 DT=`date "+%Y-%m-%d_%H:%M:%S"` export HISTFILE="/tmp/dbasky/${LOGNAME}/${USER_IP} dbasky.$DT" chmod 600 /tmp/dbasky/${LOGNAME}/*dbasky* 2>/dev/null EOF #Configuration enabled source /etc/profile; #Recycle mkdir -p /data/.trash; chmod 777 /data/.trash; tee -a /etc/bashrc <<-'EOF' if [ ! -d /data/.trash/${LOGNAME} ] then mkdir /data/.trash/${LOGNAME} chmod 600 /data/.trash/${LOGNAME} fi alias rm=trash alias rl='ls /data/.trash' alias ur=undelfile undelfile() { mv -i /data/.trash/$@ ./ } trash() { cp $@ /data/.trash/; /bin/rm -rf $@ } cleartrash() { read -p "clear sure?[n]" confirm [ $confirm == 'y' ] || [ $confirm == 'Y' ] && /bin/rm -rf /data/.trash/* } EOF #Configuration enabled # source /etc/bashrc; #Configuration net tee -a /etc/sysctl.conf <<-'EOF' net.ipv4.neigh.default.gc_stale_time=120 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.all.arp_announce=2 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.ip_local_port_range = 1024 61000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_synack_retries = 2 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv4.conf.lo.arp_announce=2 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.icmp_echo_ignore_all=1 EOF #File restriction tee -a /etc/security/limits.conf <<-'EOF' * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 EOF sed -i 's#4096#65535#g' /etc/security/limits.d/20-nproc.conf; ulimit -u 65535; #CV git clone https://github.com/Xfennec/progress.git; cd progress; make && make install; mv /usr/local/bin/progress /usr/local/bin/cv;