今天有幾台伺服器要上線,花時間寫了一個初始化的腳本,跟大家分享一下。歡迎大家提意見,幫助我讓其功能更加完善
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<code>#!/bin/bash</code>
<code># author: gm100861</code>
<code># mail: [email protected]</code>
<code># blog: http://www.gm100861.com</code>
<code># date: 2013-06-25</code>
<code>if</code> <code>[ $(</code><code>id</code> <code>-u) != 0 ];</code><code>then</code>
<code>echo</code> <code>"Must be root can do this."</code>
<code>exit</code> <code>9</code>
<code>fi</code>
<code># set privileges</code>
<code>chmod</code> <code>600 </code><code>/etc/passwd</code>
<code>chmod</code> <code>600 </code><code>/etc/shadow</code>
<code>chmod</code> <code>600 </code><code>/etc/group</code>
<code>chmod</code> <code>600 </code><code>/etc/gshadow</code>
<code>echo</code> <code>"Set important files privileges sucessfully"</code>
<code># yum repo add</code>
<code>cat</code> <code>> </code><code>/etc/yum</code><code>.repos.d</code><code>/thrid-repository</code><code>.repo <<EOF</code>
<code>[epel]</code>
<code>name=Extra Packages </code><code>for</code> <code>Enterprise Linux 6 - $basearch</code>
<code>baseurl=http:</code><code>//epel</code><code>.mirror.ucloud.cn</code><code>/epel/6/</code><code>$basearch</code>
<code>failovermethod=priority</code>
<code>enabled=1</code>
<code>gpgcheck=1</code>
<code>gpgkey=</code><code>file</code><code>:</code><code>///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6</code>
<code>[remi]</code>
<code>name=Les RPM de remi pour Enterprise Linux $releasever - $basearch</code>
<code>baseurl=http:</code><code>//remi</code><code>.mirror.ucloud.cn</code>
<code>enabled=0</code>
<code>gpgcheck=0</code>
<code>gpgkey=</code><code>file</code><code>:</code><code>///etc/pki/rpm-gpg/RPM-GPG-KEY-remi</code>
<code>[rpmforge]</code>
<code>name = RHEL - RPMforge.net - dag</code>
<code>baseurl = http:</code><code>//rpmforge</code><code>.mirror.ucloud.cn</code><code>/redhat/el6/en/</code><code>$basearch</code><code>/rpmforge</code>
<code>enabled = 1</code>
<code>protect = 0</code>
<code>gpgkey = </code><code>file</code><code>:</code><code>///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag</code>
<code>gpgcheck = 0</code>
<code>[rpmforge-extras]</code>
<code>name = RHEL - RPMforge.net - extras</code>
<code>baseurl = http:</code><code>//rpmforge</code><code>.mirror.ucloud.cn</code><code>/redhat/el6/en/</code><code>$basearch</code><code>/extras</code>
<code>EOF</code>
<code>yum clean all &></code><code>/dev/null</code>
<code>yum makecache &></code><code>/dev/null</code>
<code>echo</code> <code>"add thired repository sucessfully"</code>
<code># Turn off unnecessary services</code>
<code>service=($(</code><code>ls</code> <code>/etc/init</code><code>.d/))</code>
<code>for</code> <code>i </code><code>in</code> <code>${service[@]}; </code><code>do</code>
<code>case</code> <code>$i </code><code>in</code>
<code>sshd|network|syslog|iptables|crond)</code>
<code>chkconfig $i on;;</code>
<code>*)</code>
<code>chkconfig $i off;;</code>
<code>esac</code>
<code>done</code>
<code>#set ulimit</code>
<code>cat</code> <code>>> </code><code>/etc/security/limits</code><code>.conf << EOF</code>
<code>* soft nofile 65535</code>
<code>* hard nofile 65535</code>
<code># set sysctl</code>
<code>cat</code> <code>> </code><code>/etc/sysctl</code><code>.conf << EOF</code>
<code>net.ipv4.ip_forward = 0</code>
<code>net.ipv4.conf.default.rp_filter = 1</code>
<code>net.ipv4.conf.default.accept_source_route = 0</code>
<code>kernel.sysrq = 0</code>
<code>kernel.core_uses_pid = 1</code>
<code>kernel.msgmnb = 65536</code>
<code>kernel.msgmax = 65536</code>
<code>kernel.shmmax = 68719476736</code>
<code>kernel.shmall = 4294967296</code>
<code>net.ipv4.tcp_max_tw_buckets = 6000</code>
<code>net.ipv4.tcp_sack = 1</code>
<code>net.ipv4.tcp_window_scaling = 1</code>
<code>net.ipv4.tcp_rmem = 4096 87380 4194304</code>
<code>net.ipv4.tcp_wmem = 4096 16384 4194304</code>
<code>net.core.wmem_default = 8388608</code>
<code>net.core.rmem_default = 8388608</code>
<code>net.core.rmem_max = 16777216</code>
<code>net.core.wmem_max = 16777216</code>
<code>net.core.netdev_max_backlog = 262144</code>
<code>net.core.somaxconn = 262144</code>
<code>net.ipv4.tcp_max_orphans = 3276800</code>
<code>net.ipv4.tcp_syncookies = 1</code>
<code>net.ipv4.tcp_max_syn_backlog = 262144</code>
<code>net.ipv4.tcp_timestamps = 0</code>
<code>net.ipv4.tcp_synack_retries = 1</code>
<code>net.ipv4.tcp_syn_retries = 1</code>
<code>net.ipv4.tcp_tw_recycle = 1</code>
<code>net.ipv4.tcp_tw_reuse = 1</code>
<code>net.ipv4.tcp_mem = 94500000 915000000 927000000</code>
<code>net.ipv4.tcp_fin_timeout = 1</code>
<code>net.ipv4.tcp_keepalive_time = 1200</code>
<code>net.ipv4.ip_local_port_range = 1024 65535</code>
<code>vm.swappiness = 0</code>
<code>echo</code> <code>"0 0 * * * /usr/sbin/ntpdate cn.pool.ntp.org &>/dev/null"</code> <code>>></code><code>/var/spool/cron/root</code>
<code># set iptables</code>
<code>iptables -F</code>
<code>iptables -X</code>
<code>iptables -Z</code>
<code>iptables -I INPUT -i lo -j ACCEPT</code>
<code>iptables -A INPUT -p tcp --dport 22 -j ACCEPT</code>
<code>iptables -A INPUT -p tcp --dport 80 -j ACCEPT</code>
<code>iptables -A INPUT -p tcp --dport 443 -j ACCEPT</code>
<code>iptables -A INPUT -p icmp --icmp-</code><code>type</code> <code>0 -m limit --limit 3</code><code>/second</code> <code>--limit-burst 5 -j ACCEPT</code>
<code>iptables -A INPUT -p icmp --icmp-</code><code>type</code> <code>8 -m limit --limit 3</code><code>/second</code> <code>--limit-burst 5 -j ACCEPT</code>
<code>iptables -A INPUT -p udp --sport 53 -j ACCEPT</code>
<code>iptables -A INPUT -p tcp --sport 53 -j ACCEPT</code>
<code>iptables -P INPUT DROP</code>
<code>#iptables -P FORWARD DROP</code>
<code>#iptables -P OUTPUT DROP</code>
<code>/etc/init</code><code>.d</code><code>/iptables</code> <code>save</code>
<code>echo</code> <code>"All things is init ok! "</code>
本文轉自 gm100861 51CTO部落格,原文連結:http://blog.51cto.com/gm100861/1229616
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)