系統初始化SHELL腳本

此腳本用于新裝CentOS的相關配置工作，比如禁掉iptable和SElinux及ipv6，優化系統核心，停掉一些沒必要啟動的系統服務等。此腳本尤其适全大批新安裝的CentOS 5.X系列的伺服器，腳本代碼如下所示（此腳本在Centos5.5_x64下已認證）：

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

<code>#!/bin/bash</code>

<code># Created by kerryhu</code>

<code># MAIL:[email protected]</code>

<code># BLOG:http://kerry.blog.51cto.com</code>

<code>cat</code> <code>&lt;&lt; EOF</code>

<code>+--------------------------------------------------------------+</code>

<code>|         === Welcome to Centos System init ===                |</code>

<code>+--------------------------by kerry----------------------------+</code>

<code>EOF</code>

<code>#set ntp</code>

<code>yum -y </code><code>install</code> <code>ntp</code>

<code>echo</code> <code>"* 3 * * * /usr/sbin/ntpdate 210.72.145.44 &gt; /dev/null 2&gt;&amp;1"</code> <code>&gt;&gt; </code><code>/etc/crontab</code>

<code>service crond restart</code>

<code>#set ulimit</code>

<code>echo</code> <code>"ulimit -SHn 102400"</code> <code>&gt;&gt; </code><code>/etc/rc</code><code>.</code><code>local</code>

<code>#set locale</code>

<code>#true &gt; /etc/sysconfig/i18n</code>

<code>#cat &gt;&gt;/etc/sysconfig/i18n&lt;&lt;EOF</code>

<code>#LANG="zh_CN.GB18030"</code>

<code>#SUPPORTED="zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en"</code>

<code>#SYSFONT="latarcyrheb-sun16"</code>

<code>#EOF</code>

<code>#set sysctl</code>

<code>true</code> <code>&gt; </code><code>/etc/sysctl</code><code>.conf</code>

<code>cat</code> <code>&gt;&gt; </code><code>/etc/sysctl</code><code>.conf &lt;&lt; EOF</code>

<code>net.ipv4.ip_forward = 0</code>

<code>net.ipv4.conf.default.rp_filter = 1</code>

<code>net.ipv4.conf.default.accept_source_route = 0</code>

<code>kernel.sysrq = 0</code>

<code>kernel.core_uses_pid = 1</code>

<code>net.ipv4.tcp_syncookies = 1</code>

<code>kernel.msgmnb = 65536</code>

<code>kernel.msgmax = 65536</code>

<code>kernel.shmmax = 68719476736</code>

<code>kernel.shmall = 4294967296</code>

<code>net.ipv4.tcp_max_tw_buckets = 6000</code>

<code>net.ipv4.tcp_sack = 1</code>

<code>net.ipv4.tcp_window_scaling = 1</code>

<code>net.ipv4.tcp_rmem = 4096 87380 4194304</code>

<code>net.ipv4.tcp_wmem = 4096 16384 4194304</code>

<code>net.core.wmem_default = 8388608</code>

<code>net.core.rmem_default = 8388608</code>

<code>net.core.rmem_max = 16777216</code>

<code>net.core.wmem_max = 16777216</code>

<code>net.core.netdev_max_backlog = 262144</code>

<code>net.core.somaxconn = 262144</code>

<code>net.ipv4.tcp_max_orphans = 3276800</code>

<code>net.ipv4.tcp_max_syn_backlog = 262144</code>

<code>net.ipv4.tcp_timestamps = 0</code>

<code>net.ipv4.tcp_synack_retries = 1</code>

<code>net.ipv4.tcp_syn_retries = 1</code>

<code>net.ipv4.tcp_tw_recycle = 1</code>

<code>net.ipv4.tcp_tw_reuse = 1</code>

<code>net.ipv4.tcp_mem = 94500000 915000000 927000000</code>

<code>net.ipv4.tcp_fin_timeout = 1</code>

<code>net.ipv4.tcp_keepalive_time = 1200</code>

<code>net.ipv4.ip_local_port_range = 1024 65535</code>

<code>/sbin/sysctl</code> <code>-p</code>

<code>echo</code> <code>"sysctl set OK!!"</code>

<code>#close ctrl+alt+del</code>

<code>sed</code> <code>-i </code><code>"s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/"</code> <code>/etc/inittab</code>

<code>#set purview</code>

<code>chmod</code> <code>600 </code><code>/etc/passwd</code>

<code>chmod</code> <code>600 </code><code>/etc/shadow</code>

<code>chmod</code> <code>600 </code><code>/etc/group</code>

<code>chmod</code> <code>600 </code><code>/etc/gshadow</code>

<code>#disable ipv6</code>

<code>|         === Welcome to Disable IPV6 ===                      |</code>

<code>echo</code> <code>"alias net-pf-10 off"</code> <code>&gt;&gt; </code><code>/etc/modprobe</code><code>.conf</code>

<code>echo</code> <code>"alias ipv6 off"</code> <code>&gt;&gt; </code><code>/etc/modprobe</code><code>.conf</code>

<code>/sbin/chkconfig</code> <code>--level 35 ip6tables off</code>

<code>echo</code> <code>"ipv6 is disabled!"</code>

<code>#disable selinux</code>

<code>sed</code> <code>-i </code><code>'/SELINUX/s/enforcing/disabled/'</code> <code>/etc/selinux/config</code>

<code>echo</code> <code>"selinux is disabled,you must reboot!"</code>

<code>#vim</code>

<code>sed</code> <code>-i </code><code>"8 s/^/alias vi='vim'/"</code> <code>/root/</code><code>.bashrc</code>

<code>echo</code> <code>'syntax on'</code> <code>&gt; </code><code>/root/</code><code>.vimrc</code>

<code>#zh_cn</code>

<code>sed</code> <code>-i -e </code><code>'s/^LANG=.*/LANG="en"/'</code>   <code>/etc/sysconfig/i18n</code>

<code>#init_ssh</code>

<code>ssh_cf=</code><code>"/etc/ssh/sshd_config"</code>

<code>sed</code> <code>-i -e </code><code>'74 s/^/#/'</code> <code>-i -e </code><code>'76 s/^/#/'</code> <code>$ssh_cf</code>

<code>#sed -i "s/#Port 22/Port 65535/" $ssh_cf</code>

<code>sed</code> <code>-i </code><code>"s/#UseDNS yes/UseDNS no/"</code> <code>$ssh_cf</code>

<code>#client</code>

<code>sed</code> <code>-i -e </code><code>'44 s/^/#/'</code> <code>-i -e </code><code>'48 s/^/#/'</code> <code>$ssh_cf</code>

<code>service sshd restart</code>

<code>echo</code> <code>"ssh is init is ok.............."</code>

<code>#chkser</code>

<code>#tunoff services</code>

<code>#--------------------------------------------------------------------------------</code>

<code>|         === Welcome to Tunoff services ===                   |</code>

<code>#---------------------------------------------------------------------------------</code>

<code>for</code> <code>i </code><code>in</code> <code>`</code><code>ls</code> <code>/etc/rc3</code><code>.d</code><code>/S</code><code>*`</code>

<code>do</code>

<code>              </code><code>CURSRV=`</code><code>echo</code> <code>$i|</code><code>cut</code> <code>-c 15-`</code>

<code>echo</code> <code>$CURSRV</code>

<code>case</code> <code>$CURSRV </code><code>in</code>

<code>          </code><code>crond | irqbalance | microcode_ctl | network | random | sshd | syslog | </code><code>local</code> <code>)</code>

<code>      </code><code>echo</code> <code>"Base services, Skip!"</code>

<code>      </code><code>;;</code>

<code>      </code><code>*)</code>

<code>          </code><code>echo</code> <code>"change $CURSRV to off"</code>

<code>          </code><code>chkconfig --level 235 $CURSRV off</code>

<code>          </code><code>service $CURSRV stop</code>

<code>esac</code>

<code>done</code>

<code>echo</code> <code>"service is init is ok.............."</code>

本文轉自 撫琴煮酒 51CTO部落格，原文連結：http://blog.51cto.com/yuhongchun/724103，如需轉載請自行聯系原作者