近來喜歡無人值守安裝RHEL6.3系統,可是安裝好每次都要做很多初始化工作,實在麻煩就寫了個簡單腳本省去了不少麻煩,由于本人是小牛,跟大牛比起來差的很遠,還請大家提出一些寶貴意見!
本腳本是在rhel6.3環境下運作的,稍作修改同樣适合其他Linux版本環境,不過腳本前半部分都是針對我自己的環境進行優化的,大家可以自行修改成自己的環境.
下面我對Linux系統初始化腳本進行簡單講解:
#!/bin/bash
echo "New system configuration"
sleep 1
echo "Environment RHEL6.3"
echo "The kernel version configuration!"
echo "Designed by www.rsyslog.org http://dreamfire.blog.51cto.com"
{
OUTPUT_VAR=$1
INPUT_VAR=""
while [ -z $INPUT_VAR ];do
read -p "$OUTPUT_VAR" INPUT_VAR
done
echo $INPUT_VAR
}
input_again() //定義網絡參數函數,互動式讀取輸入.
MYHOSTNAME=$( input_fun "Please input the hostname: ")
DOMAINNAME=$( input_fun "Please intput the domainname(rsyslog.org): ")
CARD_TYPE=$( input_fun "Please input card type(eth0): ")
IPADDR=$( input_fun "Please input ipaddress(192.168.100.1): ")
NETMASK=$( input_fun "Please input netmask(255.255.255.0): ")
GATEWAY=$( input_fun "Please input gateway(192.168.100.1): ")
MYDNS1=$( input_fun "Please input DNS1(192.168.100.102): ")
MYDNS2=$( input_fun "Please input DNS2(192.168.100.103): ")
BEGIN_INIT=$( input_fun "Whether you initialize the Linux operating system(YES/NO): ") //如果你不需要運作此腳本,可以按n退出.
if [ "$BEGIN_INIT" = "NO" ] || [ "$BEGIN_INIT" = "no" ] || [ "$BEGIN_INIT" = "N" ] ||[ "$BEGIN_INIT" = "n" ];then
kill -9 $$ //$$為夫程序PID,也就是腳本PID
elif [ "$BEGIN_INIT" = "YES" ] || [ "$BEGIN_INIT" = "yes" ] || [ "$BEGIN_INIT" = "y" ] || [ "$BEGIN_INIT" = "Y" ];then
echo "The script is begin....."
else
kill -9 $$
fi
input_again
BEGIN_INIT=$( input_fun "If you need input again[YES/NO]: ") //為了防止出錯再給你一次機會.
if [ "$BEGIN_INIT" = "YES" ] || [ "$BEGIN_INIT" = "YES" ] || [ "$BEGIN_INIT" = "Y" ] ||[ "$BEGIN_INIT" = "y" ];then
input_again
fi
MAC=`ifconfig $CARD_TYPE | grep "HWaddr" | awk -F[" "]+ '{print $5}'` //取網卡MAC位址.
cat >/etc/sysconfig/network << ENDF //配置network檔案,激活網卡
NETWORKING=yes
HOSTNAME=$MYHOSTNAME
ENDF
echo "Configure the HOSTNAME................................ OK !"
##########################
cat >/etc/sysconfig/network-scripts/ifcfg-$CARD_TYPE <<endf //配置網卡(靜态環境下配置,動态擷取不适合)
DEVICE=$CARD_TYPE
BOOTPROTO=none
HWADDR=$MAC
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
DNS2=$MYDNS2
DNS1=$MYDNS1
IPV6INIT=no
USERCTL=no
IPADDR=$IPADDR
NETMASK=$NETMASK
GATEWAY=$GATEWAY
endf
/etc/rc.d/init.d/network restart
chkconfig --level 35 network off
echo "Configure the $CARD_TYPE............................OK!"
###########################
cat >/etc/hosts <<endf //配置本地hosts檔案
127.0.0.1 $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME
$IPADDR $MYHOSTNAME $MYHOSTNAME.$DOMAINNAME
echo "Configure the hosts.............................. OK !"
###############################
cat >/etc/resolv.conf <<endf //配置dns
domain $DOMAINNAME
search $DOMAINNAME
nameserver $MYDNS1
nameserver $MYDNS2
echo "Configure the resolv.conf......................OK!"
mount | grep dev/sr0 >/dev/null //挂載安裝CD光牒到 /media/cdrom下為yum倉庫做準備
if [ $? -eq 0 ];then
umount `mount | grep dev/sr0 | awk -F[" "] '{print $3}'`
[ ! -d /media/cdrom ] && mkdir /media/cdrom
mount /dev/sr0 /media/cdrom
mount | grep dev/sr0
echo "mount the iso of system................OK!"
#################################
cp -p /etc/yum.repos.d/rhel-source.repo{,.bak} //配置yum倉庫
cat >/etc/yum.repos.d/rhel-source.repo <<endf
[rhel-source-beta]
name=RHEL6U3-ISO
baseurl=file:///media/cdrom
enabled=1
gpgcheck=0
echo "Configure YUM.........................OK!"
#####################################
yum clean all && yum makecache //安裝系統必須的一些測試工具,友善後期維護
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel zip unzip ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssh openssl-devel nss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced python wget lsof iptraf strace lrzsz kernel-devel kernel-headers pam-devel Tcl/Tk cmake ncurses-devel bison setuptool
echo "Install the system view command......................OK!"
#########################################
sed -i 's/id:.*$/id:3:initdefault:/g' /etc/inittab //設定系統從init 3級别啟動
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
/sbin/chkconfig --level 35 ip6tables off //關閉ipv6,雖然ipv6是未來發展趨勢,但是現在不用
sed -i 's/SELINUX=enforcing/SELINUX=disabled' /etc/sysconfig/selinux //關閉selinux,後期如果需要可以打開
sed -i -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' -e 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config //加速ssh連接配接
echo "Stop iptables ang set selinux=disable,If you need,please open them!,Optimization to speed up access to ssh,init 3"
#########################################//以下是鎖定系統不需要登入的賬号
passwd -l news
passwd -l nscd
passwd -l dbus
passwd -l vcsa
passwd -l games
passwd -l nobody
passwd -l avahi
passwd -l haldaemon
passwd -l gopher
passwd -l ftp
passwd -l mailnull
passwd -l pcap
passwd -l mail
passwd -l shutdown
passwd -l halt
passwd -l uucp
passwd -l operator
passwd -l sync
passwd -l adm
passwd -l lp
echo "Lock useless users.......................OK"
############################
echo "TMOUT=1800" >>/etc/profile //設定30分鐘無活動自動退出,可自行設定
echo "* soft nofile 66666" >> /etc/security/limits.conf //修改系統打開的最大檔案數
echo "* hard nofile 66666" >> /etc/security/limits.conf
echo "30 minutes of inactivity, automatic exit && To modify the system to open the maximum number of files.....OK"
cat >> /etc/sysctl.conf << endf //優化核心參數調整
#michaelkang add 120724
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_retries1 = 2
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_max_orphans = 2000
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
sysctl -p
echo "Adjust the kernel parameters!......................OK!"
#############################################
for I in `ls /etc/rc3.d/S*` //關閉系統不需要的服務,其中S打頭的都是正在運作的服務,K打頭的是沒有運作的服務.
do
STOP_SRV=`echo $I|cut -c 15-` //過濾服務名稱,從15個字元往後.
echo $STOP_SRV
case $STOP_SRV in
local | cpuspeed | crond | irqbalance | microcode_ctl | xinetd | network | mon | partmon | messagebus| udev-post | sshd | rsyslog | syslog )
echo "Base services, Skip!"
;;
*)
echo "change $STOP_SRV to off"
chkconfig --level 235 $STOP_SRV off
service $STOP_SRV stop
esac
done
echo "Close useless services.........................ok"
############################################## //系統一些安全密碼檔案加鎖,不允許修改建立
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow
chattr +a /root/.bash_history //root執行指令資料隻運作添加
sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile //設定使用history指令隻能檢視10條指令
echo "The passwd shadow group gshadow is locked,if you use them,please use chattr -i!..............ok"
##############################################
cat >> /etc/hosts.allow << ENDF //設定運作遠端使用ssh登入的網段
sshd:192.168.100.0/255.255.255.0
echo 'sshd:all' >>/etc/hosts.deny
echo "Allowd 192.168.100.0 to use ssh................ok "
############################################ //設定預設建立使用者密碼最大存活天數以及密碼長度
sed -i -e "s/PASS_MAX_DAYS.*$/PASS_MAX_DAYS 90/" -e "s/PASS_MIN_LEN.*$/PASS_MIN_LEN 8/" /etc/login.defs
echo "###################The script is stop!!####################"
本文轉自淩激冰51CTO部落格,原文連結:http://blog.51cto.com/dreamfire/1155542,如需轉載請自行聯系原作者
![Shell程式設計——sort排序、uniq忽略重複、tr替換壓縮删除、cut指定删除字段、正規表達式元字元sort 指令uniq 指令tr 指令cut 指令正規表達式[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)