脚本-CentOS7最小化安装初始化

#!/bin/bash#调试模式#set -e#1.创建目录存放软件,脚本,软件压缩包Create_Directory(){mkdir -p /server/{tools,scripts,tmp}}#2.修改命令提示符颜色Cmd_Color(){echo \'PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\\\$\\[\\e[0m\\]\"\' >> ~/.bashrcsource ~/.bashrc}#3.配置主机域名解析Resolve_Host(){cat > /etc/hosts << EOF127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6EOF}#4.配置yum缓存保留本地Cache_Yum(){sed -i \'/keepcache/c keepcache=1\' /etc/yum.conf}#5.精简开机自启动服务,这个需要优先配置,在这个之后在配置单独想启动的服务#Opt_Service(){#systemctl list-unit-files |grep enable|egrep -v \"sshd.service|crond.service|sysstat|rsyslog|NetworkManager.service|irqbalance|autovt|getty\"|awk \'{print \"systemctl disable\",$1}\'|bash#}Opt_Service(){systemctl stop firewalldsystemctl disable firewalldsystemctl stop postfixsystemctl disable postfixiptables -F}#6.更新yum源为阿里云Yum_Update(){curl -s -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repocurl -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoyum clean metadatayum makecache}#7.安装常用软件Install_Package(){yum install bash-completion vim-enhanced net-tools finger tree lrzsz chrony wget curl git sysstat psmisc mailx nmap tcpdump -y}#8.安装防火墙软件,可选Install_security_Package(){yum install ipvsadm ipset iptables iptables-services conntrack -y}#9.安装xmanager图形化管理, 配合xshell, 可选Install_Xshell(){yum install xorg-x11-xauth -ysed -i \'/AddressFamily/c AddressFamily inet\' /etc/ssh/sshd_configsed -i \'/ListenAddress 0.0.0.0/c ListenAddress 0.0.0.0\' /etc/ssh/sshd_config}#10.配置时间同步, 如果内网配置了时间服务器, 改为内网地址, 启动时间同步服务Time_Sync(){sed -i \'2a server ntp1.aliyun.com iburst\' /etc/chrony.confsed -i \'3a server ntp3.aliyun.com iburst\' /etc/chrony.confsystemctl start chronydsystemctl enable chronyd}#11.关闭selinuxDisable_Selinux(){sed -i \'/SELINUX=/cSELINUX=disabled\' /etc/selinux/configsetenforce 0}#12.设置 sls 普通用户提权操作, 可选优化Add_User(){useradd dawnecho Ad1234 | passwd --stdin dawn\\cp /etc/sudoers /etc/sudoers.bakecho \"sls ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers}#13.设置操作历史记录, 设置文件保存用户操作历史记录Set_History(){sed -i \'s/^HISTSIZE=1000/HISTSIZE=50000/\' /etc/profileif grep -q \'HISTTIMEFORMAT\' /etc/profile;thensed -i \'s/^HISTTIMEFORMAT=.*$/HISTTIMEFORMAT=\"%F %T \"/\' /etc/profileelseecho \'HISTTIMEFORMAT=\"%F %T \"\' >> /etc/profilefiecho \'HISTFILESIZE=50000\' >> /etc/porfilesource /etc/profile}#14.会话超时时间,  1800秒不操作, 退出终端, 可选操作Ssh_Timeout(){echo \'export TMOUT=1800\' >> /etc/profilesource /etc/profile}#15.加大文件描述符, 必选Ulimit_File(){cat > /etc/security/limits.d/20-nproc-nofile.conf << EOF* soft nproc 65535* hard nproc 65535* soft nofile 65535* hard nofile 65535EOFulimit -SHn 65535}#16.内核优化Opt_Core(){cat > /etc/sysctl.d/init.conf <<EOFnet.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1net.ipv4.ip_forward=1net.ipv4.tcp_tw_recycle=0vm.swappiness=0 # 尽量不使用 swap 空间，只有当系统 OOM 时才允许使用它vm.overcommit_memory=1 # 不检查物理内存是否够用vm.panic_on_oom=0 # 开启 OOMfs.inotify.max_user_instances=8192fs.inotify.max_user_watches=1048576fs.file-max=52706963fs.nr_open=52706963net.netfilter.nf_conntrack_max=2310720EOFsysctl -p /etc/sysctl.d/init.conf}#17.关闭IPv6Disable_Ipv6(){cat > /etc/sysctl.d/disable-ipv6.conf <<EOFnet.ipv6.conf.all.disable_ipv6=1net.ipv6.conf.default.disable_ipv6=1net.ipv6.conf.lo.disable_ipv6=1EOFsysctl -p /etc/sysctl.d/disable-ipv6.conf}#18.SSH远程连接优化,可选, 禁止root远程连接, 修改默认端口, 监听指定端口Opt_Ssh(){\\cp /etc/ssh/sshd_config{,.bak}sed -i \'17s/.*/Port ^C012/g\' /etc/ssh/sshd_configsed -i \'19s/.*/ListenAddress 172.16.1.13/g\' /etc/ssh/sshd_configsed -i \'38s/.*/PermitRootLogin no/g\' /etc/ssh/sshd_configsed -i \'64s/.*/PermitEmptyPasswords no/g\' /etc/ssh/sshd_configsed -i \'79c GSSAPIAuthentication no\' /etc/ssh/sshd_configsed -i \'115s/.*/UseDNS no/g\' /etc/ssh/sshd_configsystemctl restart sshd}#19.关闭定时任务发送邮件, 默认邮件地址Disable_Cronmail(){sed -i \'s/^MAILTO=.*/MAILTO=\"\"/\' /etc/crontab}#20.系统默认编辑器改为VIMVim_Path(){echo export EDITOR=vim >> /etc/profile.d/vi.sh}#21.修改VIM工具tab键跳跃4空格Vim_Tab(){cat > /root/.vimrc <<EOFset tabstop=4EOF}#22.修改日志轮询时间，默认是一个3-22随机时间，由corn控制Cron_Logrotate(){chmod -x /etc/cron.daily/cron_logrotatecat > /var/spool/cron/root << EOF#01-指定时间进行日志切割，切割的日志文件使用方式配置文件/etc/logrotate.d01 00 * * * /usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf &>/dev/nullEOF}#一共20个优化使用了15个,不想优化的可以注释掉main(){Create_DirectoryCmd_ColorCache_YumOpt_ServiceYum_UpdateInstall_PackageInstall_XshellTime_SyncDisable_SelinuxUlimit_FileOpt_CoreDisable_Ipv6Disable_CronmailVim_PathVim_TabCron_Logrotate}main