×ðÁú¿­Ê±¹ÙÍøµÇ¼

CentOS 7 ϵͳÓÅ»¯¾ç±¾

Ò»¡¢ÏÈÈÝ

×÷ΪһÃûÔËά£¬¾­³£»á°²ÅÅÖÖÖÖÓÃ;µÄ²Ù×÷ϵͳ£¬µ«ÔÚÕâЩÊÂÇéÖУ¬ÎÒÃǻᷢÃ÷Ðí¶àÊÂÇé×ÅʵÊÇÖظ´ÐÔµÄÀͶ¯£¬²Ù×÷µÄÄÚÈÝÒ²ÊÇ´óͬСÒ죬»ùÓÚÕâÀàÇéÐΣ¬ÎÒÃÇ¿ÉÒÔ°ÑÏàͬµÄ²Ù×÷×ö³ÉͳһִÐеľ籾£¬²î±ðµÄ¹¤¾ß×÷Ϊ±äÁ¿ÊÖ¶¯ÊäÈë¡£½ÚÔ¼ÏÂÀ´µÄʱ¼ä²»¾Í¿ÉÒÔ×ö¸ü¶àÓÐÒâÒåµÄÊÂÇéÂ𠣿

×î½üÔÚ·ÛË¿ÓÐÍƼöÏ·¢Ã÷Ò»¿î½ÏÁ¿ºÃÓõÄshellÔ´Â룬Ҳ»ùÓڴ˸ıàÁËһϣ¬·ÖÏí¸ø¸÷ÈË¡£

¶þ¡¢²Ëµ¥

Ö÷²Ëµ¥£º

¶þ¼¶²Ëµ¥£º

Ö÷ҪʵÏÖϵͳµÄÖÖÖÖÓÅ»¯£¬ºÃ±È³£ÓõÄÐÞ¸Ä×Ö·û¼¯¡¢¹Ø±Õselinux¡¢¹Ø±Õ·À»ðǽ¡¢×°Öó£Óù¤¾ßºÍ¼ÓËÙsshµÇ¼µÈ¹¦Ð§¡£

Å£±Æ°¡£¡½Ó˽»î±Ø±¸µÄ N ¸ö¿ªÔ´ÏîÄ¿£¡¸ÏæÕä²Ø°É

µÇ¼ºó¸´ÖÆ

Èý¡¢Ô´Âë

#!/bin/sh

. /etc/rc.d/init.d/functions
export LANG=zh_CN.UTF-8

#Ò»¼¶²Ëµ¥
menu1()
{
        clear
        cat <<eof
----------------------------------------
|****   ½Ó´ýʹÓÃcetnos7.9ÓÅ»¯¾ç±¾    ****|
|****      ²©¿ÍµØµã: aaa.al         ****|
----------------------------------------
1. Ò»¼üÓÅ»¯
2. ×Ô½ç˵ÓÅ»¯
3. Í˳ö
EOF
        read -p "please enter your choice[1-3]:" num1
}

#¶þ¼¶²Ëµ¥
menu2()
{
 clear
 cat <<eof
----------------------------------------
|****Please Enter Your Choice:[0-13]****|
----------------------------------------
1. ÐÞ¸Ä×Ö·û¼¯
2. ¹Ø±Õselinux
3. ¹Ø±Õfirewalld
4. ¾«¼ò¿ª»úÆô¶¯
5. ÐÞ¸ÄÎļþÐÎò·û
6. ×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´
7. ÓÅ»¯ÏµÍ³ÄÚºË
8. ¼ÓËÙsshµÇ¼ËÙÂÊ
9. ½ûÓÃctrl+alt+delÖØÆô
10.ÉèÖÃʱ¼äͬ²½
11.historyÓÅ»¯
12.·µ»ØÉϼ¶²Ëµ¥
13.Í˳ö
EOF
 read -p "please enter your choice[1-13]:" num2

}

#1.ÐÞ¸Ä×Ö·û¼¯
localeset()
{
 echo "========================ÐÞ¸Ä×Ö·û¼¯========================="
 cat > /etc/locale.conf <<eof
LANG="zh_CN.UTF-8"
#LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
EOF
 source /etc/locale.conf
 echo "#cat /etc/locale.conf"
 cat /etc/locale.conf
 action "Íê³ÉÐÞ¸Ä×Ö·û¼¯" /bin/true
 echo "==========================================================="
 sleep 2
}

#2.¹Ø±Õselinux
selinuxset() 
{
 selinux_status=`grep "SELINUX=disabled" /etc/sysconfig/selinux | wc -l`
 echo "========================½ûÓÃSELINUX========================"
 if [ $selinux_status -eq 0 ];then
  sed  -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/sysconfig/selinux
  setenforce 0
  echo '#grep SELINUX=disabled /etc/sysconfig/selinux'
  grep SELINUX=disabled /etc/sysconfig/selinux
  echo '#getenforce'
  getenforce
 else
  echo 'SELINUXÒÑ´¦ÓڹرÕ״̬'
  echo '#grep SELINUX=disabled /etc/sysconfig/selinux'
                grep SELINUX=disabled /etc/sysconfig/selinux
                echo '#getenforce'
                getenforce
 fi
  action "Íê³É½ûÓÃSELINUX" /bin/true
 echo "==========================================================="
 sleep 2
}

#3.¹Ø±Õfirewalld
firewalldset()
{
 echo "=======================½ûÓÃfirewalld========================"
 systemctl stop firewalld.service &> /dev/null
 echo '#firewall-cmd  --state'
 firewall-cmd  --state
 systemctl disable firewalld.service &> /dev/null
 echo '#systemctl list-unit-files | grep firewalld'
 systemctl list-unit-files | grep firewalld
 action "Íê³É½ûÓÃfirewalld£¬Éú²úÇéÐÎϽ¨ÒéÆôÓã¡" /bin/true
 echo "==========================================================="
 sleep 5
}

#4.¾«¼ò¿ª»úÆô¶¯
chkset()
{
 echo "=======================¾«¼ò¿ª»úÆô¶¯========================"
 systemctl disable auditd.service
 systemctl disable postfix.service
 systemctl disable dbus-org.freedesktop.NetworkManager.service
 echo '#systemctl list-unit-files | grep -E "auditd|postfix|dbus-org\.freedesktop\.NetworkManager"'
 systemctl list-unit-files | grep -E "auditd|postfix|dbus-org\.freedesktop\.NetworkManager"
 action "Íê³É¾«¼ò¿ª»úÆô¶¯" /bin/true
 echo "==========================================================="
 sleep 2
}

#5.ÐÞ¸ÄÎļþÐÎò·û
limitset()
{
 echo "======================ÐÞ¸ÄÎļþÐÎò·û======================="
 echo '* - nofile 65535'>/etc/security/limits.conf
 ulimit -SHn 65535
 echo "#cat /etc/security/limits.conf"
 cat /etc/security/limits.conf
 echo "#ulimit -Sn ; ulimit -Hn"
 ulimit -Sn ; ulimit -Hn
 action "Íê³ÉÐÞ¸ÄÎļþÐÎò·û" /bin/true
 echo "==========================================================="
 sleep 2
}

#6.×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´
yumset()
{
 echo "=================×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´==================="
 yum install wget -y &> /dev/null
 if [ $? -eq 0 ];then
  cd /etc/yum.repos.d/
  \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
  ping -c 1 mirrors.aliyun.com &> /dev/null
  if [ $? -eq 0 ];then
   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
   yum clean all &> /dev/null
   yum makecache &> /dev/null
  else
   echo "ÎÞ·¨ÅþÁ¬ÍøÂç"
       exit $?
    fi
 else
  echo "wget×°ÖÃʧ°Ü"
  exit $?
 fi
 yum -y install ntpdate lsof net-tools telnet vim lrzsz tree nmap nc sysstat &> /dev/null
 action "Íê³É×°Öó£Óù¤¾ß¼°ÐÞ¸ÄyumÔ´" /bin/true
 echo "==========================================================="
 sleep 2
}

#7. ÓÅ»¯ÏµÍ³ÄÚºË #ÁíÍ⣬ËÑË÷ÃñÖÚºÅÊÖÒÕÉçÇøºǫ́»Ø¸´¡°±ÚÖ½¡±£¬»ñÈ¡Ò»·Ý¾ªÏ²Àñ°ü¡£kernelset()
{
 echo "======================ÓÅ»¯ÏµÍ³ÄÚºË========================="
 chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l`
 if [ $chk_nf -eq 0 ];then
  cat >>/etc/sysctl.conf<<eof
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 0
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
 sysctl -p
 else
  echo "ÓÅ»¯ÏîÒѱ£´æ¡£"
 fi
 action "Äں˵÷ÓÅÍê³É" /bin/true
 echo "==========================================================="
 sleep 2
}

#8.¼ÓËÙsshµÇ¼ËÙÂÊ
sshset()
{
 echo "======================¼ÓËÙsshµÇ¼ËÙÂÊ======================"
 sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
 systemctl restart sshd.service
 echo "#grep GSSAPIAuthentication /etc/ssh/sshd_config"
 grep GSSAPIAuthentication /etc/ssh/sshd_config
 echo "#grep UseDNS /etc/ssh/sshd_config"
 grep UseDNS /etc/ssh/sshd_config
 action "Íê³É¼ÓËÙsshµÇ¼ËÙÂÊ" /bin/true
 echo "==========================================================="
 sleep 2
}

#9. ½ûÓÃctrl+alt+delÖØÆô
restartset()
{
 echo "===================½ûÓÃctrl+alt+delÖØÆô===================="
 rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
 action "Íê³É½ûÓÃctrl+alt+delÖØÆô" /bin/true
 echo "==========================================================="
 sleep 2
}

#10. ÉèÖÃʱ¼äͬ²½
ntpdateset()
{
 echo "=======================ÉèÖÃʱ¼äͬ²½========================"
 yum -y install ntpdate &> /dev/null
 if [ $? -eq 0 ];then
  /usr/sbin/ntpdate time.windows.com
  echo "*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com &>/dev/null" >> /var/spool/cron/root
 else
  echo "ntpdate×°ÖÃʧ°Ü"
  exit $?
 fi
 action "Íê³ÉÉèÖÃʱ¼äͬ²½" /bin/true
 echo "==========================================================="
 sleep 2
}

#11. historyÓÅ»¯
historyset()
{
 echo "========================historyÓÅ»¯========================"
 chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l`
 if [ $chk_his -eq 0 ];then
  cat >> /etc/profile <<'EOF'
#ÉèÖÃhistoryÃûÌÃ
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: "
#¼Í¼shellÖ´ÐеÄÿһÌõÏÂÁî
export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
    export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
    logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
fi;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'
EOF
  source /etc/profile
 else
  echo "ÓÅ»¯ÏîÒѱ£´æ¡£"
 fi
 action "Íê³ÉhistoryÓÅ»¯" /bin/true
 echo "==========================================================="
 sleep 2
}

#¿ØÖƺ¯Êý
main()
{
 menu1
 case $num1 in
  1)
   localeset
   selinuxset
   firewalldset
   chkset
   limitset
   yumset
   kernelset
   sshset
   restartset
   ntpdateset
   historyset
   ;;
  2)
   menu2
   case $num2 in
                  1)
                    localeset
                    ;;
                  2)
                    selinuxset
                    ;;
                  3)
                    firewalldset
                    ;;
                  4)
                    chkset
                    ;;
                  5)
                    limitset
                    ;;
                  6)     
            yumset
                    ;;
                  7)
                    kernelset
                    ;;
                  8)
                    sshset
                    ;;
                  9)
                    restartset
                    ;;
                  10)
                    ntpdateset
                    ;;
    11)
      historyset
      ;;
    12)
      main
      ;;
    13)
      exit
      ;;
    *)
      echo 'Please select a number from [1-13].'
      ;;
   esac
   ;;
  3)
   exit
   ;;
  *)
   echo 'Err:Please select a number from [1-3].'
   sleep 3
   main
   ;;
 esac
}
main $*

µÇ¼ºó¸´ÖÆ

½«ÆäÉúÑÄΪinit.sh£¬È»ºó¸¶ÓëÖ´ÐÐȨÏÞºóÖ´Ðм´¿É¡£

chmod +x init.sh && ./init.sh

µÇ¼ºó¸´ÖÆ

ÈôÊÇÕâÑùÍù·µµØ¸´ÖÆÕ³ÌùºÜƶÀ§£¬Ò²¿ÉÒÔͨ¹ýÎÒµÄÒ»¼üÏÂÁîÖ´ÐУ¬Í¬ÑùÄִܵïÉÏÃæµÄЧ¹û£º

bash -c "$(curl -L s.aaa.al/init.sh)"

µÇ¼ºó¸´ÖÆ

×îºó£¬ÈôÊǸ÷ÈËÓÐÏëʵÏֵĹ¦Ð§£¬Ò²¿ÉÒÔÔÚÔ­Óо籾µÄ»ù´¡ÉϾÙÐÐÐÞ¸ÄʵÏÖ¡£

ÒÔÉϾÍÊÇCentOS 7 ϵͳÓÅ»¯¾ç±¾µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ