# #服务器初始化环境
# () update the Yum source and add the necessary system tools
# () Modify time zone && set system time (Ntpdate time synchronization Service)
# () to modify the character set ZH_CN. UTF-8
# () Close SELinux
# () kernel optimization sysctl.conf && adjust file descriptor Ulimit (that is, the maximum number of file open for a single process)
# () Empty history record
# () Install Denyhosts.service anti-Blast service, specify IP settings/etc/hosts.allow Whitelist
# () Create transfor user and set password
# () Modify the firewall configuration file (SSH login for the specified IP is open)
# () Modify/etc/ssh/sshd_config file (open key login, usedns,gssapiauthentication,gssapicleanupcredentials)
# () Configure key, add a springboard machine
#更新yum源 and add the necessary system tools
Mkdir-p/SERVER/SRC/SERVER/LOGSCD/SERVER/SRCRPM-UVH http://dl.fedoraproject.org/pub/epel/ Epel-release-latest-7.noarch.rpmyum-y Install net-tools net-snmp wget iftop htop telnet git vimrpm-qa |grep-e "snmp|wge T|iftop|htop|git|telnet|vim|release ">>/server/logs/sys-install.log
#修改时区 && Set time
Date >>/server/logs/sys-install.logntpdate time-a.nist.govdate >>/server/logs/sys-install.logecho "00 * /10 * * * ntpdate time-a.nist.gov >/dev/null 2>&1 ">>/var/spool/cron/rootcrontab-l >>/server/logs /sys-install.logrm/etc/localtime-fln-s/usr/share/zoneinfo/utc/etc/localtimedate >>/server/logs/ Sys-install.log
#修改系统字符集zh_CN. UTF-8
echo $LANG >>/server/logs/sys-install.logsed-i ' S/EN/ZH_CN. Utf-8/g '/etc/locale.confsource/etc/locale.confecho $LANG >>/server/logs/sys-install.log# temporarily modifies the system character set #lang=zh_ CN. UTF-8
#内核优化sysctl. conf && Adjust file descriptor Ulimit (that is, the maximum number of file opens for a single process)
Cp /etc/sysctl.conf /etc/sysctl.conf.bak ' date +%f ' echo ' Net.ipv4.ip_local_port_range = 1024 65535net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.ipv4.tcp_rmem = 4096 87380 16777216net.ipv4.tcp_wmem = 4096 65536 16777216net.ipv4.tcp_fin_timeout = 10net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_ timestamps = 0net.ipv4.tcp_window_scaling = 0net.ipv4.tcp_sack = 0net.core.netdev_max_backlog = 65535net.ipv4.tcp_no_metrics_save = 1net.core.somaxconn = 65535net.ipv4.tcp_syncookies = 0net.ipv4.tcp_max_orphans = 262144net.ipv4.tcp _max_syn_backlog = 262144net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries = 2 " >/etc/sysctl.conf sysctl -p >>/server/logs/sys-install.logsysctl -w net.ipv4.route.flush=1echo "ulimit -hsn 65536 " >> /etc/rc.localecho " ulimit -hsn 65536 " >> / Root/.bash_profileulimit -hsn 65535ulimit -n >>/server/logs/sys-install.log
#关闭selinux
Getenforce >>/server/logs/sys-install.logsetenforce 0getenforce >>/server/logs/sys-install.logcp/etc/ Sysconfig/selinux/etc/sysconfig/selinux.bak ' Date +%f ' sed-i ' s/selinux=enforcing/selinux=disabled/g '/etc/ Sysconfig/selinuxcat/etc/sysconfig/selinux >>/server/logs/sys-install.log
#清空会话历史记录
echo "unset histfile" >>~/.bashrccat ~/.BASHRC >>/server/logs/sys-install.log
#安装denyhosts. Service explosion-proof services
Yum-y install Denyhosts.noarchsystemctl enable Denyhosts.service systemctl start Denyhosts.service systemctl status Deny Hosts.service cp/etc/hosts.allow/etc/hosts.allow.bak ' Date +%f ' echo ' Sshd:122.x.x.2/29 ' >>/etc/hosts.allowcat !$ >>/server/logs/sys-install.logcat/etc/hosts.deny >>/server/logs/sys-install.log
#调整防火墙
echo "<?xml version= ' 1.0 ' encoding= ' utf-8 '?><zone> <short>ssh</short> <description> ssh.</description> #fortress-new <source address= ' 122.x.x.2/29 '/> #vpn70 <source address= ' 45.x.x.70 '/ > <service name= ' ssh '/></zone> ' >/etc/firewalld/zones/ssh.xmlfirewall-cmd--reloadfirewall-cmd-- List-all-zones >>/server/logs/sys-install.log# Release firewall http:80 service #cp/etc/firewalld/zones/public.xml/etc/ Firewalld/zones/public.xml.bak ' Date +%f ' #sed-i ' s#</zone># <service name= "http"/>\n</zone> #g '/ Etc/firewalld/zones/public.xml#firewall-cmd--reload#firewall-cmd--list-all >>/server/logs/sys-install.log
#调整sshd_config文件
Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak ' Date +%f ' #sed-i ' s/^passwordauthentication yes/ Passwordauthentication no/g '/etc/ssh/sshd_configsed-ir ' s/#UseDNS yes/usedns no/g '/etc/ssh/sshd_configsed-i ' s/ Gssapiauthentication yes/gssapiauthentication no/g '/etc/ssh/sshd_configsed-ir ' s/#RSAAuthentication yes/ Rsaauthentication yes/g '/etc/ssh/sshd_configsed-ir ' s/#PubkeyAuthentication yes/pubkeyauthentication yes/g '/etc/ Ssh/sshd_configgrep-e "gssapiauthentication| passwordauthentication| usedns| pubkeyauthentication| Rsaauthentication "/etc/ssh/sshd_config >>/server/logs/sys-install.log
#创建transfor用户 & Create a password
Useradd Transforecho "transfor" |passwd transfor--stdingrep transfor/etc/passwd >>/server/logs/ Sys-install.logsu-transforexit
#创建密钥
#添加跳板机
Server environment initialization, CENTOS7 system