linux Server Initialization optimization Script----------------------------------------------------------------------------------------# !/bin/bash## writes by tian## ver 1.1.0 at 20180705# Close ctrl + alt + del (linux 6.x ) echo "Off ctrl + alt + del &NBSP, sed -i , s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca:: ctrlaltdel:\/ sbin\/shutdown -t3 -r now/' /etc/inittabsed -i ' s/^id:5:initdefault:/id:3: initdefault:/' /etc/inittab#linux 7 Forbidden ctrl + alt + delrm -f /usr/lib/systemd/system/ctrl-alt-del.target# above based on your server version set server # shutdown ipv6echo "Close IPv6 ..." echo " Alias net-pf-10 off " >> /etc/modprobe.confecho " Alias ipv6 off " >> /etc/modprobe.conf/sbin/chkconfig --level 35 ip6tables offecho -e "\033[031m ipv6 is disabled.\033[0m "#关闭selinuxecho " close SELINUX ... "sed -i '/^selinux=/c\selinux=disabled ' /etc/selinux/config# temporarily closed setenforce 0echo -e "\033[31m the temporary closure of selinux, if you need,you must reboot.\033[0m "#关闭防火墙echo "Close iptables ..." service iptables stop/sbin/chkconfig --live 35 iptables offecho "Close firewalld " Systemctl stop firewalldsystemctl disabled firewalld #更新yum源 #yum -y install wgetecho "Back up yum source ..." Mv /etc/yum.repos.d/centos-base.repo /etc/yum.repos.d/centos-base.repo.backup#sys_ver= ' cat /etc/redhat-release |awk ' {print $3} ' | awk -F '. ' ' {print $1} ' sys_ver= ' cat /etc/redhat-release | awk -f '. ' ' {print $1} ' | awk ' {print $4} ' if [ $sys _ver -eq 6 ];then& NBsp; wget -o /etc/yum.repos.d/centos-base.repo http:// Mirrors.aliyun.com/repo/centos-6.repo yum clean all yum makecacheelif [ $sys _ver -eq 7 ];then wget -o /etc/yum.repos.d/ centos-base.repo http://mirrors.aliyun.com/repo/centos-7.repo yum clean all yum makecachefi# Install the base library echo "Install the base environment and libraries ..." yum -y install "Development tools" Yum -y install lsof lrzsz ntpdate gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel nss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced## The following is an optional item # in ' chkconfig --list | awk ' {if ($1~/^$/) {exit 0;} else {print $1}} '; do chkconfig $i off; done# to open the prerequisite startup Project #for i in {crond,sshd,network, Rsyslog};d o chkconfig --level 3 $i on;done##### Set the time zone with 2 versions of usage, I didn't make a judgment, Comment out the unused version according to your own situation #设置时区 (linux 6.x) Zone_time () {#install &NBSP;NTPYUM&NBSP;-Y&NBSP;INSTALL&NBSP;NTP ntpdate#time zoneif [ ' date +%z ' != ' +0800 ' ]; then rm -rf /etc/localtime ln -sf /usr/share/ Zoneinfo/asia/shanghai /etc/localtimecat > /etc/sysconfig/clock << eofzone= " Asia/shanghai "utc=falsearc=falseeoffi#start ntpd server/etc/init.d/ntpd startchkconfig ntpd onecho "Present time zone:" ' Date +%z ' echo -e "\033[31m time zone ok \033[0m "} #设置时区 (linux 7.x) zone_7_time () {# install ntpyum -y install ntp ntpdate# time zoneif [ ' date +%z ' != ' +0800 ' ]; thenrm -f /etc/localtimeln -sf /usr/share/zoneinfo/asia/shanghai /etc/localtimecat > / Etc/sysconfig/clock << erzone= "Asia/shanghai" utc=falsearc=falseerfi# start ntp serversystemctl start ntpdsystemctl enabld ntpd.serviceecho "Present time Zone: "' Date +%z ' echo -e " \033[31m linux 7 time zone ok \033[0m "}# ###### above is the time zone settings has 2 versions, choose according to your own situation. ## no need to, beautify the prompt # Modify the bash prompt string #echo "change bash prompt string ..." #echo ' ps1= ' \[\e[37;40m\][\[\e[32;40m\]\u \[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\\$ "' >> ~/.bashrc#source .bashrc# Change the character set (linux 6.x character set)/bin/cp /etc/sysconfig/i18n /etc/sysconfig/i18n.bakecho ' LANG= ' en_US. UTF-8 "' >/etc/sysconfig/i18n#linux 7 character set character_insTall () {#安装中文支持yum -y install kde-l10n-chineseyum -y reinstall glibc-commonsed -i '/^lang=/c\lang= ' ZH_CN. UTF-8 "' /etc/locale.confsource /etc/locale.conf} #修改文件打开数echo " Number of changes to File open ... "cat >> /etc/security/limits.conf <<EOF* soft nproc 65535* hard nproc 65535* soft nofile 65535* hard nofile 65535eofecho "ulimit -SHn 65535 " >> /etc/rc.local# optimize kernel parameters echo " optimize kernel parameters ... "sed -i " s/net.ipv4.tcp_ Syncookies.*$/net.ipv4.tcp_syncookies = 1/g ' /etc/sysctl.confcat >> /etc/ Sysctl.conf << endfnet.ipv4.tcp_max_syn_backlog = 65536net.core.netdev_max_backlog = 32768net.core.somaxconn = 32768net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.ipv4.tcp_timestamps = 0net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries = 2net.ipv4.tcp_tw_recycle = 1#net.ipv4.tcp_tw_len = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_fin_timeout = 30net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_max_orphans = 3276800net.ipv4.ip_local_port_range = 1024 65535endfsysctl -p# optimized SSH parameters echo "optimized ssh ..." sed -i '/^ #UseDNS/s/#UseDNS yes/usedns no/g ' /etc/ssh/sshd_config#sed -i ' s/#PermitEmptyPasswords no/permitemptypasswords no/g ' /etc/ssh/sshd_config/etc/init.d/sshd restart
Linux Server Initialization Optimization script