#!/bin/bash
#0. Disable SELinux
Setenforce 0
Sed-i ' s/selinux=enforcing/selinux=permissive/g '/etc/sysconfig/selinux
#1. Set IP Address
#
#read-P "input interface Num[eth0,eth1]:" int
#read-P "Input IP address:" IP
#read-P "input netmask:" Ms
#read-P "input Gateway:" GW
#
#cat >/etc/sysconfig/network-scripts/ifcfg-$int << EOF
#DEVICE = $int
#TYPE =ethernet
#ONBOOT =yes
#NM_CONTROLLED =no
#BOOTPROTO =static
#IPADDR = $ip
#NETMASK = $ms
#GATEWAY = $GW
#EOF
#
#2. Set DNS
#read-P "input DNS server[df:114.114.114.114]:" DNS
#if [$dns = 0];then
Dns= "114.114.114.114"
echo "NameServer $dns" >>/etc/resolv.conf
#else
#echo "NameServer $dns" >>/etc/resolv.conf
#fi
#3. Set Iptables
Iptables-f
Iptables-x
Iptables-z
/etc/init.d/iptables Save
Cat >/etc/sysconfig/iptables << EOF
*filter
: INPUT DROP [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
-A input-m state--state related,established-j ACCEPT
-A input-i lo-j ACCEPT
-A input-s 10.0.8.0/24-j ACCEPT
-A input-s 10.0.10.0/24-j ACCEPT
-A input-s 121.9.13.0/24-p tcp-m state--state new-m tcp-j ACCEPT
-A input-s 121.9.243.0/24-p tcp-m state--state new-m tcp-j ACCEPT
COMMIT
Eof
/etc/init.d/iptables restart
#4. Add Login User
#pw = "x+y-z= ' echo ${ip} | Awk-f '. ' ' {print $NF} ' "
#useradd Youboy
#echo "$PW" |passwd--stdin Youboy
#5. Modify SSH Port
#sed-i ' s/#Port 22/port 22612/'/etc/ssh/sshd_config
#sed-i ' s/#PermitRootLogin yes/permitrootlogin no/'/etc/ssh/sshd_config
#/etc/init.d/sshd Reload
#6. Sync Time
Echo ' 0 0 * * */usr/sbin/ntpdate cn.pool.ntp.org ' >>/var/spool/cron/root
#7. The kernel optimization
Cat >/etc/sysctl.conf << EOF
Net.ipv4.ip_forward = 0
Net.ipv4.conf.default.rp_filter = 1
Net.ipv4.conf.default.accept_source_route = 0
KERNEL.SYSRQ = 0
Kernel.core_uses_pid = 1
Net.ipv4.tcp_syncookies = 1
KERNEL.MSGMNB = 65536
Kernel.msgmax = 65536
Kernel.shmmax = 68719476736
Kernel.shmall = 4294967296
Net.ipv4.tcp_max_tw_buckets = 20000
Net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
Net.ipv4.tcp_rmem = 4096 87380 4194304
Net.ipv4.tcp_wmem = 4096 16384 4194304
Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216
Net.core.netdev_max_backlog = 262144
Net.core.somaxconn = 262144
Net.ipv4.tcp_max_orphans = 3276800
Net.ipv4.tcp_max_syn_backlog = 262144
Net.ipv4.tcp_timestamps = 0
Net.ipv4.tcp_synack_retries = 1
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_fin_timeout = 1
Net.ipv4.tcp_keepalive_time = 1200
Net.ipv4.ip_local_port_range = 1024 65535
Net.ipv4.netfilter.ip_conntrack_max = 102400
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 86400
Eof
#8. Set Connetions limit
Cat >>/etc/security/limits.conf << EOF
* Soft Nproc 4000
* Hard Nproc 4000
* Soft Nofile 65535
* Hard Nofile 65535
* Soft Stack 4000
* Hard Stack 4000
Eof
#9. Tunoff Powered up service
For i in ' ls/etc/rc3.d/s* '
Do
Cursrv= ' echo $i |cut-c 15-'
Echo $CURSRV
Case $CURSRV in
Network | sshd | syslog | Iptables |vncserver | LIBVIRTD | libvirt-guests | Master | java | SNMPD)
echo "Base services, skip!"
;;
*)
echo "Change $CURSRV to Off"
Chkconfig--level 235 $CURSRV off
Service $CURSRV Stop
;;
Esac
Done
#10. Reboot
Echo ' System init is Done,now reboot! '
#init 6
CentOS System Optimization