Linux Basic optimization Scripts

Last Update:2017-12-14 Source: Internet

Author: User

Tags gpg i18n rsyslog

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

[email protected] opt]# cat tun_ins.sh
#!/bin/bash

################################################################
# Base Plform for x86_64 BIT_CENTOS6 #
# Define Yum & Base Tools & Security File && Kernel Sysctl #
# Author Pharmacodia #
# create_time:20170212 #
# last_modifild:20171213 #
################################################################

function check_env ()
{
Sleep 1
Cat <<eof
+----------------------------------+
|will be check env ... |
+----------------------------------+
Eof
Check_user= ' Id-u '
if [${check_user}! = "0"];then
echo "must is root can use!"
Exit 1
Fi

Platform= ' Uname-i '
if [$platform! = "x86_64"];then
echo "Check system is x86_64 CentOS bit!"
Exit 1
Fi

#UTF-8 Char
Sed-i ' [email protected]=.*[email protected]= ' en_US. UTF-8 "@g '/etc/sysconfig/i18n
source/etc/sysconfig/i18n
Yum-y Install REDHAT-LSB wget.x86_64
Version= ' Lsb_release-r|awk-f. ' {print $} '
if [$version! = 6];then
echo "This script was only for CentOS 6!"
Exit 1
Fi
Cat << EOF
+--------------------------------------+
|check env finished,it seems ok ...
+--------------------------------------+
Eof
Sleep 1
Echo-e "\ n"
}

function tune ()
{
Cat << EOF
+-------------------------+
| Start Tunne ... |
+-------------------------+
Eof
#yum Clean All
#yum Makecache
#rpm--import/etc/pki/rpm-gpg/rpm-gpg-key*
Yum Upgrade-y
# Add some Install base tools & Packages & Library
Wget-c http://epel.mirror.net.in/epel/6/x86_64/epel-release-6-8.noarch.rpm
RPM-IVH epel-release-6-8.noarch.rpm
For I in $ (rpm-q glibc glibc-static glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel Libaio readline -devel Curl Curl-devel libidn libidn-devel autoconf libjpeg libjpeg_devel libpng libpng_devel freetype freetype-devel libx ML2 libxml2-devel zlib zlib-devel gcc gcc-c++ lrzsz ntpdate nmap.x86_64 lsof.x86_64 sysstat.x86_64 glances kernel-devel op Enssl openssl-devel popt-devel popt-static libnl-devel libicu-devel libevent-devel tree nc make CMake jemalloc pcre pcre-d Evel pcre-static libzip.x86_64 libzip-devel.x86_64 libevent-devel libool libool-ltdl gd-devel bison vim-enhanced zip Unzi P Patch Expect|awk '/not install/{print $} ');d o yum-y install $i;d One

# # #sync time to cn.pool.ntp.org server everyday
If [$ (pgrep ntpd) > 0];then
Pkill ntpd
Chkconfig--level 3 ntpd off
Else
echo "Services ntpd has stoped ... \ n"
Fi
echo "*/5 * * * * */usr/sbin/ntpdate cn.pool.ntp.org >/dev/null 2>&1" >>/var/spool/cron/root

#Tune file descriptors limit
echo "Ulimit-shn 102400" >>/etc/rc.local
#modprobe Bridge
echo "Modprobe Bridge" >>/etc/rc.local
echo "Modprobe ip_conntrack" >>/etc/rc.local
Ulimit-shn 65535
Cat >>/etc/security/limits.conf << EOF
* Soft Nproc 65535
* Hard Nproc 65535
* Soft Nofile 65535
* Hard Nofile 65535
Eof

#Change user ' s processes limit
s_num=$ (cat/etc/security/limits.d/90-nproc.conf |awk '/*/{print $4} ')
d_num=$ (cat/etc/security/limits.d/90-nproc.conf |awk '/*/{print NR} ')
[${s_num}-gt 65500] | | Sed-i "${d_num}s/${s_num}/65535/"/etc/security/limits.d/90-nproc.conf

# # Security File
Chattr +i/etc/passwd
Chattr +i/etc/inittab
Chattr +i/etc/group
Chattr +i/etc/shadow
Chattr +i/etc/gshadow
# # Security File
#tune kernel
[-E '/etc/sysctl.conf '] &&/bin/mv/etc/sysctl.conf{, ' Date +%f '}
Cat >>/etc/sysctl.conf << EOF
#iptables prefomances
Net.nf_conntrack_max = 25000000
Net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
Net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
Net.ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_timestamps = 0
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216
Net.core.netdev_max_backlog = 262144
Net.core.somaxconn = 262144
Net.ipv4.tcp_max_orphans = 3276800
Net.ipv4.tcp_max_syn_backlog = 262144
Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.ipv4.tcp_fin_timeout = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time =600
Net.ipv4.ip_local_port_range = 1024 65530
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Eof
/sbin/sysctl-p
Cat << EOF
+--------------------------------------------------------------------------+
| Tune finished ... |
| Check_running Process Limit & Check if running process reload and restart|
+--------------------------------------------------------------------------+
Eof
}

function Start_tune ()
{
Read-p "tune start ... yes/no?:" Command
Case $command in
"Yes" | " Y "|" Y ")
Check_env
Tune
;;
*)
Exit 1
;;
Esac
Cat << EOF
+-------------------------------------------------------+
|start_tune function execute would be-start in 3s .... |
| CTRL + C to be Interrupt .... |
+-------------------------------------------------------+
Eof
Sleep 3
Echo-e "\ n"
}

#disable SELinux
Disabled_selinux ()
{
# Close SELINUX
Setenforce 0
#sed-i ' s/^selinux=.*$/selinux=disabled/'/etc/selinux/config
Sed-i ' s#selinux=.* #SELINUX =disabled#g '/etc/selinux/config
}

Stop_server () {
Chkconfig|egrep-v "Crond|sshd|network|rsyslog|sysstat" |awk ' {print "Chkconfig", $, "Off"} ' |bash
Export lang=en
#for server in ' chkconfig--list |grep 3:on|awk ' {print '} '
# do
# chkconfig--level 3 $server off
#done
#
#for Server in Crond network Rsyslog sshd
# do
# chkconfig--level 3 $server on
#done
}

Init_iptables () {
[-E '/etc/sysconfig/iptables '] &&/bin/mv/etc/sysconfig/iptables{, ' Date +%f '}
Cat >/etc/sysconfig/iptables << EOF
# Firewall configuration written by System-config-securitylevel
# Manual Customization of this file are not recommended.
*filter
: INPUT DROP [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
: Syn-flood-[0:0]
-A input-i lo-j ACCEPT
-A input-m state--state related,established-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 22-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 10086-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 80-j ACCEPT
-A input-p icmp-m limit--limit 100/sec--limit-burst 100-j ACCEPT
-A input-p icmp-m limit--limit 1/s--limit-burst 10-j ACCEPT
-A input-p tcp-m tcp--tcp-flags fin,syn,rst,ack syn-j Syn-flood
-A input-j REJECT--reject-with icmp-host-prohibited
-A syn-flood-p tcp-m limit--limit 3/sec--limit-burst 6-j RETURN
-A syn-flood-j REJECT--reject-with icmp-port-unreachable
COMMIT
Eof
Modprobe Bridge
Modprobe Ip_conntrack
/etc/init.d/iptables restart
}

Sys_init ()
{
Check_env
Tune
Disabled_selinux
Start_tune
Stop_server
Init_iptables
}
Color_env ()
{
[-z] ' CAT/ROOT/.BASHRC | grep ^ps1 ' "] && echo ' ps1=" \[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\w\[\e[0m\]]\\$ "' > > ~/.BASHRC
SOURCE ~/.BASHRC
}

Sys_init
Color_env

Linux Basic optimization Scripts

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More