#!/bin/bash
#set env
Export lang= "en_US. UTF-8 "
Export path= $PATH:/bin/sbin:/usr/sbin
#whether ROOT to running user
if [[$ (WhoAmI)! = root]];then
echo "Please su-root run the script."
Fi
Service= ' which service '
chkconfig= ' which chkconfig '
. /etc/init.d/functions
#set time
Inittime () {
Yum-y Install ntpdate >/dev/null 2>&1
Ntpdate asia.pool.ntp.org >/dev/null 2>&1
echo "*/5 * * * * * ntpdate asia.pool.ntp.org >>/var/spool/cron/root 2>/dev/null" >/var/spool/cron/root 2> /dev/null
[$?-eq 0] && action "Inittime is OK"/bin/true | | Exit 1
Sleep 3
}
#install Packages
Inittool () {
Yum-y install Sysstat net-snmp lrzsz SAR gcc gcc-c++ >/dev/vull 2>&1
Yum groupinstall "Compatibility Libraries" "Base" "Development tools" >/dev/null 2>&1
Yum groupinstall "Debugging Tools" "Dial-up Networking support" >/dev/null 2>&1
[$?-eq 0] && action "Inittool is OK"/bin/true | | Exit 1
Sleep 3
}
#update the System lang
initi18n () {
cat/etc/sysconfig/i18n >/etc/sysconfig/i18n.bak
Echo lang= "en_US. UTF-8 ">>/etc/sysconfig/i18n
source/etc/sysconfig/i18n
[$?-eq 0] && action "initi18n is OK:"/bin/true | | Exit 1
Sleep 3
}
#start iptables
Initselinux () {
selinux= "'/usr/sbin/getenforce '"
Cat/etc/selinux/config >/etc/selinux/config.bak
[$selinux! = "Disabled"] &&/usr/sbin/setenforce 0 >/dev/null 2>& 1 | | echo "SELinux is ok ... "
Sleep 3
}
#close not need to service
Initservice () {
Export lang= "en_US. UTF-8 "
For i in ' chkconfig--list | Grep-i "3:on" | awk ' {print '} ';d o chkconfig $i off; Done
For I in Crond network Rsyslog sshd;do chkconfig--level 3 $i On;done
[$?-eq 0] && action "Initservice is OK:"/bin/true | | Exit 1
Sleep 3
}
#youhua for SSH
Initssh () {
Cat/etc/ssh/sshd_config >/etc/ssh/sshd_config.bak
Useradd User >/dev/null 2>&1
echo "feb803873cc1401f" | passwd--stdin User
Sed-i ' s/#Port 22/port 22/'/etc/ssh/sshd_config
Sed-i ' s/#PermitRootLogin yes/permitrootlogin yes/'/etc/ssh/sshd_config
Sed-i ' s/#PermitEmptyPasswords no/permitemptypasswords no/'/etc/ssh/sshd_config
/etc/init.d/sshd Stop >/dev/null 2>& 1
[$?-eq 0] | | Exit 1
/etc/init.d/sshd Start >/dev/null 2>& 1
[$?-eq 0] && action "Initssh is ok ..." | | Exit 1
}
#change file Inode
OpenFiles () {
cat/etc/security/limits.conf >/etc/security/limits.conf.bak
echo "ULIMIT-HSN 65535" >>/etc/security/limits.conf
[$?-eq 0] && action "limit is OK"/bin/true | | Exit 1
Sleep 3
}
#youhua kernel
Openkernel () {
Modprobe Bridge >/dev/null 2>& 1
cat/etc/sysctl.conf >/etc/sysctl.conf.bak
Cat >>/etc/sysctl.conf << EOF
########################################################
Net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.conf.all.log_martians = 1
Net.ipv4.conf.default.log_martians = 1
Net.ipv4.conf.all.accept_source_route = 0
Net.ipv4.conf.default.accept_source_route = 0
Net.ipv4.conf.all.rp_filter = 1
Net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
Kernel.exec-shield = 1
Kernel.randomize_va_space = 1
Fs.file-max = 65535
Kernel.pid_max = 65536
Net.core.netdev_max_backlog = 4096
net.ipv4.tcp_window_scaling = 1
Net.ipv4.tcp_max_syn_backlog = 4096
Net.ipv4.tcp_max_tw_buckets = 4096
Net.ipv4.tcp_keepalive_time = 20
Net.ipv4.ip_forward = 0
Net.ipv4.tcp_mem = 192000 300000 732000
Net.ipv4.tcp_rmem = 51200 131072 204800
Net.ipv4.tcp_wmem = 51200 131072 204800
Net.ipv4.tcp_keepalive_timenet.ipv4.tcp_keepalive_time = 20
NET.IPV4.TCP_KEEPALIVE_INTVL = 5
Net.ipv4.tcp_keepalive_probes = 2
Net.ipv4.tcp_orphan_retries = 3
Net.ipv4.tcp_syn_retries = 3
Net.ipv4.tcp_synack_retries = 3
Net.ipv4.tcp_retries2 = 5
Net.ipv4.tcp_fin_timeout = 30
Net.ipv4.tcp_max_orphans = 2000
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
vm.min_free_kbytes=409600
vm.vfs_cache_pressure=200
Vm.swappiness = 40
Vm.dirty_expire_centisecs = 1500
Vm.dirty_writeback_centisecs = 1000
Vm.dirty_ratio = 20
Vm.dirty_background_ratio = 100
######################################################
Eof
/sbin/sysctl-p >/dev/null 2>& 1
[$?-eq 0] && action "kernel is OK"/bin/true | | Exit 1
Sleep 1
}
#init_snmp
Init_snmp () {
Cp/etc/snmp/snmpd.conf/etc/snmp/snmpd.conf.bak
Sed-i ' s/#view all/view all/'/etc/snmp/snmpd.conf
Sed-i ' s/#access myrogroup/access myrogroup/'/etc/snmp/snmpd.conf
${chkconfig} snmpd on >/dev/null 2>&1
${service} snmpd Start >/dev/null 2>&1
[$?-eq 0] && action "SNMPD is starting"/bin/true | | Exit 0
}
Initdos () {
echo >/proc/sys/net/ipv4/tcp_keepalive_time
Echo 2 >/proc/sys/net/ipv4/tcp_keepalive_probes
echo 2048 >/proc/sys/net/ipv4/tcp_max_syn_backlog
Echo 1 >/proc/sys/net/ipv4/tcp_synack_retries
Echo 1 >/proc/sys/net/ipv4/tcp_syn_retries
Echo 1 >/proc/sys/net/ipv4/tcp_syncookies
[$?-eq 0] && action "SNMPD is starting"/bin/true | | Exit 0
}
Inittime
Inittool
initi18n
Initselinux
Initservice
Initssh
OpenFiles
Openkernel
Init_snmp
Initdos
echo "Don t forget start your iptables."
This article from the "three-line, must have my teacher Yan" blog, please be sure to keep this source http://lovers.blog.51cto.com/5850489/1585178
Linux One-click Optimization (for Redhat and derivative versions)