Linux server security initialization of a custom-installed shell script

#/bin/sh

#############################################################

#auther: Qiruyi

#date: 2016-08-05

#system: centos6.5

#version: 1.0

#set env//Set environment variables

#Source function Library.

. /etc/init.d/functions

Export path= $PATH:/bin:/sbin:/usr/sbin

#require ROOT to run this script. Using the root user

if [["$ (whoami)"! = "root"]]; Then

echo "Please su root to run this script"

Fi

#Modify the system Yum source//Modify systems Yum sources

Inityum () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Modify the system Yum source. ------+

+--------------------------------------------------------------+

Eof

cd/etc/yum.repos.d/

\CP Centos-base.repo centos-base.repo.ori.$ (date +%f)//\CP tells the shell not to look up alias and execute the original CP directly

Ping-c 1 baidu.com >/dev/null

[! $?-eq 0] && echo $ "Networking not configured-exiting" && exit 1//[! $?-eq 0] refers to the execution state of the previous command, 0 is normal

wget--quiet-o/dev/null Http://mirrors.sohu.com/help/CentOS-Base-sohu.repo

\CP Centos-base-sohu.repo Centos-base.repo

echo "Modify the system Yum source.------->ok"

Sleep 3

}

#Set the character encoding//set character encoding

initi18n () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Set the character encoding. ------+

+--------------------------------------------------------------+

Eof

echo "#set lang=" zh_cn.gb18030 ""

\cp/etc/sysconfig/i18n/etc/sysconfig/i18n.$ (Date +%f)

Sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. GB18030 "# '/etc/sysconfig/i18n//sed ' s/original string/replacement string/'

source/etc/sysconfig/i18n

grep lang/etc/sysconfig/i18n

echo "Set the character encoding.------->ok"

Sleep 3

}

#Close the firewall and SELinux//Turn off firewalls and SELinux

Initfirewall () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Close the firewall and Selinux. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/selinux/config/etc/selinux/config. ' Date + '%y-%m-%d_%h-%m-%s '

/etc/init.d/iptables stop

Chkconfig iptables off

Sed-i ' s/selinux=enable/selinux=disabled/'/etc/selinux/config

Setenforce 0

/etc/init.d/iptables status

grep selinux=disabled/etc/selinux/config

echo "Close the firewall and Selinux.------->ok"

Sleep 3

}

#Close unnecessary system service//Shut down unnecessary systems services

Initservice () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Close unnecessary system service. ------+

+--------------------------------------------------------------+

Eof

Export lang= "en_US. UTF-8 "

For i in ' chkconfig--list |grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $i Off;done

For I in Crond network sshd syslog;do chkconfig--level 3 $i On;done

Export lang= "ZH_CN. GB18030 "

echo "Close unnecessary system service.------>ok"

Sleep 3

}

#Disable Ctrlaltdel three key to reboot system//disable Ctrl+alt+del three key restart

Initsafe () {

Cat << EOF

+--------------------------------------------------------------+

+--Welcome to Disable ctrlaltdel three key to reboot system.--+

+--------------------------------------------------------------+

Eof

\cp/etc/inittab/etc/inittab. ' Date + '%y-%m-%d_%h-%m-%s '

Sed-i "S/ca::ctrlaltdel:\/sbin/shutdown-t3-r now/#ca:: Ctrlaltdel:\/sbin/shutdown-t3-r now/"/etc/inittab

/sbin/init Q

echo "Disable Ctrlaltdel three key to reboot system.------>ok"

Sleep 3

}

#Adjust the number of open files//Adjust the system opening file

Initopenfiles () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Adjust the number of open files. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/security/limits.conf/etc/security/limits.conf. ' Date + '%y-%m-%d_%h-%m-%s '

Sed-i '/# End of file/i\*\t\t-\tnofile\t\t65535 '/etc/security/limits.conf

ULIMIT-HSN 65535

echo "ULIMIT-HSN 65535" >>/etc/rc.local

echo "Adjust the number of open files.------>ok"

Sleep 3

}

#Set system time synchronization//Setting the synchronization times

Initsystime () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Set system time synchronization. ------+

+--------------------------------------------------------------+

Eof

Yum-y Install NTP >>/dev/null 2>&1

Ntpdate time.windows.com

echo "*/5 * * * * */usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >>/var/spool/cron/root

echo "Set system time synchronization.------>ok"

Sleep 3

}

#Optimization of system kernel//optimizing the kernel

Initkernel () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to optimization of system kernel. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/sysctl.conf/etc/sysctl.conf. ' Date + '%y-%m-%d_%h-%m-%s '

Cat>>/etc/sysctl.conf<<eof

Net.ipv4.tcp_timestamps = 0

Net.ipv4.tcp_synack_retries = 2

Net.ipv4.tcp_syn_retries = 2

Net.ipv4.tcp_mem = 94500000 915000000 927000000

Net.ipv4.tcp_max_orphans = 3276800

Net.core.wmem_default = 8388608

Net.core.rmem_default = 8388608

Net.core.rmem_max = 16777216

Net.core.wmem_max = 16777216

Net.ipv4.tcp_rmem = 4096 87380 16777216

Net.ipv4.tcp_wmem = 4096 87380 16777216

Net.core.netdev_max_backlog = 32768

Net.core.somaxconn = 32768

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_fin_timeout = 1

Net.ipv4.tcp_keepalive_time = 600

Net.ipv4.tcp_max_syn_backlog = 65535

Net.ipv4.ip_local_port_range = 1024 65535

Eof

/sbin/sysctl-p

echo "Optimization of system kernel.------>ok"

Sleep 3

}

#Installation System Tools//Installation Systems Tool

Inittool () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to installation system tools. ------+

+------<sysstat NTP net-snmp lrzsz rsync>------+

+--------------------------------------------------------------+

Eof

Yum-y Install Sysstat NTP net-snmp lrzsz rsync >/dev/null 2>&1

echo "Installation system Tools.------->ok"

Sleep 3

}

#Prohibit the use of IPV6//Forbidden IPV6

InitIPV6 () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to prohibit the use of IPV6. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/modprobe.conf/etc/modprobe.conf. ' Date + '%y-%m-%d_%h-%m-%s '

echo "Alias net-pf-10 off" >>/etc/modprobe.conf

echo "Alias IPv6 off" >>/etc/modprobe.conf

echo "Prohibit the use of IPV6.------>ok"

Sleep 3

}

Astr= "Modify system Yum source, set character encoding, turn off firewall and SELinux, shut down unnecessary system services"

Bstr= "Disable Ctrl+alt+del three key restart system"

Cstr= "Adjust the number of system open files"

dstr= "Set System Sync Time"

Estr= "Optimizing the System core"

fstr= "Installing System Tools"

Gstr= "Prohibit use of IPV6"

Hstr= "One-key initialization"

echo "+--------------------------------------------------------------+"

echo "+-----------------Welcome to initialize the system security settings! ---------------+"

echo "A:${astr}"

echo "B:${bstr}"

echo "C:${cstr}"

echo "D:${dstr}"

echo "E:${estr}"

echo "F:${fstr}"

echo "G:${gstr}"

echo "H:${hstr}"

echo "+--------------------------------------------------------------+"

echo "NOTE: If no initialization option is selected, 20 seconds will automatically select one key to initialize the installation! "

echo "+--------------------------------------------------------------+"

option= "-1"

Read-n1-t20-p "Please select the initialization option" A-c-d-e-f-g-h ":" "option

flag1=$ (Echo $option |egrep "\-1" |wc-l)

flag2=$ (Echo $option |egrep "[a-ja-h]" |wc-l)

If [$flag 1-eq 1];then

option= "K"

elif [$flag 2-ne 1];then

Echo-e "\ n \ nyou Rerun the script, enter the letter from a--->h! "

Exit 1

Fi

Echo-e "\ n the option you chose is: $option \ n"

echo "starts installation after 5 seconds ..."

Sleep 5

Case $option in

A|A)

Inityum

initi18n

Initfirewall

Initservice

;;

B|B)

Initsafe

;;

C|C)

Initopenfiles

;;

D|D)

Initsystime

;;

E|E)

Initkernel

;;

F|F)

Inittool

;;

G|G)

InitIPV6

;;

H|H)

Inityum

initi18n

Initfirewall

Initservice

Initsafe

Initopenfiles

Initsystime

Initkernel

Inittool

InitIPV6

;;

*)

echo "Please enter the letter from a--->h, thank you!" "

Exit

;;

Esac

Linux server security initialization of a custom-installed shell script