Linux server security initialization of a custom-installed shell script

Source: Internet
Author: User
Tags i18n snmp iptables rsync egrep

#/bin/sh

#############################################################

#auther: Qiruyi

#date: 2016-08-05

#system: centos6.5

#version: 1.0

#set env//Set environment variables

#Source function Library.

. /etc/init.d/functions

Export path= $PATH:/bin:/sbin:/usr/sbin

#require ROOT to run this script. Using the root user

if [["$ (whoami)"! = "root"]]; Then

echo "Please su root to run this script"

Fi

#Modify the system Yum source//Modify systems Yum sources

Inityum () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Modify the system Yum source. ------+

+--------------------------------------------------------------+

Eof

cd/etc/yum.repos.d/

\CP Centos-base.repo centos-base.repo.ori.$ (date +%f)//\CP tells the shell not to look up alias and execute the original CP directly

Ping-c 1 baidu.com >/dev/null

[! $?-eq 0] && echo $ "Networking not configured-exiting" && exit 1//[! $?-eq 0] refers to the execution state of the previous command, 0 is normal

wget--quiet-o/dev/null Http://mirrors.sohu.com/help/CentOS-Base-sohu.repo

\CP Centos-base-sohu.repo Centos-base.repo

echo "Modify the system Yum source.------->ok"

Sleep 3

}

#Set the character encoding//set character encoding

initi18n () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Set the character encoding. ------+

+--------------------------------------------------------------+

Eof

echo "#set lang=" zh_cn.gb18030 ""

\cp/etc/sysconfig/i18n/etc/sysconfig/i18n.$ (Date +%f)

Sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. GB18030 "# '/etc/sysconfig/i18n//sed ' s/original string/replacement string/'

source/etc/sysconfig/i18n

grep lang/etc/sysconfig/i18n

echo "Set the character encoding.------->ok"

Sleep 3

}

#Close the firewall and SELinux//Turn off firewalls and SELinux

Initfirewall () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Close the firewall and Selinux. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/selinux/config/etc/selinux/config. ' Date + '%y-%m-%d_%h-%m-%s '

/etc/init.d/iptables stop

Chkconfig iptables off

Sed-i ' s/selinux=enable/selinux=disabled/'/etc/selinux/config

Setenforce 0

/etc/init.d/iptables status

grep selinux=disabled/etc/selinux/config

echo "Close the firewall and Selinux.------->ok"

Sleep 3

}

#Close unnecessary system service//Shut down unnecessary systems services

Initservice () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Close unnecessary system service. ------+

+--------------------------------------------------------------+

Eof

Export lang= "en_US. UTF-8 "

For i in ' chkconfig--list |grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $i Off;done

For I in Crond network sshd syslog;do chkconfig--level 3 $i On;done

Export lang= "ZH_CN. GB18030 "

echo "Close unnecessary system service.------>ok"

Sleep 3

}

#Disable Ctrlaltdel three key to reboot system//disable Ctrl+alt+del three key restart

Initsafe () {

Cat << EOF

+--------------------------------------------------------------+

+--Welcome to Disable ctrlaltdel three key to reboot system.--+

+--------------------------------------------------------------+

Eof

\cp/etc/inittab/etc/inittab. ' Date + '%y-%m-%d_%h-%m-%s '

Sed-i "S/ca::ctrlaltdel:\/sbin/shutdown-t3-r now/#ca:: Ctrlaltdel:\/sbin/shutdown-t3-r now/"/etc/inittab

/sbin/init Q

echo "Disable Ctrlaltdel three key to reboot system.------>ok"

Sleep 3

}

#Adjust the number of open files//Adjust the system opening file

Initopenfiles () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Adjust the number of open files. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/security/limits.conf/etc/security/limits.conf. ' Date + '%y-%m-%d_%h-%m-%s '

Sed-i '/# End of file/i\*\t\t-\tnofile\t\t65535 '/etc/security/limits.conf

ULIMIT-HSN 65535

echo "ULIMIT-HSN 65535" >>/etc/rc.local

echo "Adjust the number of open files.------>ok"

Sleep 3

}

#Set system time synchronization//Setting the synchronization times

Initsystime () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to Set system time synchronization. ------+

+--------------------------------------------------------------+

Eof

Yum-y Install NTP >>/dev/null 2>&1

Ntpdate time.windows.com

echo "*/5 * * * * */usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >>/var/spool/cron/root

echo "Set system time synchronization.------>ok"

Sleep 3

}

#Optimization of system kernel//optimizing the kernel

Initkernel () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to optimization of system kernel. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/sysctl.conf/etc/sysctl.conf. ' Date + '%y-%m-%d_%h-%m-%s '

Cat>>/etc/sysctl.conf<<eof

Net.ipv4.tcp_timestamps = 0

Net.ipv4.tcp_synack_retries = 2

Net.ipv4.tcp_syn_retries = 2

Net.ipv4.tcp_mem = 94500000 915000000 927000000

Net.ipv4.tcp_max_orphans = 3276800

Net.core.wmem_default = 8388608

Net.core.rmem_default = 8388608

Net.core.rmem_max = 16777216

Net.core.wmem_max = 16777216

Net.ipv4.tcp_rmem = 4096 87380 16777216

Net.ipv4.tcp_wmem = 4096 87380 16777216

Net.core.netdev_max_backlog = 32768

Net.core.somaxconn = 32768

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_fin_timeout = 1

Net.ipv4.tcp_keepalive_time = 600

Net.ipv4.tcp_max_syn_backlog = 65535

Net.ipv4.ip_local_port_range = 1024 65535

Eof

/sbin/sysctl-p

echo "Optimization of system kernel.------>ok"

Sleep 3

}

#Installation System Tools//Installation Systems Tool

Inittool () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to installation system tools. ------+

+------<sysstat NTP net-snmp lrzsz rsync>------+

+--------------------------------------------------------------+

Eof

Yum-y Install Sysstat NTP net-snmp lrzsz rsync >/dev/null 2>&1

echo "Installation system Tools.------->ok"

Sleep 3

}

#Prohibit the use of IPV6//Forbidden IPV6

InitIPV6 () {

Cat << EOF

+--------------------------------------------------------------+

+------Welcome to prohibit the use of IPV6. ------+

+--------------------------------------------------------------+

Eof

\cp/etc/modprobe.conf/etc/modprobe.conf. ' Date + '%y-%m-%d_%h-%m-%s '

echo "Alias net-pf-10 off" >>/etc/modprobe.conf

echo "Alias IPv6 off" >>/etc/modprobe.conf

echo "Prohibit the use of IPV6.------>ok"

Sleep 3

}

Astr= "Modify system Yum source, set character encoding, turn off firewall and SELinux, shut down unnecessary system services"

Bstr= "Disable Ctrl+alt+del three key restart system"

Cstr= "Adjust the number of system open files"

dstr= "Set System Sync Time"

Estr= "Optimizing the System core"

fstr= "Installing System Tools"

Gstr= "Prohibit use of IPV6"

Hstr= "One-key initialization"

echo "+--------------------------------------------------------------+"

echo "+-----------------Welcome to initialize the system security settings! ---------------+"

echo "A:${astr}"

echo "B:${bstr}"

echo "C:${cstr}"

echo "D:${dstr}"

echo "E:${estr}"

echo "F:${fstr}"

echo "G:${gstr}"

echo "H:${hstr}"

echo "+--------------------------------------------------------------+"

echo "NOTE: If no initialization option is selected, 20 seconds will automatically select one key to initialize the installation! "

echo "+--------------------------------------------------------------+"

option= "-1"

Read-n1-t20-p "Please select the initialization option" A-c-d-e-f-g-h ":" "option

flag1=$ (Echo $option |egrep "\-1" |wc-l)

flag2=$ (Echo $option |egrep "[a-ja-h]" |wc-l)

If [$flag 1-eq 1];then

option= "K"

elif [$flag 2-ne 1];then

Echo-e "\ n \ nyou Rerun the script, enter the letter from a--->h! "

Exit 1

Fi

Echo-e "\ n the option you chose is: $option \ n"

echo "starts installation after 5 seconds ..."

Sleep 5

Case $option in

A|A)

Inityum

initi18n

Initfirewall

Initservice

;;

B|B)

Initsafe

;;

C|C)

Initopenfiles

;;

D|D)

Initsystime

;;

E|E)

Initkernel

;;

F|F)

Inittool

;;

G|G)

InitIPV6

;;

H|H)

Inityum

initi18n

Initfirewall

Initservice

Initsafe

Initopenfiles

Initsystime

Initkernel

Inittool

InitIPV6

;;

*)

echo "Please enter the letter from a--->h, thank you!" "

Exit

;;

Esac


Linux server security initialization of a custom-installed shell script

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.