#/bin/sh
#############################################################
#auther: Qiruyi
#date: 2016-08-05
#system: centos6.5
#version: 1.0
#set env//Set environment variables
#Source function Library.
. /etc/init.d/functions
Export path= $PATH:/bin:/sbin:/usr/sbin
#require ROOT to run this script. Using the root user
if [["$ (whoami)"! = "root"]]; Then
echo "Please su root to run this script"
Fi
#Modify the system Yum source//Modify systems Yum sources
Inityum () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to Modify the system Yum source. ------+
+--------------------------------------------------------------+
Eof
cd/etc/yum.repos.d/
\CP Centos-base.repo centos-base.repo.ori.$ (date +%f)//\CP tells the shell not to look up alias and execute the original CP directly
Ping-c 1 baidu.com >/dev/null
[! $?-eq 0] && echo $ "Networking not configured-exiting" && exit 1//[! $?-eq 0] refers to the execution state of the previous command, 0 is normal
wget--quiet-o/dev/null Http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
\CP Centos-base-sohu.repo Centos-base.repo
echo "Modify the system Yum source.------->ok"
Sleep 3
}
#Set the character encoding//set character encoding
initi18n () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to Set the character encoding. ------+
+--------------------------------------------------------------+
Eof
echo "#set lang=" zh_cn.gb18030 ""
\cp/etc/sysconfig/i18n/etc/sysconfig/i18n.$ (Date +%f)
Sed-i ' s#lang= ' en_US. UTF-8 "#LANG =" zh_cn. GB18030 "# '/etc/sysconfig/i18n//sed ' s/original string/replacement string/'
source/etc/sysconfig/i18n
grep lang/etc/sysconfig/i18n
echo "Set the character encoding.------->ok"
Sleep 3
}
#Close the firewall and SELinux//Turn off firewalls and SELinux
Initfirewall () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to Close the firewall and Selinux. ------+
+--------------------------------------------------------------+
Eof
\cp/etc/selinux/config/etc/selinux/config. ' Date + '%y-%m-%d_%h-%m-%s '
/etc/init.d/iptables stop
Chkconfig iptables off
Sed-i ' s/selinux=enable/selinux=disabled/'/etc/selinux/config
Setenforce 0
/etc/init.d/iptables status
grep selinux=disabled/etc/selinux/config
echo "Close the firewall and Selinux.------->ok"
Sleep 3
}
#Close unnecessary system service//Shut down unnecessary systems services
Initservice () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to Close unnecessary system service. ------+
+--------------------------------------------------------------+
Eof
Export lang= "en_US. UTF-8 "
For i in ' chkconfig--list |grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $i Off;done
For I in Crond network sshd syslog;do chkconfig--level 3 $i On;done
Export lang= "ZH_CN. GB18030 "
echo "Close unnecessary system service.------>ok"
Sleep 3
}
#Disable Ctrlaltdel three key to reboot system//disable Ctrl+alt+del three key restart
Initsafe () {
Cat << EOF
+--------------------------------------------------------------+
+--Welcome to Disable ctrlaltdel three key to reboot system.--+
+--------------------------------------------------------------+
Eof
\cp/etc/inittab/etc/inittab. ' Date + '%y-%m-%d_%h-%m-%s '
Sed-i "S/ca::ctrlaltdel:\/sbin/shutdown-t3-r now/#ca:: Ctrlaltdel:\/sbin/shutdown-t3-r now/"/etc/inittab
/sbin/init Q
echo "Disable Ctrlaltdel three key to reboot system.------>ok"
Sleep 3
}
#Adjust the number of open files//Adjust the system opening file
Initopenfiles () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to Adjust the number of open files. ------+
+--------------------------------------------------------------+
Eof
\cp/etc/security/limits.conf/etc/security/limits.conf. ' Date + '%y-%m-%d_%h-%m-%s '
Sed-i '/# End of file/i\*\t\t-\tnofile\t\t65535 '/etc/security/limits.conf
ULIMIT-HSN 65535
echo "ULIMIT-HSN 65535" >>/etc/rc.local
echo "Adjust the number of open files.------>ok"
Sleep 3
}
#Set system time synchronization//Setting the synchronization times
Initsystime () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to Set system time synchronization. ------+
+--------------------------------------------------------------+
Eof
Yum-y Install NTP >>/dev/null 2>&1
Ntpdate time.windows.com
echo "*/5 * * * * */usr/sbin/ntpdate time.windows.com >/dev/null 2>&1" >>/var/spool/cron/root
echo "Set system time synchronization.------>ok"
Sleep 3
}
#Optimization of system kernel//optimizing the kernel
Initkernel () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to optimization of system kernel. ------+
+--------------------------------------------------------------+
Eof
\cp/etc/sysctl.conf/etc/sysctl.conf. ' Date + '%y-%m-%d_%h-%m-%s '
Cat>>/etc/sysctl.conf<<eof
Net.ipv4.tcp_timestamps = 0
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 2
Net.ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_max_orphans = 3276800
Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216
Net.ipv4.tcp_rmem = 4096 87380 16777216
Net.ipv4.tcp_wmem = 4096 87380 16777216
Net.core.netdev_max_backlog = 32768
Net.core.somaxconn = 32768
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_fin_timeout = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.tcp_max_syn_backlog = 65535
Net.ipv4.ip_local_port_range = 1024 65535
Eof
/sbin/sysctl-p
echo "Optimization of system kernel.------>ok"
Sleep 3
}
#Installation System Tools//Installation Systems Tool
Inittool () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to installation system tools. ------+
+------<sysstat NTP net-snmp lrzsz rsync>------+
+--------------------------------------------------------------+
Eof
Yum-y Install Sysstat NTP net-snmp lrzsz rsync >/dev/null 2>&1
echo "Installation system Tools.------->ok"
Sleep 3
}
#Prohibit the use of IPV6//Forbidden IPV6
InitIPV6 () {
Cat << EOF
+--------------------------------------------------------------+
+------Welcome to prohibit the use of IPV6. ------+
+--------------------------------------------------------------+
Eof
\cp/etc/modprobe.conf/etc/modprobe.conf. ' Date + '%y-%m-%d_%h-%m-%s '
echo "Alias net-pf-10 off" >>/etc/modprobe.conf
echo "Alias IPv6 off" >>/etc/modprobe.conf
echo "Prohibit the use of IPV6.------>ok"
Sleep 3
}
Astr= "Modify system Yum source, set character encoding, turn off firewall and SELinux, shut down unnecessary system services"
Bstr= "Disable Ctrl+alt+del three key restart system"
Cstr= "Adjust the number of system open files"
dstr= "Set System Sync Time"
Estr= "Optimizing the System core"
fstr= "Installing System Tools"
Gstr= "Prohibit use of IPV6"
Hstr= "One-key initialization"
echo "+--------------------------------------------------------------+"
echo "+-----------------Welcome to initialize the system security settings! ---------------+"
echo "A:${astr}"
echo "B:${bstr}"
echo "C:${cstr}"
echo "D:${dstr}"
echo "E:${estr}"
echo "F:${fstr}"
echo "G:${gstr}"
echo "H:${hstr}"
echo "+--------------------------------------------------------------+"
echo "NOTE: If no initialization option is selected, 20 seconds will automatically select one key to initialize the installation! "
echo "+--------------------------------------------------------------+"
option= "-1"
Read-n1-t20-p "Please select the initialization option" A-c-d-e-f-g-h ":" "option
flag1=$ (Echo $option |egrep "\-1" |wc-l)
flag2=$ (Echo $option |egrep "[a-ja-h]" |wc-l)
If [$flag 1-eq 1];then
option= "K"
elif [$flag 2-ne 1];then
Echo-e "\ n \ nyou Rerun the script, enter the letter from a--->h! "
Exit 1
Fi
Echo-e "\ n the option you chose is: $option \ n"
echo "starts installation after 5 seconds ..."
Sleep 5
Case $option in
A|A)
Inityum
initi18n
Initfirewall
Initservice
;;
B|B)
Initsafe
;;
C|C)
Initopenfiles
;;
D|D)
Initsystime
;;
E|E)
Initkernel
;;
F|F)
Inittool
;;
G|G)
InitIPV6
;;
H|H)
Inityum
initi18n
Initfirewall
Initservice
Initsafe
Initopenfiles
Initsystime
Initkernel
Inittool
InitIPV6
;;
*)
echo "Please enter the letter from a--->h, thank you!" "
Exit
;;
Esac
Linux server security initialization of a custom-installed shell script