Linux system initialization configuration script sharing

This script is my reference to a great God's script rewrite (in fact, it is naked to use), the main function is to implement the system custom configuration, build the original Linux environment template, share to everyone, by the way share a little trick:

After you copy the code, open the document with "notepad++" or another editor, and "alt+0" collapses the function for easy reference.

In this way I learned from the [Python example handbook] [Shell Instance Handbook] of the Cedar God, thanks to their shared spirit, and have been maintaining the updates of the two manuals, sharing the addresses of the two manuals:

[Python Example manual] [Shell Example Manual] [Lazymanage Operations Batch management (Shell/python two versions)]

Network Disk Update: Http://pan.baidu.com/s/1sjsFrmX

GitHub Update: Https://github.com/liquanzhou/ops_doc

The following is my script, you can give the operation of the small partners to learn from the framework, the script can be written on this basis to change oh, it is recommended that you do not use, this script there are some not sound places, welcome everyone to find fault.

#!/bin/sh##################################################################################### #auther: gushao# time:2015-5-11#system: centos 6.5# system-Based optimization script for XenServer virtual machine ########################################## ########################################### #set  env#export path= $PATH:/bin:/sbin:/usr/sbin# Path is not configured and is empty before it is configured # This version applies to centos 6.5####################################################################### ############## #申明环境变量export  path=${path:-/bin:/sbin:/usr/sbin}export lang= "ZH_CN. UTF-8 "#Source  funtion library.  /etc/init.d/functions#Require root to run this scriptif [[  "$ (whoami) " !=  ' root '  ]];thenecho " Please run this script as root "  > $2exit 1fi#define cmd varservice= ' Which service ' CHKCONFIG= ' which chkconfig ' ##################################################################################### #申明环境变量BACK_CONF =/root/ Back_confadjust_conf=/root/adjust_conftest -d  $BACK _conf | |  mkdir  -p  $BACK _conftest -d  $ADJUST _conf | |  mkdir  -p  $ADJUST _conf################################################################### ################## #申明设置变量SSH_PORT =22#sauserarr= (oldboy oldboy1 oldboy2) sauserarr=nginxsauserpass= nginxhostnametmp=tomcat04.qhfaxip=your_ipip_gatway=your_gatway_ip############################################# ######################################## #01    Software Preparation installtool () {echo  ' "Development tools"   "Chinese support"   '  yum -y groupinstall  ' development tools '   ' Chinese support '    > /dev/null   yum -y update   > /dev/null      action  "01  Software update Success"   /bin/ TRUEYUM&NBSP;INSTALL&NBSP;WGET&NBSP;-Y} #02   Host domain name Settings inithostname () {\cp /etc/hosts  $BAck_conf/hosts.$ (date +%f)     echo  "$ip   $HOSTNAMETMP"  >> / etc/hosts# make hostname effective hostname  $hostNameTmpaction   "02  host name set up successfully! "  /bin/true} #03  ip set Inithostip () {   cat >  $ADJUST _conf/ifcfg-eth0  << eofdevice=eth0bootproto=staticonboot=yesipaddr= $ipNETMASK = "255.255.255.0" Gateway=${ip_ gatway}eofsed -i  "S/hostname=/hostname= $hostNameTMP/"  /etc/sysconfig/network\cp /etc/ sysconfig/network-scripts/ifcfg-eth0  $BACK _conf/ifcfg-eth0.$ (date +%f) cat  $ADJUST _conf/ ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0if [  ' cat /etc/hosts |  grep  $hostNameTmp  | wc -l '  -lt 1 ];thenecho  $ip  $ Hostnametmp " >> /etc/hostsfi# make IP effective/etc/init.d/network reload  action " 03 &NBSP;IP address set up successfully! "  /bin/true} #04   Set the correct time zone Initzone () {    if [  ' zone= ' Asia/shanghai '  ==  ' Cat /etc/sysconfig/clock '   ]; thencp -f /usr/share/zoneinfo/asia/shanghai /etc/localtimeecho  ' ZONE= "Asia/Shanghai"  > /etc/sysconfig/clockfiaction  "04  time zone has been set successfully! "  /bin/true} #05   time Sync syncsystemtime () {if [  ' grep 0.0.0.123 /var/spool/cron/ root | grep -v grep | wc -l  '  -lt 1 ];thenecho  ' * * 5 * * * * root /usr/sbin/ntpdate 10.0.0.123 > /dev/null 2 >&1  " >> /var/spool/cron/rootfiaction " 05  synchronization system Time success! "  /bin/true} #06   Set server character encoding initi18n () {cat >  $ADJUST _conf/i18n  <<  eoflang= "ZH_CN. UTF-8 "supported=" ZH_CN. Gb2312:zh_cn. Utf-8:zh_cn:zh:en_us. Utf-8:en_us:en "sysfont=" Latarcyrheb-sun16 "eofcmp   $ADJUST _conf/i18n  /etc/sysconfig/i18nif   [ $? -ne  0 ];then\cp  /etc/sysconfig/i18n  $BACK _conf/i18n.$ ( date +%f) #此处需要修改, increase judgment cat  $ADJUST _conf/i18n > /etc/sysconfig/i18n  source  /etc/sysconfig/i18ngrep LANG /etc/sysconfig/i18naction  "06  character encoding has been set successfully"   / bin/true  elseaction  "06  character encoding has been set successfully"   /bin/true  fisleep 1} #07   User Settings Addsauser () {datetmp= ' date + "%y-%m-%d_%h-%m-%s" ' #\cp /etc/sudoers /etc/sudoers.${ Datetmp}for ((i=0;i<${#saUserArr [@]};i++)) do if [  ' Cat /etc/passwd | grep   ${sauserarr[$1]} | wc -l '  -lt 1 ];thenuseradd   ${ sauserarr[$1]}echo  "${sauserpass}"  | passwd ${sauserarr[$i]} --stdinaction  "07   Add new User success! "  /bin/trueelseaction " 07  new user has been added! "  /bin/truefiecho " ${sauserpass} " | passwd ${sauserarr[$i]} --stdin#config sudo perm#[ $ (grep  "${sauserarr[$i]} all= (All)   nopasswd:all  " /etc/sudoers|wc -l )  -le 0 ] && echo  "${sauserarr[$i]} all= (All)  nopasswd:all"  >> /etc/sudoers#[  "grep " \%sa "  | grep -v grep | wc -l '  -ne 1 ] &&   echo  "%sa  all= (All)  nopasswd:all"  >> /etc/sudoersdone#/usr/sbin/visudo  -c#[ $? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/ sudoers && echo $ "Sudoers not configured -- exinging"  & &AMP;&NBSP;EXIT&NBSP;1SLEEP&NBSP;1} #08   File open number openfiles () {cat >  $ADJUST _conf/limits.conf   << EOF# nofile  can be understood as the number of file handles   file descriptors   and the number of sockets * soft nofile  65535* hard nofile 65535#  maximum number of processes * soft nproc 65535* hard nproc 65535eofcmp    $ADJUST _conf/limits.conf  /etc/security/limits.confif  [ $? -ne   0 ];thenecho  "----Adjust the maximum number of open system files 65,535------" \cp /etc/security/limits.conf  $BACK _conf/limits.conf. ' date +%f ' cat  $ADJUST _conf/limits.conf > /etc/security/limits.conf   ulimit -HSn 65535echo  "ulimit -hsn 65535"  >> /etc/ rc.localaction  "08  Adjust the number of open system files successfully! (Re-login effective after modification) "  /bin/trueelse     action " 08  adjust the number of open system files is configured! "  /bin/truefisleep 1} #09   firewall iptables settings closeiptables () {/etc/init.d/iptables  stopaction  "09  closed iptables"   /bin/true} #10  selinux Settings initfirewall () {if [  ' cat /etc/selinux/config | grep -v  ' # '  | grep selinux= '  !=   ' selinux=disabled '  ];then\cp /etc/selinux/config  $BACK _conf/config ' date +%f ' sed -i   ' s/selinux=enforcing/selinux=disabled/'  /etc/selinux/configsetenforce 0/etc/init.d/iptables  statusgrep SELINUX=disabled /etc/selinux/configaction  "10  is off SELINUX"   / bin/trueelse         action  "10 selinux are closed"   &NBSP;/BIN/TRUEFISETENFORCE&NBSP;0&NBSP;&NBSP;&NBSP;&NBSP;SLEEP&NBSP;1} #11  sshd Settings initssh () {cat >   $ADJUST _conf/sshd_config  << eofport  $SSH _portprotocol 2compression  Yesrsaauthentication yespubkeyauthentication yesauthorizedkeysfile.ssh/authorized_ keyspermitrootlogin yesusedns nosyslogfacility authprivpasswordauthentication  Yeschallengeresponseauthentication nogssapiauthentication nogssapicleanupcredentials yesusepam  yesacceptenv lang lc_ctype lc_numeric lc_time lc_collate lc_monetary lc_messagesacceptenv lc_paper lc_name  lc_address lc_telephone lc_measurementacceptenv lc_identification lc_all  Languageacceptenv xmodifiersx11forwarding nosubsystem       sftp     /usr/libexec/openssh/sftp-serverEOFcmp   $ADJUST _conf/sshd_config /etc/ ssh/sshd_configif  [ $? -ne  0 ];then\cp /etc/ssh/sshd_config    $BACK _conf/sshd_config ' date +%f ' cat  $ADJUST _conf/sshd_config > /etc/ssh/sshd_ config egrep  "usedns|52113| permitrootlogin| Peermitemppasswords "  /etc/ssh/sshd_config/etc/init.d/sshd reload && action   "11&NBSP;SSH is configured to complete! "  /bin/true  | |  action  "11&NBSP;SSH is configured to complete! "  /bin/falseelseaction " 11&NBSP;SSH is configured to complete! "  /bin/truefisleep 1} #12   banStop Ctrl+alt+del Three-button restart System init_safe () {cp /etc/init/control-alt-delete.conf  $BACK _conf/ control-alt-delete.conf. ' date +f ' sed -i  ' s#exec /sbin/shutdown -r now  ' control-alt-delete pressed "#\ #exec  /sbin/shutdown -r now " control-alt-delete  Pressed "#g  /etc/init/control-alt-delete.conf    action " 12  Forbidden ctrl+alt+ Del Three-key restart system "&NBSP;/BIN/TRUE&NBSP;} #13   Forbidden Ipv6disableipv6 () {if [  ' cat /etc/modprobe.conf  | grep  "Alias net-pf-10 off"  | wc -l '  -lt 1 ];thencp / etc/modprobe.conf  $BACK _conf/modprobe.conf. ' date +%f ' echo  "Alias net-pf-10 off"    >> /etc/modprobe.confecho  "Alias ipv6 off"   >> /etc/ modprobe.conffiaction $ "13  Forbidden to use IPV6" &NBSP;/BIN/TRUE&NBSP;} #14  yum Source Configuration Configyum () {echo  " Config yum centos-base.repo "#\cp's role is to escape the alias if [ ! -f  "/etc/yum.repos.d/epel.repo"  ];then\cp CentOS-Base.repo  centos-base.repo.bak.$ (date +%f) ping -c 1 baidu.com > /dev/null[ !  $? -eq 0 ] && echo  "networking not configured --  Exiting " && exit 1rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_ 64/epel-release-6-8.noarch.rpmrpm --import /etc/pki/rpm-gpg/rpm-gpg-key-epel-6else echo    "Yum Source has been optimized" fi} #15   basic service Initservice () {echo  "Close nouseful service" export lang= " en_US. UTF-8 "   for i in " chkconfig --list | grep 3:on |  awk  ' {print $1} ';d o chkconfig --level 3  $i  off ; done    for i in cron syslog sshd;do chkconfig --level 3  $i  on ; done&nbSp;  export lang= "ZH_CN. UTF-8 "   echo " Close nouserful service ->ok "   sleep &NBSP;1} #16   kernel optimization optimizationkernel () {echo  "  Optimize system cores------------>" \cp /etc/sysctl.conf   $BACK _conf/sysctl.conf. ' Date +%f ' cat >> /etc/sysctl.conf << Eofnet.ipv4.tcp_timestamps = onnet.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries  = 2net.ipv4.tcp_mem = 945000000 914000000 927000000net.ipv4.tcp_max_orphans  = 3276800net.ipv4.core_wmem_default = 8388608net.ipv4.core_rmem_default =  8388608net.ipv4.core_wmem_max = 16777216 net.ipv4.core_rmem_max =  16777216net.ipv4.tcp_rmem =  4096 87380 16777216net.ipv4.tcp_wmem = 4096  65536 16777216net.ipv4.core.netdev_max_backlog = 32768net.ipv4.tcp_syncookies =  1net.ipv4.tcp_tw_reuse&nbsP;= 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_keepalive_ time = 600net.ipv4.tcp_max_syn_backlog = 65536net.ipv4.ip_local_port_range =  1024 65535eof/sbin/sysctl -p && action $ "Kernel optimizations:"  /bin/true  | |  action $ "Kernel optimization:"  /bin/false}installtoolinithostname#inithostipinitzone#syncsystemtime# initi18naddsauseropenfilescloseiptablesinitfirewallinitsshinit_safe#disableipv6#optimizationkernel#configyum# Initservice

This article is from the "Ops Road" blog, please be sure to keep this source http://vekergu.blog.51cto.com/9966832/1674825

Linux system initialization configuration script sharing