Home > Cloud Computing > Cloud Security

SHELL script for system initialization

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This script is used to configure new Linux instances, such as disabling iptable, SElinux, and ipv6, optimizing the system kernel, and stopping unnecessary system services. This script is especially suitable for a large number of newly installed Centsos Series servers. The script code is as follows (this script is passed under Centos5.5 _ x64 ):
#! /Bin/bash
# Created by kerryhu
# MAIL: king_819@163.com
# BLOG: http://kerry.blog.51cto.com
Cat <EOF
+ -------------------------------------------------------------- +
| === Welcome to Centos System init ==|
+ -------------------------------------------------------------- +
+ -------------------------- By kerry ---------------------------- +
EOF

# Set ntp
Yum-y install ntp
Echo "* 3 ***/usr/sbin/ntpdate 210.72.145.44>/dev/null 2> & 1">/etc/crontab
Service crond restart
# Set ulimit
Echo "ulimit-SHn 102400">/etc/rc. local
# Set locale
# True>/etc/sysconfig/i18n
# Cat>/etc/sysconfig/i18n <EOF
# LANG = "zh_CN.GB18030"
# SUPPORTED = "zh_CN.GB18030: zh_CN: zh: en_US.UTF-8: en_US: en"
# SYSFONT = "latarcyrheb-sun16"
# EOF
# Set sysctl
True>/etc/sysctl. conf
Cat>/etc/sysctl. conf <EOF
Net. ipv4.ip _ forward = 0
Net. ipv4.conf. default. rp_filter = 1
Net. ipv4.conf. default. accept_source_route = 0
Kernel. sysrq = 0
Kernel. core_uses_pid = 1
Net. ipv4.tcp _ syncookies = 1
Kernel. msgmnb = 65536
Kernel. msgmax = 65536
Kernel. shmmax = 68719476736
Kernel. shmall = 4294967296
Net. ipv4.tcp _ max_tw_buckets = 6000
Net. ipv4.tcp _ sack = 1
Net. ipv4.tcp _ window_scaling = 1
Net. ipv4.tcp _ rmem = 4096 87380 4194304
Net. ipv4.tcp _ wmem = 4096 16384 4194304
Net. core. wmem_default = 8388608
Net. core. rmem_default = 8388608
Net. core. rmem_max = 16777216
Net. core. wmem_max = 16777216
Net. core. netdev_max_backlog = 262144
Net. core. somaxconn = 262144
Net. ipv4.tcp _ max_orphans = 3276800
Net. ipv4.tcp _ max_syn_backlog = 262144
Net. ipv4.tcp _ timestamps = 0
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ mem = 94500000 915000000 927000000
Net. ipv4.tcp _ fin_timeout = 1
Net. ipv4.tcp _ keepalive_time = 1200
Net. ipv4.ip _ local_port_range = 1024 65535
EOF
/Sbin/sysctl-p
Echo "sysctl set OK !! "
# Close ctrl + alt + del
Sed-I "s/ca: ctrlaltdel: \/sbin \/shutdown-t3-r now/# ca: ctrlaltdel: \/sbin \/shutdown-t3-r now/"/etc/inittab
# Set purview
Chmod 600/etc/passwd
Chmod 600/etc/shadow
Chmod 600/etc/group
Chmod 600/etc/gshadow
# Disable ipv6
Cat <EOF
+ -------------------------------------------------------------- +
| === Welcome to Disable IPV6 ==|
+ -------------------------------------------------------------- +
EOF
Echo "alias net-pf-10 off">/etc/modprobe. conf
Echo "alias ipv6 off">/etc/modprobe. conf
/Sbin/chkconfig -- level 35 ip6tables off
Echo "ipv6 is disabled! "
# Disable selinux
Sed-I '/SELINUX/s/enforcing/disabled/'/etc/selinux/config
Echo "selinux is disabled, you must reboot! "
# Vim
Sed-I "8 s/^/alias vi = 'vim '/"/root/. bashrc
Echo 'syntax on'>/root/. vimrc
# Zh_cn
Sed-I-e's/^ LANG =. */LANG = "en"/'/etc/sysconfig/i18n
# Init_ssh
Ssh_cf = "/etc/ssh/sshd_config"
Sed-I-e '74 s/^/#/'-I-e '76 s/^/#/' $ ssh_cf
# Sed-I "s/# Port 22/Port 65535/" $ ssh_cf
Sed-I "s/# UseDNS yes/UseDNS no/" $ ssh_cf
# Client
Sed-I-e '44 s/^/#/'-I-e' 48 s/^/#/'$ ssh_cf
Service sshd restart
Echo "ssh is init is OK .............."
# Chkser
# Tunoff services
#--------------------------------------------------------------------------------
Cat <EOF
+ -------------------------------------------------------------- +
| === Welcome to Tunoff services ===|
+ -------------------------------------------------------------- +
EOF
#---------------------------------------------------------------------------------
For I in 'ls/etc/rc3.d/S *'
Do
CURSRV = 'echo $ I | cut-c 15 -'
Echo $ CURSRV
Case $ CURSRV in
Crond | irqbalance | microcode_ctl | network | random | sshd | syslog | local)
Echo "Base services, Skip! "
;;
*)
Echo "change $ CURSRV to off"
Chkconfig -- level 235 $ CURSRV off
Service $ CURSRV stop
;;
Esac
Done
Echo "service is init is OK .............."

This script is excerpted from the book "Building a high-availability Linux Server" (Machinery Industry Press), reprinting the trouble to indicate the source, thank you.

This article from the "fuqin liquor" blog, please be sure to keep this source http://andrewyu.blog.51cto.com/1604432/724103

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
example shell script for sftp file transfer shell system call shell script from another shell script argument script shell expect shell script interactive shell script shell script all arguments
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More