System initialization script

#### Close Service

Timeservermaster = "192.168.6.13"

Sshport = "58522"

Echored ()

{

Echo-ne "\ 033 [31 m" $1 "\ 033 [0m \ n"

}

Echogreen ()

{

Echo-ne "\ 033 [32 m" $1 "\ 033 [0m \ n"

}

IPN = 'ifconfig | grep 192.168 | awk '{print $2}' | cut-D:-F2 | awk-f. '{print $3 "-" $4 }''

Hostname = "HK $ IPN"

Hostname $ hostname

Sed-I "s/hostname =. */hostname = $ Hostname/g"/etc/sysconfig/Network

# Router

# Routerip = 'cat/etc/sysconfig/network-scripts/ifcfg-$ (ip addr Li | egrep '\ <10 \. '| awk' {print $ NF}' | tail-1) | grep ipaddr | awk-F = '{print $2}' | awk-f. '{print $1 ". "$2 ". "$3 ". "1 }''

# Echo "10.0.0.0/16 via $ {routerip}">/etc/sysconfig/network-scripts/route-'IP ADDR Li | egrep '\ <10 \. '| awk' {print $ NF}' | tail-1'

Killall-9 dhclient>/dev/null 2> & 1

[-F/etc/sysconfig/network-scripts/ifcfg-eth0] & sed-I's/onboot = No/onboot = Yes/'/etc/sysconfig/network-scripts/ ifcfg-eth0

[-F/etc/sysconfig/network-scripts/ifcfg-eth1] & sed-I's/onboot = No/onboot = Yes/'/etc/sysconfig/network-scripts/ ifcfg-eth1

# Resolve

Echo "# sky_resolve_conf

Search localdomain

Nameserver 192.168.6.13

Nameserver 19.06.6.40

">/Etc/resolv. conf

Yum install wget-y

# Ntpdate

# Echo "Check ntpdate ..."

{[-F/usr/sbin/ntpdate] | Yum-Q-y install NTP ;}|{ echored "error: pls install NTP server. "& Exit 1 ;}

If! Grep "/usr/sbin/ntpdate $ {timeservermaster}"/var/spool/cron/root>/dev/null 2> & 1; then ECHO "*/5 *****/usr/sbin/ntpdate $ {timeservermaster}>/var/log/uptime. log 2> & 1 |/usr/sbin/ntpdate $ {timeserversalve}>/var/log/uptime. log 2> & 1;/sbin/hwclock-W ">/var/spool/cron/root; FI

Crontab-L | egrep "ntpdate $ {timeservermaster}">/dev/null 2> & 1 | echored "error: NTP error ."

{/Usr/sbin/ntpdate $ {timeservermaster}>/dev/null 2> & 1 &/sbin/hwclock>/dev/null 2> & 1 & Echo current date is: 'date + "% Y-% m-% d % H: % m: % s" ';} | echored "error: sync time fail, pls check it."

# Iptables

# Echo "iptables config ..."

Wget http://yum.sky.com/config/iptables-e http-proxy = 192.168.6.13-o/etc/sysconfig/iptables

/Etc/init. d/iptables restart

Chkconfig iptables on

# {Wget-Q-O/etc/sysconfig/iptables "http: // 192.168.6.13/config/iptables" &/etc/init. d/iptables restart>/dev/null 2> & 1 ;}| | echored "error: iptables error, pls check."

# Chkconfig -- add iptables; chkconfig iptables on

# SSH

# Echo "ssh config ..."

[-F/etc/ssh/sshd_config] & sed-I "s/# port 22/port $ {sshport}/"/etc/ssh/sshd_config & sed-I 's/^ # usedns Yes/usedns no/G'/etc/ssh/sshd_config &/etc/init. d/sshd restart>/dev/null 2> & 1

{Netstat-lntp | grep sshd | grep $ {sshport}>/dev/null 2> & 1; sleep 1 ;} & nc-Z localhost $ {sshport}>/dev/null 2> & 1 | echo-ne "\ 033 [31 m" error: SSH not work. "\ 033 [0m \ n"

/Sbin/modprobe ppp_mppe & grep '/sbin/modprobe ppp_mppe'/etc/rc. Local | echo "/sbin/modprobe ppp_mppe">/etc/rc. Local

/Sbin/modprobe nf_conntrack_ipv4 & grep '/sbin/modprobe nf_conntrack_ipv4'/etc/rc. Local | echo "/sbin/modprobe nf_conntrack_ipv4">/etc/rc. Local

/Sbin/modprobe nf_conntrack_ipv6 & grep '/sbin/modprobe nf_conntrack_ipv6'/etc/rc. Local | echo "/sbin/modprobe nf_conntrack_ipv6">/etc/rc. Local

/Sbin/modprobe Bridge & grep '/sbin/modprobe bridge'/etc/rc. Local | echo "/sbin/modprobe bridge">/etc/rc. Local

# Kernel mod options optimize

# Echo "kernel mod config ..."

Egrep-Q-c "_ modified_sky _"/etc/sysctl. conf>/dev/null 2> & 1 | \

Echo"

# _ Modified_sky _

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ fin_timeout = 30

Net. ipv4.tcp _ keepalive_time = 1200

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ retrans_collapse = 0

Net. ipv4.ip _ local_port_range = 1024 65000

Net. ipv4.tcp _ max_tw_buckets = 50000

Net. ipv4.tcp _ timestamps = 0

Net. nf_conntrack_max = 262144000

Net. netfilter. nf_conntrack_tcp_timeout_established = 300

Net. netfilter. nf_conntrack_tcp_timeout_time_wait = 120

Net. netfilter. nf_conntrack_tcp_timeout_close_wait = 60

Net. netfilter. nf_conntrack_tcp_timeout_fin_wait = 120

Net. ipv4.tcp _ max_syn_backlog = 262144

Net. Core. netdev_max_backlog = 262144

Net. ipv4.tcp _ rmem = 4096 87380 4194304

Net. ipv4.tcp _ WMEM = 4096 16384 4194304

Net. Core. wmem_default = 8388608

Net. Core. rmem_default = 8388608

Net. Core. rmem_max = 16777216

Net. Core. wmem_max = 16777216

Net. Core. netdev_max_backlog = 262144

Net. Core. somaxconn = 262144

FS. File-max = 65535000

">/Etc/sysctl. conf & modprobe nf_conntrack>/dev/null 2> & 1 & sysctl-P>/dev/null 2> & 1

# If! Grep "modprobe ip_conntrack"/etc/rc. Local>/dev/null 2> & 1; then Echo "modprobe ip_conntrack">/etc/rc. Local; FI

# If! Grep "sysctl-P"/etc/rc. Local>/dev/null 2> & 1; then Echo "sysctl-P">/etc/rc. Local; FI

# Disable SELinux

# Echo "SELinux config ..."

Sed-I's/^ SELinux = enforcing/SELinux = disabled/'/etc/SELinux/config

Sed-I's/^ selinuxtype =. */selinuxtype = targeted/'/etc/SELinux/config

Setenforce 0>/dev/null 2> & 1

# Boot Option

Sed-I '/initdefault/S/5/3/G'/etc/inittab | echored "error: Modify boot option fail ."

# Shutdown and stop some services & start Network

# Echo "shutdown and stop some services ..."

For serv in 'chkconfig -- list | grep 3: on | awk '{print $1}' | grep-v-e "crond | iptables | Network | rsyslog | sshd | snmpd | xinetd | nslcd "'

Do

/Etc/init. d/$ serv stop

Chkconfig -- level 35 $ serv off

Done

For I in network; do chkconfig $ I on>/dev/null 2> & 1; done

# Ulimits

# Echo "ulimits config ..."

Egrep & quot;-nofile 65535 & quot;/etc/security/limits. conf>/dev/null 2> & 1 | echo '*-nofile 65535'>/etc/security/limits. conf

Egrep "-nproc 65535"/etc/security/limits. conf>/dev/null 2> & 1 | echo '*-nproc 65535'>/etc/security/limits. conf

# Install admin-Tools

Admin-1.0-1.x86_64.rpm

Wget http://yum.sky.com/centos/6/x86_64/RPMS/admin-1.0-1.x86_64.rpm-e http-proxy = 192.168.6.13 & rpm-IVH admin-1.0-1.x86_64.rpm &/etc/init. d/admin restart

# Set history

# Echo "History command config ..."

# If! Grep "histtimeformat"/etc/profile>/dev/null 2> & 1; then ECHO 'export histtimeformat = "% F % t 'whoam'" '>/etc/profile; FI

# Source/etc/profile

# Kill user login from local

PS ax | awk '/tty1/{if ($2 = "tty1") system ("Kill-9" $1 )}'

### LDAP

Yum install openldap-devel nss-Pam-ldapd OpenLDAP pam_ldap openldap-clients-y

Sed-I "/^ cachecredentials =/d;/^ useshadow =/d;/^ useldapauth =/d;/^ useldap =/d;/^ usecracklib =/d; /^ uselocauthorize =/D "/etc/sysconfig/authconfig

Echo "cachecredentials = Yes

Useshadow = Yes

Useldapauth = Yes

Useldap = Yes

Usecracklib = Yes

Uselocauthorize = yes ">/etc/sysconfig/authconfig

Grep 'session optional pam_mkhomedir.so skel =/etc/skel umask = 100'/etc/PAM. d/system-auth | echo 'session optional pam_mkhomedir.so skel =/etc/skel umask = 100'>/etc/PAM. d/system-auth

Grep 'auth sufficient pam_ldap.so use_first_pass '/etc/PAM. d/system-auth | echo 'auth sufficient pam_ldap.so use_first_pass

Account [default = bad success = OK user_unknown = ignore] pam_ldap.so

Password sufficient pam_ldap.so use_authtok

Session Optional pam_ldap.so '>/etc/PAM. d/system-auth

Grep 'auth sufficient pam_ldap.so use_first_pass '/etc/PAM. d/password-auth | echo 'auth sufficient pam_ldap.so use_first_pass

Account [default = bad success = OK user_unknown = ignore] pam_ldap.so

Password sufficient pam_ldap.so use_authtok

Session Optional pam_ldap.so

Session Optional pam_mkhomedir.so skel =/etc/skel umask = 0022 '>/etc/PAM. d/password-auth

Echo 'base Dc = sky, Dc = com

Uri LDAP: // 192.168.6.13/

SSL No

Tls_cacertdir/etc/OpenLDAP/cacerts

Pam_password md5'>/etc/pam_ldap.conf

Grep 'uri LDAP: // 192.168.6.13/'/etc/nslcd. conf | echo 'uid nslcd

GID LDAP

Uri LDAP: // 192.168.6.13/

Base Dc = sky, Dc = com

SSL No

Tls_cacertdir/etc/OpenLDAP/cacerts>/etc/nslcd. conf

# Sed-I "/^ passwd: files/Adow: files/shadow: Files ldap/g; S/^ group: files/group: Files ldap/g; "/etc/nsswitch. conf

Sed-I "s/^ passwd: files $/passwd: Files ldap/g; S/^ shadow: files $/shadow: Files ldap/g; S/^ group: files $/group: Files ldap/g; "/etc/nsswitch. conf

Echo 'tls _ cacertdir/etc/OpenLDAP/cacerts

Uri LDAP: // 192.168.6.13

Base Dc = sky, Dc = com '>/etc/OpenLDAP/ldap. conf

Chkconfig -- level 35 nslcd on

/Etc/init. d/nslcd restart

#### Sudo config

Yum install Sudo-y

Grep 'sudoers: LDAP '/etc/nsswitch. conf | echo 'sudoers: LDAP'>/etc/nsswitch. conf

Echo 'uri LDAP: // 192.168.6.13

Sudoers_base ou = sudoers, Dc = sky, Dc = com '>/etc/sudo-ldap.conf

[-F/etc/pam_ldap.conf] & grep-Q 'pam _ filter | (gidnumber = 1000) (gidnumber = 1001) '/etc/pam_ldap.conf | echo 'pam _ filter | (gidnumber = 1000) (gidnumber = 1001)'>/etc/pam_ldap.conf

### Install rsync

Yum install rsync xinetd-Y & sed-I "s/disable. */disable = No/g"/etc/xinetd. d/rsync & Echo 'uid = nobody

Gid = nobody

Use chroot = Yes

Max connections = 30

PID file =/var/run/rsyncd. PID

Log File =/var/log/rsyncd. Log

List = No

[Project]

Gid = root

Uid = root

Path =/data/APP/Project

Hosts allow = 192.168.6.253, 192.168.6.13

Read Only = no'>/etc/rsyncd. conf &/etc/init. d/xinetd restart

Grep-Q 'TEE-~ /. Bash_history '/etc/bashrc | echo"

Shopt-s histappend

Readonly prompt_command = 'History-A> (tee-~ /. Bash_history | logger-T \ "\ $ user [\ $] (\ $ ssh_connection) bash \") '">/etc/bashrc

Yum install rsyslog-y

Grep '1970. 168.6.88 '/etc/rsyslog. conf | echo'

$ Systemlogratelimitinterval 60

$ Systemlogratelimitburst 6000

Authpriv. *; *. Info @ 192.168.6.88 '>/etc/rsyslog. conf

/Etc/init. d/rsyslog restart

This article from the "Autumn wind song" blog, please be sure to keep this source http://qiufengsong.blog.51cto.com/7520243/1563063

System initialization script