#### Close Service
Timeservermaster = "192.168.6.13"
Sshport = "58522"
Echored ()
{
Echo-ne "\ 033 [31 m" $1 "\ 033 [0m \ n"
}
Echogreen ()
{
Echo-ne "\ 033 [32 m" $1 "\ 033 [0m \ n"
}
IPN = 'ifconfig | grep 192.168 | awk '{print $2}' | cut-D:-F2 | awk-f. '{print $3 "-" $4 }''
Hostname = "HK $ IPN"
Hostname $ hostname
Sed-I "s/hostname =. */hostname = $ Hostname/g"/etc/sysconfig/Network
# Router
# Routerip = 'cat/etc/sysconfig/network-scripts/ifcfg-$ (ip addr Li | egrep '\ <10 \. '| awk' {print $ NF}' | tail-1) | grep ipaddr | awk-F = '{print $2}' | awk-f. '{print $1 ". "$2 ". "$3 ". "1 }''
# Echo "10.0.0.0/16 via $ {routerip}">/etc/sysconfig/network-scripts/route-'IP ADDR Li | egrep '\ <10 \. '| awk' {print $ NF}' | tail-1'
Killall-9 dhclient>/dev/null 2> & 1
[-F/etc/sysconfig/network-scripts/ifcfg-eth0] & sed-I's/onboot = No/onboot = Yes/'/etc/sysconfig/network-scripts/ ifcfg-eth0
[-F/etc/sysconfig/network-scripts/ifcfg-eth1] & sed-I's/onboot = No/onboot = Yes/'/etc/sysconfig/network-scripts/ ifcfg-eth1
# Resolve
Echo "# sky_resolve_conf
Search localdomain
Nameserver 192.168.6.13
Nameserver 19.06.6.40
">/Etc/resolv. conf
Yum install wget-y
# Ntpdate
# Echo "Check ntpdate ..."
{[-F/usr/sbin/ntpdate] | Yum-Q-y install NTP ;}|{ echored "error: pls install NTP server. "& Exit 1 ;}
If! Grep "/usr/sbin/ntpdate $ {timeservermaster}"/var/spool/cron/root>/dev/null 2> & 1; then ECHO "*/5 *****/usr/sbin/ntpdate $ {timeservermaster}>/var/log/uptime. log 2> & 1 |/usr/sbin/ntpdate $ {timeserversalve}>/var/log/uptime. log 2> & 1;/sbin/hwclock-W ">/var/spool/cron/root; FI
Crontab-L | egrep "ntpdate $ {timeservermaster}">/dev/null 2> & 1 | echored "error: NTP error ."
{/Usr/sbin/ntpdate $ {timeservermaster}>/dev/null 2> & 1 &/sbin/hwclock>/dev/null 2> & 1 & Echo current date is: 'date + "% Y-% m-% d % H: % m: % s" ';} | echored "error: sync time fail, pls check it."
# Iptables
# Echo "iptables config ..."
Wget http://yum.sky.com/config/iptables-e http-proxy = 192.168.6.13-o/etc/sysconfig/iptables
/Etc/init. d/iptables restart
Chkconfig iptables on
# {Wget-Q-O/etc/sysconfig/iptables "http: // 192.168.6.13/config/iptables" &/etc/init. d/iptables restart>/dev/null 2> & 1 ;}| | echored "error: iptables error, pls check."
# Chkconfig -- add iptables; chkconfig iptables on
# SSH
# Echo "ssh config ..."
[-F/etc/ssh/sshd_config] & sed-I "s/# port 22/port $ {sshport}/"/etc/ssh/sshd_config & sed-I 's/^ # usedns Yes/usedns no/G'/etc/ssh/sshd_config &/etc/init. d/sshd restart>/dev/null 2> & 1
{Netstat-lntp | grep sshd | grep $ {sshport}>/dev/null 2> & 1; sleep 1 ;} & nc-Z localhost $ {sshport}>/dev/null 2> & 1 | echo-ne "\ 033 [31 m" error: SSH not work. "\ 033 [0m \ n"
/Sbin/modprobe ppp_mppe & grep '/sbin/modprobe ppp_mppe'/etc/rc. Local | echo "/sbin/modprobe ppp_mppe">/etc/rc. Local
/Sbin/modprobe nf_conntrack_ipv4 & grep '/sbin/modprobe nf_conntrack_ipv4'/etc/rc. Local | echo "/sbin/modprobe nf_conntrack_ipv4">/etc/rc. Local
/Sbin/modprobe nf_conntrack_ipv6 & grep '/sbin/modprobe nf_conntrack_ipv6'/etc/rc. Local | echo "/sbin/modprobe nf_conntrack_ipv6">/etc/rc. Local
/Sbin/modprobe Bridge & grep '/sbin/modprobe bridge'/etc/rc. Local | echo "/sbin/modprobe bridge">/etc/rc. Local
# Kernel mod options optimize
# Echo "kernel mod config ..."
Egrep-Q-c "_ modified_sky _"/etc/sysctl. conf>/dev/null 2> & 1 | \
Echo"
# _ Modified_sky _
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ fin_timeout = 30
Net. ipv4.tcp _ keepalive_time = 1200
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ retrans_collapse = 0
Net. ipv4.ip _ local_port_range = 1024 65000
Net. ipv4.tcp _ max_tw_buckets = 50000
Net. ipv4.tcp _ timestamps = 0
Net. nf_conntrack_max = 262144000
Net. netfilter. nf_conntrack_tcp_timeout_established = 300
Net. netfilter. nf_conntrack_tcp_timeout_time_wait = 120
Net. netfilter. nf_conntrack_tcp_timeout_close_wait = 60
Net. netfilter. nf_conntrack_tcp_timeout_fin_wait = 120
Net. ipv4.tcp _ max_syn_backlog = 262144
Net. Core. netdev_max_backlog = 262144
Net. ipv4.tcp _ rmem = 4096 87380 4194304
Net. ipv4.tcp _ WMEM = 4096 16384 4194304
Net. Core. wmem_default = 8388608
Net. Core. rmem_default = 8388608
Net. Core. rmem_max = 16777216
Net. Core. wmem_max = 16777216
Net. Core. netdev_max_backlog = 262144
Net. Core. somaxconn = 262144
FS. File-max = 65535000
">/Etc/sysctl. conf & modprobe nf_conntrack>/dev/null 2> & 1 & sysctl-P>/dev/null 2> & 1
# If! Grep "modprobe ip_conntrack"/etc/rc. Local>/dev/null 2> & 1; then Echo "modprobe ip_conntrack">/etc/rc. Local; FI
# If! Grep "sysctl-P"/etc/rc. Local>/dev/null 2> & 1; then Echo "sysctl-P">/etc/rc. Local; FI
# Disable SELinux
# Echo "SELinux config ..."
Sed-I's/^ SELinux = enforcing/SELinux = disabled/'/etc/SELinux/config
Sed-I's/^ selinuxtype =. */selinuxtype = targeted/'/etc/SELinux/config
Setenforce 0>/dev/null 2> & 1
# Boot Option
Sed-I '/initdefault/S/5/3/G'/etc/inittab | echored "error: Modify boot option fail ."
# Shutdown and stop some services & start Network
# Echo "shutdown and stop some services ..."
For serv in 'chkconfig -- list | grep 3: on | awk '{print $1}' | grep-v-e "crond | iptables | Network | rsyslog | sshd | snmpd | xinetd | nslcd "'
Do
/Etc/init. d/$ serv stop
Chkconfig -- level 35 $ serv off
Done
For I in network; do chkconfig $ I on>/dev/null 2> & 1; done
# Ulimits
# Echo "ulimits config ..."
Egrep & quot;-nofile 65535 & quot;/etc/security/limits. conf>/dev/null 2> & 1 | echo '*-nofile 65535'>/etc/security/limits. conf
Egrep "-nproc 65535"/etc/security/limits. conf>/dev/null 2> & 1 | echo '*-nproc 65535'>/etc/security/limits. conf
# Install admin-Tools
Admin-1.0-1.x86_64.rpm
Wget http://yum.sky.com/centos/6/x86_64/RPMS/admin-1.0-1.x86_64.rpm-e http-proxy = 192.168.6.13 & rpm-IVH admin-1.0-1.x86_64.rpm &/etc/init. d/admin restart
# Set history
# Echo "History command config ..."
# If! Grep "histtimeformat"/etc/profile>/dev/null 2> & 1; then ECHO 'export histtimeformat = "% F % t 'whoam'" '>/etc/profile; FI
# Source/etc/profile
# Kill user login from local
PS ax | awk '/tty1/{if ($2 = "tty1") system ("Kill-9" $1 )}'
### LDAP
Yum install openldap-devel nss-Pam-ldapd OpenLDAP pam_ldap openldap-clients-y
Sed-I "/^ cachecredentials =/d;/^ useshadow =/d;/^ useldapauth =/d;/^ useldap =/d;/^ usecracklib =/d; /^ uselocauthorize =/D "/etc/sysconfig/authconfig
Echo "cachecredentials = Yes
Useshadow = Yes
Useldapauth = Yes
Useldap = Yes
Usecracklib = Yes
Uselocauthorize = yes ">/etc/sysconfig/authconfig
Grep 'session optional pam_mkhomedir.so skel =/etc/skel umask = 100'/etc/PAM. d/system-auth | echo 'session optional pam_mkhomedir.so skel =/etc/skel umask = 100'>/etc/PAM. d/system-auth
Grep 'auth sufficient pam_ldap.so use_first_pass '/etc/PAM. d/system-auth | echo 'auth sufficient pam_ldap.so use_first_pass
Account [default = bad success = OK user_unknown = ignore] pam_ldap.so
Password sufficient pam_ldap.so use_authtok
Session Optional pam_ldap.so '>/etc/PAM. d/system-auth
Grep 'auth sufficient pam_ldap.so use_first_pass '/etc/PAM. d/password-auth | echo 'auth sufficient pam_ldap.so use_first_pass
Account [default = bad success = OK user_unknown = ignore] pam_ldap.so
Password sufficient pam_ldap.so use_authtok
Session Optional pam_ldap.so
Session Optional pam_mkhomedir.so skel =/etc/skel umask = 0022 '>/etc/PAM. d/password-auth
Echo 'base Dc = sky, Dc = com
Uri LDAP: // 192.168.6.13/
SSL No
Tls_cacertdir/etc/OpenLDAP/cacerts
Pam_password md5'>/etc/pam_ldap.conf
Grep 'uri LDAP: // 192.168.6.13/'/etc/nslcd. conf | echo 'uid nslcd
GID LDAP
Uri LDAP: // 192.168.6.13/
Base Dc = sky, Dc = com
SSL No
Tls_cacertdir/etc/OpenLDAP/cacerts>/etc/nslcd. conf
# Sed-I "/^ passwd: files/Adow: files/shadow: Files ldap/g; S/^ group: files/group: Files ldap/g; "/etc/nsswitch. conf
Sed-I "s/^ passwd: files $/passwd: Files ldap/g; S/^ shadow: files $/shadow: Files ldap/g; S/^ group: files $/group: Files ldap/g; "/etc/nsswitch. conf
Echo 'tls _ cacertdir/etc/OpenLDAP/cacerts
Uri LDAP: // 192.168.6.13
Base Dc = sky, Dc = com '>/etc/OpenLDAP/ldap. conf
Chkconfig -- level 35 nslcd on
/Etc/init. d/nslcd restart
#### Sudo config
Yum install Sudo-y
Grep 'sudoers: LDAP '/etc/nsswitch. conf | echo 'sudoers: LDAP'>/etc/nsswitch. conf
Echo 'uri LDAP: // 192.168.6.13
Sudoers_base ou = sudoers, Dc = sky, Dc = com '>/etc/sudo-ldap.conf
[-F/etc/pam_ldap.conf] & grep-Q 'pam _ filter | (gidnumber = 1000) (gidnumber = 1001) '/etc/pam_ldap.conf | echo 'pam _ filter | (gidnumber = 1000) (gidnumber = 1001)'>/etc/pam_ldap.conf
### Install rsync
Yum install rsync xinetd-Y & sed-I "s/disable. */disable = No/g"/etc/xinetd. d/rsync & Echo 'uid = nobody
Gid = nobody
Use chroot = Yes
Max connections = 30
PID file =/var/run/rsyncd. PID
Log File =/var/log/rsyncd. Log
List = No
[Project]
Gid = root
Uid = root
Path =/data/APP/Project
Hosts allow = 192.168.6.253, 192.168.6.13
Read Only = no'>/etc/rsyncd. conf &/etc/init. d/xinetd restart
Grep-Q 'TEE-~ /. Bash_history '/etc/bashrc | echo"
Shopt-s histappend
Readonly prompt_command = 'History-A> (tee-~ /. Bash_history | logger-T \ "\ $ user [\ $] (\ $ ssh_connection) bash \") '">/etc/bashrc
Yum install rsyslog-y
Grep '1970. 168.6.88 '/etc/rsyslog. conf | echo'
$ Systemlogratelimitinterval 60
$ Systemlogratelimitburst 6000
Authpriv. *; *. Info @ 192.168.6.88 '>/etc/rsyslog. conf
/Etc/init. d/rsyslog restart
This article from the "Autumn wind song" blog, please be sure to keep this source http://qiufengsong.blog.51cto.com/7520243/1563063
System initialization script