System initialization script

Source: Internet
Author: User
Tags ldap nameserver openldap ssh config rsyslog


#### Close Service


Timeservermaster = "192.168.6.13"

Sshport = "58522"


Echored ()

{

Echo-ne "\ 033 [31 m" $1 "\ 033 [0m \ n"

}

Echogreen ()

{

Echo-ne "\ 033 [32 m" $1 "\ 033 [0m \ n"

}



IPN = 'ifconfig | grep 192.168 | awk '{print $2}' | cut-D:-F2 | awk-f. '{print $3 "-" $4 }''

Hostname = "HK $ IPN"


Hostname $ hostname


Sed-I "s/hostname =. */hostname = $ Hostname/g"/etc/sysconfig/Network


# Router

# Routerip = 'cat/etc/sysconfig/network-scripts/ifcfg-$ (ip addr Li | egrep '\ <10 \. '| awk' {print $ NF}' | tail-1) | grep ipaddr | awk-F = '{print $2}' | awk-f. '{print $1 ". "$2 ". "$3 ". "1 }''

# Echo "10.0.0.0/16 via $ {routerip}">/etc/sysconfig/network-scripts/route-'IP ADDR Li | egrep '\ <10 \. '| awk' {print $ NF}' | tail-1'

Killall-9 dhclient>/dev/null 2> & 1

[-F/etc/sysconfig/network-scripts/ifcfg-eth0] & sed-I's/onboot = No/onboot = Yes/'/etc/sysconfig/network-scripts/ ifcfg-eth0

[-F/etc/sysconfig/network-scripts/ifcfg-eth1] & sed-I's/onboot = No/onboot = Yes/'/etc/sysconfig/network-scripts/ ifcfg-eth1


# Resolve

Echo "# sky_resolve_conf

Search localdomain

Nameserver 192.168.6.13

Nameserver 19.06.6.40

">/Etc/resolv. conf


Yum install wget-y

# Ntpdate

# Echo "Check ntpdate ..."

{[-F/usr/sbin/ntpdate] | Yum-Q-y install NTP ;}|{ echored "error: pls install NTP server. "& Exit 1 ;}

If! Grep "/usr/sbin/ntpdate $ {timeservermaster}"/var/spool/cron/root>/dev/null 2> & 1; then ECHO "*/5 *****/usr/sbin/ntpdate $ {timeservermaster}>/var/log/uptime. log 2> & 1 |/usr/sbin/ntpdate $ {timeserversalve}>/var/log/uptime. log 2> & 1;/sbin/hwclock-W ">/var/spool/cron/root; FI

Crontab-L | egrep "ntpdate $ {timeservermaster}">/dev/null 2> & 1 | echored "error: NTP error ."

{/Usr/sbin/ntpdate $ {timeservermaster}>/dev/null 2> & 1 &/sbin/hwclock>/dev/null 2> & 1 & Echo current date is: 'date + "% Y-% m-% d % H: % m: % s" ';} | echored "error: sync time fail, pls check it."


# Iptables

# Echo "iptables config ..."


Wget http://yum.sky.com/config/iptables-e http-proxy = 192.168.6.13-o/etc/sysconfig/iptables

/Etc/init. d/iptables restart

Chkconfig iptables on

# {Wget-Q-O/etc/sysconfig/iptables "http: // 192.168.6.13/config/iptables" &/etc/init. d/iptables restart>/dev/null 2> & 1 ;}| | echored "error: iptables error, pls check."

# Chkconfig -- add iptables; chkconfig iptables on


# SSH

# Echo "ssh config ..."

[-F/etc/ssh/sshd_config] & sed-I "s/# port 22/port $ {sshport}/"/etc/ssh/sshd_config & sed-I 's/^ # usedns Yes/usedns no/G'/etc/ssh/sshd_config &/etc/init. d/sshd restart>/dev/null 2> & 1

{Netstat-lntp | grep sshd | grep $ {sshport}>/dev/null 2> & 1; sleep 1 ;} & nc-Z localhost $ {sshport}>/dev/null 2> & 1 | echo-ne "\ 033 [31 m" error: SSH not work. "\ 033 [0m \ n"


/Sbin/modprobe ppp_mppe & grep '/sbin/modprobe ppp_mppe'/etc/rc. Local | echo "/sbin/modprobe ppp_mppe">/etc/rc. Local

/Sbin/modprobe nf_conntrack_ipv4 & grep '/sbin/modprobe nf_conntrack_ipv4'/etc/rc. Local | echo "/sbin/modprobe nf_conntrack_ipv4">/etc/rc. Local

/Sbin/modprobe nf_conntrack_ipv6 & grep '/sbin/modprobe nf_conntrack_ipv6'/etc/rc. Local | echo "/sbin/modprobe nf_conntrack_ipv6">/etc/rc. Local

/Sbin/modprobe Bridge & grep '/sbin/modprobe bridge'/etc/rc. Local | echo "/sbin/modprobe bridge">/etc/rc. Local

# Kernel mod options optimize

# Echo "kernel mod config ..."

Egrep-Q-c "_ modified_sky _"/etc/sysctl. conf>/dev/null 2> & 1 | \

Echo"

# _ Modified_sky _


Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ fin_timeout = 30

Net. ipv4.tcp _ keepalive_time = 1200

Net. ipv4.tcp _ syncookies = 1

Net. ipv4.tcp _ tw_reuse = 1

Net. ipv4.tcp _ tw_recycle = 1

Net. ipv4.tcp _ retrans_collapse = 0

Net. ipv4.ip _ local_port_range = 1024 65000

Net. ipv4.tcp _ max_tw_buckets = 50000

Net. ipv4.tcp _ timestamps = 0


Net. nf_conntrack_max = 262144000

Net. netfilter. nf_conntrack_tcp_timeout_established = 300

Net. netfilter. nf_conntrack_tcp_timeout_time_wait = 120

Net. netfilter. nf_conntrack_tcp_timeout_close_wait = 60

Net. netfilter. nf_conntrack_tcp_timeout_fin_wait = 120



Net. ipv4.tcp _ max_syn_backlog = 262144

Net. Core. netdev_max_backlog = 262144

Net. ipv4.tcp _ rmem = 4096 87380 4194304

Net. ipv4.tcp _ WMEM = 4096 16384 4194304



Net. Core. wmem_default = 8388608

Net. Core. rmem_default = 8388608

Net. Core. rmem_max = 16777216

Net. Core. wmem_max = 16777216

Net. Core. netdev_max_backlog = 262144

Net. Core. somaxconn = 262144


FS. File-max = 65535000

">/Etc/sysctl. conf & modprobe nf_conntrack>/dev/null 2> & 1 & sysctl-P>/dev/null 2> & 1

# If! Grep "modprobe ip_conntrack"/etc/rc. Local>/dev/null 2> & 1; then Echo "modprobe ip_conntrack">/etc/rc. Local; FI

# If! Grep "sysctl-P"/etc/rc. Local>/dev/null 2> & 1; then Echo "sysctl-P">/etc/rc. Local; FI






# Disable SELinux

# Echo "SELinux config ..."

Sed-I's/^ SELinux = enforcing/SELinux = disabled/'/etc/SELinux/config

Sed-I's/^ selinuxtype =. */selinuxtype = targeted/'/etc/SELinux/config

Setenforce 0>/dev/null 2> & 1



# Boot Option

Sed-I '/initdefault/S/5/3/G'/etc/inittab | echored "error: Modify boot option fail ."


# Shutdown and stop some services & start Network

# Echo "shutdown and stop some services ..."


For serv in 'chkconfig -- list | grep 3: on | awk '{print $1}' | grep-v-e "crond | iptables | Network | rsyslog | sshd | snmpd | xinetd | nslcd "'

Do

/Etc/init. d/$ serv stop

Chkconfig -- level 35 $ serv off

Done


For I in network; do chkconfig $ I on>/dev/null 2> & 1; done


# Ulimits

# Echo "ulimits config ..."

Egrep & quot;-nofile 65535 & quot;/etc/security/limits. conf>/dev/null 2> & 1 | echo '*-nofile 65535'>/etc/security/limits. conf

Egrep "-nproc 65535"/etc/security/limits. conf>/dev/null 2> & 1 | echo '*-nproc 65535'>/etc/security/limits. conf


# Install admin-Tools

Admin-1.0-1.x86_64.rpm

Wget http://yum.sky.com/centos/6/x86_64/RPMS/admin-1.0-1.x86_64.rpm-e http-proxy = 192.168.6.13 & rpm-IVH admin-1.0-1.x86_64.rpm &/etc/init. d/admin restart


# Set history

# Echo "History command config ..."

# If! Grep "histtimeformat"/etc/profile>/dev/null 2> & 1; then ECHO 'export histtimeformat = "% F % t 'whoam'" '>/etc/profile; FI

# Source/etc/profile


# Kill user login from local

PS ax | awk '/tty1/{if ($2 = "tty1") system ("Kill-9" $1 )}'


### LDAP

Yum install openldap-devel nss-Pam-ldapd OpenLDAP pam_ldap openldap-clients-y

Sed-I "/^ cachecredentials =/d;/^ useshadow =/d;/^ useldapauth =/d;/^ useldap =/d;/^ usecracklib =/d; /^ uselocauthorize =/D "/etc/sysconfig/authconfig

Echo "cachecredentials = Yes

Useshadow = Yes

Useldapauth = Yes

Useldap = Yes

Usecracklib = Yes

Uselocauthorize = yes ">/etc/sysconfig/authconfig


Grep 'session optional pam_mkhomedir.so skel =/etc/skel umask = 100'/etc/PAM. d/system-auth | echo 'session optional pam_mkhomedir.so skel =/etc/skel umask = 100'>/etc/PAM. d/system-auth


Grep 'auth sufficient pam_ldap.so use_first_pass '/etc/PAM. d/system-auth | echo 'auth sufficient pam_ldap.so use_first_pass

Account [default = bad success = OK user_unknown = ignore] pam_ldap.so

Password sufficient pam_ldap.so use_authtok

Session Optional pam_ldap.so '>/etc/PAM. d/system-auth



Grep 'auth sufficient pam_ldap.so use_first_pass '/etc/PAM. d/password-auth | echo 'auth sufficient pam_ldap.so use_first_pass

Account [default = bad success = OK user_unknown = ignore] pam_ldap.so

Password sufficient pam_ldap.so use_authtok

Session Optional pam_ldap.so

Session Optional pam_mkhomedir.so skel =/etc/skel umask = 0022 '>/etc/PAM. d/password-auth


Echo 'base Dc = sky, Dc = com

Uri LDAP: // 192.168.6.13/

SSL No

Tls_cacertdir/etc/OpenLDAP/cacerts

Pam_password md5'>/etc/pam_ldap.conf


Grep 'uri LDAP: // 192.168.6.13/'/etc/nslcd. conf | echo 'uid nslcd

GID LDAP

Uri LDAP: // 192.168.6.13/

Base Dc = sky, Dc = com

SSL No

Tls_cacertdir/etc/OpenLDAP/cacerts>/etc/nslcd. conf


# Sed-I "/^ passwd: files/Adow: files/shadow: Files ldap/g; S/^ group: files/group: Files ldap/g; "/etc/nsswitch. conf

Sed-I "s/^ passwd: files $/passwd: Files ldap/g; S/^ shadow: files $/shadow: Files ldap/g; S/^ group: files $/group: Files ldap/g; "/etc/nsswitch. conf



Echo 'tls _ cacertdir/etc/OpenLDAP/cacerts

Uri LDAP: // 192.168.6.13

Base Dc = sky, Dc = com '>/etc/OpenLDAP/ldap. conf


Chkconfig -- level 35 nslcd on

/Etc/init. d/nslcd restart

#### Sudo config

Yum install Sudo-y

Grep 'sudoers: LDAP '/etc/nsswitch. conf | echo 'sudoers: LDAP'>/etc/nsswitch. conf

Echo 'uri LDAP: // 192.168.6.13

Sudoers_base ou = sudoers, Dc = sky, Dc = com '>/etc/sudo-ldap.conf



[-F/etc/pam_ldap.conf] & grep-Q 'pam _ filter | (gidnumber = 1000) (gidnumber = 1001) '/etc/pam_ldap.conf | echo 'pam _ filter | (gidnumber = 1000) (gidnumber = 1001)'>/etc/pam_ldap.conf



### Install rsync

Yum install rsync xinetd-Y & sed-I "s/disable. */disable = No/g"/etc/xinetd. d/rsync & Echo 'uid = nobody

Gid = nobody

Use chroot = Yes

Max connections = 30

PID file =/var/run/rsyncd. PID

Log File =/var/log/rsyncd. Log

List = No


[Project]

Gid = root

Uid = root

Path =/data/APP/Project

Hosts allow = 192.168.6.253, 192.168.6.13

Read Only = no'>/etc/rsyncd. conf &/etc/init. d/xinetd restart





Grep-Q 'TEE-~ /. Bash_history '/etc/bashrc | echo"

Shopt-s histappend

Readonly prompt_command = 'History-A> (tee-~ /. Bash_history | logger-T \ "\ $ user [\ $] (\ $ ssh_connection) bash \") '">/etc/bashrc




Yum install rsyslog-y




Grep '1970. 168.6.88 '/etc/rsyslog. conf | echo'

$ Systemlogratelimitinterval 60


$ Systemlogratelimitburst 6000


Authpriv. *; *. Info @ 192.168.6.88 '>/etc/rsyslog. conf


/Etc/init. d/rsyslog restart


This article from the "Autumn wind song" blog, please be sure to keep this source http://qiufengsong.blog.51cto.com/7520243/1563063

System initialization script

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.