- #!/bin/bash
- #:***********************************************
- #:Program:centos6_init_shell
- #:
- #:Author:yanconggod
- #:
- #:History:2017-01-10
- #:
- #:Version:1.0
- #:***********************************************
- cat<<EOF
- +--------------------------------------------------------------+
- |===WelcometoSysteminit===|
- +--------------------------------------------------------------+
- EOF
- DATE=`date+%Y_%m_%d:%H_%M_%S`
- INIT_LOG=system_init_$DATE.log
- #0.yumresourceconfig
- #mv/etc/yum.repos.d/*/tmp/
- #wget-P/etc/yum.repos.d/http://yum.xxx.xxx/{CentOS-Base.repo,epel.repo}
- yumcleanall
- yuminstallvimgccgcc-c++openssl-develpython-devellrzsztreeftptelnet-y
- #1.del_user_group_config
- USER=(admlpshutdownhaltuucpoperatorgamesgopher)
- foriin`echo${USER[*]}`
- do
- ifgrep-qs"$i"/etc/passwd;then
- /usr/sbin/userdel$i
- else
- echo"$iisnoexist"
- fi
- done
- GROUP=(admlpdip)
- foriiin`echo${GROUP[*]}`
- do
- ifgrep-qs"$ii"/etc/group;then
- /usr/sbin/groupdel$ii
- else
- echo"$iiisnoexist"
- fi
- done
- if["$?"=="0"];then
- echo"$DATE[del_user_group_config]is[success]">>/root/${INIT_LOG}
- fi
- #2.add_users_config
- #指定UID,密码不能明文显示
- /usr/sbin/useradd-u1001-m-G10yanconggod
- sed-i'/yanconggod/s#\!\!#\$6\$nRS2zBCw\$9AuQZSdYJezLTyzinOQzfcp1je2EGAD5oL7d3JeAeSXKoVGd920\.vX\/dPFuyP\/C2VexJQa5PpPD\/wRfE0m\.9A\/#g'/etc/shadow
- USER1=(yanconggod)
- forylin`echo${USER1[*]}`
- do
- ifgrep-qs"$yl"/etc/passwd;then
- echo"$DATE$ylisaddedsuccess">>/root/${INIT_LOG}
- fi
- done
- #3.sudoer_config
- sed-i's/Defaultsrequiretty/#Defaultsrequiretty/g'/etc/sudoers
- echo-e"User_AliasSYSADMINS=yanconggod">>/etc/sudoers
- echo-e"SYSADMINSALL=(ALL)NOPASSWD:ALL">>/etc/sudoers
- echo"$DATE[sudoer_config]is[success]">>/root/${INIT_LOG}
- #4.limits_config
- echo"*softnofile65535">>/etc/security/limits.conf
- echo"*hardnofile65535">>/etc/security/limits.conf
- echo"*softnoproc65535">>/etc/security/limits.conf
- echo"*hardnoproc65535">>/etc/security/limits.conf
- sed-i'/1024/s/1024/65535/g'/etc/security/limits.d/90-nproc.conf
- echo"$DATE[limits_config]is[success]">>/root/${INIT_LOG}
- #5.sysctl_config
- echo"net.ipv4.tcp_syncookies=1">>/etc/sysctl.conf
- echo"net.ipv4.tcp_fin_timeout=30">>/etc/sysctl.conf
- echo"net.ipv4.tcp_tw_recycle=1">>/etc/sysctl.conf
- echo"net.ipv4.tcp_tw_reuse=1">>/etc/sysctl.conf
- echo"net.ipv4.tcp_max_syn_backlog=4096">>/etc/sysctl.conf
- echo"net.core.netdev_max_backlog=10240">>/etc/sysctl.conf
- echo"net.ipv4.icmp_echo_ignore_broadcasts=1">>/etc/sysctl.conf
- echo"net.core.somaxconn=2048">>/etc/sysctl.conf
- echo"net.core.wmem_default=8388608">>/etc/sysctl.conf
- echo"net.core.rmem_default=8388608">>/etc/sysctl.conf
- echo"net.core.rmem_max=16777216">>/etc/sysctl.conf
- echo"net.core.wmem_max=16777216">>/etc/sysctl.conf
- echo"net.ipv4.conf.all.rp_filter=1">>/etc/sysctl.conf
- echo"net.ipv4.tcp_keepalive_time=300">>/etc/sysctl.conf
- echo"net.ipv4.tcp_synack_retries=2">>/etc/sysctl.conf
- echo"net.ipv4.tcp_syn_retries=2">>/etc/sysctl.conf
- echo"net.ipv4.ip_local_port_range=500065000">>/etc/sysctl.conf
- sysctl-p
- echo"$DATE[sysctl_config]is[success]">>/root/${INIT_LOG}
- #6.history_config
- echo"exportHISTSIZE=2000">>/etc/profile
- source/etc/profile
- echo"$DATE[history_config]is[success]">>/root/${INIT_LOG}
- #7.pass_lengthandlogincountlimit
- #sed-i'25s/99999/90/g'/etc/login.defs
- #sed-i'27s/5/8/g'/etc/login.defs
- sed-i'5iauthrequired/lib64/security/pam_tally2.sodeny=5unlock_time=300'/etc/pam.d/system-auth
- #8.disable_selinux_config
- sed-i's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
- setenforce0
- echo"$DATE[disable_selinux_config]is[success]">>/root/${INIT_LOG}
- #9.ntp_config
- ntp_config_count=`crontab-l|grepntpdate|wc-l`
- if[${ntp_config_count}-eq0];then
- cat<<EOF>>/var/spool/cron/root
- */5****/usr/sbin/ntpdate-sntp1.aliyun.com>/dev/null2>&1
- EOF
- fi
- if[$?=0];then
- echo"$DATE[ntp_config]is[success]">>/root/${INIT_LOG}
- fi
- #10.maxlogins_config
- echo"yanconggod-maxlogins10">>/etc/security/limits.conf
- echo"$DATE[maxlogins_config]is[success]">>/root/${INIT_LOG}
- #11.disbled_ipv6_config
- cat>>/etc/modprobe.d/disableipv6.conf<<EOF
- aliasnet-pf-10off
- optionsipv6disable=1
- EOF
- echo"$DATE[disble_ipv6_config]is[success]">>/root/${INIT_LOG}
- #12.character_config
- cat>>/etc/sysconfig/i18n<<EOF
- LANG="en_US.UTF-8"
- SYSFONT="latarcyrheb-sun16"
- EOF
- #13.disable_service_config
- foriinauditdblk-availabilityip6tablesiptableslvm2-monitornetfsudev-post
- do
- chkconfig$ioff
- #iptables-F
- #iptables-X
- done
- echo"$DATE[disable_service_config]is[success]">>/root/${INIT_LOG}
- #15.DNSconfig
- MASK=`ifconfig|grep-w"inet"|grep-v127.0.0.1|awk-F':''{print$2}'|sed's/Bcast$//g'|awk-F'.''{print$1"."$2}'`
- echo$MASK
- if[$MASK="10.0"-o$MASK="10.1"]
- then
- cat>/etc/resolv.conf<<EOF
- nameserver10.0.0.1
- #nameserver1.1.1.2
- #nameserver1.1.1.3
- EOF
- else
- :
- fi
- #16.sshd_config
- sed"s/#Port22/Port22/g"/etc/ssh/sshd_config-i
- sed"s/^#Protocol2/Protocol2/g"/etc/ssh/sshd_config-i
- sed"s/#UseDNSyes/UseDNSno/g"/etc/ssh/sshd_config-i
- #sed's/#PermitRootLoginyes/PermitRootLoginno/g'/etc/ssh/sshd_config-i
- #sed's/GSSAPIAuthenticationyes/GSSAPIAuthenticationno/g'/etc/ssh/sshd_config-i
- #sed's/GSSAPIAuthenticationyes/GSSAPIAuthenticationno/g'/etc/ssh/ssh_config-i
- /etc/init.d/sshdrestart
- echo"$DATE[sshd_config]is[success]">>/root/${INIT_LOG}
- #17.reboot_system
- read-p"Doyouwanttorebootthesystem?"want
- case$wantin
- yes)
- echo"rebootnow!"
- reboot
- ;;
- no)
- echo"initover!"
- ;;
- *)
- echo"pleaseuseageyesorno!thanks"
- ;;
- esac
