Linux-初始化脚本

  • A+
所属分类:Nginx
#!/bin/bash
#
#********************************************************************
#encoding  -*-utf8-*-
#Author:
#Date:         2017-12-19
#URL: 
#Description:  The test script
#Copyright (C):    2017 All rights reserved
#QQ Numbers:
#********************************************************************

#查看系统版本 
Get_host_version=`cat /etc/centos-release | grep -i centos | grep -o "\<[[:digit:]]\+" |head -1`

#查看内核版本
kernel_version=`uname -r`

#设置开机启动文件的权限
chmod +x /etc/rc.d/rc.local

#安装wget必备工具
function Install_wget(){
    mount /dev/sr0 /mnt
    [ $? -ne 0 ] && { echo "未添加光盘源!退出脚本" ; kill -9 $$ ; }
    rpm -ivh /mnt/Packages/wget*
    cd /
    umount /mnt    
}

#修改字符集位zh_CN.UTF-8
function Modify_charaset(){
    echo 'export LANG=zh_CN.UTF-8' >>/etc/profile
    export LANG=zh_CN.UTF-8
}

#输出错误的系统版本
function Error_system_version(){
    echo "未知的系统版本 $Get_host_version"
}

#备份操作的相关目录
function Bakup_etc(){
    Now_of_time=`date +'%F_%H.%M'`
    back_path=/bak/initsys/
    mkdir -p $back_path
    tar -czf $back_path/etc.${Now_of_time}.tar.gz /etc
}

#关闭防火墙和selinux
function Off_firewall_and_selinux(){
    #off firewall
    if [ "$Get_host_version" == 7 ]
        then
        systemctl stop firewalld &>/dev/null
        systemctl disable firewalld &>/dev/null
    elif [ "$Get_host_version" == 6 ]
        then
        service iptables stop &>/dev/null
        chkconfig iptables off &>/dev/null
    else
        Error_system_version
        return 1
    fi
    #off selinux
    sed -ri 's/^(SELINUX=).*$/\1disabled/g' /etc/selinux/config
    setenforce 0
}

#配置时区和时间
function Set_timezone_and_time(){
    /usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
    /usr/sbin/ntpdate 10.180.4.204 #设置ntp服务器同步,如果需要取消注释
    hwclock -w #同步系统时间到硬件时间
    if [ "$Get_host_version" == '6' ]
        then
        cat > /etc/sysconfig/clock << EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
    elif [ "$Get_host_version" == '7' ] 
        then
        timedatectl set-local-rtc yes
    else
        Error_system_version
    fi    
}

#隐藏系统版本
function Shadow_system_version(){
    echo '' > /etc/issue
    echo '' > /etc/motd
    echo '' > /etc/redhat-release
    echo '' > /etc/centos-release
}

#测试外网是否连通
function Test_network(){
    ping -c1 www.baidu.com &>/dev/null
    if [ $? -eq 0 ]
        then
        return 0
    else
        return 1
    fi
}

#设置系统最大句柄数
function Set_handler_Num(){
    limit_count=`cat /etc/security/limits.conf | grep "^\*[[:blank:]]\+\(soft\|hard\)[[:blank:]]\+\(nofile\|nproc\)[[:blank:]]\+" | wc -l`
    if [ "$limit_count" -eq 0 ]
        then
        cat >> /etc/security/limits.conf << EOF
*   soft   nofile   102400 
*   hard   nofile   102400
*   soft   nproc    40960
*   hard   nproc    40960
EOF
        ulimit -n 102400 #设置文件打开数,并马上生效,
    else
        echo "已经添加过limit限制!"
    fi

}

#优化tcp连接
function Set_tcp_kernel_arguments(){
    kernel_args=/etc/sysctl.d/tcp_optimization.conf
    flag_1=`cat $kernel_args 2>/dev/null | grep tcp_flag | awk '{print $2}'`
    flag_2=`cat $kernel_args 2>/dev/null | grep tcp_flag | wc -l`
    if [ "$flag_2" -gt 1 ]
        then
        echo "系统错误,TCP重复的优化参数,请查看 $kernel_args 是否正确!"
        return 1
    fi
    if [ "$flag_1" == 1 ]
        then
        echo "TCP内核参数已经优化过了。"
        return 1
    fi
    echo "#tcp_flag 1" >>$kernel_args
    touch $kernel_args
    echo "net.ipv4.tcp_syncookies = 1" >> $kernel_args #开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击
    echo "net.ipv4.tcp_tw_recycle = 1" >> $kernel_args #表示开启TCP连接中TIME-WAIT sockets的快速回收
    echo "net.ipv4.tcp_tw_reuse = 1" >> $kernel_args #表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接
    echo "net.ipv4.tcp_fin_timeout = 5" >> $kernel_args ##指定孤儿连接在内核中生存的时间为5秒 
    echo "net.ipv4.tcp_keepalive_time = 1200" >> $kernel_args #表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省>是2小时,改为20分钟
    echo "net.ipv4.ip_local_port_range = 10000 65000" >> $kernel_args #表示用于向外连接的端口范围
    echo "net.ipv4.tcp_max_syn_backlog = 8192" >> $kernel_args #表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数
    echo "net.ipv4.tcp_max_tw_buckets = 5000" >> $kernel_args #表示系统同时保持TIME_WAIT的最大数量,如果超过这个数字,TIME_WAIT将立刻被清除并打印警告信息。
    sysctl -p $kernel_args &>/dev/null
    if [ $? != 0 ]
        then
        echo '读取Tcp内核参数错误!'
    fi
}

#禁用ssh的DNS功能
function Disabled_sshd_dns(){
    [ `grep "^#UseDNS \(no\|yes\)" /etc/ssh/sshd_config | wc -l` -eq 0 ] && { echo '已禁用该配置,Do nothing!' ; return 1; }
    sed -ri 's@#UseDNS (no|yes)@UseDNS no@g' /etc/ssh/sshd_config
    if [ "$Get_host_version" == '6' ]
        then
        service sshd restart
    elif [ "$Get_host_version" == '7' ] 
        then
        systemctl restart sshd
    else
        Error_system_version
    fi
}

#配置网卡名称为eth*
function Modify_network_card_name(){
    if [ "$Get_host_version" == '6' ] #修改Centos6 的网卡
        then
        Count_cart=`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' | wc -l`
        [ "$Count_cart" -eq 0 ] && { echo "没有网卡信息,请检查网卡驱动!" ; return 1; }
        count=1
        All_mac=`cat 70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' |grep -o "\([0-9a-fA-F]\{2\}:\)\{5\}[0-9a-fA-F]\{2\}"`
        for i in `$ALL_mac`
            do
            sed -ri 's@('$i'.*NAME=").*[[:digit:]]+"$@\1eth'$count'$"@' /etc/udev/rules.d/70-persistent-net.rules
            let count+=1
            done
        echo '修改网卡名成功,请查看配置!'
        echo "`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'`"
    elif [ "$Get_host_version" == '7' ] #修改Centos7 的网卡
        then
        boot_grub=/boot/grub2/grub.cfg
        grub_default_cfg=/etc/default/grub
        Name_count=`cat  $boot_grub 2>/dev/null | grep "quiet[[:blank:]]\+net.ifnames" | wc -l`
        cp $grub_default_cfg ${grub_default_cfg}.`date +'%F_%H.%M'`
        [ $? -ne 0 ] && { echo "没有 $grub_default_cfg 这个文件" ; return 1; }
        if [ "$Name_count" -eq 0 ]
            then
            sed -ri 's/(GRUB_CMDLINE_LINUX=.*quiet)/\1 net.ifnames=0/g' $grub_default_cfg
            grub2-mkconfig -o $boot_grub
            if [ $? -eq 0 ]
                then
                echo '生成新的配置文件,生效需重启!'
            else
                echo "grub文件生成错误! $boot_grub 可能会产生错误!请检查"
            fi
        else
            echo '已经修改过grub参数,无需再次修改!Do nothing!'
        fi
    else
        Error_system_version
    fi
}

#配置yum仓库为aliyun
function Modify_yumrepo(){
    repo_path=/etc/yum.repos.d/
    base_repo_count=`ls $repo_path | grep Alibase.repo | wc -l`
    epel_repo_count=`ls $repo_path | grep epel.repo | wc -l`
    mkdir -p ${repo_path}bak 2>/dev/null
    cd $repo_path
    Test_network
    [ $? -ne 0 ] && { echo '网络不通,退出函数!' ; return 1; }
    mv CentOS-* bak 2>/dev/null
    #根据系统版本添加源
    if [ "$Get_host_version" -eq 6 ]
        then
        if [ "$base_repo_count" -eq 0 ];then
            wget https://mirrors.aliyun.com/repo/Centos-6.repo -O ${repo_path}Alibase.repo
        else
            echo "已经添加过阿里源!"
        fi
        sleep 1
        if [ "$epel_repo_count" -ne 0 ];then
            wget https://mirrors.aliyun.com/repo/epel-6.repo -O ${repo_path}epel.repo
        else
            echo "已经添加过epel源!"
        fi
        yum clean all
    elif [ "$Get_host_version" -eq 7 ]
        then
        if [ "$base_repo_count" -eq 0 ];then
            wget https://mirrors.aliyun.com/repo/Centos-7.repo -O ${repo_path}Alibase.repo
        else
            echo "已经添加过阿里源!"
        fi
        sleep 1
        if [ "$epel_repo_count" -ne 0 ];then
            wget https://mirrors.aliyun.com/repo/epel-7.repo -O ${repo_path}epel.repo
        else
            echo "已经添加过epel源!"
        fi
        yum clean all   
    else
        Error_system_version
    fi
}

#安装一些软件包
function Install_some_packege(){
packges="gcc glibc zlib openssl openssl-devel lrzsz lftp ftp telnet nmap-ncat net-snmp net-snmp-devel vim sysstat bash-completion wget lsof psmisc ntp"
yum install -y $packges
}

#配置Bond
function Config_Bond(){
    [ `ls /etc/sysconfig/network-scripts/ifcfg-Bond* 2>/dev/null | wc -l ` -ne 0 ] && { echo '已经配置了了Bond' ; return 1; }
    Net_card_name=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}'`
    Net_card_Num=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}' | wc -l`
    Named_eth_count=`echo $Net_card_name | grep -io eth | wc -l`
    [ "$Named_eth_count" -ne "$Net_card_Num" ] && { echo "网卡名并未变更为eth,或者已经添加过了聚合类型!配置失败!" ; return 1; }
    net_path=/etc/sysconfig/network-scripts/
    if [ "$Get_host_version" == '6' ]
        then
        service NetworkManager stop
        chkconfig NetworkManager off
        for i in $Net_card_name
            do
            cat >>${net_path}ifcfg-$i <<EOF
DEVICE=$i
BOOTPROTO=none
MASTER=bond0
SLAVE=yes        
USERCTL=no
EOF
            done
        cat >>${net_path}ifcfg-Bond0 <<EOF
DEVICE=bond0
BOOTPROTO=none
BONDING_OPTS= "miimon=100 mode=0"
DNS1=8.8.8.8
IPADDR=172.18.30.2
PREFIX=16
GATEWAY=172.18.0.1
ONBOOT=yes
EOF
        service network restart
    elif [ "$Get_host_version" == '7' ]
        then
        nmcli con add type bond con-name Bond0 ifname Bond0 mode 0 ipv4.method manual ipv4.addresses 172.18.30.1 ipv4.gateway 172.18.0.1 ipv4.dns 8.8.8.8 &>/dev/null
        [ $? -eq 0 ] && nmcli con up Bond0
        for i in $Net_card_name
            do
            nmcli con add type bond-slave con-name $i-bond ifname $i master Bond0
            [ $? -eq 0 ] && nmcli con up $i-bond || echo "激活失败!"
            done
    else
        Error_system_version
    fi
} 
#这里开始调用执行
Bakup_etc   #备份etc
Off_firewall_and_selinux  #关闭selinux
Install_wget #安装wget
#Modify_charaset  #修改全局字符集
Set_timezone_and_time  #设置时区和时间
Set_handler_Num   # 设置打开文件数
Set_tcp_kernel_arguments  #优化内核tcp连接
#Modify_yumrepo   #修改yum仓库
#Install_some_packege #安装一些软件包
Disabled_sshd_dns #禁用ssh的dns功能
#Shadow_system_version #隐藏系统版本
Modify_network_card_name   #统一网卡名称为eth
#Config_Bond    #配置Bond,默认ip为172.18.30.1,需要手动配置
avatar

发表评论

您必须登录才能发表评论!