linux 服务器初始化脚本

#!/bin/bash

#install need root user.

if [ `whoami` != "root" ];then

echo "Installtion this package needs root user."

exit 1

fi

#--------------------set env--------------------

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

export PATH

#--------------------set runlevel 3--------------------

initdlevel=`grep 'id:3:initdefault:' /etc/inittab`

if [ "$initdlevel" == "" ] ; then

echo "initd level not is 3"

echo "set initd level 3"

sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab

fi

#--------------------set ulimit--------------------

checklimits=`grep '* - nofile 65535' /etc/security/limits.conf`

if [ "$checklimits" == "" ] ; then

echo '* - nofile 65535' >> /etc/security/limits.conf

fi

#--------------------set root nologin sshd--------------------

rootsshlogin=`grep '#PermitRootLogin yes' /etc/ssh/sshd_config`

if [ "$rootsshlogin" != "" ] ; then

echo "sshd allow root login"

echo "set sshd deny root login"

sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

fi

#--------------------crate normal user linuxuser--------------------

useradd linuxuser

echo "password"| passwd --stdin linuxuser

echo "password"| passwd --stdin root

#--------------------disable selinux--------------------

checkselinux=`grep 'SELINUX=enforcing' /etc/selinux/config`

if [ "$checkselinux" != "" ] ; then

echo "SElinux is Enable"

echo "set SElinux Disable"

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

fi

#--------------------set time zone--------------------

echo 'ZONE="Asia/Shanghai"

UTC=false

ARC=false' > /etc/sysconfig/clock

#--------------------crontab update time--------------------

yum -y install ntp

/usr/sbin/ntpdate time.windows.com

crontab -l > /tmp/cron.tmp

echo "01 07 * * * /usr/sbin/ntpdate time.windows.com ; hwclock -w >/dev/null 2>&1" >> /tmp/cron.tmp

crontab /tmp/cron.tmp && /bin/rm -f /tmp/cron.tmp

#--------------------set sysctl.conf--------------------

cat >>/etc/sysctl.conf

net.ipv4.tcp_tw_recycle=1

net.ipv4.tcp_tw_reuse=1

net.ipv4.tcp_max_syn_backlog=8192

net.ipv4.tcp_keepalive_time=30

net.ipv4.tcp_fin_timeout=15

net.core.rmem_max=16777216

net.core.wmem_max=16777216

net.ipv4.tcp_rmem=4096 87380 16777216

net.ipv4.tcp_wmem=4096 65536 16777216

net.core.netdev_max_backlog=3000

EOF

sysctl -p

#------------------------------set locale-------------------------------------------------

true > /etc/sysconfig/i18n

cat >>/etc/sysconfig/i18n

LANG="zh_CN.GB18030"

LANGUAGE="zh_CN.GB18030:zh_CN.GB2312:zh_CN"

SUPPORTED="zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"

SYSFONT="lat0-sun16"

EOF

#--------------------------close ctrl+alt+del------------------------------------------------

sed -i "s/ca::ctrlaltdel:/sbin/shutdown -t3 -r now/#ca::ctrlaltdel:/sbin/shutdown -t3 -r now/" /etc/inittab

#-------------------------disable ipv6------------------------------------------------------

echo "alias net-pf-10 off" >> /etc/modprobe.conf

echo "alias ipv6 off" >> /etc/modprobe.conf

/sbin/chkconfig --level 35 ip6tables off

sed -i "s/NETWORKING_IPV6=yes/NETWORKING_IPV6=no/g" /etc/sysconfig/network

#-------------------------turnoff service------------------------------------------------------

for i in `ls /etc/rc3.d/S*`

do

CURSRV=`echo $i|cut -c 15-`

echo $CURSRV

case $CURSRV in

crond | irqbalance | microcode_ctl | network | random | sshd | syslog )

echo "Base services, Skip!"

;;

*)

echo "change $CURSRV to off"

chkconfig --level 235 $CURSRV off

service $CURSRV stop

;;

esac

done

echo "service is init is ok.............."