#!/bin/bash
 #****************************************************************#
 # ScriptName: acfuninit.sh
 # version 1.1
 # Author: *****
 # Create Date: 2015-7-31
 # Modify Author:******
 # Modify Date: 2015-12-23
 # Function: acfun CentOS 6.7 init shell (use on kickstart)
 #***************************************************************#
 # 设置颜色参数
 GC="\033[1;32m"
 BC="\033[1;34m"
 RC="\033[1;31m"
 EC="\033[0m"
 __detect_result() {
     if [ $? -eq 0 ]; then
         echo -e "${GC}[  OK  ]${EC}"
         echo ""
     else
         echo -e "${RC}[FAILED]${EC}"
         echo ""
     fi
 }
 # 关闭图形界面
 clear;echo -en "${BC}Linux X11 is disabled...    ${EC}";sleep 1
 sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
 __detect_result
 # SSH 配置
 echo -en "${BC}SSH is config...    ${EC}";sleep 1
 sed -i 's/#ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config
 sed -i 's/#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
 sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
 sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
 sed -i 's/#Protocol 2,1/Protocol 2/g' /etc/ssh/sshd_config
 sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
 rm -fr /root/.ssh/ 2>/dev/null
 __detect_result
 # 添加系统管理员组
 echo -en "${BC}group & user is created...  ${EC}";sleep 1
 getent group xxadmin > /dev/null || groupadd -g 1000 xxadmin 2>/dev/null
 if [ $(grep -c "%xxadmin" /etc/sudoers) == 0 ]; then
     echo "%xxadmin   ALL=(ALL)  NOPASSWD: ALL" >> /etc/sudoers
 fi
 if [ $(grep -c "hostkeeper" /etc/passwd) == 0 ]; then
     useradd -u 1000 -g xxadmin -p '123456' -c "hostkeeper user" hostkeeper
 fi
 mkdir /home/hostkeeper/.ssh/ && echo 'ssh-rsa ********************************************
 -----END RSA PRIVATE KEY-----' > /home/hostkeeper/.ssh/id_rsa && chown -R hostkeeper:xxadmin /home/hostkeeper/.ssh && chmod 400 /home/hostkeeper/.ssh/*
 __detect_result
 # 字符编码设置为 UTF-8
 echo -en "${BC}LANG is en_US.UTF8...    ${EC}";sleep 1
 sed -i 's/LANG=.*/LANG="en_US.UTF-8"/g' /etc/sysconfig/i18n
 __detect_result
 # 清空 iptables 规则
 echo -en "${BC}iptables is optimize...    ${EC}";sleep 1
 iptables='/etc/sysconfig/iptables'
 if [ ! -f ${iptables} ] || [ $(grep -c '\-F' ${iptables}) == 0 ]; then
     sed -i 's/\-A FORWARD \-j REJECT \-\-reject\-with icmp\-host\-prohibited/\-A FORWARD \-j REJECT \-\-reject\-with icmp\-host\-prohibited\n\-F/g' $iptables
 fi
 __detect_result
 # 关闭 SElinux
 echo -en "${BC}Selinux is disabled...    ${EC}";sleep 1
 if [ $(getenforce) != 'Diabled' ]; then
     sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
     sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 fi
 __detect_result
 # 配置 VIM
 #echo -en "${BC}vimrc is config...    ${EC}";sleep 1
 #echo "set paste" >> /etc/vimrc
 #echo "filetype on" >> /etc/vimrc
 #
 #__detect_result
 # 配置 security bash
 echo -en "${BC}acfun_bashenv.sh is config...    ${EC}";sleep 1
 cat > /etc/profile.d/acfun_bashenv.sh <<EOF
 # for security set
 alias chgrp='chgrp --preserve-root'
 alias chown='chown --preserve-root'
 alias chmod='chmod --preserve-root'
 alias rm='rm -i --preserve-root'
 # for history set
 HISTTIMEFORMAT='[%F %T] '
 HISTSIZE=2000
 # set vim set
 export EDITOR=vim
 alias vi='vim'
 EOF
 __detect_result
 # 配置 limit.conf
 echo -en "${BC}limits.conf is optimize...    ${EC}";sleep 1
 login='/etc/pam.d/login'
 if [ $(grep -c "pam_limits.so" ${login}) == 0 ]; then
     echo "session    required     pam_limits.so" >> ${login}
 fi
 limits='/etc/security/limits.conf'
 if [ $(grep -c "* soft nofile 655360" ${limits}) == 0 ]; then
     echo "* soft nofile 655360" >> ${limits}
     echo "* hard nofile 655360" >> ${limits}
     echo "* soft nproc  131072" >> ${limits}
     echo "* hard nproc  131072" >> ${limits}
     echo "# End of file" >> ${limits}
 fi
 nproc='/etc/security/limits.d/90-nproc.conf'
 if [ ! -f ${nproc} ] || [ $(grep -c 'nproc' ${nproc}) == 0 ];then
     echo '* soft nproc 131072' >> ${nproc}
 else
     sed -i 's/*.*soft.*nproc.*/*          soft    nproc     131072/g' ${nproc}
 fi
 __detect_result
 # 配置 sysctl.conf
 #echo -en "${BC}sysctl.conf is optimize...    ${EC}";sleep 1
 #sysctl='/etc/sysctl.conf'
 #if [ $(grep -c "net.ipv4.tcp_syncookies = 0" ${sysctl}) == 0 ]; then
 # {
 #    sed -i 's/net.ipv4.tcp_syncookies = 1/net.ipv4.tcp_syncookies = 0/g' ${sysctl}
 #    echo "net.ipv4.conf.all.arp_ignore = 1" >> ${sysctl}
 #    echo "net.ipv4.conf.all.arp_announce = 2" >> ${sysctl}
 #    echo "net.ipv4.conf.lo.arp_ignore = 1" >> ${sysctl}
 #    echo "net.ipv4.conf.lo.arp_announce = 2" >> ${sysctl}
 #    echo "net.core.rmem_default = 262144" >> ${sysctl}
 #    echo "net.core.wmem_default = 262144" >> ${sysctl}
 #    echo "net.core.netdev_max_backlog = 10000" >> ${sysctl}
 #    echo "net.core.rmem_max = 16777216" >> ${sysctl}
 #    echo "net.core.wmem_max = 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_rmem = 8192 87380 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_wmem = 8192 65536 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_mem = 8388608 12582912 16777216" >> ${sysctl}
 #    echo "net.ipv4.tcp_max_syn_backlog = 4096" >> ${sysctl}
 #    echo "net.ipv4.tcp_synack_retries = 2" >> ${sysctl}
 #    echo "net.nf_conntrack_max = 8553600" >> ${sysctl}
 #    echo "net.netfilter.nf_conntrack_max = 8553600" >> ${sysctl}
 #    echo "net.netfilter.nf_conntrack_tcp_timeout_established = 60" >> ${sysctl}
 #}
 #fi
 #__detect_result
 # 建立数据目录
 echo -en "${BC}data file is create...    ${EC}";sleep 1
 mkdir -p /opt/logs
 mkdir -p /opt/package
 mkdir -p /opt/javaserver
 mkdir -p /opt/data/mysqldata
 mkdir -p /opt/data/redis
 mkdir -p /opt/data/zookeeper
 mkdir -p /opt/script
 mkdir -p /opt/backup
 __detect_result
 # 搭建rsync服务
 echo -e "${BC}create rsync server...    ${EC}";sleep 1
 touch /etc/rsyncd.conf
 if [ $(grep -c "rsync" /etc/rsyncd.conf) == 0 ]; then
 cat > /etc/rsyncd.conf <<EOF
 uid = root
 gid = root
 use chroot = no
 max connections = 10
 strict modes = yes
 pid file = /var/run/rsyncd.pid
 lock file = /var/run/rsync.lock
 log file = /opt/logs/rsyncd.log
 EOF
 fi
 if [ $(grep -c "/usr/bin/rsync --daemon" /etc/rc.local) == 0 ]; then
     echo '/usr/bin/rsync --daemon' >> /etc/rc.local
 fi
 /usr/bin/rsync --daemon
 __detect_result
 # 安装java服务
 echo -e "${BC}install oracle java...    ${EC}";sleep 1
 wget -P /tmp/ --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.rpm
 rpm -ivh /tmp/jdk-8u45-linux-x64.rpm
 echo "" >>/etc/profile
 echo "# java jdk config" >> /etc/profile
 echo "JAVA_HOME=/usr/java/jdk1.8.0_45" >> /etc/profile
 echo "PATH=\$JAVA_HOME/bin:\$JAVA_HOME/jre/bin:\$PATH" >> /etc/profile
 echo "CLASSPATH=.:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/jre/lib/rt.jar" >> /etc/profile
 echo "export JAVA_HOME PATH CLASSPATH" >> /etc/profile
 source /etc/profile
 __detect_result
 # 关闭服务
 echo -e "${BC}services is optimize...    ${EC}";sleep 1
 chkconfig --level 35 abrt-ccpp off 2>/dev/null
 chkconfig --level 35 abrtd off 2>/dev/null
 chkconfig --level 35 acpid off 2>/dev/null
 chkconfig --level 35 atd off 2>/dev/null
 chkconfig --level 35 certmonger off 2>/dev/null
 chkconfig --level 35 cpuspeed off 2>/dev/null
 chkconfig --level 35 cups off 2>/dev/null
 chkconfig --level 35 mcelogd off 2>/dev/null
 chkconfig --level 35 mdmonitor off 2>/dev/null
 chkconfig --level 35 nfslock off 2>/dev/null
 chkconfig --level 35 ip6tables off 2>/dev/null
 chkconfig --level 35 postfix off 2>/dev/null
 service abrt-ccpp stop 2>/dev/null
 service abrtd stop 2>/dev/null
 service acpid stop 2>/dev/null
 service atd stop 2>/dev/null
 service certmonger stop 2>/dev/null
 service cpuspeed stop 2>/dev/null
 service cups stop 2>/dev/null
 service mcelogd stop 2>/dev/null
 service mdmonitor stop 2>/dev/null
 service nfslock stop 2>/dev/null
 service ip6tables stop 2>/dev/null
 service postfix stop 2>/dev/null
 __detect_result
 # 添加 yum 软件源
 echo -en "${BC}yum source is install...    ${EC}";sleep 1
 rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 yum install yum-priorities -y
 epel='/etc/yum.repos.d/epel.repo'
 if [ $(grep -c "priority=10" ${epel}) == 0 ]; then
     sed -i 's/enabled = 1/enabled = 1\npriority = 10/g' ${epel}
 fi
 __detect_result
 # YUM 安装相关服务
 echo -e "${BC}packages is installed...    ${EC}";sleep 1
 yum -e 0 -d 0 -y -q install iftop iotop ipmitool wget telnet vim xinetd dmidecode redhat-lsb ntp openssl bash man gcc gcc-c++ make sysstat nc lrzsz parted mtr iptraf strace 2>/dev/null
 __detect_result
 # 初始安装关闭DHCP引导
 echo -e "${BC}DHCP BOOT is disabled...    ${EC}";sleep 1
 ipmitool -I open chassis bootdev disk options=persistent,efiboot
 __detect_result
 echo "system init finished!"
 echo ""
 echo "reboot after 1 minutes!"
 shutdown -r +1

centos_6.7_系统初始化的更多相关文章

  1. centos7 系统初始化脚本

    现在自己的本地虚拟机系统,直接安装的是centos7.2 mini版,安装完成发现好多东西都没有安装,所以写了一个简单的系统初始化脚本,让自己可以省一些力气,哈哈 人懒主要是. 下面贴出写的脚本,脚本 ...

  2. ssh下:系统初始化实现ServletContextListener接口时,获取spring中数据层对象无效的问题

    想要实现的功能:SSH环境下,数据层都交由Spring管理:在服务启动时,将数据库中的一些数据加载到ServletContext中缓存起来. 系统初始化类需要实现两个接口: ServletContex ...

  3. 详解linux系统的启动过程及系统初始化

    一.linux系统的启动流程 关于linux系统的启动流程我们可以按步进行划分为如下: POST加电自检 -->BIOS(Boot Sequence)-->加载对应引导上的MBR(boot ...

  4. Ztack学习笔记(2)-系统初始化分析

    main函数先执行初始化工作,包括硬件.网络层.任务等的初始化. 一 系统初始化 系统初始化函数主要完成内存分配.消息队列头.定时器.电源管理.任务系统及内存栈等的初始化,具体如下代码所示: //os ...

  5. Linux安装系统注意事项及系统初始化

      Linux安装系统注意事项 1.分区 学习用途: /boot:200M /swap :内存的1到2倍 /:根据需要分配大小,比如虚拟机下总空间是15G,那么可以分配8——10G跟/分区,如果是生产 ...

  6. ucos系统初始化及启动过程

    之前在ucos多任务切换中漏掉了一个变量, OSCtxSwCtr标识系统任务切换次数 主要应该还是用在调试功能中 Ucos系统初始化函数为OSInit(),主要完成以下功能 全局变量初始化 就绪任务表 ...

  7. centos系统初始化流程及实现系统裁剪

    Linux系统的初始化流程: POST:ROM+RAM BIOS: Boot Sequence MBR: 446:bootloader 64: 分区表 2: 5A kernel文件:基本磁盘分区 /s ...

  8. 【linux】系统初始化的shell脚本

    根据参考网上的一些文章,总结出来一个系统初始化的shell脚本 1.初始化脚本 #!/bin/bash cat << EOF +------------------------------ ...

  9. Saltstack生产案例之系统初始化

    把之前的配置打个包 zip -r salt.zip * 拷贝到/root/tools目录 博客园文件里面也保留一份,删除之前所有的salt配置文件重新开始 想 1,系统初始化 2,功能模块:设置单独的 ...

随机推荐

  1. Open judge 06月度开销

    06:月度开销 总时间限制: 1000ms 内存限制: 65536kB 传送门 描述 农夫约翰是一个精明的会计师.他意识到自己可能没有足够的钱来维持农场的运转了.他计算出并记录下了接下来 N (1 ≤ ...

  2. C语言数据输入与输出

    1 概论 C语言提供了跨平台的数据输入输出函数scanf()和printf()函数,它们可以按照指定的格式来解析常见的数据类型,例如整数,浮点数,字符和字符串等等.数据输入的来源可以是文件,控制台以及 ...

  3. jquery text--val--html

    .html()用为读取和修改元素的HTML标签    对应js中的innerHTML .html()是用来读取元素的HTML内容(包括其Html标签),.html()方法使用在多个元素上时,只读取第一 ...

  4. Linux内存映射(mmap)系列(1)

    看到同事的代码中出现了mmap.所以自己私下学习学习,研究研究..... http://www.cnblogs.com/lknlfy/archive/2012/04/27/2473804.html ( ...

  5. 2016022605 - redis订阅发布

    Redis的实现消息队列功能,消息发布者发送的消息,消息接收者接收发布者的消息.由该消息传送的链路被称为通道.在Redis客户端可以订阅任何数目的通道. 案例:给出一个客户端订阅一个通道名为redis ...

  6. 【算法】改进的冒泡排序 O(n^2) 稳定的 C语言

    改进的冒泡排序 一.算法描述 基于原冒泡排序 每次选取第一个元素作为主元往后进行比较,若遇到比它小的则放到它左边(即进行交换),若遇到比它大的则选取大的作为主元进行后续比较,每趟选取了无序列中最大元素 ...

  7. eclipse + maven + jboss 遇到ClassNotFoundException

    在使用eclipse + maven + jboss开发过程中,碰到ClassNotFoundException, 原因应该是deployed包中未包含maven的依赖jar. 可以通过如下方法把依赖 ...

  8. 在python中使用zookeeper管理你的应用集群

    http://www.zlovezl.cn/articles/40/ 简介: Zookeeper 分布式服务框架是 Apache Hadoop 的一个子项目,它主要是用来解决分布式应用中经常遇到的一些 ...

  9. h.264并行解码算法3D-Wave实现(基于多核共享内存系统)

    3D-Wave算法是2D-Wave的扩展.3D-Wave相对于只在帧内并行的2D-Wave来说,多了帧间并行,不用等待前一帧完成解码后才开始下一帧的解码,而是只要宏块的帧间参考部分以及帧内依赖宏块解码 ...

  10. Windows窗口样式速查参考,Delphi窗口控件的风格都有它们来决定(附Delphi何时用到它们,并举例说明)good

    /* 窗口样式参考列表(都是GetWindowLong的GWL_STYLE风格,都是TCreateParams.Sytle的一部分),详细列表如下:https://msdn.microsoft.com ...