CentOS7优化

该脚本需要在已连接网络的情况下进行,NetworkManager和防火墙就不做优化了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/sh

cat <<END
优化涉及:
1.替换为国内yum源
2.安装常用的软件 tree nmap sysstat lrzsz telnet bash-completion bash-completion-extras vim lsof net-tools rsync ntpdate nfs-utils wget dos2unix
3.时间同步并设置该操作到定时任务(每2分钟同步一次)
4.加大文件描述符数量至65536
5.SSH优化(关闭DNS反向解析和GSS认证)
6.关闭SELinux
7.命令行提示符$PS1设置为绿色(所有用户均生效)
END

#加载Linux系统内置的脚本函数库
[ -f /etc/init.d/functions ] && source /etc/init.d/functions || exit 1

read -p "正在执行CentOS7优化脚本,是否进行优化(请输入yes或no): " input_str
if [ $input_str != "yes" ] ; then
    action "输入有误!" /bin/false
    exit 2
fi

#替换为国内yum源
cp /etc/yum.repos.d/CentOS-Base.repo{,.bak-$(date "+%F-%T")}
cp /etc/yum.repos.d/epel.repo{,.bak-$(date "+%F-%T")}    
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null \
&& curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &> /dev/null \
&& yum clean all &> /dev/null && yum makecache &> /dev/null

if [ $? -eq 0 ] ; then
    action "替换国内yum源和epel源" /bin/true
else
    action "替换国内yum源和epel源" /bin/false
    exit 3
fi

#安装常用的软件
yum -y install tree nmap sysstat lrzsz telnet bash-completion bash-completion-extras vim lsof net-tools rsync ntpdate nfs-utils wget dos2unix &> /dev/null
if [ "$?" -eq 0 ] ; then
    action "安装常用软件" /bin/true
else
    action "安装常用软件" /bin/false
    exit 1
fi



#时间同步并设置该操作到定时任务(每2分钟同步一次)
yum install -y nptdate &> /dev/null
echo '*/2 * * * * /usr/sbin/ntpdate ntp.aliyun.com &> /dev/null' >> /var/spool/cron/root
if [ $? -eq 0 ] ; then
    action "时间同步并设置该操作到定时任务" /bin/true
else
    action "时间同步并设置该操作到定时任务" /bin/false
    exit 4
fi


#加大文件描述符数量
[ `sed -rn "/^[^#].*nofile.*/p" /etc/security/limits.conf | grep -Eo '[0-9]+'` -lt 65536 ] && \
sed -irn "s/^[^#].*nofile.*$/*               -       nofile          65536/" /etc/security/limits.conf

if [ $? -eq 0 ] ; then
    action "加大文件描述符数量" /bin/true
fi



#SSH优化
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config &> /dev/null && \
systemctl restart sshd &> /dev/null

if [ $? -eq 0 ] ; then
    action "SSH优化" /bin/true
else
    action "SSH优化" /bin/false
    exit 5
fi


#关闭SELinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
if [ `grep SELINUX=disabled /etc/selinux/config` = "SELINUX=disabled" ] ; then
    action "关闭SELinux" /bin/true
else
    action "关闭SELinux" /bin/false
    exit 6
fi



# 命令行提示符$PS1设置为绿色
cat >> /etc/profile.d/custom_prompt.sh <<EOF
export PS1='\[\e[32;1m\][\u@\h \w]\$\[\e[0m\] '
EOF
source  /etc/profile

if [ "$?" -eq 0 ];then
    action "命令行提示符$PS1设置为绿色" /bin/true
else
    action "命令行提示符$PS1设置为绿色"
exit 7
fi

#关闭NetworkManager
# systemctl stop NetworkManager && systemctl disable NetworkManager &> /dev/null
# if [ "$?" -eq 0 ];then
#     action "关闭NetworkManager" /bin/true
# else
#     action "关闭NetworkManager" /bin/false
# exit 8
# fi

#关闭防火墙并禁止开机自启
# systemctl stop firewalld && systemctl disable firewalld  &> /dev/null
# if [ "$?" -eq 0 ];then
#     action "关闭firewalld防火墙" /bin/true
# else
#     action "关闭firewalld防火墙" /bin/false
#     exit 9
# fi

echo "优化结束"


如果需要NetworkManager和防火墙都关闭,可以将对应注释取消即可。

References

参考 描述
What characters do I need to escape when using sed in a sh script?
escaping - How to escape single quote in sed? - Stack Overflow
shell提取字符串中的数字保存到变量中_c_shell_python的博客-CSDN博客_shell 提取数字