第一章 Centos 7 系统优化脚本

Centos 7 系统优化脚本

#!/usr/bin/bash
# Author:jh
# Time:2021-04-16  18:41:19
# Name:linux_opt.sh
# Version: 2.0
# Discription: To  

local_IP=`ifconfig |awk -F ' ' 'NR==2{print $2}'`
local_hostname=`hostname`
base_yum="CentOS-Base.repo"
epel_yum="epel.repo"
yum_dir="/etc/yum.repos.d/"
cron_dir="/var/spool/cron/root"
ssh_dir="/etc/ssh/sshd_config"

linux_comm_software=(net-tools vim tree htop iftop gcc gcc-c++ glibc iotop lrzsz sl wget unzip telnet nmap nc psmisc dos2unix bash-completion bash-completion-extra sysstat rsync nfs-utils httpd-tools)

#1.修改主机名
source /etc/init.d/functions
if [ $# -ne 1 ];then
    echo "/bin/sh $0 New hostname"
    exit 1
fi

hostnamectl set-hostname $1
if [ $? -eq 0 ];then
    action "hostname update is" /usr/bin/true
else
    action "hostname update is" /usr/bin/false
fi

#2.配置ssh连接成功显示
platform=`uname -i`
if [ $platform != "x86_64" ];then 
    echo "this script is only for 64bit Operating System !"
    exit 1
fi
echo "the platform is ok"
cat << EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF

#3.配置yum仓库
mv $yum_dir$base_yum  $yum_dir${base_yum}.bak
mv $yum_dir$epel_yum  $yum_dir${epel_yum}.bak
curl -o $yum_dir$base_yum http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o $yum_dir$epel_yum http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache

#4.安装基础软件包
for i in ${linux_comm_software[*]}
do
    rpm -q $i &>/dev/null
    if [ $? -eq 0 ];then
        echo "$i is installed" 
    else
        yum -y install $i  &>/dev/null                                     
        action "$i is installing"  /usr/bin/true
    fi     
done

#5.关闭防火墙firewalld
#systemctl disable firewalld
#systemctl stop firewalld

#6.关闭selinux
#sed 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

#7.修改本地解析
echo '$local_IP $local_hostname' >> /etc/hosts

#8.设置时间同步
timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate time1.aliyun.com
echo '#Timing synchronization time' >> $cron_dir
echo "* 4 * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null 2>&1" >> $cron_dir
systemctl restart crond.service

#9.ssh参数优化
#sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/g' $ssh_dir
#sed -i 's/#UseDNS yes/UseDNS no/g' $ssh_dir
#sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' $ssh_dir
#sed -i 's/#port 22/poort 520/g' $ssh_dir

#10.加大文件描述符
tail -1 /etc/security/limits.conf &>/dev/null
[ $? -eq 0 ] && echo "文件描述符以加大" || echo '*               -       nofile          65535 ' >>/etc/security/limits.conf 

#11.环境变量及别名优化
cat>>/etc/profile.d/color.sh<<EOF
alias ll='ls -l --color=auto --time-style=long-iso'
PS1="\[\e[37;40m\][\[\e[32;1m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\[\e[32;1m\]\\$ \[\e[0m\]"
export HISTTIMEFORMAT='%F-%T '
EOF

source  /etc/profile

#12.内核优化
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_all=1
EOF

sysctl  -p

#13.关闭NetworkManager
#systemctl  stop  NetworkManager
#systemctl  disable  NetworkManager

#14.更新软件
yum -y update && > /dev/null

#15.设置中文字符集
localectl set-locale LANG=zh_CN.UTF-8

#16.备份显示系统版本和内核的文件
cp /etc/issue{,.bak}
cp /etc/issue.net{,.bak}

> /etc/issue
> /etc/issue.net

#17.优化完成    
#!/usr/bin/bash
# Author:jh
# Time:2020-12-11  09:03:19
# Name:linux_opt.sh
# Version: 1.0
# Discription: To  

local_IP=`ifconfig |awk -F ' ' 'NR==2{print $2}'`
local_hostname=`hostname`
base_yum="CentOS-Base.repo"
epel_yum="epel.repo"
yum_dir="/etc/yum.repos.d/"
cron_dir="/var/spool/cron/root"
ssh_dir="/etc/ssh/sshd_config"

linux_comm_software=(net-tools vim tree htop iftop gcc gcc-c++ glibc iotop lrzsz sl wget unzip telnet nmap nc psmisc dos2unix bash-completion bash-completion-extra sysstat rsync nfs-utils httpd-tools)

#1.修改主机名
source /etc/init.d/functions
if [ $# -ne 1 ];then
    echo "/bin/sh $0 New hostname"
    exit 1
fi

hostnamectl set-hostname $1
if [ $? -eq 0 ];then
    action "hostname update is" /usr/bin/true
else
    action "hostname update is" /usr/bin/false
fi

#2.配置ssh连接成功显示
platform=`uname -i`
if [ $platform != "x86_64" ];then 
    echo "this script is only for 64bit Operating System !"
    exit 1
fi
echo "the platform is ok"
cat << EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF

#3.配置yum仓库
mv $yum_dir$base_yum  $yum_dir${base_yum}.bak
mv $yum_dir$epel_yum  $yum_dir${epel_yum}.bak
curl -o $yum_dir$base_yum http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o $yum_dir$epel_yum http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache

#4.安装基础软件包
for i in ${linux_comm_software[*]}
do
    rpm -q $i &>/dev/null
    if [ $? -eq 0 ];then
        echo "$i is installed" 
    else
        yum -y install $i  &>/dev/null                                     
        action "$i is installing"  /usr/bin/true
    fi     
done

#5.关闭防火墙firewalld
#systemctl disable firewalld
#systemctl stop firewalld

#6.关闭selinux
#sed 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

#7.修改本地解析
echo '$local_IP $local_hostname' >> /etc/hosts

#8.设置时间同步
timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate time1.aliyun.com
echo '#Timing synchronization time' >> $cron_dir
echo "* 4 * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null 2>&1" >> $cron_dir
systemctl restart crond.service

#9.ssh参数优化
#sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/g' $ssh_dir
#sed -i 's/#UseDNS yes/UseDNS no/g' $ssh_dir
#sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' $ssh_dir
#sed -i 's/#port 22/poort 520/g' $ssh_dir

#10.加大文件描述符
tail -1 /etc/security/limits.conf &>/dev/null
[ $? -eq 0 ] && echo "文件描述符以加大" || echo '*               -       nofile          65535 ' >>/etc/security/limits.conf 

#11.环境变量及别名优化
cat>>/etc/profile.d/color.sh<<EOF
alias ll='ls -l --color=auto --time-style=long-iso'
PS1="\[\e[37;40m\][\[\e[32;1m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\[\e[32;1m\]\\$ \[\e[0m\]"
export HISTTIMEFORMAT='%F-%T '
EOF

source  /etc/profile

#12.内核优化
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_all=1
EOF

sysctl  -p

#13.关闭NetworkManager
#systemctl  stop  NetworkManager
#systemctl  disable  NetworkManager

#14.更新软件
yum -y update && > /dev/null

#15.设置中文字符集
localectl set-locale LANG=zh_CN.UTF-8

#16.备份显示系统版本和内核的文件
cp /etc/issue{,.bak}
cp /etc/issue.net{,.bak}

> /etc/issue
> /etc/issue.net

#17.优化完成    
cat << EOF
+-------------------------------------------------+
| 优 化 已 完 成                                  |
| 请 重启 这台服务器 !                            |
+-------------------------------------------------+
EOF

sleep 5

上一篇:阿里云服务器kafka无法访问


下一篇:Docker 和 Kubernetes:root 与特权