CentOS6.x系统初始化脚本

#!/bin/bash
#byauthorsMox
#Email827897564@qq.com
#

#--变量
err_echo(){
echo-e"\\033[31m[Error]:$1\\033[0m"
exit1
}

info_echo(){
echo-e"\\033[32m[Info]:$1\\033[0m"
}

warn_echo(){
echo-e"\\033[33m[Warning]:$1\\033[0m"
}

check_exit(){
if[$?-ne0];then
err_echo"$1"
exit1
fi
}

SSH_PORT=15300
LOGIN_USER=login_user
LOGIN_PASSWD=login_user

#用户登录失败锁定阀值
LOGIN_FAILD=3
LOCK_TIME=30


cat<<EOF
+--------------------------------------------------------------+
|===WelcometoCentOS6.xSysteminit==="|
+--------------------------------------------------------------+
EOF

info_echo"startchecksystemvertion"
sv=`grep"CentOS"/etc/issue|awk'{print$1}'`
cv=`uname-r|awk-F.'{print$NF}'`
if[$sv!=CentOS]&&[$cv!=x86_64];then
erro_echo"noCentOSornox86_64system!!!exit...."
exit7
fi

#添加epel外部yum扩展源
info_echo"addepelrpmsours..."
cd/usr/local/src
wgethttp://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm-ivhepel-release-6-8.noarch.rpm

#安装gcc基础库文件以及sysstat工具
info_echo"installgccgcc-c++unzipunzipvimwget...."
yum-yinstallgccgcc-c++vim-enhancedunzipunrarsysstatvimwget

info_echo"installntpd..."
#配置ntpdate自动对时
yum-yinstallntp
echo"0101***/usr/sbin/ntpdatentp.api.bz>>/dev/null2>&1">>/etc/crontab
ntpdatentp.api.bz
servicecrondrestart

#配置文件的ulimit值
info_echo"configulimit..."
ulimit-SHn65535
echo"ulimit-SHn65535">>/etc/rc.local
cat>>/etc/security/limits.conf<<EOF
*softnofile60000
*hardnofile65535
EOF

info_echo"disabledcontrol-alt-delete..."
#禁用control-alt-delete组合键以防止误操作
sed-i's@ca::ctrlaltdel:/sbin/shutdown-t3-rnow@#ca::ctrlaltdel:/sbin/shutdown-t3-rnow@'/etc/inittab

#关闭SElinux
info_echo"disableSelinux..."
sed-i's@SELINUX=enforcing@SELINUX=disabled@'/etc/selinux/config

#ssh服务配置优化
info_echo"backupsshdconfig..."
cp-f/etc/ssh/sshd_config/etc/ssh/sshd_config.back
info_echo"denyrootlogin..."
sed-i'/#PermitRootLogin/a\PermitRootLoginno'/etc/ssh/sshd_config
info_echo"setsshport$SSH_PORT"
sed-i"/#Port22/a\Port$SSH_PORT"/etc/ssh/sshd_config
info_echo"enableport$SSH_PORT"
iptables-IINPUT-ptcp-mstate--stateNEW--dport$SSH_PORT-jACCEPT
sed-i's@#UseDNSyes@UseDNSno@'/etc/ssh/sshd_config
servicesshdrestart

#增加登录用户
info_echo"addloginuser..."
useradd$LOGIN_USER
echo$LOGIN_USER|passwd--stdin$LOGIN_USER

#禁用ipv6地址
info_echo"disabledipv6..."
echo"aliasnet-pf-10off">>/etc/modprobe.conf
echo"aliasipv6off">>/etc/modprobe.conf
echo"installipv6/bin/true">>/etc/modprobe.conf
echo"IPV6INIT=no">>/etc/sysconfig/network
sed-i's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@'/etc/sysconfig/network
chkconfigip6tablesoff

#vim基础语法优化
info_echo"vimoptimized..."
echo"syntaxon">>/root/.vimrc
echo"setnohlsearch">>/root/.vimrc

#停用系统中不必要的服务
info_echo"optimizedautostartservcie..."
chkconfigauditdoff
chkconfigpostfixoff
chkconfigip6tablesoff
chkconfigmdmonitoroff

#设置用户登录失败锁定阀值，锁定时间
info_echo"setloginfaildlocktime..."
cp-p/etc/pam.d/sshd/etc/pam.d/sshd.back
sed-i"/#%PAM-1.0/a\authrequiredpam_tally2.sodeny=$LOGIN_FAILDunlock_time=$LOCK_TIMEeven_deny_rootroot_unlock_time=$LOCK_TIME"/etc/pam.d/sshd
#查看错误登录次数
#pam_tally2uUSER
#解锁命令
#pam_tally2-uUSER--reset

#设置bash保留的历史命令数目
info_echo"setbashhistorycommandamount..."
cp-p/etc/profile/etc/profile.back
sed-i"s/HISTSIZE=1000/HISTSIZE=5/"/etc/profile

info_echo"initOK@@!!"

#重启服务器
#reboot