初始化系统脚本
适用 centos6 和 centos7
- #
- PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
- export PATH
- cur_dir=$(pwd)
- gcc_version=
- rpm -qa gcc | awk -F '[-]' '{print $2}'
- VERSION=
- cat /etc/issue | grep '6.'
- if [ "$VERSION" == "" ];then
- VERSION='centos7'
- else
- VERSION='centos6'
- fi
- # 更改为 163 的源
- yum install wget -y
- mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
- if [ $VERSION == 'centos7' ];then
- wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
- mv CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
- else
- wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
- mv CentOS6-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
- fi
- yum clean all
- yum makecache
- # 更改 ulimit 参数
- if [ "cat /etc/security/limits.conf | grep'soft nproc 65535'" ="" ]; then
- cat>> /etc/security/limits.conf <<EOF
- soft nproc 65535
- hard nproc 65535
- soft nofile 65535
- hard nofile 65535
- EOF
- echo "ulimit -SHn 65535">> /etc/profile
- echo "ulimit -SHn 65535">> /etc/rc.local
- fi
- # 安装必要工具
- yum update -y
- yum install -y vim wget ntpdate sysstat wget man mtr lsof iotop net-tools openssl-devel openssl-perl iostat subversion nscd
- # 关闭 selinux
- sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
- setenforce 0
- # 设置 ssh
- sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
- sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
- # 设置时区
- if [ "cat /etc/crontab | grep ntpdate" = "" ]; then
- echo "0 23 * root /usr/sbin/ntpdate cn.pool.ntp.org>> /var/log/ntpdate.log">> /etc/crontab
- fi
- rm -f /etc/localtime
- ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
- ntpdate cn.pool.ntp.org;hwclock -w
- # 设置 sysctl
- SYSCONF="
- #Add
- net.ipv4.tcp_max_syn_backlog = 65536
- net.core.netdev_max_backlog = 32768
- net.core.somaxconn = 32768
- net.core.wmem_default = 8388608
- net.core.rmem_default = 8388608
- net.core.rmem_max = 16777216
- net.core.wmem_max = 16777216
- net.ipv4.tcp_timestamps = 0
- net.ipv4.tcp_synack_retries = 2
- net.ipv4.tcp_syn_retries = 2
- net.ipv4.tcp_tw_recycle = 1
- #net.ipv4.tcp_tw_len = 1
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_mem = 94500000 915000000 927000000
- net.ipv4.tcp_max_orphans = 3276800
- net.ipv4.tcp_fin_timeout = 120
- net.ipv4.tcp_keepalive_time = 120
- net.ipv4.ip_local_port_range = 1024 65535
- net.nf_conntrack_max = 16404388
- net.netfilter.nf_conntrack_tcp_timeout_established = 10800
- #kernel: TCP: time wait bucket table overflow
- net.ipv4.tcp_max_tw_buckets = 30000
fs.file-max=655350"#" 安装系统工具 "
- yum install -y gcc gcc-c++ make cmake autoconf bzip2 bzip2-devel curl openssl openssl-devel rsync gd zip perl unzip
- # 重启服务
- #ssh
- if [ "$VERSION" == "centos6" ]; then
- service sshd restart
- service iptables stop
- chkconfig iptables off
- if [ "cat /etc/sysctl.conf | grep net.ipv4.tcp_max_tw_buckets" = "" ]; then
- echo "$SYSCONF">> /etc/sysctl.conf
- fi
- /sbin/sysctl -p
- else
- systemctl restart sshd
- systemclt disable postfix.service
- systemctl stop postfix.service
- systemctl stop firewalld
- systemctl mask firewalld
- yum install iptables-services -y
- if [ ! -f '/etc/sysctl.d/addsys.conf' ];then
- echo "$SYSCONF">> /etc/sysctl.d/addsys.conf
- fi
- /sbin/sysctl -p
- fi
来源: http://www.bubuko.com/infodetail-2622112.html