- #!/bin/sh
- . /etc/rc.d/init.d/functions
- export LANG=zh_CN.UTF-8
- # 一级菜单
- menu1()
- {
- clear
- cat <<EOF
- ----------------------------------------
|**** 欢迎使用 cetnos6.5 优化脚本 ****|
----------------------------------------
1. 一键优化
2. 自定义优化
3. 退出
- EOF
- read -p "please enter your choice[1-3]:" num1
- }
- # 二级菜单
- menu2()
- {
- clear
- cat <<EOF
- ----------------------------------------
- |****Please Enter Your Choice:[0-13]****|
- ----------------------------------------
1. 修改字符集
2. 关闭 selinux
3. 关闭 firewalld
4. 精简开机启动
5. 修改文件描述符
6. 安装常用工具及修改 yum 源
7. 优化系统内核
8. 加快 SSH 登录速度
9. 禁用 ctrl+alt+del 重启
10. 设置时间同步
11.history 优化
12. 返回上级菜单
13. 退出
- EOF
- read -p "please enter your choice[1-13]:" num2
- }
- #1. 修改字符集
- i18nset()
- {
- echo "======================== 修改字符集 ========================="
- cat> /etc/sysconfig/I18N <<EOF
- LANG="zh_CN.UTF-8"
- #LANG="en_US.UTF-8"
- SYSFONT="latarcyrheb-sun16"
- EOF
- source /etc/sysconfig/I18N
- echo "#cat /etc/sysconfig/i18n"
- cat /etc/sysconfig/I18N
- action "完成修改字符集" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #2. 关闭 selinux
- selinuxset()
- {
- selinux_status=`grep "SELINUX=disabled" /etc/sysconfig/selinux | wc -l`
- echo "======================== 禁用 SELINUX========================"
- if [ $selinux_status -eq 0 ];then
- sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/sysconfig/selinux
- setenforce 0
- echo '#grep SELINUX=disabled /etc/sysconfig/selinux'
- grep SELINUX=disabled /etc/sysconfig/selinux
- echo '#getenforce'
- getenforce
- else
- echo 'SELINUX 已处于关闭状态'
- echo '#grep SELINUX=disabled /etc/sysconfig/selinux'
- grep SELINUX=disabled /etc/sysconfig/selinux
- echo '#getenforce'
- getenforce
- fi
- action "完成禁用 SELINUX" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #3. 关闭 iptables
- iptablesset()
- {
- echo "======================= 禁用 IPTABLES========================"
- /etc/init.d/iptables stop &> /dev/null
- echo '#/etc/init.d/iptables status'
- /etc/init.d/iptables status
- chkconfig iptables off
- echo '#chkconfig --list | grep iptables | awk'{print $1,$5}'' chkconfig --list | grep iptables | awk'{print $1,$5}' action" 完成禁用 IPTABLES" /bin/true
- echo "==========================================================="
- sleep 5
- }
- #4. 精简开机启动
- chkset()
- {
- echo "======================= 精简开机启动 ========================"
- chk_list=(`/sbin/chkconfig --list | grep 3: 启用 | grep -Ev "crond|sshd|network|rsyslog" |awk '{print $1}'`)
- for A in ${chk_list[*]};do
- /sbin/chkconfig $A off
- done
- echo '#chkconfig --list | grep 3: 启用'
/sbin/chkconfig --list | grep 3: 启用
- action "完成精简开机启动" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #5. 修改文件描述符
- limitset()
- {
- echo "====================== 修改文件描述符 ======================="
- echo '* - nofile 65535'>/etc/security/limits.conf
- ulimit -SHn 65535
- echo "#cat /etc/security/limits.conf"
- cat /etc/security/limits.conf
- echo "#ulimit -Sn ; ulimit -Hn"
- ulimit -Sn ; ulimit -Hn
- action "完成修改文件描述符" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #6. 安装常用工具及修改 yum 源
- yumset()
- {
- echo "================= 安装常用工具及修改 yum 源 ==================="
- yum install wget -y &> /dev/null
- if [ $? -eq 0 ];then
- cd /etc/yum.repos.d/
- \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
- ping -c 1 mirrors.aliyun.com &> /dev/null
- if [ $? -eq 0 ];then
- wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo &> /dev/null
- yum clean all &> /dev/null
- yum makecache &> /dev/null
- else
- echo "无法连接网络"
- exit $?
- fi
- else
- echo "wget 安装失败"
- exit $?
- fi
- yum -y install lsof lrzsz VIM lrzsz tree nmap nc sysstat &> /dev/null
- action "完成安装常用工具及修改 yum 源" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #7. 优化系统内核
- kernelset()
- {
- echo "====================== 优化系统内核 ========================="
- chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l`
- if [ $chk_nf -eq 0 ];then
- cat>>/etc/sysctl.conf<<EOF
- net.ipv4.tcp_fin_timeout = 2
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 1
- net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_keepalive_time = 600
- net.ipv4.ip_local_port_range = 4000 65000
- net.ipv4.tcp_max_syn_backlog = 16384
- net.ipv4.tcp_max_tw_buckets = 36000
- net.ipv4.route.gc_timeout = 100
- net.ipv4.tcp_syn_retries = 1
- net.ipv4.tcp_synack_retries = 0
- net.core.somaxconn = 16384
- net.core.netdev_max_backlog = 16384
- net.ipv4.tcp_max_orphans = 16384
- net.netfilter.nf_conntrack_max = 25000000
- net.netfilter.nf_conntrack_tcp_timeout_established = 180
- net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
- net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
- EOF
- sysctl -p
- else
- echo "优化项已存在."
- fi
- action "内核调优完成" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #8. 加快 SSH 登录速度
- sshset()
- {
- echo "====================== 加快 ssh 登录速度 ======================"
- sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/SSH/sshd_config
- sed -i 's/#UseDNS yes/UseDNS no/g' /etc/SSH/sshd_config
- /etc/init.d/sshd restart
- echo "#grep GSSAPIAuthentication /etc/ssh/sshd_config"
- grep GSSAPIAuthentication /etc/SSH/sshd_config
- echo "#grep UseDNS /etc/ssh/sshd_config"
- grep UseDNS /etc/SSH/sshd_config
- action "完成加快 ssh 登录速度" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #9. 禁用 ctrl+alt+del 重启
- restartset()
- {
- echo "=================== 禁用 ctrl+alt+del 重启 ===================="
- sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
- action "完成禁用 ctrl+alt+del 重启" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #10. 设置时间同步
- ntpdateset()
- {
- echo "======================= 设置时间同步 ========================"
- yum -y install ntpdate &> /dev/null
- if [ $? -eq 0 ];then
- /usr/sbin/ntpdate time.Windows.com
- echo "*/5 * * * */usr/sbin/ntpdate time.windows.com &>/dev/null">> /var/spool/cron/root
- else
- echo "ntpdate 安装失败"
- exit $?
- fi
- action "完成设置时间同步" /bin/true
- echo "==========================================================="
- sleep 2
- }
- #11. history 优化
- historyset()
- {
- echo "========================history 优化 ========================"
- chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l`
- if [ $chk_his -eq 0 ];then
- cat>> /etc/profile <<'EOF'
- # 设置 history 格式
- export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk'{print $NF}'|sed -r's#[()]##g'`]:"
- # 记录 shell 执行的每一条命令
- export PROMPT_COMMAND='if [ -z"$OLD_PWD" ];then
- export OLD_PWD=$PWD;
- fi;
- if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
- logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
- fi;
- export LAST_CMD="$(history 1)";
- export OLD_PWD=$PWD;'
- EOF
- source /etc/profile
- else
- echo "优化项已存在."
- fi
- action "完成 history 优化" /bin/true
- echo "==========================================================="
- sleep 2
- }
- # 控制函数
- main()
- {
- menu1
- case $num1 in
- 1)
- i18nset
- selinuxset
- iptablesset
- chkset
- limitset
- yumset
- kernelset
- sshset
- restartset
- ntpdateset
- historyset
- ;;
- 2)
- menu2
- case $num2 in
- 1)
- i18nset
- ;;
- 2)
- selinuxset
- ;;
- 3)
- iptablesset
- ;;
- 4)
- chkset
- ;;
- 5)
- limitset
- ;;
- 6)
- yumset
- ;;
- 7)
- kernelset
- ;;
- 8)
- sshset
- ;;
- 9)
- restartset
- ;;
- 10)
- ntpdateset
- ;;
- 11)
- historyset
- ;;
- 12)
- main
- ;;
- 13)
- exit
- ;;
- *)
- echo 'Please select a number from [1-12].'
- ;;
- esac
- ;;
- 3)
- exit
- ;;
- *)
- echo 'Err:Please select a number from [1-3].'
- sleep 3
- main
- ;;
- esac
- }
- main $*
来源: http://www.bubuko.com/infodetail-3505087.html