以下脚本用于linux系统的初始化脚本,可以在服务器系统安装完毕之后立即执行。脚本结合各位大牛一些参数,已经在CentOS 5下通过。 使用方法:将其复制,保存为一个shell文件,比如init.sh。将其上传到linux服务器上,执行sh init.sh。建议大家在系统安装后立即执行。脚本内容:
#!/bin/bash#byLinuxEye#BLOG:http://blog.linuxeye.com#系统瘦身yum-ygroupremove FTPServer Text-basedInternet WindowsFileServer PostgreSQLDatabase NewsServer DNSNameServer WebServer DialupNetworkingSupport MailServer Office/Productivity Ruby Office/Productivity SoundandVideo XWindowSystem XSoftwareDevelopment PrintingSupport OpenFabricsEnterpriseDistribution #安装依赖包yum-yinstallgccgcc-c++autoconflibjpeglibjpeg-devellibpnglibpng-develfreetypefreetype-devellibxml2libxml2-develzlibzlib-develglibcglibc-develglib2glib2-develbzip2bzip2-develncursesncurses-develcurlcurl-devele2fsprogse2fsprogs-develkrb5-devellibidnlibidn-developensslopenssl-develnss_ldapopenldapopenldap-developenldap-clientsopenldap-serverslibxslt-devellibevent-develntplibtool-ltdlbisonlibtoolvim-enhanced#关闭不必要的服务chkconfig--list|awk'{print chkconfig $1 off }' /tmp/chkconfiglist.sh;/bin/sh/tmp/chkconfiglist.sh;rm-rf/tmp/chkconfiglist.shchkconfigcrondonchkconfigirqbalanceonchkconfignetworkonchkconfigsshdonchkconfigsyslogonchkconfigiptablesonsetenforce0sed-i's/^SELINUX=.*$/SELINUX=disabled/g'/etc/sysconfig/selinux#i18nsed -i 's@LANG=.*$@LANG= en_US.UTF-8 @g' /etc/sysconfig/i18n #修改启动模式sed-i's/id:.*$/id:3:initdefault:/g'/etc/inittab#关闭不需要的ttysed-i's/3:2345:respawn/#3:2345:respawn/g'/etc/inittabsed-i's/4:2345:respawn/#4:2345:respawn/g'/etc/inittabsed-i's/5:2345:respawn/#5:2345:respawn/g'/etc/inittabsed-i's/6:2345:respawn/#6:2345:respawn/g'/etc/inittabsed-i's/ca::ctrlaltdel/#ca::ctrlaltdel/g'/etc/inittab/sbin/initq#修改PS1echo'PS1= \[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h\[\e[35;40m\]\W\[\e[0m\]]\\$\[\e[33;40m\] ' /etc/profile#修改shell命令的history记录个数sed-i's/HISTSIZE=.*$/HISTSIZE=100/g'/etc/profilesource/etc/profile#记录每个命令mkdir/root/logsecho exportPROMPT_COMMAND='{msg=\$(history1|{readxy;echo\$y;});user=\$(whoami);echo\$(date\ +%Y-%m-%d%H:%M:%S\ ):\$user:\`pwd\`/:\$msg----\$(whoami);} \$HOME/logs/\`hostname\`.\`whoami\`.history-timestamp' /root/.bash_profile#密码输错5次锁定180ssed-i'4aauthrequiredpam_tally2.sodeny=5unlock_time=180'/etc/pam.d/system-auth#alias设置sed-i'7aaliasvi=vim'/root/.bashrc#调整Linux的最大文件打开数echo *softnofile60000 /etc/security/limits.confecho *hardnofile65535 /etc/security/limits.confecho ulimit-SH65535 /etc/rc.local#关闭ipv6sed-i's/NETWORKING_IPV6=.*$/NETWORKING_IPV6=no/g'/etc/sysconfig/network#网络参数调整sed-i's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies=1/g'/etc/sysctl.confecho'net.ipv4.tcp_tw_reuse=1' /etc/sysctl.confecho'net.ipv4.tcp_tw_recycle=1' /etc/sysctl.confecho'net.ipv4.ip_local_port_range=102465000' /etc/sysctl.confsysctl-p#校正时间/usr/sbin/ntpdatentp.api.bzecho'/usr/sbin/ntpdate ntp.api.bz /dev/null 2 1' /var/spool/cron/root;chmod600/var/spool/cron/root/sbin/servicecrondrestart#iptables配置sed-i's/IPTABLES_MODULES= ip_conntrack_netbios_ns /#IPTABLES_MODULES= ip_conntrack_netbios_ns /g'/etc/sysconfig/iptables-configcat /etc/sysconfig/iptables EOF#Firewallconfigurationwrittenbysystem-config-securitylevel#Manualcustomizationofthisfileisnotrecommended.*filter:INPUTDROP[0:0]:FORWARDACCEPT[0:0]:OUTPUTACCEPT[0:0]-AINPUT-ilo-jACCEPT-AINPUT-mstate--stateRELATED,ESTABLISHED-jACCEPT-AINPUT-ptcp-mstate--stateNEW-mtcp--dport22-jACCEPT-AINPUT-ptcp-mstate--stateNEW-mtcp--dport80-jACCEPT-AINPUT-picmp-mlimit--limit100/sec--limit-burst100-jACCEPT-AINPUT-picmp-mlimit--limit1/s--limit-burst10-jACCEPT#-AINPUT-pudp-mudp--dport20-jACCEPTCOMMITEOF/sbin/serviceatdstartecho /sbin/serviceiptablesstop |atnow+3minutes/sbin/serviceiptablesrestart
但没有一个创造奇迹的人是依靠瞬间的。
