###openiptablesservice,allowthisportsaccess80,3307,21####functionfirewall(){serviceiptablesstartforPortin21803307doiptables-IINPUT5-mstate–stateNEW-mtcp-ptcp–dport$Port-jACCEPTdone/etc/init.d/iptablessave###disableselinuxservice###functionsafety(){/usr/sbin/setenforce0sed-i’s/^SELINUX=enforcing/SELINUX=disabled/’/etc/sysconfig/selinuxfunctionrunlevel(){sed-i’s/^id:[0-9]:initdefault:/id:3:initdefault:/’/etc/inittab###thinsystrv,initationsystemopenthisservice:crond,iptables,network,sshd,rsyslog####functionsystrv(){Srv_List=`chkconfig–list|grep3:on|awk'{print$1}’`foriin$Srv_Listdochkconfig–level3$ioffdoneforjincrondiptablesnetworksshdrsyslogdochkconfig–level3$jondone###addcommonuserzkywasoperationaccount###functionadduser(){/usr/sbin/useraddzkywecho”zkyw@123″|passwdzkyw–stdin###Optimizationsshservice,alterdefaultport22,disablerootlogin######functionmyssh(){sed-i’s/^#Port22/Port16182/’/etc/ssh/sshd_config#altersshdefaultport16182sed-i’s/^PermitRootLoginyes/PermitRootLoginno/’/etc/ssh/sshd_configsed-i’s/^#PermitEmptyPasswordsno/PermitEmptyPasswordsno/’/etc/ssh/sshd_configsed-i’s/^#MaxAuthTries6/MaxAuthTries3/’/etc/ssh/sshd_configsed-i’$aAllowUserszkyw’/etc/ssh/sshd_config#allowcommonuserzkywsshlogin/etc/init.d/sshdreload/usr/sbin/ntpdate202.120.2.101echo”3022***/usr/sbin/ntpdate202.120.2.101″ /var/spool/cron/root/etc/init.d/crondreload###lockthekeyfilesincluding:passwd、group、shadow、gshadow、inittab#####functionlockfile(){forfileinpasswdgroupshadowgshadowinittabdochattr+i/etc/$filedone###altermaxnofileandmaxuserprocesses####functionuserlimit(){sed-i’$a*softnofile65536\n*hardnofile65536’/etc/security/limits.confsed-i’s/^/#/’/etc/security/limits.d/90-nproc.confsed-i’$a*softnproc51200\nrootsoftnprocunlimited’/etc/security/limits.d/90-nproc.conf###optimizationsystemkernelparameters,includingtcp/ipprotocal,iptablesandsoon####functionsyskernel(){cp/etc/sysctl.conf/etc/sysctl.conf.erimodprobebridge(cat EOFnet.ipv4.tcp_fin_timeout=2net.ipv4.tcp_tw_reuse=1net.ipv4.tcp_tw_recycle=1net.ipv4.tcp_syncookies=1net.ipv4.tcp_keepalive_time=600net.ipv4.ip_local_port_range=400065000net.ipv4.tcp_max_syn_backlog=16384net.ipv4.tcp_max_tw_buckets=36000net.ipv4.route.gc_timeout=100net.ipv4.tcp_syn_retries=1net.ipv4.tcp_synack_retries=1net.core.somaxconn=16384net.core.netdev_max_backlog=16384net.ipv4.tcp_max_orphans=16384net.nf_conntrack_max=25000000net.netfilter.nf_conntrack_max=25000000net.netfilter.nf_conntrack_tcp_timeout_established=180net.netfilter.nf_conntrack_tcp_timeout_time_wait=120net.netfilter.nf_conntrack_tcp_timeout_close_wait=60net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120) /etc/sysctl.conf/sbin/sysctl-p /dev/null2 1###deletesomeofnogreatimportanceusersandgroups####functioncleanusers(){foruserinadmlpsyncshutdownhaltuucpoperatorgamesgopherftpdo/usr/sbin/userdel$userdoneforgpinadmlpdipdo/usr/sbin/groupdel$gpdoneecho”IptablesOptimizationStarting…”firewallecho”SelinuxDisabledStarting…”safetyecho”RunlevelOptimizationStarting…”runlevelecho”SystemInitServiceOptimizationStarting…”systrvecho”AddzkywCommonAccountStarting…”adduserecho”SSHServiceOptimizationStarting…”mysshecho”ClockSynchronousOptimizationStarting…”ntpclockecho”MaxnofileanduserprocessesOptimizationStarting…”userlimitecho”SystemKernelParametersOptimizationStarting…”syskernel
诚实是人生绝妙的法宝。虽然对人诚实,
