全局初始化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
#!/bin/bash
#
#********************************************************************
#encoding -*-utf8-*-
#Author:
#Date: 2017-12-19
#URL:
#Description: The test script
#Copyright (C): 2017 All rights reserved
#QQ Numbers:
#********************************************************************

#查看系统版本
Get_host_version=`cat /etc/centos-release | grep -i centos | grep -o "\<[[:digit:]]\+" |head -1`

#查看内核版本
kernel_version=`uname -r`

#设置开机启动文件的权限,设置开机脚本
chmod +x /etc/rc.d/rc.local

#安装wget必备工具($?上一个执行结果,$$当前进程ID)
function Install_wget(){
mount /dev/sr0 /mnt
[ $? -ne 0 ] && { echo "未添加光盘源!退出脚本"kill -9 $$ ; }
rpm -ivh /mnt/Packages/wget*
cd /
umount /mnt
}

#修改字符集位zh_CN.UTF-8
function Modify_charaset(){
echo 'export LANG=zh_CN.UTF-8' >>/etc/profile
export LANG=zh_CN.UTF-8
}

#输出错误的系统版本
function Error_system_version(){
echo "未知的系统版本 $Get_host_version"
}

#备份操作的相关目录
function Bakup_etc(){
Now_of_time=`date +'%F_%H.%M'`
back_path=/bak/initsys/
mkdir -p $back_path
tar -czf $back_path/etc.${Now_of_time}.tar.gz /etc
}

#关闭防火墙和selinux(getenforce 获取)
function Off_firewall_and_selinux(){
#off firewall
if [ "$Get_host_version" == 7 ]
then
systemctl stop firewalld &>/dev/null
systemctl disable firewalld &>/dev/null
elif [ "$Get_host_version" == 6 ]
then
service iptables stop &>/dev/null
chkconfig iptables off &>/dev/null
else
Error_system_version
return 1
fi
#off selinux
sed -ri 's/^(SELINUX=).*$/\1disabled/g' /etc/selinux/config
setenforce 0
}

#配置时区和时间
function Set_timezone_and_time(){
/usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
/usr/sbin/ntpdate 10.180.4.204 #设置ntp服务器同步,如果需要取消注释
hwclock -w #同步系统时间到硬件时间
if [ "$Get_host_version" == '6' ]
then
cat > /etc/sysconfig/clock << EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
elif [ "$Get_host_version" == '7' ]
then
timedatectl set-local-rtc yes
else
Error_system_version
fi
}

#隐藏系统版本
function Shadow_system_version(){
echo '' > /etc/issue
echo '' > /etc/motd
echo '' > /etc/redhat-release
echo '' > /etc/centos-release
}

#测试外网是否连通
function Test_network(){
ping -c1 www.baidu.com &>/dev/null
if [ $? -eq 0 ]
then
return 0
else
return 1
fi
}

#设置系统最大句柄数
function Set_handler_Num(){
limit_count=`cat /etc/security/limits.conf | grep "^\*[[:blank:]]\+\(soft\|hard\)[[:blank:]]\+\(nofile\|nproc\)[[:blank:]]\+" | wc -l`
if [ "$limit_count" -eq 0 ]
then
cat >> /etc/security/limits.conf << EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 40960
* hard nproc 40960
EOF
ulimit -n 102400 #设置文件打开数,并马上生效,
else
echo "已经添加过limit限制!"
fi

}

#优化tcp连接
function Set_tcp_kernel_arguments(){
kernel_args=/etc/sysctl.d/tcp_optimization.conf
flag_1=`cat $kernel_args 2>/dev/null | grep tcp_flag | awk '{print $2}'`
flag_2=`cat $kernel_args 2>/dev/null | grep tcp_flag | wc -l`
if [ "$flag_2" -gt 1 ]
then
echo "系统错误,TCP重复的优化参数,请查看 $kernel_args 是否正确!"
return 1
fi
if [ "$flag_1" == 1 ]
then
echo "TCP内核参数已经优化过了。"
return 1
fi
echo "#tcp_flag 1" >>$kernel_args
touch $kernel_args
echo "net.ipv4.tcp_syncookies = 1" >> $kernel_args #开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击
echo "net.ipv4.tcp_tw_recycle = 1" >> $kernel_args #表示开启TCP连接中TIME-WAIT sockets的快速回收
echo "net.ipv4.tcp_tw_reuse = 1" >> $kernel_args #表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接
echo "net.ipv4.tcp_fin_timeout = 5" >> $kernel_args ##指定孤儿连接在内核中生存的时间为5秒
echo "net.ipv4.tcp_keepalive_time = 1200" >> $kernel_args #表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省>是2小时,改为20分钟
echo "net.ipv4.ip_local_port_range = 10000 65000" >> $kernel_args #表示用于向外连接的端口范围
echo "net.ipv4.tcp_max_syn_backlog = 8192" >> $kernel_args #表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数
echo "net.ipv4.tcp_max_tw_buckets = 5000" >> $kernel_args #表示系统同时保持TIME_WAIT的最大数量,如果超过这个数字,TIME_WAIT将立刻被清除并打印警告信息。
sysctl -p $kernel_args &>/dev/null
if [ $? != 0 ]
then
echo '读取Tcp内核参数错误!'
fi
}

#禁用ssh的DNS功能
#在操作中,我们都会用SSH协议来远程控制虚拟机,但是在输入用户名时候,会有一段时间的卡顿,此时正在进行SSH协议的DNS解析,我们为了快速的连接到虚拟机上,就要关闭这个解析过程
function Disabled_sshd_dns(){
[ `grep "^#UseDNS \(no\|yes\)" /etc/ssh/sshd_config | wc -l` -eq 0 ] && { echo '已禁用该配置,Do nothing!' ; return 1; }
sed -ri 's@#UseDNS (no|yes)@UseDNS no@g' /etc/ssh/sshd_config
if [ "$Get_host_version" == '6' ]
then
service sshd restart
elif [ "$Get_host_version" == '7' ]
then
systemctl restart sshd
else
Error_system_version
fi
}

#配置网卡名称为eth*
function Modify_network_card_name(){
if [ "$Get_host_version" == '6' ] #修改Centos6 的网卡
then
Count_cart=`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' | wc -l`
[ "$Count_cart" -eq 0 ] && { echo "没有网卡信息,请检查网卡驱动!" ; return 1; }
count=1
All_mac=`cat 70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add"' |grep -o "\([0-9a-fA-F]\{2\}:\)\{5\}[0-9a-fA-F]\{2\}"`
for i in `$ALL_mac`
do
sed -ri 's@('$i'.*NAME=").*[[:digit:]]+"$@\1eth'$count'$"@' /etc/udev/rules.d/70-persistent-net.rules
let count+=1
done
echo '修改网卡名成功,请查看配置!'
echo "`cat /etc/udev/rules.d/70-persistent-net.rules | grep 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="'`"
elif [ "$Get_host_version" == '7' ] #修改Centos7 的网卡
then
boot_grub=/boot/grub2/grub.cfg
grub_default_cfg=/etc/default/grub
Name_count=`cat $boot_grub 2>/dev/null | grep "quiet[[:blank:]]\+net.ifnames" | wc -l`
cp $grub_default_cfg ${grub_default_cfg}.`date +'%F_%H.%M'`
[ $? -ne 0 ] && { echo "没有 $grub_default_cfg 这个文件" ; return 1; }
if [ "$Name_count" -eq 0 ]
then
sed -ri 's/(GRUB_CMDLINE_LINUX=.*quiet)/\1 net.ifnames=0/g' $grub_default_cfg
grub2-mkconfig -o $boot_grub
if [ $? -eq 0 ]
then
echo '生成新的配置文件,生效需重启!'
else
echo "grub文件生成错误! $boot_grub 可能会产生错误!请检查"
fi
else
echo '已经修改过grub参数,无需再次修改!Do nothing!'
fi
else
Error_system_version
fi
}

#配置yum仓库为aliyun
function Modify_yumrepo(){
repo_path=/etc/yum.repos.d/
base_repo_count=`ls $repo_path | grep Alibase.repo | wc -l`
epel_repo_count=`ls $repo_path | grep epel.repo | wc -l`
mkdir -p ${repo_path}bak 2>/dev/null
cd $repo_path
Test_network
[ $? -ne 0 ] && { echo '网络不通,退出函数!' ; return 1; }
mv CentOS-* bak 2>/dev/null
#根据系统版本添加源
if [ "$Get_host_version" -eq 6 ]
then
if [ "$base_repo_count" -eq 0 ];then
wget https://mirrors.aliyun.com/repo/Centos-6.repo -O ${repo_path}Alibase.repo
else
echo "已经添加过阿里源!"
fi
sleep 1
if [ "$epel_repo_count" -ne 0 ];then
wget https://mirrors.aliyun.com/repo/epel-6.repo -O ${repo_path}epel.repo
else
echo "已经添加过epel源!"
fi
yum clean all
elif [ "$Get_host_version" -eq 7 ]
then
if [ "$base_repo_count" -eq 0 ];then
wget https://mirrors.aliyun.com/repo/Centos-7.repo -O ${repo_path}Alibase.repo
else
echo "已经添加过阿里源!"
fi
sleep 1
if [ "$epel_repo_count" -ne 0 ];then
wget https://mirrors.aliyun.com/repo/epel-7.repo -O ${repo_path}epel.repo
else
echo "已经添加过epel源!"
fi
yum clean all
else
Error_system_version
fi
}

#安装一些软件包
function Install_some_packege(){
packges="gcc glibc zlib openssl openssl-devel lrzsz lftp ftp telnet nmap-ncat net-snmp net-snmp-devel vim sysstat bash-completion wget lsof psmisc ntp"
yum install -y $packges
}

#配置Bond
function Config_Bond(){
[ `ls /etc/sysconfig/network-scripts/ifcfg-Bond* 2>/dev/null | wc -l ` -ne 0 ] && { echo '已经配置了了Bond' ; return 1; }
Net_card_name=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}'`
Net_card_Num=`netstat -I | sed '1,2d' | sed '/lo/d' | awk '{print $1}' | wc -l`
Named_eth_count=`echo $Net_card_name | grep -io eth | wc -l`
[ "$Named_eth_count" -ne "$Net_card_Num" ] && { echo "网卡名并未变更为eth,或者已经添加过了聚合类型!配置失败!" ; return 1; }
net_path=/etc/sysconfig/network-scripts/
if [ "$Get_host_version" == '6' ]
then
service NetworkManager stop
chkconfig NetworkManager off
for i in $Net_card_name
do
cat >>${net_path}ifcfg-$i <<EOF
DEVICE=$i
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
EOF
done
cat >>${net_path}ifcfg-Bond0 <<EOF
DEVICE=bond0
BOOTPROTO=none
BONDING_OPTS= "miimon=100 mode=0"
DNS1=8.8.8.8
IPADDR=172.18.30.2
PREFIX=16
GATEWAY=172.18.0.1
ONBOOT=yes
EOF
service network restart
elif [ "$Get_host_version" == '7' ]
then
nmcli con add type bond con-name Bond0 ifname Bond0 mode 0 ipv4.method manual ipv4.addresses 172.18.30.1 ipv4.gateway 172.18.0.1 ipv4.dns 8.8.8.8 &>/dev/null
[ $? -eq 0 ] && nmcli con up Bond0
for i in $Net_card_name
do
nmcli con add type bond-slave con-name $i-bond ifname $i master Bond0
[ $? -eq 0 ] && nmcli con up $i-bond || echo "激活失败!"
done
else
Error_system_version
fi
}
#这里开始调用执行
Bakup_etc #备份etc
Off_firewall_and_selinux #关闭selinux
Install_wget #安装wget
#Modify_charaset #修改全局字符集
Set_timezone_and_time #设置时区和时间
Set_handler_Num # 设置打开文件数
Set_tcp_kernel_arguments #优化内核tcp连接
#Modify_yumrepo #修改yum仓库
#Install_some_packege #安装一些软件包
Disabled_sshd_dns #禁用ssh的dns功能
#Shadow_system_version #隐藏系统版本
Modify_network_card_name #统一网卡名称为eth
#Config_Bond #配置Bond,默认ip为172.18.30.1,需要手动配置