版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/s295580857/article/details/73295252
#!/bin/bash
#安装系统防火墙firewalld或者升级
yum install -y firewalld
systemctl start firewalld
systemctl enable firewalld
defaultfirewall=`firewall-cmd --list-all | sed -n "1p"`
echo "系统默认防火墙ZONE是:$defaultfirewall"
sleep 2
firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent
firewall-cmd --reload
echo "启动防火墙并删除防火墙自带的dhcpv6-client服务"
sleep 2
#关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
echo "已关闭selinux"
#将vi软链到vim,默认用vim编辑
echo 'alias vi=vim' >> /etc/profile
source /etc/profile
#优化网络安全
echo "进行网络安全部分优化......"
sleep 2
sysctl -w net.ipv4.conf.all.send_redirects=0
echo "net.ipv4.conf.all.send_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv4.conf.default.send_redirects=0
echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv4.conf.all.accept_redirects=0
echo "net.ipv4.conf.all.accept_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv4.conf.default.accept_redirects=0
echo "net.ipv4.conf.default.accept_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv4.conf.all.secure_redirects=0
echo "net.ipv4.conf.all.secure_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv4.conf.default.secure_redirects=0
echo "net.ipv4.conf.default.secure_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv6.conf.all.accept_ra=0
echo "net.ipv6.conf.all.accept_ra=0" >> /etc/sysctl.conf
sysctl -w net.ipv6.conf.default.accept_ra=0
echo "net.ipv6.conf.default.accept_ra=0" >> /etc/sysctl.conf
sysctl -w net.ipv6.conf.all.accept_redirects=0
echo "net.ipv6.conf.all.accept_redirects=0" >> /etc/sysctl.conf
sysctl -w net.ipv6.conf.default.accept_redirects=0
echo "net.ipv6.conf.default.accept_redirects=0" >> /etc/sysctl.conf
#优化vim配置
echo "开始优化vim编辑器配置......"
sleep 2
cp -a /etc/vimrc /etc/vimrc_bak
cat /dev/null>/etc/vimrc #清空vimrc配置文件
echo """
set nocompatible
set history=100
filetype on
filetype plugin on
filetype indent on
set autoread
set mouse=
syntax enable
set cursorline
hi cursorline guibg=#00ff00
hi CursorColumu guibg=#00ff00
set nofen
set fdl=0
set expandtab
set tabstop=4
set shiftwidth=4
set softtabstop=4
set smarttab
set ai
set si
set wrap
set sw=4
set wildmenu
set ruler
set cmdheight=1
set lz
set backspace=eol,start,indent
set whichwrap+=<,>,h,l
set magic
set noerrorbells
set novisualbell
set showmatch
set mat=2
set hlsearch
set ignorecase
set encoding=utf-8
set fileencodings=utf-8
set termencoding=utf-8
set smartindent
set cin
set showmatch
set guioptions-=T
set guioptions-=m
set vb t_vb=
set laststatus=2
set pastetoggle=<F9>
set background=dark
highlight Search ctermbg=black ctermfg=white guifg=white guibg=black
autocmd BufNewFile *.py,*.cc,*.sh,*.java exec \":call SetTitle()\"
func SetTitle()
if expand(\"%:e\") == 'sh'
call setline(1, \"#!/bin/bash\")
call setline(2, \"#Author:Benson\")
call setline(3, \"#Blog:http://www.itzui.top\")
call setline(4, \"#Time:\".strftime(\"%F %T\"))
call setline(5, \"#Name:\".expand(\"%\"))
call setline(6, \"#Version:V1.0\")
call setline(7, \"#Description:\")
endif
endfunc
""" > /etc/vimrc
#优化部分系统文件权限,加强安全性
echo """
开始优化部分文件权限,优化列表如下:
/etc/services 0600
/etc/security/sepermit.conf 0600
/etc/security/console.handlers 0600
/etc/security/namespace.conf 0600
/etc/security/chroot.conf 0600
/etc/security/group.conf 0600
/etc/security/console.perms 0600
/etc/security/pam_env.conf 0600
/etc/security/access.conf 0600
/etc/security/pwquality.conf 0600
/etc/security/namespace.init 0600
/etc/security/time.conf 0600
/etc/security/limits.conf 0600
/etc/rc.d/init.d/cloudmonitor 0755
"""
sleep 10
for i in /etc/services /etc/security/sepermit.conf /etc/security/console.handlers /etc/security/namespace.conf /etc/security/chroot.conf /etc/security/group.conf /etc/security/console.perms /etc/security/pam_env.conf /etc/security/access.conf /etc/security/pwquality.conf /etc/security/namespace.init /etc/security/time.conf /etc/security/limits.conf;
do
chmod 600 $i
done
echo "列表中文件权限已优化!"
sleep 2
chmod +x /etc/rc.d/rc.local
#定义函数soft功能为循环安装部分工具及软件,方便下面的询问条件调用
function soft()
{
for i in gcc gcc-c++ epel-release wget unzip screen telnet psmisc vim net-tools ntpdate htop iptables-services iftop git;
do
yum install -y $i
done
}
echo "是否开始安装常用到的软件包括:gcc gcc-c++ epel-release wget unzip screen telnet psmisc vim net-tools ntpdate htop iptables-services iftop git?"
select goon in 是 否
do
case $goon in
是) soft && break;;
否) break;;
esac
done
#同步更新系统时间
echo "开始同步时间"
ntpdate time.windows.com
#设定服务器主机名
sleep 2
echo "开始设定主机名"
read -p "请输入要修改的主机名:" hname
hostnamectl set-hostname "$hname"
echo "以下是你设定的主机名内容:"
hostnamectl status | grep "hostname"
#定义了一个系统命令cxdx可直接查询当前目录下的文件夹大小排行前十并显示
echo "cxdx ()
{
du -cksm * | sort -rn | head -n 10
}" >> /etc/profile
#优化系统文件打开数
echo "* soft nofile 65535
* hard nofile 65535" >> /etc/security/limits.conf
echo "调整系统最大文件打开数为65535,需重启系统后运行ulimit -a命令查看"
source /etc/profile
echo "接下来进行系统更新操作。"
sleep 5
yum update -y
echo "进行升级系统内核操作。"
sleep 3
yum update kernel -y