This script is based on centos7 and centos6 write:
For reference only, do not blindly copy execution
#!/bin/bash PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" export PATH Centos7=$(uname -a | grep "el7" | wc -l) Centos6=$(uname -a | grep "el6" | wc -l) if [ $Centos7 == 1 ]; then echo "System Centos 7 in reset kernel" /bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null if [ $? -eq 0 ];then echo -e "\033[31m Selinux\033[0m is already not running" else /bin/sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config setenforce 0 2>&1 >/dev/null echo -e "\033[31m Selinux \033[0m is already modify stop successful" be ################# <关闭多余用户> ########################## userdel -r lp 2>&1 >/dev/null userdel -r sync 2>&1 >/dev/null userdel -r shutdown 2>&1 >/dev/null userdel -r halt 2>&1 >/dev/null userdel -r operator 2>&1 >/dev/null userdel -r games 2>&1 >/dev/null userdel -r gopher 2>&1 >/dev/null chmod +s /bin/netstat chmod 400 /etc/shadow ################# <系统内核安全> ########################## ipv4=$(grep "net.ipv4" /etc/sysctl.conf | wc -l) if [ $ipv4 -lt 2 ]; then echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf echo "net.ipv4.tcp_mem = 131072 262144 524288" >> /etc/sysctl.conf echo "net.ipv4.tcp_rmem = 8760 256960 4088000" >> /etc/sysctl.conf echo "net.ipv4.tcp_wmem = 8760 256960 4088000" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf sysctl -p else echo "kernel already reset" fi hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow | wc -l) if [ $hosts -ne 1 ]; then echo "insert sshd allow" echo 'sshd:10.80.80.100:allow' >> /etc/hosts.allow else echo "sshd already reset" fi ################## 《更改时区》############################### TZ=`timedatectl |grep Time|awk {'print $3'}` SH="Adsia/Shanghai" if [ $TZ == $SH ];then echo -e "\033[31m Timezone \033[0m is already "Asia/Shanghai"" else rm -f /etc/localtime cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo -e "\033[31m Timezone \033[0m is already modify "Asia/Shanghai"" fi ################ <更改ssh端口和禁止root登录> ####################### Net=$(netstat -tulnp|grep 22502 | wc -l) if [ $Net = 0 ];then cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak sed -i '/Port 22/aPort 22502' /etc/ssh/sshd_config echo -e "\033[31m SSH's port 22 is already modify to 22502\033[0m" sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config sed -i "/^#Subsystem/aSubsystem sftp internal-sftp" /etc/ssh/sshd_config if [ $? -eq 0 ];then systemctl restart sshd 2>&1 >/dev/null echo -e "\033[31m SSH's service\033[0m has restart again" fi else sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config echo -e "\033[31m chage Use UseDns\033[0m" PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2` echo -e "ssh's port is \033[31m already modify $PORT\033[0m" fi ############## <登录密码相关设置> ####################################### cp /etc/login.defs /etc/login.defs.bak sed -i '/^PASS_MAX_DAYS/s/[0-9]\{1,\}/99999/g' /etc/login.defs sed -i '/^PASS_MIN_DAYS/s/[0-9]\{1,\}/7/g' /etc/login.defs sed -i '/ ^ PASS_MIN_LEN / s / [0-9] \ {1, \} / 12 / G '/etc/login.defs sed -i '/^PASS_WARN_AGE/s/[0-9]\{1,\}/30/g' /etc/login.defs ######################################################################### username=$(id kyeroot | grep "uid=0" | wc -l) if [ $username = 0 ];then useradd kyeroot echo "Aa+12345678" | passwd --stdin kyeroot sed -i '/^kyeroot/s/[0-9]\{1,\}/0/g' /etc/passwd sed -i '/^kyeroot/s/home\/kyeroot/root/g' /etc/passwd sed -i "/^root/s/bin/sbin/g" /etc/passwd sed -i "/^root/s/bash/nologin/g" /etc/passwd cp /etc/sudoers /etc/sudoers.bak sed -i '/^root/akyeroot ALL=(ALL) ALL' /etc/sudoers else echo -e "\033[31m user kyeroot is exists\033[0m or \033[31m password is wrong\033[0m" fi useradd kyeadmin 2>&1 >/dev/null d=$? if [ $d -eq 0 ];then echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null echo -e "\033[31m create user kyeadmin successful \033[0m" echo -e "\033[31m create user passwd successful \033[0m" else echo -e "\033[31m user kyeadmin is exists\033[0m or \033[31m password is wrong\033[0m" fi ############### <日志权限> ######################################### chattr +a /var/log/messages if [ $? == "0" ];then echo -e "\033[31m Already add "lsatrr +a"\033[0m for "/var/log/messages" " else echo -e "Add \033[31m "lsattr +a"\033[0m is failed,please check it!" fi find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} \; echo -e "\033[31m modify "/var/log/*"\033[0m all files permission of "u-x,g-x,o-wx" successful" + X /etc/rc.local the chmod null = $ (grep "/ dev / null" /etc/rc.local | WC -l) IF [$ null = 0]; the then echo "the chmod 666 / dev / null"> > /etc/rc.local the else echo "already RESET / dev / null" Fi ############## <modified file handles> ############ ####################### h=`ulimit -n` if [ $h -ne 65535 ];then the ulimit -n 65535 grep "Soft nofile * 65535" /etc/security/limits.conf 2>. 1 &> / dev / null i = $? # Analyzing "soft nofile 65536" if there grep "Hard nofile * 65535" /etc/security/limits.conf 2>. 1 &> / dev / null J = $? # Analyzing "hard nofile 65536" if there are k $ = [I + J] IF [K $ -ne 0]; # simultaneously determines the then "Soft / Hard nofile 65536" CP / etc / Security / Limits.conf /etc/security/limits.conf.bak echo "* soft nofile 65535" >> /etc/security/limits.conf echo "* hard nofile 65535" >> /etc/security/limits.conf echo -e "\033[31m default ulimit is $h\033[0m,now ulimit is already modify 65535" else echo -e "\033[31m "soft nofile 65535 and hard nofile 65535"\033[0m is already configure,not to modify " fi else echo -e "\033[31m default ulimit is 65535\033[0m,not modify" fi ############# <prevent brute force, improve system security> ########################## ###### grep "Remember" /etc/pam.d/system-auth 2> & 1> / dev / null O = $? grep "unlock_time" /etc/pam.d/system-auth 2> & 1> / dev / null the p-= $? grep "pam_pwquality.so" /etc/pam.d/system-auth 2> & 1> / dev / null w=$? if [ $o -ne 0 ];then cp /etc/pam.d/system-auth /etc/pam.d/ auth.bak-System Sed -i "/ SHA512 / S / use_authtok / use_authtok Remember. 4 = / G" prohibited /etc/pam.d/system-auth ### indicates the four most recently used password (already used the password will be stored in / etc / security / opasswd below) echo -e "the Configure" Remember = use_authtok. 4 "for successful /etc/pam.d/system-auth" Fi IF [$ W -ne 0]; the then Sed -i "/pam_pwquality.so/s/local_users_only/minclass=3/g" /etc/pam.d/system-auth -e echo "the Configure" Remember = use_authtok. 4 "for successful /etc/pam.d/system-auth" Fi IF [$ P -eq 0]; the then echo "the auth required pam_tally2.so even_deny_root the deny. 5 = 1800 = unlock_time" /etc/pam.d/system-auth >> echo -e "the Configure" auth required pam_tally2.so even_deny_root deny unlock_time = 1800 = 5 "for /etc/pam.d/system-auth successful" d/system-auth successful" fi ###### ########### <set shell session timeout exit> ################################ ## the n-= `grep" TMOUT = "/ etc / Profile | Cut -d" = "read -f 2` # default timeout L =` grep "TMOUT" / etc / profile` IF [$ -? ne 0]; then ## Analyzing TMOUT not been set out configuration CP / etc / Profile /etc/profile.bak echo "TMOUT = 300" >>/etc/profile echo "export TMOUT" >> /etc/profile Sed -i # 'S / ^ the HISTSIZE = 1000/30 = the HISTSIZE / G' / etc / Profile echo -e "\ 033 [31M the TMOUT \ 033 [0m Modify the TMOUT already IS = 300" the else-configured command timeout ## if replacement change the default timeout sed -is / TMOUT = $ n / TMOUT = 300 / g / etc / profile # replace the default timeout is 180 [ echo -e "\ 033 [31M default the TMOUT \ 033 [0m $ n-iS, the TMOUT is already modify to 180s successful "# get the default timeout # echo" Export TMOUT ">> / etc / Profile export TMOUT" >> /etc/profile fi ################# <prohibit root ftp login> ### #################################### systemctl the vsftpd Status 2>. 1 &> / dev / null IF [$ ? -eq 0]; the then echo "root" >> / etc / vsftpd / ftpusers echo -e "\ 033 [31M for the FTP root at The Forbidden \ 033 [0m successful" the else echo -e "\033[31m The vsftpd \033[0m service not exists,not need to forbidden" fi ############### <登录警告语> ############################################# grep "WARNING" /etc/motd 2>&1 >/dev/null if [ $? -ne 0 ];then echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd echo -e "\033[31m The motd \033[0m is add at /etc/motd successful" else echo -e "\033[31m The motd "WARNING" is exsits\033[0m,please check if need to modify again" fi ################ <Allows the user to set the root can su> ################################# grep "SU_WHEEL_ONLY yes" /etc/login.defs && echo "Already set" || echo "SU_WHEEL_ONLY yes" >> /etc/login.defs elif [ $Centos6 == 1 ] then echo "System Centos 6 in reset kernel" ################ 《关闭selinux》############################################ /bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null if [ $? -eq 0 ];then echo -e "\033[31m Selinux\033[0m is already not running" else /bin/sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config setenforce 0 2>&1 >/dev/null echo -e "\033[31m Selinux \033[0m is already modify stop successful" fi ################# <关闭多余用户> ########################## userdel -r lp 2>&1 >/dev/null userdel -r sync 2>&1 >/dev/null userdel -r shutdown 2>&1 >/dev/null userdel -r halt 2>&1 >/dev/null userdel -r operator 2>&1 >/dev/null userdel -r games 2>&1 >/dev/null chmod +s /bin/netstat chmod 400 /etc/shadow ################# <系统内核安全> ########################## ipv4=$(grep "net.ipv4" /etc/sysctl.conf | wc -l) if [ $ipv4 -lt 2 ]; then echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf echo "net.ipv4.tcp_mem = 131072 262144 524288" >> /etc/sysctl.conf echo "net.ipv4.tcp_rmem = 8760 256960 4088000" >> /etc/sysctl.conf echo "net.ipv4.tcp_wmem = 8760 256960 4088000" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf sysctl -p else echo "kernel already reset" fi hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow | wc -l) if [ $hosts -ne 1 ]; then echo "insert sshd allow" echo 'sshd:10.80.80.100:allow' >> /etc/hosts.allow else echo "sshd already reset" ################ "Change the time zone" ############################# ################# fi /bin/grep "Asia/Shanghai" /etc/sysconfig/clock 2>&1 >/dev/null if [ $? -eq 0 ];then echo -e "\033[31m Timezone \033[0m is already "Asia/Shanghai"" else rm -f /etc/localtime cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo -e "\033[31m Timezone \033[0m is already modify "Asia/Shanghai"" fi ###############《更改ssh端口和禁止root登录》############################## Net=$(netstat -tulnp|grep 22502 | wc -l) if [ $Net = 0 ];then cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak sed -i '/port 22/aport 22502' /etc/ssh/sshd_config echo -e "\033[31m SSH's port 22 is already modify to 22502\033[0m" sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config sed -i "/^#Subsystem/aSubsystem sftp internal-sftp" /etc/ssh/sshd_config if [ $? -eq 0 ];then service sshd restart 2>&1 >/dev/null echo -e "\033[31m SSH's service\033[0m has restart again" fi else sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config echo -e "\033[31m chage Use UseDns\033[0m" PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2` echo -e "ssh's port is \033[31m already modify $PORT\033[0m" fi ############### 《禁止组合键关机》####################################### /bin/grep ^exec /etc/init/control-alt-delete.conf 2>&1 >/dev/null a=$? #判断是否关闭“exec /etc/init/control-alt-delete.conf” /bin/grep ^start /etc/init/control-alt-delete.conf 2>&1 >/dev/null b=$? #判断是否关闭"start on control-alt-delete" c=$[a+b] if [ $c -eq 2 ];then echo -e "\033[31m "control-alt-delete" \033[0m modify is \033[31m failed \033[0m,or configure successful,please check it again" else cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak sed -i "/^start/s/start/#start/g" /etc/init/control-alt-delete.conf sed -i "/^exec/s/exec/#exec/g" /etc/init/control-alt-delete.conf echo -e "\033[31m “control-alt-delete”\033[0m is already modify stop successful" fi ############# 《登录密码相关设置》############################## cp /etc/login.defs /etc/login.defs.bak sed -i '/^PASS_MAX_DAYS/s/[0-9]\{1,\}/90/g' /etc/login.defs sed -i '/^PASS_MIN_DAYS/s/[0-9]\{1,\}/7/g' /etc/login.defs sed -i '/^PASS_MIN_LEN/s/[0-9]\{1,\}/12/g' /etc/login.defs sed -i '/^PASS_WARN_AGE/s/[0-9]\{1,\}/30/g' /etc/login.defs # U = `grep" ^ kyeroot "/ etc / passwd | WC -l` ############## "New User" ############################### ############# username = $ (ID kyeroot | grep "UID = 0" | -l WC) IF [$ username = 0];then useradd kyeroot echo "Aa+12345678" | passwd --stdin kyeroot sed -i '/^kyeroot/s/[0-9]\{1,\}/0/g' /etc/passwd sed -i '/^kyeroot/s/home\/kyeroot/root/g' /etc/passwd sed -i "/^root/s/bin/sbin/g" /etc/passwd sed -i "/^root/s/bash/nologin/g" /etc/passwd cp /etc/sudoers /etc/sudoers.bak sed -i '/^root/akyeroot ALL=(ALL) ALL' /etc/sudoers else echo -e "\033[31m user kyeroot is exists\033[0m or \033[31m password is wrong\033[0m" fi useradd kyeadmin 2>&1 >/dev/null d=$? if [ $d -eq 0 ];then echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null echo -e "\033[31m create user kyeadmin successful \033[0m" echo -e "\033[31m create user passwd successful \033[0m" else echo -e "\033[31m user kyeadmin is exists\033[0m or \033[31m password is wrong\033[0m" fi ############# 《日志权限》############################################ chattr +a /var/log/messages if [ $? == "0" ];then echo -e "\033[31m Already add "lsatrr +a"\033[0m for "/var/log/messages" " else echo -e "Add \033[31m "lsattr +a"\033[0m is failed,please check it!" fi find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} \; echo -e "\033[31m modify "/var/log/*"\033[0m all files permission of "u-x,g-x,o-wx" successful" chmod +x /etc/rc.local null=$(grep "/dev/null" /etc/rc.local |wc -l) IF [$ null = 0]; the then echo "the chmod 666 / dev / null" >> /etc/rc.local the else echo "already RESET / dev / null" Fi ############# "modification of file handles" ###################################### H = `ulimit -n ` iF [H $ -ne 65535]; the thennow ulimit is already modify 65535" else ulimit -n 65535 grep "* soft nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null i=$? #判断“soft nofile 65536”是否存在 grep "* hard nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null ? j = $ # Analyzing "hard nofile 65536" if there are K = $ [I + J] IF [K $ -ne 0]; # simultaneously determines the then "Soft / Hard nofile 65536" CP /etc/security/limits.conf /etc/security/limits.conf.bak echo "* Soft nofile 65535" >> /etc/security/limits.conf echo "* Hard nofile 65535" >> /etc/security/limits.conf echo -e "\ 033 [31M default ulimit IS $ H \ 033 [0m, now already the Modify ulimit IS 65535 " echo -e" \ 033 [31M "Soft and Hard nofile 65535 65535 nofile" \ 033 [0m IS already the configure, not to the Modify " fi the else -e echo "\ 033 [31M default ulimit IS 65535 \ 033 [0m, not the Modify" fi ############## "to prevent brute force, improve system security" ##### ################# grep "Remember" /etc/pam.d/system-auth 2> & 1> / dev / null ? O = $ the p-= `grep" unlock_time "/etc/pam.d/system-auth | WC -l` IF [ -ne 0 O $]; the then CP /etc/pam.d/system-auth /etc/pam.d/system-auth.bak Sed -i "/ SHA512 / S / use_authtok / use_authtok Remember. 4 = / G" / etc / pam.d / system-auth ### indicates prohibited four recently used password (password already used will be stored in / etc / security / opasswd below) Fi IF [$ -LT-P. 1]; the then echo "auth required pam_tally2.so even_deny_root deny unlock_time = 1800 = 5" >> /etc/pam.d/system-auth fi ############## "set the shell session timeout exit" ############################ the n-= `grep" TMOUT = "/ etc / Profile | Cut -d" = "-f 2` # reads the default timeout time l = `grep" TMOUT "/ etc / profile` IF [$ 0 -ne?]; ## determines the then TMOUT not been set out configuration cp / etc / /etc/profile.bak Profile echo "the TMOUT = 300" >> / etc / Profile echo "Export the TMOUT" >> / etc / Profile # Sed -i 'S / ^ the HISTSIZE = 1000/30 = the HISTSIZE / G' / etc / Profile echo -e "\ 033 [31M the TMOUT \ 033 [0m Modify the TMOUT already IS = 300" the else-configured timeout ## if the command change replace the default timeout sed -is / TMOUT = $ n / TMOUT = 300 / g / etc / profile # replace the default timeout is 180 [ echo -e "\ 033 [31M default the TMOUT \ 033 [0m $ n-iS,TMOUT is already modify to 180s successful "# Get the default time-out # echo "export TMOUT" >> /etc/profile fi ############## 《禁止root ftp登录》################################ if [ -f /etc/vsftpd/ftpusers ];then p=`grep 'root' /etc/vsftpd/ftpusers | wc -l` if [ $p -eq 0 ];then cp /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers.bak echo "root" >> /etc/vsftpd/ftpusers echo -e "\033[31m The ftp for root forbidden \033[0m successful or\033[31m ftp's service not exsits \033[0m" else echo -e "\033[31m The vsftpd \033[0m service not exists or Have been modified" fi else echo -e "\033[31m The vsftpd \033[0m service not exists or Have been modified" ################ "Login warning" ############################ ####### fi grep "WARNING" /etc/motd 2>&1 >/dev/null if [ $? -ne 0 ];then cp /etc/motd /etc/motd.bak echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd echo -e "\033[31m The motd \033[0m is add at /etc/motd successful" else echo -e "\033[31m The motd "WARNING" is exsits\033[0m,please check if need to modify again" fi ############## 《关闭telnet》#################################### y=`chkconfig --list|grep telnet |awk '{print $2}'` m=`chkconfig --list|grep telnet ` if [ $? -ne 0 ];then echo -e "\033[31m The telnet \033[0m is not exsits" else if [ $y == "on" ];then chkconfig telnet off echo -e "\033[31m The telnet \033[0m is stop sucessful" else echo -e "\033[31m The telnet\033[0m is already stop " fi fi else echo "cache System version" fi