Linux Centos 7 简单初始化脚本
2019-05-11 本文已影响0人
豆芽_yw
#!/bin/bash
#初始化 yum
#sed -i 's/mirrorlist/#mirrorlist/g ; s/#baseurl/baseurl/g' /etc/yum.repos.d/CentOS-Base.repo
#阿里源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
yum -y install bash-completion
yum -y install /sbin/ifconfig
yum -y install /usr/bin/vim
yum -y install lsof
yum -y install epel-release
#获取网卡
ifcfg=`ifconfig |awk -F: 'NR==1 {print $1}'`
#输出IP信息
IP=`ifconfig | egrep -o "(\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>\.){3}\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>"`
sed -i 's/dhcp/none/g' /etc/sysconfig/network-scripts/ifcfg-$ifcfg
for i in $IP
do
HEAD=` echo $i | awk -F. '{ print $1 }'`
H2=` echo $i | awk -F. '{ print $2 }'`
H3=` echo $i | awk -F. '{ print $3 }'`
END=` echo $i | awk -F. '{print $4}'`
#判断ip 网关 子网掩码
if (( $HEAD != 255 )) && (( $END != 255 )) && (( $HEAD !=127 )) ;then
echo IPADDR=\"$i\" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
fi
#第二个if是避免出现255.0.0.0
if [ $HEAD -eq 255 ] ;then
if [ $H2 -eq 255 ] ;then
echo NETMASK=\"$i\" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
fi
fi
done
echo GATEWAY="192.168.25.2" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
echo DNS1="114.114.114.114" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
echo DNS2="8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
#关闭防火墙/SELINUX
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
#修改特殊命令权限
chmod 700 /usr/bin/ping
chmod 700 /usr/bin/who
chmod 700 /usr/bin/w
#优化sshd配置
#密码只允许错误3次
#认证时间不能超过20秒
sed -i "s/#MaxAuthTries 6/MaxAuthTries 3/" /etc/ssh/sshd_config
sed -i "/LoginGraceTime/cLoginGraceTime 20" /etc/ssh/sshd_config
#关闭UseDNS
sed -i "/UseDNS/cUseDNS no" /etc/ssh/sshd_config
#300秒后关闭无动作用户 (exit) [user]
echo "TMOUT=300" >> /etc/profile
#使 /etc/profile 配置生效
source /etc/profile
#在 /etc/sysctl.conf 中配置开启 syncookie
echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf
#保护历史安全
chattr +a /root/.bash_history
chattr +i /root/.bash_history
#重启网卡
service network restart
#重启sshd
systemctl restart sshd