Linux Centos 7 简单初始化脚本

2019-05-11  本文已影响0人  豆芽_yw
#!/bin/bash
#初始化 yum
#sed -i 's/mirrorlist/#mirrorlist/g ; s/#baseurl/baseurl/g' /etc/yum.repos.d/CentOS-Base.repo
#阿里源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
yum -y install bash-completion
yum -y install /sbin/ifconfig
yum -y install /usr/bin/vim
yum -y install lsof
 yum -y install epel-release
#获取网卡
ifcfg=`ifconfig |awk -F: 'NR==1 {print $1}'`

#输出IP信息
IP=`ifconfig | egrep -o "(\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>\.){3}\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>"`
sed -i 's/dhcp/none/g' /etc/sysconfig/network-scripts/ifcfg-$ifcfg

for i in $IP
do
   HEAD=` echo $i  | awk -F. '{ print $1 }'`
   H2=` echo $i  | awk -F. '{ print $2 }'`
   H3=` echo $i  | awk -F. '{ print $3 }'`
   END=` echo $i | awk -F. '{print $4}'`
#判断ip 网关 子网掩码
    if (( $HEAD != 255 )) && (( $END != 255 )) && (( $HEAD !=127 )) ;then
        echo IPADDR=\"$i\" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
    fi

#第二个if是避免出现255.0.0.0
    if [ $HEAD -eq 255 ] ;then
        if [ $H2 -eq 255 ] ;then
             echo NETMASK=\"$i\" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
        fi
    fi
done

echo GATEWAY="192.168.25.2" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
echo DNS1="114.114.114.114" >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg
echo DNS2="8.8.8.8"  >> /etc/sysconfig/network-scripts/ifcfg-$ifcfg



#关闭防火墙/SELINUX
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config

#修改特殊命令权限
chmod 700 /usr/bin/ping
chmod 700 /usr/bin/who
chmod 700 /usr/bin/w
#优化sshd配置
#密码只允许错误3次
#认证时间不能超过20秒
sed -i "s/#MaxAuthTries 6/MaxAuthTries 3/" /etc/ssh/sshd_config
sed -i "/LoginGraceTime/cLoginGraceTime 20" /etc/ssh/sshd_config

#关闭UseDNS
sed -i "/UseDNS/cUseDNS no" /etc/ssh/sshd_config

#300秒后关闭无动作用户 (exit) [user]
echo "TMOUT=300" >> /etc/profile

#使 /etc/profile 配置生效
source /etc/profile

#在 /etc/sysctl.conf 中配置开启 syncookie
echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf

#保护历史安全
chattr +a /root/.bash_history
chattr +i /root/.bash_history

#重启网卡
service network restart

#重启sshd
systemctl restart sshd

上一篇下一篇

猜你喜欢

热点阅读