最小化安装Linux系统初始化脚本
目录
- 最小化安装Linux系统初始化脚本
最小化安装Linux系统初始化脚本
注:此脚本适用于centos 7/8、Ubuntu1804,具体需要根据实际情况进行测试调整。
此脚本包含的功能:
允许 root 用户使用 ssh 登录
关闭 selinux
关闭防火墙
设置 ps1
设置默认编辑器为 vim
自定义 vim
自定义历史命令
修改内核参数
设置资源限制
修改软件源
安装常用包
设置时间同步
修改网卡为传统命令格式
设置IP地址等
[root@centos8 ~]# cat init_v1.sh #!/bin/bash # #************************************************** #Author: Xan_Yum #QQ: 7993167 #Email: waluna@qq.com #Version: 1.0 #Date: 2021-11-03 #FileName: init_v1.sh #Description: system init #URL: https://blog.waluna.top #Copyroght ©: 2021 ALL rights reserved #**************************************************
OS=
awk -F'"' '/PRETTY_NAME/{print $2}' /etc/os-release|tr ' ' '-'#1 set_ssh () { if [[ $OS == Ubuntu-18.04* ]];then sed -i.bak ‘/#PermitRootLogin/a PermitRootLogin yes’ /etc/ssh/sshd_config systemctl restart sshd fi echo -e “\e[32;1mPermit root login set complete\e[0m” }
#2 disable_selinux () { if [[ $OS == CentOS* ]];then sed -i.bak ’s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config fi echo -e “\e[32;1mSElinux already disabled,Restart to take effect\e[0m”
}
#3 disbale_firewall () { systemctl disable –now firewalld &> /dev/null echo -e “\e[32;1mFirewall already disabled\e[0m” }
#4 set_ps1 () { if [[ \(OS == CentOS* ]];then echo "PS1='\[\e[1;36m\][\u@\h \W]\\\) [\e[0m]’” >> /etc/profile.d/env.sh . /etc/profile.d/env.sh elif [[ \(OS == Ubuntu* ]];then echo 'PS1="\[\e[1;32m\][\){debian_chroot:+(\(debian_chroot)}\u@\h \w]\\\) [\e[0m]”’ >> .bashrc . .bashrc fi echo -e “\e[32;1mPS1 already modify,Please login again\e[0m”
}
#5 set_default_text_editor_vim () { echo “export EDITOR=vim” >> /etc/profile.d/env.sh . /etc/profile.d/env.sh echo -e “\e[32;1mdefault_text_editor already modify vim,Please login again\e[0m” }
#6 set_vim () { cat > ~/.vimrc <
”) call setline(4,“#Author: Xan_Yum”) call setline(5,“#QQ: 7993167”) call setline(6,“#Email: waluna@qq.com”) call setline(7,“#Version: 1.0”) call setline(8,“#Date: “.strftime(”%Y-%m-%d”)) call setline(9,“#FileName: “.expand(”%“)) call setline(10,”#Description: The test script”) call setline(11,“#URL: https://blog.waluna.top”) call setline(12,“#Copyroght ©: “.strftime(”%Y”).” ALL rights reserved”) call setline(13,“#***********************************************”) endif endfunc autocmd BufNewFile * normal G EOF echo -e “\e[32;1mVim already modify\e[0m” } #7 set_history () { echo ‘export HISTTIMEFORMAT=“%F %T
whoami“’ >> /etc/profile.d/env.sh echo -e “\e[32;1mHistory modify\e[0m” }#8 modify_kernel_parameters () { mv /etc/sysctl.conf{,.bak} cat > /etc/sysctl.conf <
Controls source route verification
net.ipv4.conf.default.rp_filter = 1 net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1
Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
Controls whether core dumps will append the PID to the core filename.
Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
Controls the use of TCP syncookies
表示是否打开TCP同步标签(syncookie),内核必须打开了CONFIG_SYN_COOKIES项进行编译,同步标签可以防止一个套接字在有过多试图连接到达时引起过载。
net.ipv4.tcp_syncookies = 1
Disable netfilter on bridges.
net.bridge.bridge-nf-call-arptables:是否在arptables的FORWARD中过滤网桥的ARP包
net.bridge.bridge-nf-call-ip6tables:是否在ip6tables链中过滤IPv6包
net.bridge.bridge-nf-call-iptables:是否在iptables链中过滤IPv4包
net.bridge.bridge-nf-filter-vlan-tagged:是否在iptables/arptables中过滤打了vlan标签的包
net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_sack = 1
socket buffer
net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 20480 net.core.optmem_max = 81920
TCP conn
net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_retries1 = 3 net.ipv4.tcp_retries2 = 15
tcp conn reuse
net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_timestamps = 1 #? net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1
keepalive conn
net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.ip_local_port_range = 10001 65000
swap
vm.overcommit_memory = 0 vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0 #net.ipv4.conf.lo.arp_ignore = 1 #net.ipv4.conf.lo.arp_announce = 2 #net.ipv4.conf.all.arp_ignore = 1 #net.ipv4.conf.all.arp_announce = 2
EOF echo -e “\e[32;1mKernel parameters modify complete\e[0m” }
#9 modify_resource_limits () { cat >> /etc/security/limits.conf <
- - core unlimited
- - nproc 1000000
- - nofile 1000000
- - memlock 32000
- - msgqueue 8192000 root - core unlimited root - nproc 1000000 root - nofile 1000000 root - memlock 32000 root - msgqueue 8192000 EOF echo -e “\e[32;1mResource limits modify complete\e[0m” }
#10 set_software_source () { if [[ \(OS == CentOS-Linux-7* ]];then mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup curl -o /etc/yum.repos.d/Centos-7.repo https://mirrors.aliyun.com/repo/Centos-7.repo curl -o /etc/yum.repos.d/epel-7.repo https://mirrors.aliyun.com/repo/epel-7.repo yum clean all && yum makecache elif [[ \)OS == CentOS-Linux-8* ]];then mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/.repo /etc/yum.repos.d/backup curl -o /etc/yum.repos.d/Centos-8.repo https://mirrors.aliyun.com/repo/Centos-8.repo yum clean all && yum makecache yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm sed -i ’s|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|’ /etc/yum.repos.d/epel sed -i ’s|^metalink|#metalink|’ /etc/yum.repos.d/epel* elif [[ $OS == Ubuntu-18.04* ]];then mkdir /etc/apt/backup && mv /etc/apt/sources.list /etc/apt/backup cat > /etc/apt/sources.list <
http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse EOF rm -f /var/lib/apt/lists/lock && apt update fi echo -e “\e[32;1mSoftware source set complete\e[0m”
}
#11 install_package () { if [[ \(OS == CentOS-Linux-7* ]];then yum install bash-completion vim-enhanced tree psmisc wget bc iotop gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools lrzsz ntpdate telnet lsof tcpdump libevent libevent-devel openssh-server openssh-clients postfix -y elif [[ \)OS == CentOS-Linux-8* ]];then dnf install bash-completion vim-enhanced tree psmisc wget bc iotop gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools lrzsz chrony telnet lsof tcpdump libevent libevent-devel openssh-server openssh-clients postfix -y elif [[ $OS == Ubuntu-18.04* ]];then apt install make gcc iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree zip unzip openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev iotop libreadline-dev libsystemd-dev -y fi echo -e “\e[32;1mCommon Package already install\e[0m” }
#12 set_time_sync () { if [[ \(OS == CentOS-Linux-7* ]];then echo '*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w' >> /var/spool/cron/root systemctl restart crond elif [[ \)OS == CentOS-Linux-8* ]];then sed -i.bak ‘/^pool /c pool time1.aliyun.com iburst’ /etc/chrony.conf systemctl restart chronyd && systemctl enable chronyd echo ‘*/5 * * * * chronyc -a makestep &> /dev/null && hwclock -w’ >> /var/spool/cron/root systemctl restart crond elif [[ $OS == Ubuntu-18.04* ]];then echo ‘*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w’ >> /var/spool/cron/root systemctl restart cron fi echo -e “\e[32;1mTime sync complete\e[0m” }
#13 set_eth () { if [[ \(OS == CentOS* ]];then sed -i.bak '/GRUB_CMDLINE_LINUX/s#"\)# net.ifnames=0”#’ /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null elif [[ \(OS == Ubuntu-18.04* ]];then sed -i.bak '/GRUB_CMDLINE_LINUX/s#"\)#net.ifnames=0”#’ /etc/default/grub grub-mkconfig -o /boot/grub/grub.cfg &> /dev/null fi
echo -e "\e[32;1mNetname already modify,Restart to take effect\e[0m"}
set_eth0 () { if [[ $OS == Ubuntu-18.04* ]];then mv /etc/netplan/01-netcfg.yaml{,.bak} cat > /etc/netplan/01-netcfg.yaml <
9⁄24] gateway4: 10.0.0.2 nameservers: addresses: [223.5.5.5,114.114.114.114] EOF fi echo -e “\e[32;1mIP already set\e[0m” } #14 set_ip () { if [[ \(OS == CentOS-Linux-8* ]];then mv /etc/sysconfig/network-scripts/ifcfg-ens160{,.bak} read -p "Please input IP: " IP read -p "Please input Prefix: " PREFIX read -p "Please input Gateway: " GATEWAY read -p "Please input DNS1: " DNS1 read -p "Please input DNS2: " DNS2 cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF TYPE=Ethernet NAME=eth0 DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=\)IP PREFIX=\(PREFIX GATEWAY=\)GATEWAY DNS1=\(DNS1 DNS2=\)DNS2 EOF elif [[ \(OS == CentOS-Linux-7* ]];then mv /etc/sysconfig/network-scripts/ifcfg-ens33{,.bak} read -p "Please input IP: " IP read -p "Please input Prefix: " PREFIX read -p "Please input Gateway: " GATEWAY read -p "Please input DNS1: " DNS1 read -p "Please input DNS2: " DNS2 cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF TYPE=Ethernet NAME=eth0 DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=\)IP PREFIX=\(PREFIX GATEWAY=\)GATEWAY DNS1=\(DNS1 DNS2=\)DNS2 EOF elif [[ \(OS == Ubuntu-18.04* ]];then mv /etc/netplan/01-netcfg.yaml{,.bak} read -p "Please input IP/PREFIX: " IP_MASK read -p "Please input Gateway: " GATEWAY read -p "Please input DNS: " DNS cat > /etc/netplan/01-netcfg.yaml <<EOF network: version: 2 renderer: networkd ethernets: eth0: dhcp4: no addresses: [\)IP_MASK] gateway4: \(GATEWAY nameservers: addresses: [\)DNS] EOF fi echo -e “\e[32;1mIP already set\e[0m” }
echo -en “\e[32;1m” cat <
This script applies to centos7 centos8 ubuntu1804!!!
Please select: 1)Perimtrootlogin 2)Disable SElinux 3)Disable Firewall 4)Modify PS1 5)Set default text editor 6)Modify vim 7)Set History 8)Modify kernel parameters 9)Modify resource limits 10)set_software_source 11)Install Common Package 12)Set Time Sync 13)Modify NetName 14)Set IP 15)All realized EOF echo -en ‘\e[0m’ read -p “Please input number 1-15: ” MENU case $MENU in 1) set_ssh ;; 2) disable_selinux ;; 3) disbale_firewall ;; 4) set_ps1 ;; 5) set_default_text_editor_vim ;; 6) set_vim ;; 7) set_history ;; 8) modify_kernel_parameters ;; 9) modify_resource_limits ;; 10) set_software_source ;; 11) install_package ;; 12) set_time_sync ;; 13) set_eth set_eth0 ;; 14) set_ip ;; 15) #set_ssh disable_selinux disbale_firewall set_ps1 set_default_text_editor_vim set_vim set_history modify_kernel_parameters modify_resource_limits set_software_source install_package set_time_sync set_eth set_eth0 #set_ip echo -e “\e[32;1mAll done\e[0m” ;; *) echo -e “\e[32;1mINPUY FLASE!\e[0m” ;; esac
关于我
全网可搜《阿贤Linux》
CSDN、知乎、哔哩哔哩、博客园、51CTO、开源中国、思否、掘金、阿里云、腾讯云、华为云、今日头条、GitHub、个人博客
公众号:阿贤Linux
个人博客:blog.waluna.top
https://blog.waluna.top/
原文链接: 最小化安装系统初始化脚本.
/you-xi-kai-fa-fu-wu/zui-xiao-hua-an-zhuang-linuxxi-tong-chu-shi-hua-jiao-ben-5668.html