[关闭]
@zhangyy 2021-09-13T17:03:14.000000Z 字数 4582 阅读 125

CentOS7.X 优化脚本

运维系列

  1. #!/bin/bash
  2. # yum_client configuration
  3. echo > /etc/yum.repos.d/rhel7_new.repo
  4. cat >> /etc/yum.repos.d/rhel7_new.repo << EOF
  5. [rhel7-base]
  6. name=RHEL7.1
  7. baseurl=http://180.2.32.10/rhel7
  8. enabled=1
  9. gpgcheck=0
  10. EOF
  11. # Enable or Disable Service
  12. /usr/bin/systemctl set-default multi-user.target
  13. /usr/bin/systemctl stop NetworkManager
  14. /usr/bin/systemctl disable NetworkManager
  15. /usr/bin/systemctl stop bluetooth.service
  16. /usr/bin/systemctl disable bluetooth.service
  17. /usr/bin/systemctl stop cups.service
  18. /usr/bin/systemctl disable cups.service
  19. /usr/bin/systemctl stop rhnsd.service
  20. /usr/bin/systemctl disable rhnsd.service
  21. /usr/bin/systemctl stop atd.service
  22. /usr/bin/systemctl disable atd.service
  23. /usr/bin/systemctl stop chronyd.service
  24. /usr/bin/systemctl disable chronyd.service
  25. /usr/bin/systemctl stop kdump.service
  26. /usr/bin/systemctl disable kdump.service
  27. /usr/bin/systemctl disable  avahi-daemon.service >/dev/null 2>&1
  28. /usr/bin/systemctl stop  avahi-daemon.service >/dev/null 2>&1
  29. /usr/bin/systemctl disable dbus-org.freedesktop.Avahi.service >/dev/null 2>&1
  30. /usr/bin/systemctl stop  dbus-org.freedesktop.Avahi.service >/dev/null 2>&1
  31. /usr/bin/systemctl disable dbus-org.freedesktop.ModemManager1.service >/dev/null 2>&1
  32. /usr/bin/systemctl stop dbus-org.freedesktop.ModemManager1.service >/dev/null 2>&1
  33. /usr/bin/systemctl disable dmraid-activation.service >/dev/null 2>&1
  34. /usr/bin/systemctl stop  dmraid-activation.service >/dev/null 2>&1
  35. /usr/bin/systemctl disable httpd.service >/dev/null 2>&1
  36. /usr/bin/systemctl stop httpd.service >/dev/null 2>&1
  37. /usr/bin/systemctl disable hypervkvpd.service >/dev/null 2>&1
  38. /usr/bin/systemctl stop  hypervkvpd.service >/dev/null 2>&1
  39. /usr/bin/systemctl disable hypervvssd.service >/dev/null 2>&1
  40. /usr/bin/systemctl stop hypervvssd.service >/dev/null 2>&1
  41. /usr/bin/systemctl disable iscsi.service  >/dev/null 2>&1
  42. /usr/bin/systemctl stop iscsi.service  >/dev/null 2>&1
  43. /usr/bin/systemctl disable libvirtd.service >/dev/null 2>&1
  44. /usr/bin/systemctl stop libvirtd.service >/dev/null 2>&1
  45. /usr/bin/systemctl disable ModemManager.service >/dev/null 2>&1
  46. /usr/bin/systemctl stop ModemManager.service >/dev/null 2>&1
  47. /usr/bin/systemctl disable  packagekit-offline-update.service >/dev/null 2>&1
  48. /usr/bin/systemctl stop packagekit-offline-update.service >/dev/null 2>&1
  49. /usr/bin/systemctl disable postfix.service  >/dev/null 2>&1
  50. /usr/bin/systemctl stop postfix.service  >/dev/null 2>&1
  51. /usr/bin/systemctl disable rhsmcertd.service >/dev/null 2>&1
  52. /usr/bin/systemctl stop rhsmcertd.service >/dev/null 2>&1
  53. /usr/bin/systemctl disable spice-vdagentd.service >/dev/null 2>&1
  54. /usr/bin/systemctl stop  spice-vdagentd.service >/dev/null 2>&1
  56. # Install Packages 7.3 
  57. /usr/bin/mkdir /tmp/{nfs,glibc,oracle,openssl,bash,systemd}
  58. cd /tmp/nfs
  59. /usr/bin/wget http://180.2.32.10/nfs_patch/coreutils-8.22-12.el7_1.2.x86_64.rpm
  60. rpm -Fvh *.rpm
  61. cd /tmp/glibc
  62. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/glibc_patch/rhel7/
  63. rpm -Fvh *.rpm
  64. cd /tmp/openssl
  65. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/openssl_patch/rhel7/
  66. rpm -Fvh *.rpm
  67. cd /tmp/oracle
  68. /usr/bin/wget http://180.2.32.10/oracle/rhel7/compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm
  69. rpm -Uvh *.rpm
  70. cd /tmp/bash/
  71. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/bash_patch/rhel7/
  72. rpm -Fvh *.rpm
  73. cd /tmp/systemd/
  74. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/systemd_patch/rhel7/
  75. rpm -Fvh *.rpm
  77. # sudo configure
  78. useradd sysmt
  79. echo sysmt | passwd --stdin sysmt
  80. chmod 740 /etc/sudoers
  81. echo 'sysmt ALL=(root)   NOPASSWD:ALL,!/usr/bin/passwd root' >> /etc/sudoers
  82. sleep 1
  83. chmod 440 /etc/sudoers
  84. useradd zhiban
  85. echo zhiban | passwd --stdin zhiban
  86. useradd monitor
  87. echo monitor | passwd --stdin monitor
  88. groupadd -g 6000 nfsgroup
  90. # ulimit configure
  91. cat >> /etc/security/limits.conf << EOF
  92. *           soft   nofile       5000
  93. *           hard   nofile       5000
  94. *           soft   nproc        5000
  95. *           hard   nproc        5000
  96. *           soft   core         102400
  97. *           hard   core         102400
  98. EOF
  100. # Modify history configuration
  101. echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
  102. echo "export PROMPT_COMMAND=\"history -a\"" >> /etc/profile
  103. echo "export HISTCONTROL=\"ignoredups\"" >> /etc/profile
  104. source /etc/profile
  106. #Setting timeout
  107. echo "export TMOUT=300" >> /etc/profile
  109. #Setting multi-user mode
  110. systemctl set-default multi-user.target >/dev/null 2>&1
  112. # install kdump
  113. echo "kernel.sysrq = 1" >> /etc/sysctl.conf
  115. # crontab
  116. #echo '#time sync by gold at 20160608' >> /var/spool/cron/root
  117. #echo '30 18 * * * /usr/sbin/ntpdate 180.2.32.10 >/dev/null 2>&1' >> /var/spool/cron/root
  118. #echo '30 18 * * 1,2,3,4,5 /usr/sbin/ntpdate -b 10.30.2.1  >> /tmp/ntp.log' >> /var/spool/cron/root
  122. # check
  123. echo "#############service_status################" >> /tmp/gold_ks_log
  124. /usr/bin/systemctl status NetworkManager >> /tmp/gold_ks_log 2>&1
  125. /usr/bin/systemctl status bluetooth.service &>> /tmp/gold_ks_log
  127. #sed -i 's@\(^baseurl=http://\).*\(/rhel7/\)@\180.2.32.10\2@g' /etc/yum.repos.d/rhel7.repo
  129. #SSH BANNER
  130. echo 'PrintMotd yes'                     >>/etc/ssh/sshd_config
  131. echo 'Banner /etc/ssh/ssh_login_banner'  >>/etc/ssh/sshd_config
  132. echo "" >  /etc/ssh/ssh_login_banner
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注