@zhangyy
2021-09-13T17:03:14.000000Z
字数 4582
阅读 126
运维系列
#!/bin/bash
# yum_client configuration
echo > /etc/yum.repos.d/rhel7_new.repo
cat >> /etc/yum.repos.d/rhel7_new.repo << EOF
[rhel7-base]
name=RHEL7.1
baseurl=http://180.2.32.10/rhel7
enabled=1
gpgcheck=0
EOF
# Enable or Disable Service
/usr/bin/systemctl set-default multi-user.target
/usr/bin/systemctl stop NetworkManager
/usr/bin/systemctl disable NetworkManager
/usr/bin/systemctl stop bluetooth.service
/usr/bin/systemctl disable bluetooth.service
/usr/bin/systemctl stop cups.service
/usr/bin/systemctl disable cups.service
/usr/bin/systemctl stop rhnsd.service
/usr/bin/systemctl disable rhnsd.service
/usr/bin/systemctl stop atd.service
/usr/bin/systemctl disable atd.service
/usr/bin/systemctl stop chronyd.service
/usr/bin/systemctl disable chronyd.service
/usr/bin/systemctl stop kdump.service
/usr/bin/systemctl disable kdump.service
/usr/bin/systemctl disable avahi-daemon.service >/dev/null 2>&1
/usr/bin/systemctl stop avahi-daemon.service >/dev/null 2>&1
/usr/bin/systemctl disable dbus-org.freedesktop.Avahi.service >/dev/null 2>&1
/usr/bin/systemctl stop dbus-org.freedesktop.Avahi.service >/dev/null 2>&1
/usr/bin/systemctl disable dbus-org.freedesktop.ModemManager1.service >/dev/null 2>&1
/usr/bin/systemctl stop dbus-org.freedesktop.ModemManager1.service >/dev/null 2>&1
/usr/bin/systemctl disable dmraid-activation.service >/dev/null 2>&1
/usr/bin/systemctl stop dmraid-activation.service >/dev/null 2>&1
/usr/bin/systemctl disable httpd.service >/dev/null 2>&1
/usr/bin/systemctl stop httpd.service >/dev/null 2>&1
/usr/bin/systemctl disable hypervkvpd.service >/dev/null 2>&1
/usr/bin/systemctl stop hypervkvpd.service >/dev/null 2>&1
/usr/bin/systemctl disable hypervvssd.service >/dev/null 2>&1
/usr/bin/systemctl stop hypervvssd.service >/dev/null 2>&1
/usr/bin/systemctl disable iscsi.service >/dev/null 2>&1
/usr/bin/systemctl stop iscsi.service >/dev/null 2>&1
/usr/bin/systemctl disable libvirtd.service >/dev/null 2>&1
/usr/bin/systemctl stop libvirtd.service >/dev/null 2>&1
/usr/bin/systemctl disable ModemManager.service >/dev/null 2>&1
/usr/bin/systemctl stop ModemManager.service >/dev/null 2>&1
/usr/bin/systemctl disable packagekit-offline-update.service >/dev/null 2>&1
/usr/bin/systemctl stop packagekit-offline-update.service >/dev/null 2>&1
/usr/bin/systemctl disable postfix.service >/dev/null 2>&1
/usr/bin/systemctl stop postfix.service >/dev/null 2>&1
/usr/bin/systemctl disable rhsmcertd.service >/dev/null 2>&1
/usr/bin/systemctl stop rhsmcertd.service >/dev/null 2>&1
/usr/bin/systemctl disable spice-vdagentd.service >/dev/null 2>&1
/usr/bin/systemctl stop spice-vdagentd.service >/dev/null 2>&1
# Install Packages 7.3
/usr/bin/mkdir /tmp/{nfs,glibc,oracle,openssl,bash,systemd}
cd /tmp/nfs
/usr/bin/wget http://180.2.32.10/nfs_patch/coreutils-8.22-12.el7_1.2.x86_64.rpm
rpm -Fvh *.rpm
cd /tmp/glibc
/usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/glibc_patch/rhel7/
rpm -Fvh *.rpm
cd /tmp/openssl
/usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/openssl_patch/rhel7/
rpm -Fvh *.rpm
cd /tmp/oracle
/usr/bin/wget http://180.2.32.10/oracle/rhel7/compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm
rpm -Uvh *.rpm
cd /tmp/bash/
/usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/bash_patch/rhel7/
rpm -Fvh *.rpm
cd /tmp/systemd/
/usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/systemd_patch/rhel7/
rpm -Fvh *.rpm
# sudo configure
useradd sysmt
echo sysmt | passwd --stdin sysmt
chmod 740 /etc/sudoers
echo 'sysmt ALL=(root) NOPASSWD:ALL,!/usr/bin/passwd root' >> /etc/sudoers
sleep 1
chmod 440 /etc/sudoers
useradd zhiban
echo zhiban | passwd --stdin zhiban
useradd monitor
echo monitor | passwd --stdin monitor
groupadd -g 6000 nfsgroup
# ulimit configure
cat >> /etc/security/limits.conf << EOF
* soft nofile 5000
* hard nofile 5000
* soft nproc 5000
* hard nproc 5000
* soft core 102400
* hard core 102400
EOF
# Modify history configuration
echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
echo "export PROMPT_COMMAND=\"history -a\"" >> /etc/profile
echo "export HISTCONTROL=\"ignoredups\"" >> /etc/profile
source /etc/profile
#Setting timeout
echo "export TMOUT=300" >> /etc/profile
#Setting multi-user mode
systemctl set-default multi-user.target >/dev/null 2>&1
# install kdump
echo "kernel.sysrq = 1" >> /etc/sysctl.conf
# crontab
#echo '#time sync by gold at 20160608' >> /var/spool/cron/root
#echo '30 18 * * * /usr/sbin/ntpdate 180.2.32.10 >/dev/null 2>&1' >> /var/spool/cron/root
#echo '30 18 * * 1,2,3,4,5 /usr/sbin/ntpdate -b 10.30.2.1 >> /tmp/ntp.log' >> /var/spool/cron/root
# check
echo "#############service_status################" >> /tmp/gold_ks_log
/usr/bin/systemctl status NetworkManager >> /tmp/gold_ks_log 2>&1
/usr/bin/systemctl status bluetooth.service &>> /tmp/gold_ks_log
#sed -i 's@\(^baseurl=http://\).*\(/rhel7/\)@\180.2.32.10\2@g' /etc/yum.repos.d/rhel7.repo
#SSH BANNER
echo 'PrintMotd yes' >>/etc/ssh/sshd_config
echo 'Banner /etc/ssh/ssh_login_banner' >>/etc/ssh/sshd_config
echo "" > /etc/ssh/ssh_login_banner