[关闭]
@zhangyy 2021-09-13T17:03:14.000000Z 字数 4582 阅读 126

CentOS7.X 优化脚本

运维系列



  1. #!/bin/bash
  2. # yum_client configuration
  3. echo > /etc/yum.repos.d/rhel7_new.repo
  4. cat >> /etc/yum.repos.d/rhel7_new.repo << EOF
  5. [rhel7-base]
  6. name=RHEL7.1
  7. baseurl=http://180.2.32.10/rhel7
  8. enabled=1
  9. gpgcheck=0
  10. EOF
  11. # Enable or Disable Service
  12. /usr/bin/systemctl set-default multi-user.target
  13. /usr/bin/systemctl stop NetworkManager
  14. /usr/bin/systemctl disable NetworkManager
  15. /usr/bin/systemctl stop bluetooth.service
  16. /usr/bin/systemctl disable bluetooth.service
  17. /usr/bin/systemctl stop cups.service
  18. /usr/bin/systemctl disable cups.service
  19. /usr/bin/systemctl stop rhnsd.service
  20. /usr/bin/systemctl disable rhnsd.service
  21. /usr/bin/systemctl stop atd.service
  22. /usr/bin/systemctl disable atd.service
  23. /usr/bin/systemctl stop chronyd.service
  24. /usr/bin/systemctl disable chronyd.service
  25. /usr/bin/systemctl stop kdump.service
  26. /usr/bin/systemctl disable kdump.service
  27. /usr/bin/systemctl disable avahi-daemon.service >/dev/null 2>&1
  28. /usr/bin/systemctl stop avahi-daemon.service >/dev/null 2>&1
  29. /usr/bin/systemctl disable dbus-org.freedesktop.Avahi.service >/dev/null 2>&1
  30. /usr/bin/systemctl stop dbus-org.freedesktop.Avahi.service >/dev/null 2>&1
  31. /usr/bin/systemctl disable dbus-org.freedesktop.ModemManager1.service >/dev/null 2>&1
  32. /usr/bin/systemctl stop dbus-org.freedesktop.ModemManager1.service >/dev/null 2>&1
  33. /usr/bin/systemctl disable dmraid-activation.service >/dev/null 2>&1
  34. /usr/bin/systemctl stop dmraid-activation.service >/dev/null 2>&1
  35. /usr/bin/systemctl disable httpd.service >/dev/null 2>&1
  36. /usr/bin/systemctl stop httpd.service >/dev/null 2>&1
  37. /usr/bin/systemctl disable hypervkvpd.service >/dev/null 2>&1
  38. /usr/bin/systemctl stop hypervkvpd.service >/dev/null 2>&1
  39. /usr/bin/systemctl disable hypervvssd.service >/dev/null 2>&1
  40. /usr/bin/systemctl stop hypervvssd.service >/dev/null 2>&1
  41. /usr/bin/systemctl disable iscsi.service >/dev/null 2>&1
  42. /usr/bin/systemctl stop iscsi.service >/dev/null 2>&1
  43. /usr/bin/systemctl disable libvirtd.service >/dev/null 2>&1
  44. /usr/bin/systemctl stop libvirtd.service >/dev/null 2>&1
  45. /usr/bin/systemctl disable ModemManager.service >/dev/null 2>&1
  46. /usr/bin/systemctl stop ModemManager.service >/dev/null 2>&1
  47. /usr/bin/systemctl disable packagekit-offline-update.service >/dev/null 2>&1
  48. /usr/bin/systemctl stop packagekit-offline-update.service >/dev/null 2>&1
  49. /usr/bin/systemctl disable postfix.service >/dev/null 2>&1
  50. /usr/bin/systemctl stop postfix.service >/dev/null 2>&1
  51. /usr/bin/systemctl disable rhsmcertd.service >/dev/null 2>&1
  52. /usr/bin/systemctl stop rhsmcertd.service >/dev/null 2>&1
  53. /usr/bin/systemctl disable spice-vdagentd.service >/dev/null 2>&1
  54. /usr/bin/systemctl stop spice-vdagentd.service >/dev/null 2>&1
  55. # Install Packages 7.3
  56. /usr/bin/mkdir /tmp/{nfs,glibc,oracle,openssl,bash,systemd}
  57. cd /tmp/nfs
  58. /usr/bin/wget http://180.2.32.10/nfs_patch/coreutils-8.22-12.el7_1.2.x86_64.rpm
  59. rpm -Fvh *.rpm
  60. cd /tmp/glibc
  61. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/glibc_patch/rhel7/
  62. rpm -Fvh *.rpm
  63. cd /tmp/openssl
  64. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/openssl_patch/rhel7/
  65. rpm -Fvh *.rpm
  66. cd /tmp/oracle
  67. /usr/bin/wget http://180.2.32.10/oracle/rhel7/compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm
  68. rpm -Uvh *.rpm
  69. cd /tmp/bash/
  70. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/bash_patch/rhel7/
  71. rpm -Fvh *.rpm
  72. cd /tmp/systemd/
  73. /usr/bin/wget -nd -r -l1 --no-parent http://180.2.32.10/systemd_patch/rhel7/
  74. rpm -Fvh *.rpm
  75. # sudo configure
  76. useradd sysmt
  77. echo sysmt | passwd --stdin sysmt
  78. chmod 740 /etc/sudoers
  79. echo 'sysmt ALL=(root) NOPASSWD:ALL,!/usr/bin/passwd root' >> /etc/sudoers
  80. sleep 1
  81. chmod 440 /etc/sudoers
  82. useradd zhiban
  83. echo zhiban | passwd --stdin zhiban
  84. useradd monitor
  85. echo monitor | passwd --stdin monitor
  86. groupadd -g 6000 nfsgroup
  87. # ulimit configure
  88. cat >> /etc/security/limits.conf << EOF
  89. * soft nofile 5000
  90. * hard nofile 5000
  91. * soft nproc 5000
  92. * hard nproc 5000
  93. * soft core 102400
  94. * hard core 102400
  95. EOF
  96. # Modify history configuration
  97. echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
  98. echo "export PROMPT_COMMAND=\"history -a\"" >> /etc/profile
  99. echo "export HISTCONTROL=\"ignoredups\"" >> /etc/profile
  100. source /etc/profile
  101. #Setting timeout
  102. echo "export TMOUT=300" >> /etc/profile
  103. #Setting multi-user mode
  104. systemctl set-default multi-user.target >/dev/null 2>&1
  105. # install kdump
  106. echo "kernel.sysrq = 1" >> /etc/sysctl.conf
  107. # crontab
  108. #echo '#time sync by gold at 20160608' >> /var/spool/cron/root
  109. #echo '30 18 * * * /usr/sbin/ntpdate 180.2.32.10 >/dev/null 2>&1' >> /var/spool/cron/root
  110. #echo '30 18 * * 1,2,3,4,5 /usr/sbin/ntpdate -b 10.30.2.1 >> /tmp/ntp.log' >> /var/spool/cron/root
  111. # check
  112. echo "#############service_status################" >> /tmp/gold_ks_log
  113. /usr/bin/systemctl status NetworkManager >> /tmp/gold_ks_log 2>&1
  114. /usr/bin/systemctl status bluetooth.service &>> /tmp/gold_ks_log
  115. #sed -i 's@\(^baseurl=http://\).*\(/rhel7/\)@\180.2.32.10\2@g' /etc/yum.repos.d/rhel7.repo
  116. #SSH BANNER
  117. echo 'PrintMotd yes' >>/etc/ssh/sshd_config
  118. echo 'Banner /etc/ssh/ssh_login_banner' >>/etc/ssh/sshd_config
  119. echo "" > /etc/ssh/ssh_login_banner
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注