阮胜昌的技术记录站-LinuxMySQL数据库运维

#!/bin/bash
echo "#add 163  epel /usr/bin/yum "
ver=`cat /etc/redhat-release  |awk '{print $3}'| awk -F "." '{print $1}'`
if [ $ver -eq 5 ]; then
                /bin/rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/5/i386/epel-release-5-4.noarch.rpm
                /usr/bin/wget  -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS5-Base-163.repo
else
        rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm  
        /usr/bin/wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
fi
/usr/bin/yum clean all
/usr/bin/yum makecache

echo "#install gcc sysstat"
/usr/bin/yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat
echo "#install ntp"
/usr/bin/yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab
ntpdate ntp.api.bz
service crond restart

echo "#conf_ulimit"
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat<< EOF >>/etc/security/limits.conf
*         soft        nofile        60000
*        hard        nofile        65535
EOF

echo "tune kernel parametres"
cat<< EOF >>/etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
echo "disable control-alt-delete key"
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab
echo "disable SElinux"
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config
echo "ssh configure optimize"
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config
service sshd restart
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
echo "install ipv6 /bin/true" >> /etc/modprobe.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network
sed -i 's@NETWORKING_IPV6=yes@NETWORKING_IPV6=no@' /etc/sysconfig/network
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
chkconfig bluetooth off
chkconfig sendmail off
chkconfig kudzu off
chkconfig nfslock off
chkconfig portmap off
chkconfig iptables off
chkconfig autofs off
chkconfig yum-updatesd off
chkconfig cups off
chkconfig hplip off
chkconfig ip6tables off
chkconfig iscsi off
chkconfig iscsid off
chkconfig isdn off
chkconfig smartd off
chkconfig postfix off
chkconfig lldpad off
chkconfig auditd off
chkconfig saslauthd  off
chkconfig  restorecond off
chkconfig  rdisc off
chkconfig  portreserve  off
chkconfig  netconsole  off
chkconfig  matahari-sysconfig  off
chkconfig atd off
sed -i 's@id:5:initdefault:@id:3:initdefault:@' /etc/inittab