×Ô¶¯»¯shell½Å±¾ÅúÁ¿ÓÅ»¯²Ù×÷ϵͳ#!/bin/bash
#set env
export PATH=$PATH:/bin/:/sbin/:/usr/sbin
export LANG="zh_CN.GB18030"
#Require root to run this script.
if [[ "$(whoami)" != "root" ]];then
echo"Please run this script as root." >&2
exit 1
fi
#define cmd var
SERVICE=` which service`
CHKCONFIG=`which chkconfig`
#Source function library
. /etc/init.d/functions
#Config Yum CentOS-Base.repo
ConfigYum(){
echo"Config Yum CentOS-Base.repo"
cd/etc/yum.repos.d/
\cpCentOS-Base.repo CentOS-Base.repo.oldboy.$(date +%F)
ping -c 1baidu.com >/dev/null
[ ! $? -eq 0] && echo $"Networking not configured -exiting" &&exit 1
wget --quiet-o /dev/null http://mirros.sohu.com/help/CentOS-Base-sohu.repo
\cpCentOS-Base-sohu.repo CentOS-Base.repo
}
#Install Init Packages
installTool(){
echo"sysstat ntp net-snmp lrzsz rsync"
yum -yinstall sysstat ntp net-snmp lrzsz rsync >/dev/null 2>&1
}
#Charset GB18030
initI18n(){
echo"#set LANG="zh_cn.gb18030""
\cp/etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
sed -i's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#/etc/sysconfig/i18n'
source/etc/sysconfig/i18n
grep LANG/etc/sysconfig/i18n
sleep 1
}
#Close Selinux and Iptables
initFirewall(){
echo"#Close Selinux and Iptables"
\cp/etc/selinux/config /etc/selinux/config.`date +"%Y-%m-%d_%H-%M-%S"`
/etc/init.d/iptablesstop
sed -i's/SELINUX=enable/SELINUX=disabled' /etc/selinux/config
setenforce 0
/etc/init.d/iptablesstatus
grepSELINUX=disabled /etc/selinux/config
echo"Close selinux->OK and iptables->OK"
sleep 1
}
#Init Auto Startup Service
initService(){
echo"Close Nouseful Service"
exportLANG="en_US.UTF-8"
for oldboyin `chkconfig --list | grep 3:on| awk '{print $1}'`;do chkconfig --level 3$oldboy off ;done
for oldboyin crond network syslog sshd ;dochkconfig --level 3 $oldboy on;done
exportLANG="zh_CN.GB18030"
echo"Close Nouseful Service->OK"
sleep 1
}
initHostNameIp(){
echo"#init system name and modify sys ip address"
hostNameTmp=$1
ip_net=$2
ip=`$(ip_net).$3`
\cp /etc/hosts /etc/hosts.$(date+%U%T)
sed -i"s/$HOSTNAME/$hostNameTmp/" /etc/hosts
\cp/etc/sysconfig/network /etc/sysconfig/network.$(date+%U%T)
sed -i"s/$HOSTNAME/$hostNameTmp/" /etc/sysconfig/network
\cp/etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.$(date +%U%T)
cat>/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
BOOTPROTO=static
BROADCAST=${ip_net}.255
IPADDR=$ip
NETMASK=255.255.255.0
NETWORK=${ip_net}.0
GATEWAY=${ip_net}.1
ONBOOT=yes
EOF
hostname $hostNameTmp
echo "$ip $host.NameTmp" >>/etc/hosts
/etc/init.d/network reload
}
initSsh(){
echo"------ssh config-----------"
\cp/etc/ssh/sshd_config /etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i's%#Port 22%Port 52113%' /etc/ssh/sshd_config
sed -i's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config
sed -i's%#PermitEmptyPasswords%PermitEmptyPasswords no%' /etc/ssh/sshd_config
sed -i's%UserDNS yes%Use DNS no%' /etc/ssh/sshd_config
egrep"UseDNS|52113|RootLogin|EmptyPass" /etc/ssh/sshd_config
/etc/init.d/sshdreload && actioin $"--sshconfig--" /bin/true || action$"--sshconfig--" /bin/false
}
AddSAUser(){
echo"--add sys user for all students---"
datetmp=`date+"%Y-%m-%d_%H-%M-%S"`
\cp/etc/sudoers /etc/sudoers.${datetmp}
saUserArr=(oldboyoldboy1 oldboy2)
groupadd-g 901 sa
for((i=0;i<${#saUserArr[@]}; i++))
do
useradd-g sa -u 90${i} ${saUserArr[$i]}
echo"${saUserArr[$i]}123"|passwd ${saUserArr[$i]} --stdin
#[$(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL" /etc/sudoers | wc-l) -le 0 ] &&echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL">>/etc/sudoers
[ `grep "\%sa"| grep -v grep | wc -l` -ne 1 ] &&\
echo"$sa ALL=(ALL) NOPASSWD: ALL">>/etc/sudoers
done
/usr/sbin/visudo-c
[$? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers&&echo $"sudoers not configure--exiting" && exit 1
action$"--add sysuser for all students--->OK" /bin/true
sleep1
}
#set system rsync time
syncSystemTime(){
echo"set system sync time"
if [`grep 10.0.0.123 /var/spool/cron/root| grep -v grep | wc -l` -lt 1 ];then
echo"*/5 * * * * root /usr/sbin/ntpdate 10.0.0.123 >/dev/null2>&1">>/var/spool/crond
fi
if [`grep pool.ntp.org /var/spool/cron/root|grep -v grep | wc -l` -lt 1 ];then
echo"*/5 * * * * /usr/sbin/ntpdate cn.pool.ntp.org >/dev/null2>&1" >>/var/spool/crond
fi
}
openFiles(){
echo"max system file counts 65535"
\cp/etc/security/limits.conf /etc/security/limits.conf.`date+"%Y-%m-%d_%H-%M-%S"`
sed -i'/#End of file/i\*\t\t-\tnofile\t\t65535' /etc/security/limits.conf
ulimit-HSn 65535
echo"ulimit -HSn 65535">>/etc/rc.local
echo"configure ok"
sleep 1
}
#optimize system core variables
optimizationkernel(){
\cp/etc/sysctl.conf /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"`
cat>>/etc/sysctl.conf<<EOF
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 87380 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p && $"core optimize:"/bin/true ||action $"core optimize:" /bin/false
}
init_safe(){
echo"disabled ctrl+alt+del"
cp/etc/inittab /etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i"s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin/shutdown-t 3 -r now/" /etc/inittab
[ $? -eq0 ] && action $"disabled ok" /bin/true || action $"disabled faluse"/bin/false
}
disableIPV6(){
echo"disabled ipv6"
cp/etc/modprobe.conf /etc/modprobe.conf.`date +"%Y-%m-%d_%H-%M-%S"`
echo"alias net-pf-10 off" >>/etc/modprobe.conf
echo"alias ipv6 off" >> /etc/modprobe.conf
}
AStr="ÉèÖÃ×Ö·û±àÂ룬¹Ø±Õ·À»ðǽ£¬SELINUX,¹Ø±Õ²»±ØÒªµÄϵͳ·þÎñ"
BStr="¸ü¸ÄhostnameºÍÉèÖÃIP"
CStr="ÉèÖÃsshconfigÐÞ¸ÄĬÈ϶˿Ú22->50178ºÍ½ûÖ¹rootµÇ¼"
DStr="Ìí¼ÓSAÓû§²¢ÉèÖÃsudoȨÏÞ"
EStr="ͬ²½ÏµÍ³Ê±¼ä"
FStr="ÓÅ»¯ÏµÍ³ÄÚºË"
GStr="°²×°ÏµÍ³¹¤¾ßÈí¼þnagios client,puppetclient,snmp"
HStr="¹Ø±Õipv6"
IStr="µ÷Õûϵͳ´ò¿ªÎļþÊý"
JStr="°²×°ÏµÍ³¹¤¾ß"
KStr="Ò»¼ü³õʼ»¯"
echo "##############################"
echo "A--${Astr}"
echo "B--${Bstr}"
echo "C--${Cstr}"
echo "D--${Dstr}"
echo "E--${Estr}"
echo "F--${Fstr}"
echo "G--${Gstr}"
echo "H--${Hstr}"
echo "I--${Istr}"
echo "J--${Jstr}"
echo "K--${Kstr}"
echo "20 seconds later will auto choice one keyinstall"
option="-1"
read -n1 -t20 -p "Choose one ofA-B-C-D-E-F-G-H-I-J-K:::" option
flag1=$(echo $option|egrep "\-1 | wc -l")
flag2=$(echo $option|egrep "[A-Ka-k]" | wc-l)
if [ $flag1 -eq 1 ];then
option="K"
elif [ $flag2 -ne 1 ];then
echo"please input A-K keys!"
exit 1
fi
echo -e "\n you choice:$option\n"
echo "after 5s start install....."
sleep 5
case $option in
A|a)
ConfigYum
initI18n
initFirewall
initService
;;
B|b)
if[ $# -ne 2 ];then
echo"$0 oldboy 10.0.0.123"
exit1
fi
initHostNameIp$1 $2 $3
;;
C|c)
initSsh
;;
D|d)
AddSAUser
;;
E|e)
syncSystemTime
;;
F|f)
optimizationKernel
;;
G|g)
shinstallNagiosAndPuppetClient.sh
init_snmp
;;
H|h)
disableIPV6
;;
I|i)
openFiles
;;
J|j)
installTool
;;
K|k)
installTool
ConfigYum
initI18n
initService
AddSAUser
syncSystemTime
initHostNameIp
initSsh
shinstallNagiosAndPuppetClient.sh
if [$# -ne 2 ];then
echo"$0 oldboy 10.0.0.123"
fi
initHostNameIp$1 $2
optimizationKernel
openFiles
disableIPV6
;;
*)
echo"Please input A-K,thank you!"
esac
