ԶshellűŻϵͳ

#!/bin/bash

#set env

export PATH=$PATH:/bin/:/sbin/:/usr/sbin

export LANG="zh_CN.GB18030"

 

#Require root to run this script.

if [[ "$(whoami)" != "root" ]];then

        echo"Please run this script as root." >&2

        exit 1

fi

 

#define cmd var

SERVICE=` which service`

CHKCONFIG=`which chkconfig`

 

#Source function library

. /etc/init.d/functions

 

#Config Yum CentOS-Base.repo

ConfigYum(){

        echo"Config Yum CentOS-Base.repo"

        cd/etc/yum.repos.d/

        \cpCentOS-Base.repo CentOS-Base.repo.oldboy.$(date +%F)

        ping -c 1baidu.com >/dev/null

        [ ! $? -eq 0] && echo $"Networking not configured -exiting" &&exit 1

        wget --quiet-o /dev/null http://mirros.sohu.com/help/CentOS-Base-sohu.repo

        \cpCentOS-Base-sohu.repo CentOS-Base.repo

}

 

#Install Init Packages

installTool(){

        echo"sysstat ntp net-snmp lrzsz rsync"

        yum -yinstall sysstat ntp net-snmp lrzsz rsync >/dev/null 2>&1

}

 

#Charset GB18030

initI18n(){

        echo"#set LANG="zh_cn.gb18030""

        \cp/etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)

        sed -i's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#/etc/sysconfig/i18n'

        source/etc/sysconfig/i18n

        grep LANG/etc/sysconfig/i18n

        sleep 1

}

 

#Close Selinux and Iptables

initFirewall(){

        echo"#Close Selinux and Iptables"

        \cp/etc/selinux/config /etc/selinux/config.`date +"%Y-%m-%d_%H-%M-%S"`

        /etc/init.d/iptablesstop

        sed -i's/SELINUX=enable/SELINUX=disabled' /etc/selinux/config

        setenforce 0

        /etc/init.d/iptablesstatus

        grepSELINUX=disabled /etc/selinux/config

        echo"Close selinux->OK and iptables->OK"

        sleep 1

}

 

#Init Auto Startup Service

initService(){

        echo"Close Nouseful Service"

        exportLANG="en_US.UTF-8"

        for oldboyin `chkconfig --list | grep 3:on| awk '{print $1}'`;do chkconfig --level 3$oldboy off ;done

        for oldboyin  crond network syslog sshd ;dochkconfig --level 3 $oldboy on;done

        exportLANG="zh_CN.GB18030"

        echo"Close Nouseful Service->OK"

        sleep 1

}

 

initHostNameIp(){

        echo"#init system name and modify sys ip address"

        hostNameTmp=$1

        ip_net=$2

        ip=`$(ip_net).$3`

        \cp /etc/hosts /etc/hosts.$(date+%U%T)

        sed -i"s/$HOSTNAME/$hostNameTmp/" /etc/hosts

        \cp/etc/sysconfig/network   /etc/sysconfig/network.$(date+%U%T)

        sed -i"s/$HOSTNAME/$hostNameTmp/" /etc/sysconfig/network

        \cp/etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.$(date +%U%T)

 

cat>/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF

DEVICE=eth0

BOOTPROTO=static

BROADCAST=${ip_net}.255

IPADDR=$ip

NETMASK=255.255.255.0

NETWORK=${ip_net}.0

GATEWAY=${ip_net}.1

ONBOOT=yes

EOF

 

hostname $hostNameTmp

echo "$ip $host.NameTmp" >>/etc/hosts

/etc/init.d/network reload

}

 

initSsh(){

        echo"------ssh config-----------"

        \cp/etc/ssh/sshd_config /etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"`

        sed -i's%#Port 22%Port 52113%' /etc/ssh/sshd_config

        sed -i's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config

        sed -i's%#PermitEmptyPasswords%PermitEmptyPasswords no%' /etc/ssh/sshd_config

        sed -i's%UserDNS yes%Use DNS no%' /etc/ssh/sshd_config

        egrep"UseDNS|52113|RootLogin|EmptyPass" /etc/ssh/sshd_config

        /etc/init.d/sshdreload && actioin $"--sshconfig--" /bin/true || action$"--sshconfig--" /bin/false

}

 

AddSAUser(){

        echo"--add sys user for all students---"

        datetmp=`date+"%Y-%m-%d_%H-%M-%S"`

        \cp/etc/sudoers  /etc/sudoers.${datetmp}

        saUserArr=(oldboyoldboy1 oldboy2)

        groupadd-g 901 sa

        for((i=0;i<${#saUserArr[@]}; i++))

        do

                useradd-g sa -u 90${i}   ${saUserArr[$i]}

                echo"${saUserArr[$i]}123"|passwd ${saUserArr[$i]} --stdin

                #[$(grep "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL" /etc/sudoers | wc-l) -le 0 ] &&echo "${saUserArr[$i]} ALL=(ALL) NOPASSWD:ALL">>/etc/sudoers

               [ `grep "\%sa"| grep -v grep | wc -l` -ne 1 ] &&\

                echo"$sa         ALL=(ALL)         NOPASSWD: ALL">>/etc/sudoers

        done

                /usr/sbin/visudo-c

                [$? -ne 0 ] && /bin/cp /etc/sudoers.${datetmp} /etc/sudoers&&echo $"sudoers not configure--exiting" && exit 1

                action$"--add sysuser for all students--->OK" /bin/true

                sleep1

}

 

#set system rsync time

syncSystemTime(){

        echo"set system sync time"

        if [`grep 10.0.0.123 /var/spool/cron/root| grep -v grep | wc -l` -lt 1 ];then

                echo"*/5 * * * * root /usr/sbin/ntpdate 10.0.0.123 >/dev/null2>&1">>/var/spool/crond

        fi

        if [`grep pool.ntp.org /var/spool/cron/root|grep -v grep | wc -l` -lt 1 ];then

                echo"*/5 * * * * /usr/sbin/ntpdate cn.pool.ntp.org >/dev/null2>&1" >>/var/spool/crond

        fi

}

 

openFiles(){

        echo"max system file counts 65535"

        \cp/etc/security/limits.conf /etc/security/limits.conf.`date+"%Y-%m-%d_%H-%M-%S"`

        sed -i'/#End of file/i\*\t\t-\tnofile\t\t65535'     /etc/security/limits.conf

        ulimit-HSn 65535

        echo"ulimit -HSn 65535">>/etc/rc.local

        echo"configure ok"

        sleep 1

}

 

#optimize system core variables

optimizationkernel(){

        \cp/etc/sysctl.conf   /etc/sysctl.conf.`date +"%Y-%m-%d_%H-%M-%S"`

cat>>/etc/sysctl.conf<<EOF

net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_max_orphans = 3276800

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

net.ipv4.tcp_rmem = 4096 87380 16777216

net.ipv4.tcp_wmem = 4096 87380 16777216

net.core.netdev_max_backlog = 32768

net.core.somaxconn = 32768

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_fin_timeout = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_max_syn_backlog = 65535

net.ipv4.ip_local_port_range = 1024 65535

EOF

/sbin/sysctl -p && $"core optimize:"/bin/true ||action $"core optimize:" /bin/false

}

init_safe(){

        echo"disabled ctrl+alt+del"

        cp/etc/inittab /etc/inittab.`date +"%Y-%m-%d_%H-%M-%S"`

        sed -i"s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin/shutdown-t 3 -r now/" /etc/inittab

        [ $? -eq0 ] && action $"disabled ok" /bin/true  || action $"disabled faluse"/bin/false

}

 

disableIPV6(){

        echo"disabled ipv6"

        cp/etc/modprobe.conf /etc/modprobe.conf.`date +"%Y-%m-%d_%H-%M-%S"`

        echo"alias net-pf-10 off" >>/etc/modprobe.conf

        echo"alias ipv6 off" >> /etc/modprobe.conf

}

 

AStr="ַ룬رշǽSELINUX,رղҪϵͳ"

BStr="hostnameIP"

CStr="sshconfig޸Ĭ϶˿22->50178ͽֹroot¼"

DStr="SAûsudoȨ"

EStr="ͬϵͳʱ"

FStr="Żϵͳں"

GStr="װϵͳnagios client,puppetclient,snmp"

HStr="رipv6"

IStr="ϵͳļ"

JStr="װϵͳ"

KStr="һʼ"

 

echo "##############################"

echo "A--${Astr}"

echo "B--${Bstr}"

echo "C--${Cstr}"

echo "D--${Dstr}"

echo "E--${Estr}"

echo "F--${Fstr}"

echo "G--${Gstr}"

echo "H--${Hstr}"

echo "I--${Istr}"

echo "J--${Jstr}"

echo "K--${Kstr}"

echo "20 seconds later will auto choice one keyinstall"

 

option="-1"

read -n1 -t20 -p "Choose one ofA-B-C-D-E-F-G-H-I-J-K:::" option

 

flag1=$(echo $option|egrep "\-1 | wc -l")

flag2=$(echo $option|egrep "[A-Ka-k]" | wc-l)

if [ $flag1 -eq 1 ];then

        option="K"

elif [ $flag2 -ne 1 ];then

        echo"please input A-K keys!"

        exit 1

fi

 

echo -e "\n you choice:$option\n"

echo "after 5s start install....."

sleep 5

case $option in

        A|a)
                ConfigYum

                initI18n

                initFirewall

                initService

                ;;

        B|b)

                if[ $# -ne 2 ];then

                echo"$0 oldboy  10.0.0.123"

                exit1

                fi

                initHostNameIp$1 $2 $3

                ;;

        C|c)

                initSsh

                ;;

        D|d)

                AddSAUser

                ;;

        E|e)

                syncSystemTime

                ;;

        F|f)

                optimizationKernel

                ;;

        G|g)

                shinstallNagiosAndPuppetClient.sh

                init_snmp

                ;;

        H|h)

                disableIPV6

                ;;

        I|i)

                openFiles

                ;;

        J|j)

                installTool

                ;;

        K|k)

                installTool

                ConfigYum

                initI18n

                initService

                AddSAUser

                syncSystemTime

                initHostNameIp

                initSsh

                       

                shinstallNagiosAndPuppetClient.sh

                if [$# -ne 2 ];then

                echo"$0  oldboy 10.0.0.123"

                fi

                initHostNameIp$1  $2

                optimizationKernel

                openFiles

                disableIPV6

                ;;

        *)

                echo"Please input A-K,thank you!"

esac

 

ָ
YWSOS.COM ƽ̨ά
 
 
   

Powered by AKCMS