Last active
December 4, 2017 16:15
-
-
Save jimorsm/62dde3e348d33eaba81d00ad36e30002 to your computer and use it in GitHub Desktop.
jimorsm'stool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#函数 初始化系统 | |
function initializeSystem() | |
{ | |
case $ID in | |
debian|ubuntu|devuan) | |
echo 暂不支持 | |
;; | |
centos|fedora|rhel) | |
PKGtool="yum" | |
if [$VERSION_ID -ge '22']; then | |
PKGtool = "dnf" | |
fi | |
echo 检查系统升级 | |
$PKGtool update -y -q | |
echo 检查安装epel-release | |
if [ $(grep epel /etc/yum.repos.d/*.repo | wc -l) -eq 0 ]; then | |
$PKGtool install -y -q epel-release | |
fi | |
echo 安装常用工具 | |
$PKGtool install git htop wget vim -y | |
echo "安装oh-my-sh" | |
$PKGtool install zsh -y | |
wget https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O - | sh | |
echo 配置服务器时间为rpc | |
rm -rf /etc/localtime | |
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime | |
echo 安装Pip | |
$PKGtool groupinstall "Development Tools" -y | |
$PKGtool install python-devel python-setuptools -y && easy_install pip | |
echo 配置SSH | |
configSSH | |
;; | |
*) | |
echo 不支持的系统 | |
esac | |
} | |
#函数 配置SSH | |
function configSSH() | |
{ | |
echo 1、root登入 | |
echo 2、密钥认证 | |
echo 3、密码认证 | |
echo 任意键跳过 | |
read -p "请选择" COMMAND | |
case $COMMAND in | |
1 ) | |
read -p "root登入 1启用,2禁用" COMMAND | |
case $COMMAND in | |
1 ) | |
sed -i 's/#PermitRootLogin/PermitRootLogin/g' /etc/ssh/sshd_config | |
sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config | |
;; | |
2 ) | |
sed -i 's/#PermitRootLogin/PermitRootLogin/g' /etc/ssh/sshd_config | |
sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config | |
;; | |
* ) | |
echo 输入错误,未执行操作 | |
;; | |
esac | |
;; | |
2 ) | |
read -p "公钥认证 1启用,2禁用(请自行上传公钥)" COMMAND | |
case $COMMAND in | |
1 ) | |
sed -i 's/#PubkeyAuthentication/PubkeyAuthentication/g' /etc/ssh/sshd_config | |
sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config | |
;; | |
2 ) | |
sed -i 's/#PubkeyAuthentication/PubkeyAuthentication/g' /etc/ssh/sshd_config | |
sed -i 's/PubkeyAuthentication yes/PubkeyAuthentication no/g' /etc/ssh/sshd_config | |
;; | |
* ) | |
echo 输入错误,未执行操作 | |
;; | |
esac | |
;; | |
3 ) | |
read -p "密码认证 1启用,2禁用" COMMAND | |
case $COMMAND in | |
1 ) | |
sed -i 's/#PasswordAuthentication/PasswordAuthentication/g' /etc/ssh/sshd_config | |
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config | |
;; | |
2 ) | |
sed -i 's/#PasswordAuthentication/PasswordAuthentication/g' /etc/ssh/sshd_config | |
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config | |
;; | |
* ) | |
echo 输入错误,未执行操作 | |
;; | |
esac | |
;; | |
* ) | |
;; | |
esac | |
} | |
#函数 配置防火墙 | |
function configFirewall() | |
{ | |
firewalldisactive=$(systemctl is-active firewalld.service) | |
iptablesisactive=$(systemctl is-active iptables.service) | |
# 添加防火墙允许列表 | |
if [[ ${firewalldisactive} = 'active' ]]; then | |
firewall-cmd --zone=public --permanent --add-port=10000-65535/tcp | |
firewall-cmd --zone=public --permanent --add-port=10000-65535/udp | |
firewall-cmd --permanent --zone=public --add-masquerade | |
firewall-cmd --reload | |
elif [[ ${iptablesisactive} = 'active' ]]; then | |
iptables -I INPUT -p tcp --dport ${port} -j ACCEPT | |
iptables -I INPUT -p udp --dport ${port} -j ACCEPT | |
iptables -I FORWARD -s ${vpnnetwork} -j ACCEPT | |
iptables -t nat -A POSTROUTING -s ${vpnnetwork} -o ${eth} -j MASQUERADE | |
#iptables -t nat -A POSTROUTING -j MASQUERADE | |
service iptables save | |
else | |
printf "\e[33mWARNING!!! Either firewalld or iptables is NOT Running! \e[0m\n" | |
fi | |
} | |
function installSSR() | |
{ | |
echo '开始安装shadowsocks' | |
#function InstallShadowsocks | |
echo '1安装依赖' | |
yum install wget htop git libsodium m2crypto python-devel libffi-devel openssl-devel python-setuptools -y && easy_install pip | |
yum groupinstall "Development Tools" -y | |
#yum install centos-release-scl -y | |
#yum install devtoolset-4-gcc* -y | |
#scl enable devtoolset-4 bash | |
echo '2下载Shadowsocks' | |
cd /home | |
git clone -b manyuser https://github.com/glzjin/shadowsocks.git | |
echo '3配置Shasowsocks' | |
cd shadowsocks | |
cp apiconfig.py userapiconfig.py | |
cp config.json user-config.json | |
read -p "输入节点id:" NOD_ID | |
read -p "节点自动测速,与面板保持一致 0为关闭:" SPEEDTEST | |
read -p "云安全,自动上报与下载封禁IP 1为开启,0为关闭:" CLOUDSAFE | |
read -p "自动封禁SS密码和加密方式错误的IP 1为开启,0为关闭:" ANTISSATTACK | |
sed -i "s/NODE_ID = 1/NODE_ID = $NOD_ID/g" userapiconfig.py | |
sed -i "s/SPEEDTEST = 6/SPEEDTEST = $SPEEDTEST/g" userapiconfig.py | |
sed -i "s/CLOUDSAFE = 1/CLOUDSAFE = $CLOUDSAFE/g" userapiconfig.py | |
sed -i "s/ANTISSATTACK = 0/ANTISSATTACK = $ANTISSATTACK/g" userapiconfig.py | |
read -p "启用单端口多用户 0:不启用 1:启用" MU | |
if [[ $MU = "1" ]]; then | |
read -p "输入多用户混淆参数后缀 MU_SUFFIX:" MU_SUFFIX | |
read -p "输入多用户混淆参数表达式,例:%5m%id.%suffix (%5m代表取用户特征 md5 的前五位,%id 代表用户id %suffix 代表上面这个后缀) | |
MU_REGEX:" MU_REGEX | |
sed -i "s/MU_SUFFIX = 'zhaoj.in'/MU_SUFFIX = '$MU_SUFFIX'/g" userapiconfig.py | |
sed -i "s/'%5m%id.%suffix'/'$MU_REGEX'/g" userapiconfig.py | |
fi | |
read -p "后端与面板连接方式 0:MYSQL 1:WEBAPI :" WEBAPI | |
if [[ $WEBAPI = "1" ]]; then | |
read -p "输入WEBAPI_URL: https://" WEBAPI_URL | |
read -p "输入WEBAPI_TOKEN:" WEBAPI_TOKEN | |
sed -i "s/API_INTERFACE = 'glzjinmod'/API_INTERFACE = 'modwebapi'/g" /home/shadowsocks/userapiconfig.py | |
sed -i "s#WEBAPI_URL = 'https://zhaoj.in'#WEBAPI_URL = 'https://$WEBAPI_URL'#g" /home/shadowsocks/userapiconfig.py | |
sed -i "s/WEBAPI_TOKEN = 'glzjin'/WEBAPI_TOKEN = '$WEBAPI_TOKEN'/g" /home/shadowsocks/userapiconfig.py | |
elif [[ $WEBAPI = "0" ]]; then | |
read -p "输入MYSQL_HOST: " MYSQL_HOST | |
read -p "输入MYSQL_PORT: " MYSQL_PORT | |
read -p "输入MYSQL_USER: " MYSQL_USER | |
read -p "输入MYSQL_PASS: " MYSQL_PASS | |
read -p "输入MYSQL_DB: " MYSQL_DB | |
sed -i "s/API_INTERFACE = 'modwebapi'/API_INTERFACE = 'glzjinmod'/g" /home/shadowsocks/userapiconfig.py | |
sed -i "s/MYSQL_HOST = '127.0.0.1'/MYSQL_HOST = '$MYSQL_HOST'/g" userapiconfig.py | |
sed -i "s/MYSQL_PORT = 3006/MYSQL_PORT = $MYSQL_PORT/g" userapiconfig.py | |
sed -i "s/MYSQL_USER = 'ss'/MYSQL_USER = '$MYSQL_USER'/g" userapiconfig.py | |
sed -i "s/MYSQL_PASS = 'ss'/MYSQL_PASS = '$MYSQL_PASS'/g" userapiconfig.py | |
sed -i "s/MYSQL_DB = 'shadowsocks'/MYSQL_DB = '$MYSQL_DB'/g" userapiconfig.py | |
$MYSQL_SSL_ENABLE = 0 | |
read -p "启用 MYSQL SSL: | |
0:不启用 1:启用" MYSQL_SSL_ENABLE | |
if [[ $MYSQL_SSL_ENABLE = "1" ]]; then | |
read -p "输入MYSQL_SSL_CA: " MYSQL_SSL_CA | |
read -p "输入MYSQL_SSL_CERT: " MYSQL_SSL_CERT | |
read -p "输入MYSQL_SSL_KEY: " MYSQL_SSL_KEY | |
sed -i "s/MYSQL_SSL_ENABLE = 0/MYSQL_SSL_ENABLE = $MYSQL_SSL_ENABLE/g" userapiconfig.py | |
sed -i "s/MYSQL_SSL_CA = ''/MYSQL_SSL_CA = '$MYSQL_SSL_CA'/g" userapiconfig.py | |
sed -i "s/MYSQL_SSL_CERT = ''/MYSQL_SSL_CERT = '$MYSQL_SSL_CERT'/g" userapiconfig.py | |
sed -i "s/MYSQL_SSL_KEY = ''/MYSQL_SSL_KEY = '$MYSQL_SSL_KEY'/g" userapiconfig.py | |
fi | |
fi | |
echo '4安装python模块' | |
pip install -r requirements.txt | |
pip install cymysql greenlet gevent | |
echo '5配置Systemd守护' | |
echo "[Unit] | |
Description=Shadowsocks Server Service | |
After=network.target | |
[Service] | |
LimitNOFILE=51200 | |
TimeoutStartSec=0 | |
ExecStart=/bin/python /home/shadowsocks/server.py | |
ExecStop=/bin/bash /home/shadowsocks/stop.sh | |
[Install] | |
WantedBy=multi-user.target">/etc/systemd/system/shadowsocks.service | |
echo '6启用并开启守护进程' | |
systemctl daemon-reload | |
systemctl enable shadowsocks | |
systemctl restart shadowsocks | |
echo '7完成' | |
} | |
# 主程序开始 | |
# 检测是否是root用户 | |
if [[ $(id -u) != "0" ]]; then | |
printf "\e[42m\e[31mError: You must be root to run this script.\e[0m\n" | |
exit 1 | |
fi | |
#检测系统及版本 | |
source /etc/os-release | |
echo 系统:$ID | |
echo 版本:$VERSION_ID | |
##选择功能 | |
echo 选择以下功能执行: | |
echo 1、初始化系统配置 | |
echo 2、安装SSR | |
echo 任意键退出 | |
read -p "请选择" COMMAND | |
case $COMMAND in | |
1 ) | |
initializeSystem | |
;; | |
2 ) | |
installSSR | |
;; | |
* ) | |
exit | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment