Last active
August 22, 2017 01:47
-
-
Save vmlive/9994394 to your computer and use it in GitHub Desktop.
Centos 6初始化脚本
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # # sample usage | |
| # curl -o /tmp/initial_centos6.sh https://gist.githubusercontent.com/vmlive/9994394/raw | |
| # nohup /bin/bash /tmp/initial_centos6.sh > /tmp/initial_centos6.sh.log && rm -f /tmp/initial_centos6.sh & | |
| # | |
| #this script is only for CentOS 6 | |
| #check the OS | |
| yum -y install lsb wget | |
| platform=`uname -i` | |
| if [ $platform != "x86_64" ];then | |
| echo "this script is only for 64bit Operating System !" | |
| exit 1 | |
| fi | |
| echo "the platform is ok" | |
| version=`lsb_release -r |awk '{print substr($2,1,1)}'` | |
| if [ $version != 6 ];then | |
| echo "this script is only for CentOS 6 !" | |
| exit 1 | |
| fi | |
| cat << EOF | |
| +---------------------------------------+ | |
| | your system is CentOS 6 x86_64 | | |
| | start optimizing....... | | |
| +--------------------------------------- | |
| EOF | |
| #add the third-party repo | |
| #add the epel | |
| rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm | |
| #add the puppetlabs | |
| rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm | |
| # Turn off unnecessary services | |
| service=($(ls /etc/init.d/)) | |
| for i in ${service[@]}; do | |
| case $i in | |
| cpus|ip6tables) | |
| chkconfig $i off;; | |
| *) | |
| chkconfig $i on;; | |
| esac | |
| done | |
| #set ulimit | |
| #update the system and set the ntp | |
| yum clean all | |
| yum -y update && echo exclude=kernel* >> /etc/yum.conf | |
| #echo '30 21 * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null 2>&1' >> /var/spool/cron/root | |
| #set the file limit | |
| echo "ulimit -SHn 102400" >> /etc/rc.local | |
| cat >> /etc/security/limits.conf << EOF | |
| * soft nofile 65535 | |
| * hard nofile 65535 | |
| EOF | |
| #set the control-alt-delete to guard against the misuse | |
| sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf | |
| #disable selinux | |
| sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config | |
| #set ssh | |
| sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config | |
| sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config | |
| service sshd restart | |
| #tune kernel parametres #set sysctl | |
| cat > /etc/sysctl.conf << EOF | |
| net.ipv4.ip_forward = 0 | |
| net.ipv4.conf.default.rp_filter = 1 | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| kernel.sysrq = 0 | |
| kernel.core_uses_pid = 1 | |
| kernel.msgmnb = 65536 | |
| kernel.msgmax = 65536 | |
| kernel.shmmax = 68719476736 | |
| kernel.shmall = 4294967296 | |
| net.ipv4.tcp_max_tw_buckets = 6000 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_window_scaling = 1 | |
| net.ipv4.tcp_rmem = 4096 87380 4194304 | |
| net.ipv4.tcp_wmem = 4096 16384 4194304 | |
| net.core.wmem_default = 8388608 | |
| net.core.rmem_default = 8388608 | |
| net.core.rmem_max = 16777216 | |
| net.core.wmem_max = 16777216 | |
| net.core.netdev_max_backlog = 500000 | |
| net.core.somaxconn = 262144 | |
| net.ipv4.tcp_max_orphans = 3276800 | |
| net.ipv4.tcp_syncookies = 1 | |
| net.ipv4.tcp_max_syn_backlog = 262144 | |
| net.ipv4.tcp_timestamps = 0 | |
| net.ipv4.tcp_synack_retries = 1 | |
| net.ipv4.tcp_syn_retries = 1 | |
| net.ipv4.tcp_tw_recycle = 1 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| net.ipv4.tcp_mem = 94500000 915000000 927000000 | |
| net.ipv4.tcp_fin_timeout = 1 | |
| net.ipv4.tcp_keepalive_time = 1200 | |
| net.ipv4.ip_local_port_range = 1024 65535 | |
| net.nf_conntrack_max = 25000000 | |
| net.netfilter.nf_conntrack_max = 25000000 | |
| net.netfilter.nf_conntrack_tcp_timeout_established = 180 | |
| net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 | |
| net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 | |
| net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 | |
| vm.swappiness = 0 | |
| EOF | |
| /sbin/sysctl -p | |
| #define the backspace button can erase the last character typed | |
| echo 'stty erase ^H' >> /etc/profile | |
| echo "syntax on" >> /root/.vimrc | |
| #disable the ipv6 | |
| cat > /etc/modprobe.d/ipv6.conf << EOFI | |
| alias net-pf-10 off | |
| options ipv6 disable=1 | |
| EOFI | |
| #echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network | |
| # set iptables | |
| iptables -F | |
| iptables -X | |
| iptables -Z | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A INPUT -p icmp -j ACCEPT | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -d 224.0.0.0/8 -j ACCEPT | |
| iptables -A INPUT -p vrrp -j ACCEPT | |
| iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
| iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 10050 -j ACCEPT | |
| iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 65522 -j ACCEPT | |
| iptables -A INPUT -p udp --sport 53 -j ACCEPT | |
| iptables -A INPUT -p tcp --sport 53 -j ACCEPT | |
| iptables -P INPUT DROP | |
| #iptables -P FORWARD DROP | |
| #iptables -P OUTPUT DROP | |
| /etc/init.d/iptables save | |
| cat << EOF | |
| +-------------------------------------------------+ | |
| | optimizer is done | | |
| | it's recommond to restart this server ! | | |
| +-------------------------------------------------+ | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment