转载一篇Ricky的系统优化脚本,这个脚本只能针对centos6x 其他还没有测试,但centos7肯定不行的
#!/bin/bash
# ID 201510192126
# Author Ricky
# E-mail 564001002@qq.com
# CentOS 6 系统初始优化脚本 IT运维管理技术交流群 16548318
# version 1.1.0
# 检查是否为root用户,脚本必须在root权限下运行 #
if
[[
"$(whoami)"
!=
"root"
]];
then
echo
"please run this script as root !"
>&2
exit
1
fi
echo
-e
" 33[31m the script only Support CentOS_6 x86_64 33[0m"
echo
-e
" 33[31m system initialization script, Please Seriously. press ctrl+C to cancel 33[0m"
# 按Y继续默认N,其他按键全部退出 #
yn=
"n"
echo
"please input [YN]"
echo
-n
"default [N]: "
read
yn
if
[
"$yn"
!=
"y"
-a
"$yn"
!=
"Y"
];
then
echo
"bye-bye!"
exit
0
fi
# 倒计时 #
for
i
in
`
seq
-w 3 -1 1`
do
echo
-
ne
">>>>>$i"
;
sleep
1;
done
echo
-e
"Good Luck"
# 检查是否为64位系统,这个脚本只支持64位脚本
platform=`
uname
-i`
if
[ $platform !=
"x86_64"
];
then
echo
"this script is only for 64bit Operating System !"
exit
1
fi
echo
"the platform is ok"
# 安装必要支持工具及软件工具
yum -y
install
redhat-lsb vim unzip openssl-client
gcc
gcc
-c++
# clear
echo
"Tools installation is complete"
# 检查系统版本为centos 6
distributor=`lsb_release -i |
awk
'{print $NF}'
`
version=`lsb_release -r |
awk
'{print substr($NF,1,1)}'
`
if
[ $distributor !=
'CentOS'
-o $version !=
'6'
];
then
echo
"this script is only for CentOS 6 !"
exit
1
fi
# clear
cat
<< EOF
+---------------------------------------+
| your system is CentOS 6 x86_64 |
| start optimizing |
+---------------------------------------+
EOF
sleep
3
# instll repo
yum_update(){
#make the 163.com as the default yum repo
if
[ ! -e
"/etc/yum.repos.d/bak"
];
then
mkdir
/etc/yum
.repos.d
/bak
mv
/etc/yum
.repos.d
/CentOS-Base
.repo
/etc/yum
.repos.d
/bak/CentOS-Base
.repo.backup
fi
#add
wget http:
//mirrors
.163.com/.help
/CentOS6-Base-163
.repo -O
/etc/yum
.repos.d
/CentOS-Base
.repo
#add the third-party repo
#rpm -Uvh http://download.Fedora.RedHat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm
rpm -Uvh
ftp
:
//ftp
.muug.mb.ca
/mirror/centos/6
.7
/extras/x86_64/Packages/epel-release-6-8
.noarch.rpm
#add the epel
rpm --
import
/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
#add the rpmforge
rpm -Uvh http:
//packages
.sw.be
/rpmforge-release/rpmforge-release-0
.5.2-2.el6.rf.x86_64.rpm
rpm --
import
/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
#update the system
yum clean all && yum makecache
yum -y update glibc*
yum -y update yum* rpm* python*
yum -y update
echo
-e
" 33[31m yum update ok 33[0m"
sleep
1
}
#time zone
zone_time(){
#install ntp
yum -y
install
ntp
#time zone
if
[ `
date
+%z` !=
"+0800"
];
then
rm
-rf
/etc/localtime
ln
-sf
/usr/share/zoneinfo/Asia/Shanghai
/etc/localtime
cat
>
/etc/sysconfig/clock
<< EOF
ZONE=
"Asia/Shanghai"
UTC=
false
ARC=
false
EOF
if
[ `
date
+%z` !=
"+0800"
];
then
echo
"The Shanghai time zone error"
rm
-rf
/etc/localtime
ln
-sf
/usr/share/zoneinfo/Asia/Chongqing
/etc/localtime
cat
>
/etc/sysconfig/clock
<< EOF
ZONE=
"Asia/Chongqing"
UTC=
false
ARC=
false
EOF
if
[ `
date
+%z` !=
"+0800"
];
then
echo
"The Chongqing time zone error"
rm
-rf
/etc/localtime
ln
-sf
/usr/share/zoneinfo/Asia/Hong_Kong
/etc/localtime
cat
>
/etc/sysconfig/clock
<< EOF
ZONE=
"Asia/Hang_Kong"
UTC=
false
ARC=
false
EOF
if
[ `
date
+%z` !=
"+0800"
];
then
echo
"The Hang_Kong time zone error, To write Shanghai time zone "
echo
-e
" 33[31m time zone error , please manual settings 33[0m"
rm
-rf
/etc/localtime
ln
-sf
/usr/share/zoneinfo/Asia/Shanghai
/etc/localtime
cat
>
/etc/sysconfig/clock
<< EOF
ZONE=
"Asia/Shanghai"
UTC=
false
ARC=
false
EOF
fi
fi
fi
fi
echo
"Present time zone:"
`
date
+%z`
cat
/etc/sysconfig/clock
echo
-e
" 33[31m time zone ok 33[0m"
sleep
1
# set time
echo
"update time please wait!"
/usr/sbin/ntpdate
210.72.145.44 >
/dev/null
2>&1
#sed -i "/ntpdate/s/^/#/g" /var/spool/cron/root
sed
-i
"/ntpdate/d"
/var/spool/cron/root
sed
-i
"/hwclock/d"
/var/spool/cron/root
cat
>>
/var/spool/cron/root
<< EOF
*
/5
* * * *
/usr/sbin/ntpdate
210.72.145.44 >
/dev/null
2>&1
* * * * *
/1
/usr/sbin/hwclock
-w >
/dev/null
2>&1
EOF
chmod
600
/var/spool/cron/root
/sbin/service
crond restart
echo
-e
" 33[31m time zone ok 33[0m"
sleep
1
}
# set hosts
hosts(){
#修改hostname为127.0.0.1
if
[
"$(hostname -i)"
!=
"127.0.0.1"
];
then
sed
-i
"s@^127.0.0.1(.*)@127.0.0.1 `hostname`1@"
/etc/hosts
fi
hostname
-i
echo
-e
" 33[31m hosts ok 33[0m"
sleep
1
}
#set the file limit
limits_config(){
#修改文件打开数
sed
-i
"/^ulimit -SHn.*/d"
/etc/rc
.
local
echo
"ulimit -SHn 102400"
>>
/etc/rc
.
local
sed
-i
"/^ulimit -s.*/d"
/etc/profile
sed
-i
"/^ulimit -c.*/d"
/etc/profile
sed
-i
"/^ulimit -SHn.*/d"
/etc/profile
cat
>>
/etc/profile
<< EOF
#
#
#
ulimit
-c unlimited
ulimit
-s unlimited
ulimit
-SHn 102400
EOF
source
/etc/profile
ulimit
-a
cat
/etc/profile
|
grep
ulimit
echo
-e
" 33[31m hosts ok 33[0m"
if
[ ! -f
"/etc/security/limits.conf.bak"
];
then
cp
/etc/security/limits
.conf
/etc/security/limits
.conf.bak
fi
sed
-i
"/^*.*soft.*nofile/d"
/etc/security/limits
.conf
sed
-i
"/^*.*hard.*nofile/d"
/etc/security/limits
.conf
sed
-i
"/^*.*soft.*nproc/d"
/etc/security/limits
.conf
sed
-i
"/^*.*hard.*nproc/d"
/etc/security/limits
.conf
cat
>>
/etc/security/limits
.conf << EOF
#
#
#
#
#---------custom-----------------------
#
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
cat
/etc/security/limits
.conf |
grep
"^* .*"
echo
-e
" 33[31m limits ok 33[0m"
sleep
1
}
# tune kernel parametres #优化内核参数
sysctl_config(){
#delete
if
[ ! -f
"/etc/sysctl.conf.bak"
];
then
cp
/etc/sysctl
.conf
/etc/sysctl
.conf.bak
fi
sed
-i
"/^net.ipv4.ip_forward/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.conf.default.rp_filter/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.conf.default.accept_source_route/d"
/etc/sysctl
.conf
sed
-i
"/^kernel.sysrq/d"
/etc/sysctl
.conf
sed
-i
"/^kernel.core_uses_pid/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_syncookies/d"
/etc/sysctl
.conf
sed
-i
"/^kernel.msgmnb/d"
/etc/sysctl
.conf
sed
-i
"/^kernel.msgmax/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_max_tw_buckets/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_sack/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_window_scaling/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_rmem/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_wmem/d"
/etc/sysctl
.conf
sed
-i
"/^net.core.wmem_default/d"
/etc/sysctl
.conf
sed
-i
"/^net.core.rmem_default/d"
/etc/sysctl
.conf
sed
-i
"/^net.core.rmem_max/d"
/etc/sysctl
.conf
sed
-i
"/^net.core.wmem_max/d"
/etc/sysctl
.conf
sed
-i
"/^net.core.netdev_max_backlog/d"
/etc/sysctl
.conf
sed
-i
"/^net.core.somaxconn/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_max_orphans/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_max_syn_backlog/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_timestamps/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_synack_retries/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_syn_retries/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_tw_recycle/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_tw_reuse/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_mem/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_fin_timeout/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.tcp_keepalive_time/d"
/etc/sysctl
.conf
sed
-i
"/^net.ipv4.ip_local_port_range/d"
/etc/sysctl
.conf
#sed -i "/^net.ipv4.tcp_tw_len/d" /etc/sysctl.conf
#add
cat
>>
/etc/sysctl
.conf << EOF
#
#
#
#
#-------custom---------------------------------------------
#
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_synack_retries = 2
#net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
#net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65535
#net.ipv4.tcp_tw_len = 1
EOF
#buckets
echo
6000 >
/proc/sys/net/ipv4/tcp_max_tw_buckets
#delete
sed
-i
"/^kernel.shmmax/d"
/etc/sysctl
.conf
sed
-i
"/^kernel.shmall/d"
/etc/sysctl
.conf
#add
shmmax=`
free
-l |
grep
Mem |
awk
'{printf("%d
",$2*1024*0.9)}'
`
shmall=$[$shmmax
/4
]
echo
"kernel.shmmax = "
$shmmax >>
/etc/sysctl
.conf
echo
"kernel.shmall = "
$shmall >>
/etc/sysctl
.conf
#bridge
modprobe bridge
lsmod|
grep
bridge
#reload sysctl
/sbin/sysctl
-p
echo
-e
" 33[31m sysctl ok 33[0m"
sleep
1
}
# control-alt-delete
set_key(){
#set the control-alt-delete to guard against the miSUSE
sed
-i
's#^exec /sbin/shutdown -r now##exec /sbin/shutdown -r now#'
/etc/init/control-alt-delete
.conf
cat
/etc/init/control-alt-delete
.conf |
grep
/sbin/shutdown
echo
-e
" 33[31m control-alt-delete ok 33[0m"
sleep
1
}
#disable selinux #关闭SELINUX
selinux(){
sed
-i
's/SELINUX=enforcing/SELINUX=disabled/'
/etc/selinux/config
setenforce 0
echo
-e
" 33[31m selinux ok 33[0m"
sleep
1
}
#set sshd_config UseDNS
ssh_GSS(){
#sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed
-i
'/^#UseDNS/s/#UseDNS yes/UseDNS no/g'
/etc/ssh/sshd_config
sed
-i
's/#UseDNS yes/UseDNS no/'
/etc/ssh/sshd_config
sed
-i
's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g'
/etc/ssh/sshd_config
/etc/init
.d
/sshd
restart
cat
/etc/ssh/sshd_config
|
grep
-i usedns
cat
/etc/ssh/sshd_config
|
grep
-i PermitEmptyPasswords
echo
-e
" 33[31m sshd ok 33[0m"
sleep
1
}
#define the backspace button can erase the last character typed
backspace_button(){
sed
-i
"/^stty erase ^H/d"
/etc/profile
echo
'stty erase ^H'
>>
/etc/profile
sed
-i
"/^syntax.*/d"
/root/
.vimrc
echo
"syntax on"
>>
/root/
.vimrc
echo
-e
" 33[31m backspace ok 33[0m"
cat
/etc/profile
|
grep
-i
"stty erase ^H"
cat
/root/
.vimrc |
grep
-i
"syntax"
sleep
1
}
#stop some crontab
stop_crond(){
if
[ ! -e
"/etc/cron.daily.bak"
];
then
mkdir
/etc/cron
.daily.bak
mv
/etc/cron
.daily
/makewhatis
.
cron
/etc/cron
.daily.bak >
/dev/null
2>&1
mv
/etc/cron
.daily
/mlocate
.
cron
/etc/cron
.daily.bak >
/dev/null
2>&1
fi
echo
-e
" 33[31m crond ok 33[0m"
sleep
1
}
#disable some service
dissable_service(){
chkconfig bluetooth off >
/dev/null
2>&1
chkconfig cups off >
/dev/null
2>&1
chkconfig ip6tables off >
/dev/null
2>&1
chkconfig |
grep
-E
"cups|ip6tables|bluetooth"
echo
-e
" 33[31m service ok 33[0m"
sleep
1
}
#disable the ipv6
stop_ipv6(){
cat
>
/etc/modprobe
.d
/ipv6
.conf << EOFI
#
#
#
#---------------custom-----------------------
#
alias
net-pf-10 off
options ipv6 disable=1
EOFI
sed
-i
"/^NETWORKING_IPV6.*/d"
/etc/sysconfig/network
echo
"NETWORKING_IPV6=off"
>>
/etc/sysconfig/network
cat
/etc/sysconfig/network
|
grep
NETWORKING_IPV6
echo
-e
" 33[31m ipv6 ok 33[0m"
sleep
1
}
#language..
inittab(){
if
[ -z
"$(cat /etc/redhat-release | grep '6.')"
];
then
sed
-i
's/3:2345:respawn/#3:2345:respawn/g'
/etc/inittab
sed
-i
's/4:2345:respawn/#4:2345:respawn/g'
/etc/inittab
sed
-i
's/5:2345:respawn/#5:2345:respawn/g'
/etc/inittab
sed
-i
's/6:2345:respawn/#6:2345:respawn/g'
/etc/inittab
sed
-i
's/ca::ctrlaltdel/#ca::ctrlaltdel/g'
/etc/inittab
sed
-i
's@LANG=.*$@LANG="en_US.UTF-8"@g'
/etc/sysconfig/i18n
else
sed
-i
's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@'
/etc/sysconfig/init
sed
-i
's@^start@#start@'
/etc/init/control-alt-delete
.conf
fi
/sbin/init
q
#locale
echo
$LANG
echo
-e
" 33[31m inittab ok 33[0m"
sleep
1
}
# iptables
iptables(){
#add iptables
yum -y
install
iptables
#iptables conf bak
if
[ ! -e
"/etc/sysconfig/iptables.bak"
];
then
cp
/etc/sysconfig/iptables
/etc/sysconfig/iptables
.bak >
/dev/null
2>&1
fi
#add config
cat
>
/etc/sysconfig/iptables
<< EOF
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
# 防火墙规则有先后顺序,修改前请测试确定后更改
# E-Mail:564001002@QQ.COM
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood - [0:0]
#RELATED,ESTABLISHED
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#io
-A INPUT -i lo -j ACCEPT
#ping
-A INPUT -p icmp -j ACCEPT
#redis
#-A INPUT -p tcp -m tcp --dport 6379 -j ACCEPT
#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 6379 -j ACCEPT
#mysql
#-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
#memcache
#-A INPUT -p tcp -m tcp --dport 11211 -j ACCEPT
#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 11211 -j ACCEPT
#php
#-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
#-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 9000 -j ACCEPT
#ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name SSH --rsource -j DROP
#-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
#http 500 * 90% 需要限制情况下可以取消第一行注释
#-A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
#https 500 * 90% 需要限制情况下可以取消第一行注释
#-A INPUT -p tcp -m tcp --dport 443 -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
#---service--------------------------------------------------
#DNS 安装DNS服务器后需要打开
#-A INPUT -p udp --sport 53 -j ACCEPT
#ntp 配置ntp服务器时候需要打开
#-A INPUT -p udp --sport 123 -j ACCEPT
#对外访问,比如api接口 需要结合OUTPUT DROP 全部关闭情况下才需要打开,这种限制非常严格情况下才配置
#-A OUTPUT -p tcp --dport 80 -j ACCEPT
#-A OUTPUT -p tcp --dport 443 -j ACCEPT
######################################################################################
#以下#号部分未测试或为成功,并可能有错误开启之前请先测试,并保证能与你的环境匹配
#syn-flood
#-A syn-flood -p tcp -m limit --limit 500/sec --limit-burst 10000 -j RETURN
#------FIN SYN RST ACK SYN-----------------
#-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
#-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10/sec --limit-burst 100 -j ACCEPT
######################################################################################
#PORTSAN 端口扫描拒绝,缺少工具没能测试好,请慎用。
#-A INPUT -p tcp --syn -m recent --name portscan --rcheck --seconds 60 --hitcount 10 -j LOG
#-A INPUT -p tcp --syn -m recent --name portscan --set -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
/sbin/service
iptables restart
source
/etc/profile
chkconfig iptables on
/sbin/iptables
-L -
v
chkconfig |
grep
iptables
echo
-e
" 33[31m iptables ok 33[0m"
sleep
1
}
# others
other(){
# initdefault
sed
-i
's/^id:.*$/id:3:initdefault:/'
/etc/inittab
/sbin/init
q
cat
/etc/inittab
|
grep
"id:"
# PS1 /tmp/
sed
-i
"/^PS1=.*/d"
/etc/profile
echo
'PS1="[e[37;40m][[e[32;40m]u[e[37;40m]@h [e[35;40m]W[e[0m]]\$ [e[33;40m]"'
>>
/etc/profile
# HISTSIZ
sed
-i
's/^HISTSIZE=.*$/HISTSIZE=300/'
/etc/profile
cat
/etc/profile
|
grep
"^HISTSIZE"
# Record command
sed
-i
"/^export PROMPT_COMMAND=.*/d"
/root/
.bash_profile
echo
"export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });user=$(whoami); echo $(date "+%Y-%m-%d %H:%M:%S"):$user:\`pwd\`/:$msg ---- $(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'"
>>
/root/
.bash_profile
# Wrong password five times locked 180s
sed
-i
"/^auth required pam_tally2.so deny=5 unlock_time=180/d"
/etc/pam
.d
/system-auth
sed
-i
'4a auth required pam_tally2.so deny=5 unlock_time=180'
/etc/pam
.d
/system-auth
source
/etc/profile
cat
/etc/pam
.d
/system-auth
|
grep
"auth required pam_tally2.so"
echo
-e
" 33[31m other ok 33[0m"
sleep
1
}
# done
done_ok(){
cat
<< EOF
+-------------------------------------------------+
| optimizer is
done
|
| it's recommond to restart this server ! |
| E-mail:564001002@QQ.COM |
| |
| Please Reboot system |
+-------------------------------------------------+
EOF
}
# main
main(){
yum_update
zone_time
hosts
limits_config
sysctl_config
set_key
selinux
ssh_GSS
backspace_button
stop_crond
dissable_service
stop_ipv6
inittab
iptables
other
done_ok
}
main