#!/bin/bash # check network echo "-------------check Network-------------" ping -c 1 -t 1 mirrors.aliyun.com >/dev/null 2>&1 if [[ $? == 2 ]]; then echo "nameserver 61.134.1.4 nameserver 218.30.19.40" > /etc/resolv.conf fi ping -c 1 -t 1 www.baidu.com >/dev/null 2>&1 if [[ $? == 2 ]]; then echo "Network err!" exit else echo "Network OK." fi # set hostname IP=$(ifconfig | grep cas | awk -F '[ :]+' '{print $4}') sed -i "s/localhost.localdomain/$IP/g" /etc/sysconfig/network hostname $IP # update yum echo "-------------update Yum-------------" rm -rf /etc/yum.repos.d/* && curl http://mirrors.aliyun.com/repo/Centos-6.repo > /etc/yum.repos.d/CentOS-Base.repo sed -i 's/$releasever/6/g' /etc/yum.repos.d/CentOS-Base.repo # 如果是centos系统,请删除本行。 yum clean all && yum makecache yum install -y ntp vim if [ -f /usr/sbin/ntpdate ];then /usr/sbin/ntpdate tiger.sina.com.cn /sbin/hwclock -w else echo "ntpdate can't found !" exit fi echo "* 3 * * * /usr/sbin/ntpdate tiger.sina.com.cn > /dev/null 2>&1" >> /etc/crontab /etc/init.d/crond restart # set ulimit echo "-------------set ulimit-------------" echo "ulimit -SHn 102400" >> /etc/rc.local cat >> /etc/security/limits.conf << EOF * soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 EOF # set sysctl echo "-------------set sysctl-------------" cat >> /etc/sysctl.conf << EOF fs.file-max = 655350 net.ipv4.ip_local_port_range = 1024 65500 net.ipv4.tcp_max_tw_buckets = 1500 net.ipv4.tcp_max_syn_backlog = 1500 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_fin_timeout = 5 net.ipv4.tcp_keepalive_time = 120 net.core.somaxconn = 65535 net.core.netdev_max_backlog = 2000 EOF /sbin/sysctl -p echo "sysctl set OK!!" # disable ipv6 echo "-------------disable ipv6-------------" echo "alias net-pf-10 off" >> /etc/modprobe.d/ipv6off.conf echo "alias ipv6 off" >> /etc/modprobe.d/ipv6off.conf /sbin/chkconfig --level 35 ip6tables off echo "ipv6 is disabled!" # set ssh echo "-------------set ssh-------------" SSH_PORT=50000 sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config sed -i "s/#MaxAuthTries 6/MaxAuthTries 6/" /etc/ssh/sshd_config sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config service sshd restart # set iptables echo "-------------set iptables-------------" cat > /etc/sysconfig/iptables << EOF *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m multiport --dports 2200,80 -j ACCEPT -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 50000 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT -A OUTPUT -p icmp -j ACCEPT COMMIT EOF #/etc/init.d/iptables restart echo "----------------------finished-------------------------" read -p 'reboot? (y/n): ' yn if [ $yn == 'y' -o $yn == 'Y' ];then reboot else exit fi
PS: 执行本脚本后,ssh端口修改为50000