#!/bin/bash #初始化脚本 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin #设置系统环境变量 echo "nameserver 114.114.114.114" >> /etc/resolv.conf echo "nameserver 8.8.8.8" >> /etc/resolv.conf logfile="/tmp/init_centos_`date +%y%m%d%H%M%S`.log" test -d /data/soft || mkdir -p /data/soft test -d /data/sh || mkdir /data/sh #配置防火墙---------------------------------------------------------------------------- setenforce 0 >>$logfile 2>&1 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config cat > /etc/sysconfig/iptables << "XX" # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # -m state --state NEW 这个条件是当connection的状态为初始连接(NEW)时候的策略。 -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m multiport --dport 12220,80 -j ACCEPT COMMIT XX #iptables-restore /etc/sysconfig/iptables chkconfig --level 3 iptables on chkconfig --level 2345 crond on sysctl -p >>$logfile 2>&1 #配置ssh----------------------------------------------------------------------------- mkdir -p /root/.ssh/ chmod -R 700 /root/.ssh/ cat > /root/.ssh/authorized_keys << "XX" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDa+aRKwQEKOohM6e55cjDyLl2FUFwBdBBXBXtfrMTS81ILsBUXtbR5iF3iaraQI7sqSRI1NvB4jopVCR71IVQNVS7WxPpHKPaSmqcRd6NkpmrWvzPnRwOJTaxOaGNipvz1JhUQiaV0qMWah5XRqODKxlp+L3TbjdTuwoNlk8Tx0w== [email protected] XX sed -i "s#PasswordAuthentication yes#PasswordAuthentication no#g" /etc/ssh/sshd_config sed -i "s@#UseDNS yes@UseDNS no@" /etc/ssh/sshd_config echo "LogLevel DEBUG" >> /etc/ssh/sshd_config sed -i 's/\#Port 22/Port 12220/g' /etc/ssh/sshd_config #设置.bashrc-------------------------------------------------------------------------------------------------- eth0ip=`ifconfig eth0 |grep "inet addr"| cut -f 2 -d ":"|cut -f 1 -d " "` cat > /root/.bashrc << "XX" # .bashrc # User specific aliases and functions alias vi='vim' alias grep='grep --col' alias rm='rm -if' alias cp='cp -i' alias mv='mv -i' # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi export LANG=en_US.UTF-8 export PS1='[\u@$eth0ip \W]# ' XX #登陆显示磁盘空间 cat > /root/.bash_profile << "XX" # .bash_profile if [ -f ~/.bashrc ]; then . ~/.bashrc fi PATH=$PATH:$HOME/bin export PATH echo '==========================================================' df -lh date echo '==========================================================' XX #设置系统时区--------------------------------------------------------------------------------------------- rm -f /etc/localtime cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime cat > /etc/sysconfig/clock << "XX" ZONE="Asia/Shanghai" UTC=false ARC=false XX cat > /var/spool/cron/root << "XX" */5 * * * * /usr/sbin/ntpdate ntp0.cs.mu.OZ.AU > /dev/null 2>&1 XX #修改时间同步配置 /etc/init.d/ntpd stop /usr/sbin/ntpdate 210.72.145.44 >>$logfile 2>&1 /etc/init.d/ntpd start cat > /etc/ntp.conf << "XX" server 202.120.2.101 server ntp.api.bz server 0.pool.ntp.org server hk.pool.ntp.org server jp.pool.ntp.org driftfile /var/db/ntp.drift XX echo "SYNC_HWCLOCK=YES" >> /etc/sysconfig/ntpd echo '' >> /etc/rc.local echo '/usr/sbin/ntpdate asia.pool.ntp.org> /dev/null 2>&1' >> /etc/rc.local echo '/sbin/hwclock --systohc' >> /etc/rc.local echo 'service ntpd start' >> /etc/rc.local echo '' >> /etc/rc.local cat > /data/sh/check_ntpd.sh <<"XX" #!/bin/bash ntpdpro=`ps aux |grep ntpd |grep -Ev "grep|$0` if [ -z "$ntpdpro" ];then /etc/init.d/ntpd restart fi XX chmod 700 /data/sh/check_ntpd.sh /sbin/hwclock --systohc >>$logfile 2>&1 sed -i '/ntp/d' /var/spool/cron/root echo "* */1 * * * /bin/bash /data/sh/check_ntpd.sh > /dev/null 2>&1" >> /var/spool/cron/root service ntpd restart #安装第三方yum源------------------------------------------------------------------------------- yum_epel() { cd /data/soft #priorities插件的作用主要是设置调用源时的优先级的,一般将官方的优先级设置为最高 yum -y install yum-plugin-priorities sed -i '/priority/d' /etc/yum.repos.d/CentOS-Base.repo sed -i 's/]/]\npriority=2/g' /etc/yum.repos.d/CentOS-Base.repo sed -i '/\[base\]/{n;s/priority=2/priority=1/g}' /etc/yum.repos.d/CentOS-Base.repo wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 sed -i 's/\[epel\]/\[epel]\npriority=10/g' /etc/yum.repos.d/epel.repo wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm sed -i '/priority/d' /etc/yum.repos.d/rpmforge.repo sed -i 's/\[rpmforge\]/\[rpmforge]\npriority=11/g' /etc/yum.repos.d/rpmforge.repo yum makecache yum -y update } yum_epel >>$logfile 2>&1 yum -y install --skip-broken autoconf automake m4 bind-utils cmake curl dstat expat-devel gcc gcc-c++ glibc-devel groff gtk2-devel kernel-devel libcap-deve libtool libxslt lrzsz lsof make man mlocate mtr ncurses-devel ntpdate ntp openssh-clients openssl-devel pcre pcre-devel pkgconfig php rpm-devel rsync smartmontools sysstat tcl-devel telnet vim* wget >>$logfile 2>&1
linux环境初始化
猜你喜欢
转载自cnsbear.iteye.com/blog/2048306
今日推荐
周排行