注：执行后需要重启机器
#!/bin/sh
#****************************************************************#
#ScriptName:CentOS6_init.sh
#Author:823431818@qq.com
#CreateDate:2014-05-17
#ModifyAuthor:
#ModifyDate:2016-09-18
#Function:
#***************************************************************#


change_password_len()
{
echo"ChangePASS_MIN_LENto10"
/bin/awk'($1~/^PASS_MIN_LEN/){$2="10"}{print}'/etc/login.defs>/tmp/login.defs
/bin/mv-f/tmp/login.defs/etc/login.defs
}

modify_chkconfig()
{
echo"::Modifychkconfigforthesystem..."
forain`chkconfig--list|grep0:|awk'{print$1}'`
do
case"$a"in
"sshd")STATUS=on;;
"crond")STATUS=on;;
"network")STATUS=on;;
"rsyslog")STATUS=on;;
"irqbalance")STATUS=on;;
*)STATUS=off;;
esac
/sbin/chkconfig--level345$a$STATUS
done
echo"::Endmodifychkconfig"
}

disable_selinux()
{
echo"::disableselinux"
[-e/etc/selinux/config]&&sed-r-i'/^SELINUX=/s/.*/SELINUX=disabled/'/etc/selinux/config
echo"::Enddisableselinux"
}

change_inittab()
{
echo"::Changeinittab"
sed-r-i'/^id/s/.*/id:3:initdefault:/'/etc/inittab
echo"::Endchangeinittab"
}

modify_timezone()
{
cat<<-EOF>/etc/sysconfig/clock
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
cp-f/usr/share/zoneinfo/Asia/Shanghai/etc/localtime
sed-i's/^[\t]*//'/etc/sysconfig/clock
}

functionset_keyboard()
{
cat<<-EOF>/etc/sysconfig/keyboard
KEYBOARDTYPE="pc"
KEYTABLE="us"
EOF
sed-i's/^[\t]*//'/etc/sysconfig/keyboard
}

functionset_nofile_limits()
{
echo"::Changenofilelimits"
sed-i's#sessionrequiredpam_loginuid.so#sessionrequiredpam_loginuid.so\nsessionrequiredpam_limits.so#'/etc/pam.d/login
sed-i'$a*-nofile65536'/etc/security/limits.conf
echo"::Endchangenofile\n"
}

change_banner()
{
echo"::ChangeBanner"
forFILEin/etc/issue/etc/motd/etc/issue.net;do
cp-f${FILE}${FILE}.tmp
egrep-vi"redhat|kernel|fedora"${FILE}.tmp>${FILE}
rm-f${FILE}.tmp
done
if["`grep-iauthorized/etc/issue`"==""];then
echo"Authorizedusersonly.Allactivitymaybemonitoredandreported.">>/etc/issue
fi
if["`grep-iauthorized/etc/motd`"==""];then
echo"Authorizedusersonly.Allactivitymaybemonitoredandreported.">>/etc/motd
fi
chownroot:root/etc/motd/etc/issue/etc/issue.net
chmod644/etc/motd/etc/issue/etc/issue.net
echo"::Endchangebanner"
}

change_profile()
{
echo"::Changethe/etc/profilefile"
echo"umask022">>/etc/profile
echo"TMOUT=6000">>/etc/profile
echo"exportTMOUT">>/etc/profile
echo"::Endchangeprofile"
}

change_sshd_config()
{
echo"::Changesshd_config"
sed-i's/#MaxAuthTries6/MaxAuthTries5/'/etc/ssh/sshd_config
sed-i's/#UsednSyes/UsednSno/'/etc/ssh/sshd_config
echo"::Endchangesshd_config"
}

change_lang()
{
echo"::Changei18nconfig"
sed-r-i'/^LANG=/s/.*/LANG="en_US.UTF-8"/'/etc/sysconfig/i18n
echo"::Endchangei18nconfig"
}

change_ntp()
{
echo"/usr/sbin/ntpdate-uclepsydra.dec.comtick.ucla.eduntp.nasa.gov">>/etc/rc.local
echo"02***/usr/sbin/ntpdate-uclepsydra.dec.comtick.ucla.eduntp.nasa.gov>/dev/null">>/etc/crontab
}

change_sysctl()
{
cat<<-EOF>/etc/sysctl.conf
net.ipv4.ip_forward=0
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.default.accept_source_route=0
kernel.sysrq=0
kernel.core_uses_pid=1
net.ipv4.tcp_syncookies=1
kernel.msgmnb=65536
kernel.msgmax=65536
kernel.shmmax=68719476736
kernel.shmall=4294967296
fs.file-max=655350
net.ipv4.ip_local_port_range=102465535
net.ipv4.tcp_max_tw_buckets=6000
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_keepalive_time=1200
net.ipv4.tcp_fin_timeout=5
net.ipv4.tcp_max_syn_backlog=20000
net.core.somaxconn=65535
net.core.netdev_max_backlog=65535
EOF
sysctl-p
}

functionlinux_secure()
{
exportLANG="en_US"
change_password_len
modify_chkconfig
disable_selinux
modify_timezone
set_keyboard
change_banner
change_profile
change_inittab
set_nofile_limits
change_sshd_config
change_lang
change_ntp
change_sysctl
echo"Alldone!!"
}

linux_secure