注:执行后需要重启机器 #!/bin/sh #****************************************************************# #ScriptName:CentOS6_init.sh #Author:823431818@qq.com #CreateDate:2014-05-17 #ModifyAuthor: #ModifyDate:2016-09-18 #Function: #***************************************************************# change_password_len() { echo"ChangePASS_MIN_LENto10" /bin/awk'($1~/^PASS_MIN_LEN/){$2="10"}{print}'/etc/login.defs>/tmp/login.defs /bin/mv-f/tmp/login.defs/etc/login.defs } modify_chkconfig() { echo"::Modifychkconfigforthesystem..." forain`chkconfig--list|grep0:|awk'{print$1}'` do case"$a"in "sshd")STATUS=on;; "crond")STATUS=on;; "network")STATUS=on;; "rsyslog")STATUS=on;; "irqbalance")STATUS=on;; *)STATUS=off;; esac /sbin/chkconfig--level345$a$STATUS done echo"::Endmodifychkconfig" } disable_selinux() { echo"::disableselinux" [-e/etc/selinux/config]&&sed-r-i'/^SELINUX=/s/.*/SELINUX=disabled/'/etc/selinux/config echo"::Enddisableselinux" } change_inittab() { echo"::Changeinittab" sed-r-i'/^id/s/.*/id:3:initdefault:/'/etc/inittab echo"::Endchangeinittab" } modify_timezone() { cat<<-EOF>/etc/sysconfig/clock ZONE="Asia/Shanghai" UTC=false ARC=false EOF cp-f/usr/share/zoneinfo/Asia/Shanghai/etc/localtime sed-i's/^[\t]*//'/etc/sysconfig/clock } functionset_keyboard() { cat<<-EOF>/etc/sysconfig/keyboard KEYBOARDTYPE="pc" KEYTABLE="us" EOF sed-i's/^[\t]*//'/etc/sysconfig/keyboard } functionset_nofile_limits() { echo"::Changenofilelimits" sed-i's#sessionrequiredpam_loginuid.so#sessionrequiredpam_loginuid.so\nsessionrequiredpam_limits.so#'/etc/pam.d/login sed-i'$a*-nofile65536'/etc/security/limits.conf echo"::Endchangenofile\n" } change_banner() { echo"::ChangeBanner" forFILEin/etc/issue/etc/motd/etc/issue.net;do cp-f${FILE}${FILE}.tmp egrep-vi"redhat|kernel|fedora"${FILE}.tmp>${FILE} rm-f${FILE}.tmp done if["`grep-iauthorized/etc/issue`"==""];then echo"Authorizedusersonly.Allactivitymaybemonitoredandreported.">>/etc/issue fi if["`grep-iauthorized/etc/motd`"==""];then echo"Authorizedusersonly.Allactivitymaybemonitoredandreported.">>/etc/motd fi chownroot:root/etc/motd/etc/issue/etc/issue.net chmod644/etc/motd/etc/issue/etc/issue.net echo"::Endchangebanner" } change_profile() { echo"::Changethe/etc/profilefile" echo"umask022">>/etc/profile echo"TMOUT=6000">>/etc/profile echo"exportTMOUT">>/etc/profile echo"::Endchangeprofile" } change_sshd_config() { echo"::Changesshd_config" sed-i's/#MaxAuthTries6/MaxAuthTries5/'/etc/ssh/sshd_config sed-i's/#UsednSyes/UsednSno/'/etc/ssh/sshd_config echo"::Endchangesshd_config" } change_lang() { echo"::Changei18nconfig" sed-r-i'/^LANG=/s/.*/LANG="en_US.UTF-8"/'/etc/sysconfig/i18n echo"::Endchangei18nconfig" } change_ntp() { echo"/usr/sbin/ntpdate-uclepsydra.dec.comtick.ucla.eduntp.nasa.gov">>/etc/rc.local echo"02***/usr/sbin/ntpdate-uclepsydra.dec.comtick.ucla.eduntp.nasa.gov>/dev/null">>/etc/crontab } change_sysctl() { cat<<-EOF>/etc/sysctl.conf net.ipv4.ip_forward=0 net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.default.accept_source_route=0 kernel.sysrq=0 kernel.core_uses_pid=1 net.ipv4.tcp_syncookies=1 kernel.msgmnb=65536 kernel.msgmax=65536 kernel.shmmax=68719476736 kernel.shmall=4294967296 fs.file-max=655350 net.ipv4.ip_local_port_range=102465535 net.ipv4.tcp_max_tw_buckets=6000 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_syn_retries=2 net.ipv4.tcp_synack_retries=2 net.ipv4.tcp_keepalive_time=1200 net.ipv4.tcp_fin_timeout=5 net.ipv4.tcp_max_syn_backlog=20000 net.core.somaxconn=65535 net.core.netdev_max_backlog=65535 EOF sysctl-p } functionlinux_secure() { exportLANG="en_US" change_password_len modify_chkconfig disable_selinux modify_timezone set_keyboard change_banner change_profile change_inittab set_nofile_limits change_sshd_config change_lang change_ntp change_sysctl echo"Alldone!!" } linux_secure