linux环境初始化

#!/bin/bash  
#初始化脚本  
  
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin       #设置系统环境变量  
  
echo "nameserver 114.114.114.114" >> /etc/resolv.conf  
echo "nameserver 8.8.8.8" >> /etc/resolv.conf  
logfile="/tmp/init_centos_`date +%y%m%d%H%M%S`.log"  
test -d /data/soft || mkdir -p /data/soft  
test -d /data/sh || mkdir /data/sh  

#配置防火墙----------------------------------------------------------------------------  
setenforce 0 >>$logfile 2>&1  
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config  
cat > /etc/sysconfig/iptables << "XX"
# Firewall configuration written by system-config-securitylevel  
# Manual customization of this file is not recommended.  
*filter  
:INPUT DROP [0:0]  
:FORWARD DROP [0:0]  
:OUTPUT ACCEPT [0:0]  
:RH-Firewall-1-INPUT - [0:0]  
-A INPUT -j RH-Firewall-1-INPUT  
-A FORWARD -j RH-Firewall-1-INPUT  
-A RH-Firewall-1-INPUT -i lo -j ACCEPT  
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT  
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT   
  
# -m state --state NEW 这个条件是当connection的状态为初始连接(NEW)时候的策略。  
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m multiport --dport 12220,80 -j ACCEPT  
COMMIT  
XX
  
#iptables-restore /etc/sysconfig/iptables 
chkconfig --level 3 iptables on  
chkconfig --level 2345 crond on  
sysctl -p >>$logfile 2>&1  
  
#配置ssh-----------------------------------------------------------------------------  
mkdir -p /root/.ssh/  
chmod -R 700 /root/.ssh/  
cat > /root/.ssh/authorized_keys << "XX" 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDa+aRKwQEKOohM6e55cjDyLl2FUFwBdBBXBXtfrMTS81ILsBUXtbR5iF3iaraQI7sqSRI1NvB4jopVCR71IVQNVS7WxPpHKPaSmqcRd6NkpmrWvzPnRwOJTaxOaGNipvz1JhUQiaV0qMWah5XRqODKxlp+L3TbjdTuwoNlk8Tx0w== [email protected]
XX
sed -i "s#PasswordAuthentication yes#PasswordAuthentication no#g"  /etc/ssh/sshd_config  
sed -i "s@#UseDNS yes@UseDNS no@" /etc/ssh/sshd_config  
echo "LogLevel  DEBUG" >> /etc/ssh/sshd_config  
sed -i 's/\#Port 22/Port 12220/g' /etc/ssh/sshd_config  
  
#设置.bashrc--------------------------------------------------------------------------------------------------  
eth0ip=`ifconfig eth0 |grep "inet addr"| cut -f 2 -d ":"|cut -f 1 -d " "`  
cat > /root/.bashrc << "XX"
# .bashrc  
# User specific aliases and functions  
alias vi='vim'  
alias grep='grep --col'  
alias rm='rm -if'  
alias cp='cp -i'  
alias mv='mv -i'  
# Source global definitions  
if [ -f /etc/bashrc ]; then  
        . /etc/bashrc  
fi  
export LANG=en_US.UTF-8 
export PS1='[\u@$eth0ip \W]# '
XX
#登陆显示磁盘空间
cat > /root/.bash_profile << "XX"
# .bash_profile
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi
PATH=$PATH:$HOME/bin
export PATH
echo '=========================================================='
df -lh
date
echo '=========================================================='
XX

#设置系统时区---------------------------------------------------------------------------------------------  
rm -f /etc/localtime  
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime  
cat > /etc/sysconfig/clock << "XX"
ZONE="Asia/Shanghai"  
UTC=false  
ARC=false  
XX
cat > /var/spool/cron/root << "XX"
*/5 * * * *  /usr/sbin/ntpdate ntp0.cs.mu.OZ.AU > /dev/null 2>&1  
XX
  
#修改时间同步配置  
/etc/init.d/ntpd stop  
/usr/sbin/ntpdate 210.72.145.44 >>$logfile 2>&1  
/etc/init.d/ntpd start  
cat > /etc/ntp.conf << "XX" 
server 202.120.2.101  
server ntp.api.bz  
server 0.pool.ntp.org  
server hk.pool.ntp.org  
server jp.pool.ntp.org  
driftfile /var/db/ntp.drift  
XX
        echo "SYNC_HWCLOCK=YES" >> /etc/sysconfig/ntpd  
        echo '' >> /etc/rc.local  
        echo '/usr/sbin/ntpdate asia.pool.ntp.org> /dev/null 2>&1' >> /etc/rc.local  
        echo '/sbin/hwclock --systohc' >> /etc/rc.local  
        echo 'service ntpd start' >> /etc/rc.local  
        echo '' >> /etc/rc.local  
        cat > /data/sh/check_ntpd.sh <<"XX"
#!/bin/bash
ntpdpro=`ps aux |grep ntpd |grep -Ev "grep|$0`  
if [ -z "$ntpdpro" ];then  
        /etc/init.d/ntpd restart  
fi  
XX
chmod 700 /data/sh/check_ntpd.sh  
/sbin/hwclock --systohc >>$logfile 2>&1  
sed -i '/ntp/d' /var/spool/cron/root  
echo "* */1 * * * /bin/bash /data/sh/check_ntpd.sh > /dev/null 2>&1" >> /var/spool/cron/root  
service ntpd restart  
  
#安装第三方yum源-------------------------------------------------------------------------------  
yum_epel() {  
cd /data/soft  
#priorities插件的作用主要是设置调用源时的优先级的，一般将官方的优先级设置为最高  
yum -y install yum-plugin-priorities   
sed -i '/priority/d' /etc/yum.repos.d/CentOS-Base.repo  
sed -i 's/]/]\npriority=2/g' /etc/yum.repos.d/CentOS-Base.repo  
sed -i '/\[base\]/{n;s/priority=2/priority=1/g}' /etc/yum.repos.d/CentOS-Base.repo  
  
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm  
rpm -ivh epel-release-6-8.noarch.rpm   
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6  
sed -i 's/\[epel\]/\[epel]\npriority=10/g' /etc/yum.repos.d/epel.repo  
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm  
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt   
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm   
sed -i '/priority/d' /etc/yum.repos.d/rpmforge.repo  
sed -i 's/\[rpmforge\]/\[rpmforge]\npriority=11/g' /etc/yum.repos.d/rpmforge.repo  
yum makecache   
yum -y update  
}  
yum_epel >>$logfile 2>&1 

yum -y install --skip-broken autoconf automake m4 bind-utils cmake curl dstat expat-devel gcc gcc-c++ glibc-devel groff gtk2-devel kernel-devel libcap-deve libtool libxslt lrzsz lsof make man mlocate mtr ncurses-devel ntpdate ntp openssh-clients openssl-devel pcre pcre-devel pkgconfig php rpm-devel rsync smartmontools sysstat tcl-devel telnet vim* wget >>$logfile 2>&1
猜你喜欢
