linux初始化服务器脚本

#!/bin/bash
#need root run
if [[ "KaTeX parse error: Expected 'EOF', got '&' at position 70: …ript as root" >&̲2 exit 1 fi #… a\chensanchen ALL=(ALL) NOPASSWD: ALL" /etc/sudoers
#install soft
yum install nc wget ntpdate namp lsof gcc sysstat vim iftop iotop -y
#set runlevel
grep 3:initdefault /etc/inittab
#system start services
export LANG=“en”
for sun in chkconfig --list|grep 3:on|awk '{print $1}';do chkconfig --level 3 $sun off;done
for sun in crond rsyslog sshd network;do chkconfig --level 3 KaTeX parse error: Expected 'EOF', got '#' at position 40: …list|grep 3:on #̲ssh sed -i 's/#… a\sshd:all’ /etc/hosts.deny;sed -i ‘$ a\sshd: 114.66.196.,120.52.68.32,192.168.1.’ /etc/hosts.allow;
#/etc/init.d/sshd restart
#iptables
IPT=/sbin/iptables
#clear rule
$IPT -F
$IPT -X
$IPT -Z
#change default rule
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
#enable local lo
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
#enable ip
$IPT -A INPUT -s 42.63.90.0/24 -p all -j ACCEPT
$IPT -A INPUT -s 172.16.11.0/24 -p all -j ACCEPT
$IPT -A INPUT -s 192.168.0/24 -p all -j ACCEPT
$IPT -A INPUT -s 192.168.1/24 -p all -j ACCEPT
$IPT -A INPUT -s 192.168.10/24 -p all -j ACCEPT
$IPT -A INPUT -s 218.247.203.182/28 -p all -j ACCEPT
KaTeX parse error: Expected 'EOF', got '#' at position 53: … all -j ACCEPT #̲enable port 80 …IPT -A INPUT -p tcp --dport 80 -j ACCEPT
#enable ping ip
$IPT -A INPUT -p icmp -s 42.62.91.0/24 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 172.16.11.0/24 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 172.16.101.0/24 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 192.168.0/24 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 192.168.1.0/24 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 192.168.10/24 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 218.247.209.112/28 -m icmp --icmp-type any -j ACCEPT
$IPT -A INPUT -p icmp -s 111.207.232.192/27 -m icmp --icmp-type any -j ACCEPT
#enable ftp
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#save
/etc/init.d/iptables save
/etc/init.d/iptables restart
chkconfig iptables on
/etc/init.d/sshd restart
#network
echo “GATEWAY=172.16.11.105” >> /etc/sysconfig/network
echo “nameserver 118.29.29.29” >> /etc/resolv.conf
/etc/init.d/network restart