前几天逛51cto,看到一篇《Linux 基本系统初始化脚本第一版》的文章,颇受启发,同时该脚本也正是我最近想要实现的,本着开源的精神加上对作者的负责,先将自己改版后的放出,也希望能借此带个更多人不同的思路。
蚊子本版改动也不是很大,加入了几个我常用的,软件更新很快的yum源,及epel源。
脚本如下
#! /bin/sh # desc: remodified by www.wenzizone.cn #------------------------------ Begin -----------------------------------------# # welcome cat << EOF +------------------------------------------------------------------------------------+ | === Welcome to Centos System init === | +-------------------------- http://www.wenzizone.cn ---------------------------------+ +------------------------------- Author:wenzizone -----------------------------------+ EOF echo "" # Add yum repo source cat << EOF +------------------------------------------------------------------------------+ | === Part for adding yum repo source === | +------------------------------------------------------------------------------+ EOF # add epel repo echo -n "Installing the epel yum repo: " /bin/rpm -i http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm >/dev/null 2>&1 if [ $? -eq 0 ] then echo "OK" else echo "Failed" fi echo "" # add Atomic repo echo -n "Installing the Atomic GPG key: " /bin/rpm --import http://www.atomicorp.com/RPM-GPG-KEY.art.txt echo "OK" echo -n "Installing the Atomic yum repo: " cat << EOF >/etc/yum.repos.d/atomic.repo # Name: Atomic Rocket Turtle RPM Repository for CentOS / Red Hat Enterprise Linux 5 - # URL: http://www.atomicrocketturtle.com/ # Note: This isn't covered by ASL support. -Scott [atomic] name = CentOS / Red Hat Enterprise Linux \$releasever - atomicrocketturtle.com mirrorlist = http://www.atomicorp.com/mirrorlist/atomic/centos-5-\$basearch #mirrorlist = http://www.atomicorp.com/channels/atomic/centos/5/mirrors-atomic enabled = 1 priority = 1 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt gpgcheck = 1 # Almost Stable, release candidates for [atomic] # Note these are not supported by anyone. -Scott [atomic-testing] name = CentOS / Red Hat Enterprise Linux \$releasever - atomicrocketturtle.com - (Testing) mirrorlist = http://www.atomicorp.com/mirrorlist/atomic-testing/centos-5-\$basearch enabled = 0 priority = 1 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt gpgcheck = 1 # Untested, Unstable, known buggy, and incomplete packages. # Note, you shouldn't be here unless you are me. -Scott #[atomic-bleeding] #name = CentOS / Red Hat Enterprise Linux \$releasever - atomicrocketturtle.com - (Bleeding) #baseurl = http://www.atomicorp.com/channels/atomic-bleeding/centos/5/\$basearch/ #enabled = 0 #priority = 1 #protect = 0 #gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.art.txt #gpgcheck = 1 EOF echo "OK" echo "" # add jasonlitka yum repo echo -n "Installing the jasonlitka GPG key: " /bin/rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka echo "OK" echo -n "Installing the jasonlitka yum repo: " cat << EOF >/etc/yum.repos.d/utterramblings.repo [utterramblings] name=Jasons Utter Ramblings Repo baseurl=http://www.jasonlitka.com/media/EL\$releasever/\$basearch/ enabled=1 gpgcheck=1 gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka EOF echo "OK" echo "" # Add puppet yum repo echo -n "Installing the Puppet yum repo: " cat << EOF >/etc/yum.repos.d/puppet.repo [epel-puppet] name=epel puppet baseurl=http://tmz.fedorapeople.org/repo/puppet/epel/5/\$basearch/ enabled=1 gpgcheck=0 EOF echo "OK" echo "" #disable ipv6 cat << EOF +----------------------------------------------------------------------+ | === Welcome to tuning system config === | +----------------------------------------------------------------------+ EOF echo "" echo -n "Disabling ipv6: " echo "alias net-pf-10 off" >> /etc/modprobe.conf echo "alias ipv6 off" >> /etc/modprobe.conf /sbin/chkconfig --level 35 ip6tables off echo "OK" echo "" #disable selinux echo -n "Disabling selinux: " sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config echo "OK" echo "You should reboot you server after init system" echo "" #vim echo -n "Configing vi config: " echo 'syntax on' > /root/.vimrc echo "OK" echo "" # configure file max to 65536 echo -n "tuning file max description: " cat <> /etc/security/limits.conf * soft nofile 65536 * soft nofile 65536 EOF echo "OK" echo "" # turnoff services #-------------------------------------------------------------------------------- cat << EOF +--------------------------------------------------------------------------+ | === Welcome to Turnoff services === | +--------------------------------------------------------------------------+ EOF #-------------------------------------------------------------------------------- for i in `ls /etc/rc3.d/S*` do CURSRV=$(echo $i|cut -c 15-) #echo ${CURSRV} case ${CURSRV} in cpuspeed | crond | irqbalance | microcode_ctl | network | random | readahead_early| smartd | sendmail | sshd | syslog | local ) ;; *) echo "change ${CURSRV} to off" chkconfig ${CURSRV} off service ${CURSRV} stop echo "" ;; esac done echo "Turning off Services: OK" echo "" # tune the kernel config cat << EOF +-----------------------------------------------------------------------+ | === Welcome to Tune kernel config === | +-----------------------------------------------------------------------+ EOF echo -n "Tuning kernel config: " cat << EOF >> /etc/sysctl.conf # Decrease the time default value[7200] for tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1800 # These ensure that TIME_WAIT ports either get reused or closed fast. net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_tw_recycle = 1 # TCP memory net.core.rmem_max = 16777216 net.core.rmem_default = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 10 net.ipv4.tcp_tw_reuse = 1 net.core.wmem_default = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.ip_local_port_range = 1024 65535 EOF echo "OK" echo "" echo "Finish init server system, Please reboot you server to take the tuning effect!!"
© 2011, 深夜的蚊子. 版权所有. 如转载,请注明:转载自 蚊子空间[http://www.wenzizone.cn]