#在家目录下创建脚本目录

mkdir -p ~/shells

#初始化脚本

cat ~/shells/init.sh

#!/bin/bash

# Lion

# V1.0 2017-04-08 16:00

#描述：在CentOS6系统安装完成后的系统初始化及优化

#####变量设置：主机名、内网IP、外网IP，请自行修改

Hostname='lion'

Ip_wan='10.0.0.100'

Ip_lan='172.16.1.100'

####网卡 eth0、eth1 设置###########

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

IPADDR=${Ip_wan}

NETMASK=255.255.255.0

GATEWAY=10.0.0.2

DNS1=202.96.128.166

IPV6INIT=no

EOF

cat > /etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF

DEVICE=eth1

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

IPADDR=${Ip_lan}

NETMASK=255.255.255.0

EOF

###Host name setting

cat >/etc/sysconfig/network <<EOF

NETWORKING=yes

HOSTNAME=${Hostname}

GATEWAY=10.0.0.2

EOF

hostname ${Hostname}

##############hosts文件设置######################

cat > /etc/hosts <<EOF

127.0.0.1 ${Hostname} localhost localhost.localdomain localhost4 localhost4.localdomain4

${Ip_wan} ${Hostname}

172.16.1.5 lb01

172.16.1.6 lb02

172.16.1.7 web02

172.16.1.8 web01

172.16.1.51 db01 db01.etiantian.org

172.16.1.31 nfs01

172.16.1.41 backup

172.16.1.61 m01

EOF

###163 源设置 $releasever、$basearch变量前的$做了转义，否则获取不到系统变量############

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.ori

cat > /etc/yum.repos.d/CentOS6-Base-163.repo <<EOF

# CentOS-Base.repo

#

# The mirror system uses the connecting IP address of the client and the

# update status of each mirror to pick mirrors that are updated to and

# geographically close to the client.  You should use this for CentOS updates

# unless you are manually picking other mirrors.

#

# If the mirrorlist= does not work for you, as a fall back you can try the 

# remarked out baseurl= line instead.

#

#

[base]

name=CentOS-\$releasever - Base - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/os/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#released updates 

[updates]

name=CentOS-\$releasever - Updates - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/updates/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful

[extras]

name=CentOS-\$releasever - Extras - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/extras/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages

[centosplus]

name=CentOS-\$releasever - Plus - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/centosplus/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus

gpgcheck=1

enabled=0

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users

[contrib]

name=CentOS-\$releasever - Contrib - 163.com

baseurl=http://mirrors.163.com/centos/\$releasever/contrib/\$basearch/

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib

gpgcheck=1

enabled=0

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

EOF

yum clean all

yum makecache

####系统升级#####

yum update -y

####安装常用的管理工作###########################

yum install dstat sysstat lrzsz ntpdate -y

### 开机程序精简 ###########

chkconfig --list|egrep -v 'crond|network|rsyslog|sshd|sysstat'|awk '{print "chkconfig "$1" off"}'|bash

####新增管理员帐号并设置无需密码的sudo权限

useradd lion

echo '123456' | passwd --stdin lion

cp /etc/sudoers /etc/sudoers.ori

echo "lion ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers

tail -l /etc/sudoers

visudo -c

####解决ssh连接慢

sed  -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config

sed  -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g' /etc/ssh/sshd_config

#### 解决虚拟机在做ghost的网卡无法启动问题

echo '> /etc/udev/rules.d/70-persistent-net.rules' >> /etc/rc.local

#### 内核优化 #################

cat > /etc/sysctl.conf << EOF

# Kernel sysctl configuration file for Red Hat Linux

#

# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and

# sysctl.conf(5) for more details.

#

# Use '/sbin/sysctl -a' to list all possible parameters.

# Controls IP packet forwarding

net.ipv4.ip_forward = 0

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

# Controls the use of TCP syncookies

#net.ipv4.tcp_syncookies = 1

# Controls the default maxmimum size of a mesage queue

kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes

kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes

kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages

kernel.shmall = 4294967296

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000 65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

net.ipv4.tcp_max_orphans =16384

#iptables

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

sysctl -p /etc/sysctl.conf

####关闭防火墙

/etc/init.d/iptables stop

####关闭 SELINUX

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

setenforce 0

####设置时间同步

echo '*/5 * * * * /usr/sbin/ntpdate times.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/root

#### 设置文件 描述符####

echo '* - nofile 65535' >> /etc/security/limits.conf

####运行脚本

sh ~/shells/init.sh