centos初始化环境

#!/bin/bash

#初始化脚本

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin       #设置系统环境变量

echo "nameserver 114.114.114.114" >> /etc/reslov.conf

echo "nameserver 8.8.8.8" >> /etc/reslov.conf

logfile="/tmp/init_centos_`date +%y%m%d%H%M%S`.log"

mkdir -P /data/soft

mkdir /data/sh

yum -y install autoconf automake bind-utils cmake curl dstat expat-devel gcc gcc-c++ glibc-devel groff gtk2-devel kernel-devel libcap-deve libtool libxslt lrzsz lsof make man mlocate mtr ncurses-devel nmap ntpdate openssh-clients openssl-devel pcre pcre-devel pkgconfig php rpm-devel rsync smartmontools sysstat tcl-devel tcpdump telnet vim* wget >>$logfile 2>&1

#配置防火墙----------------------------------------------------------------------------

setenforce 0 >>$logfile 2>&1

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

cat > /etc/sysconfig/iptables << "EOF"

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 

# -m state --state NEW 这个条件是当connection的状态为初始连接(NEW)时候的策略。

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m multiport --dport 46140,80 -j ACCEPT

COMMIT

EOF

iptables-restore /etc/sysconfig/iptables

chkconfig --level 3 iptables on

chkconfig --level 2345 crond on

sysctl -p >>$logfile 2>&1

#配置ssh-----------------------------------------------------------------------------

mkdir -p /root/.ssh/

chmod -R 700 /root/.ssh/

cat > /root/.ssh/authorized_keys << "EOF"

ssh-rsa AAAABbbbbccccddddeeeeeADAQABAAAAgQDa+aRKwQEKOohM6e55cjDyLl2FUFwBdBBXBXtfrMTS81ILsBUXtb1234567889I7sqSRI1NvB4jopVCR71IVQNVS7WxPpHKPaSmqcRd6NkdfaefadfdfrqqeffTaxOaGNipvz1JhUQiV0qMWah5XRqODKxlp+L3TbjdTuwoNlk8Tx0w== cnsbear@163.com

EOF

sed -i "s#PasswordAuthentication yes#PasswordAuthentication no#g"  /etc/ssh/sshd_config

sed -i "s@#UseDNS yes@UseDNS no@" /etc/ssh/sshd_config

echo "LogLevel  DEBUG" >> /etc/ssh/sshd_config

sed -i 's/\#Port 22/Port 46140/g' /etc/ssh/sshd_config

#设置.bashrc--------------------------------------------------------------------------------------------------

eth0ip=`ifconfig eth0 |grep "inet addr"| cut -f 2 -d ":"|cut -f 1 -d " "`

cat > /root/.bashrc <<EOF

# .bashrc

# User specific aliases and functions

alias vi='vim'

alias grep='grep --col'

alias rm='rm -if'

alias cp='cp -i'

alias mv='mv -i'

# Source global definitions

if [ -f /etc/bashrc ]; then

        . /etc/bashrc

fi

export LANG=en_US.UTF-8

export PS1='[\u@$eth0ip \W]# '

EOF

#登陆显示磁盘空间

echo "echo '=========================================================='"  >> /root/.bash_profile

echo "df -lh" >> /root/.bash_profile

echo "date" >> /root/.bash_profile

#设置系统时区---------------------------------------------------------------------------------------------

rm -f /etc/localtime

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

cat > /etc/sysconfig/clock <<"EOF"

ZONE="Asia/Shanghai"

UTC=false

ARC=false

EOF

cat > /var/spool/cron/root << "EOF"

*/5 * * * *  /usr/sbin/ntpdate ntp0.cs.mu.OZ.AU > /dev/null 2>&1

EOF

#修改时间同步配置

/etc/init.d/ntpd stop

/usr/sbin/ntpdate 210.72.145.44 >>$logfile 2>&1

/etc/init.d/ntpd start

cat > /etc/ntp.conf << "EOF" 

server 210.72.145.44

server asia.pool.ntp.org

server cn.pool.ntp.org

server hk.pool.ntp.org

server jp.pool.ntp.org

driftfile /var/db/ntp.drift

EOF

        echo "SYNC_HWCLOCK=YES" >> /etc/sysconfig/ntpd

        echo '' >> /etc/rc.local

        echo '/usr/sbin/ntpdate asia.pool.ntp.org> /dev/null 2>&1' >> /etc/rc.local

        echo '/sbin/hwclock --systohc' >> /etc/rc.local

        echo 'service ntpd start' >> /etc/rc.local

        echo '' >> /etc/rc.local

        cat > /data/sh/check_ntpd.sh << "EOF"

#!/bin/bash

ntpdpro=`ps aux |grep ntpd |grep -v grep`

if [ -z "$ntpdpro" ];then

        service ntpd restart

fi

EOF

chmod 700 /data/sh/check_ntpd.sh

/sbin/hwclock --systohc >>$logfile 2>&1

sed -i '/ntp/d' /var/spool/cron/root

echo "* */1 * * * /bin/bash /data/sh/check_ntpd.sh > /dev/null 2>&1" >> /var/spool/cron/root

service ntpd restart

#安装第三方yum源-------------------------------------------------------------------------------

yum_epel() {

cd /data/soft

#priorities插件的作用主要是设置调用源时的优先级的，一般将官方的优先级设置为最高

yum -y install yum-plugin-priorities 

sed -i '/priority/d' /etc/yum.repos.d/CentOS-Base.repo

sed -i 's/]/]\npriority=2/g' /etc/yum.repos.d/CentOS-Base.repo

sed -i '/\[base\]/{n;s/priority=2/priority=1/g}' /etc/yum.repos.d/CentOS-Base.repo

wget http://dl./pub/epel/6/i386/epel-release-6-8.noarch.rpm

rpm -ivh epel-release-6-8.noarch.rpm 

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

sed -i 's/\[epel\]/\[epel]\npriority=10/g' /etc/yum.repos.d/epel.repo

wget http://pkgs./rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

rpm --import http://apt./RPM-GPG-KEY.dag.txt 

rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm 

sed -i '/priority/d' /etc/yum.repos.d/rpmforge.repo

sed -i 's/\[rpmforge\]/\[rpmforge]\npriority=11/g' /etc/yum.repos.d/rpmforge.repo

yum makecache 

# 更新内核补丁 防止本地用户提权漏洞

yum -y update systemtap 

}

yum_epel >>$logfile 2>&1