歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux編程 >> SHELL編程

shell腳本:一鍵優化CentOS系統

自己參考了系統優化的點,寫了一個一鍵優化腳本,適用於CentOS6.x版本,各個項已經單獨進行測試通過。適用於CentOS6.x系統最小化安裝執行,可以根據自己的需求進行添加或修改完善。

主要優化內容有:

關閉系統不必要的服務;關閉selinux,關閉iptables;關閉ctrl+alt+del重啟;設置ssh端口,關閉DNS解析;設置系統最大文件描述符;設置系統關鍵文件權限;配置安裝ntp;安裝vim;配置安裝阿裡雲yum源和epel源;

腳本如下:

[root@localhost ~]# cat youhua.sh
#!/bin/bash
#written by mofansheng@2015-11-03
#system optimization script
#The fllow apply to CentOS 6.x
. /etc/init.d/functions
 
function check_ok(){
  if [ $? -eq 0 ]
  then
    echo ""
    continue
  else
    echo "pls check error"
    exit
  fi
}
 
cat<<EOF
-----------------------------------------------------------------------
|                    system optimization                            |
-----------------------------------------------------------------------
EOF
 
#close unimportant system services
echo "===Close unimportant system services,it will take serval mintinues==="
for s in `chkconfig --list|grep 3:on|awk '{print $1}'|grep -Ev "crond|sshd|sysstat|rsyslog|network"`
do
  chkconfig $s off
done
check_ok
action "Close unimportant system services" /bin/true
 
 
#close selinux
echo "===close SELINUX==="
if [ `getenforce` != "Disabled" ]
then
 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
 echo "selinux is disabled,you must reboot!"
else
 action "SELINUX is closed" /bin/true
fi
check_ok
action "Close SELINUX" /bin/true
 
 
#close ctrl+alt+del
mv /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak
 
 
#close iptables
echo "===close iptables==="
iptables-save >/etc/sysconfig/iptables_$(date +%s)
iptables -F
service iptables save
check_ok
action "iptables is closed" /bin/true
 
 
#set ulimit
echo "ulimit -SHn 65535" >>/etc/rc.local
 
#set SSH
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#Port 22/Port 65500/g' /etc/ssh/sshd_config
service sshd restart
 
 
#set system files permission
chmod 600 /etc/passwd
chmod 600 /etc/group
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
 
 
#set ntp
yum install ntpdate -y
ntpdate ntp.fudan.edu.cn
echo "* 3 * * * /usr/sbin/ntpdate ntp.fudan.edu.cn >/dev/null 2>&1" >>/etc/crontab
service crond restart
check_ok
action "ntpdate is installed and add in crontab" /bin/true
 
 
#set vim
echo "===install vim,it will take serval mintinues==="
yum install vim-enhanced -y &>/dev/null
alias vi=vim
echo "alias vi=vim" >>/root/.bashrc
check_ok
action "vim is installed" /bin/true
 
 
#set yum repos
echo "===update yum repos,it will take serval mintinues==="
yum install wget -y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo &>/dev/null
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/null
yum clean all &>/dev/null
yum makecache &>/dev/null
check_ok
action  "yum repos update is ok" /bin/true

更多CentOS相關信息見CentOS 專題頁面 http://www.linuxidc.com/topicnews.aspx?tid=14

Copyright © Linux教程網 All Rights Reserved