-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathcentos_sysinit.sh
More file actions
executable file
·145 lines (126 loc) · 4.27 KB
/
centos_sysinit.sh
File metadata and controls
executable file
·145 lines (126 loc) · 4.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/bin/bash
#author shanker
#this script is only for CentOS 6 x32
#check up the OS
os=$(uname -i)
if [ $os != "i386" ]
then
echo "this script is only for i386 system"
exit 1
fi
echo "the os is i386"
version=$(lsb_release -r|cut -f2|cut -c1)
if [ $version != 6 ]
then
echo "this script is only for CentOS 6"
exit 1
fi
cat << EOF
+---------------------------------------+
| your system is CentOS 6 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF
#set up the 163.com as the default yum repo
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
yum upgrade -y
#update the system and set up the ntp
yum -y install ntp
echo "* 4 * * * sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root
echo '* 5 * * * /ntpdate time.nist.gov >/dev/null 2>&1'>>/var/spool/cron/root
service crond restart
#set the control-alt-delete disable
sed -i 's/^\(exec\)./#\1/g' /etc/init/control-alt-delete.conf
#disable selinux and iptables
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
iptables -F
#set sudo
useradd leo
echo 'hacker'|passwd --stdin leo && history -c
sed -i '82a leo ALL=(ALL) ALL' /etc/sudoers
#set ssh no root login and no empty passwd
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin no/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
service sshd restart
chkconfig bluetooth off
chkconfig cups off
chkconfig ip6tables off
#disable the ipv6
cat > /etc/modprobe.d/ipv6.conf << EOFI
alias net-pf-10 off
options ipv6 disable=1
EOFI
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
#Lock system key files
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
mv /usr/bin/chattr /usr/bin/new name not related to chattr, but need remember.
#set vim
cat >>/root/.vimrc << EOF
set number
set ruler
set laststatus=2
set showcmd
set magic
set history=100
set showmatch
set ignorecase
set cursorline
let loaded_matchparen=1
set lazyredraw
set tabstop=4
set softtabstop=4
set cindent shiftwidth=4
set autoindent shiftwidth=4
set smartindent shiftwidth=4
set expandtab
set hlsearch
set incsearch
EOF
#grep and vim
#mkcd
cat>>/root/.bashrc<<EOF
alias grep='grep --color=auto'
alias vi='vim'
alias ..='cd ..'
alias ll='ls -altr'
export PATH=$PATH:/sbin:.
function mkcd(){
mkdir -p $1
cd $1
}
#service $1 restart
function rs(){
service $1 restart
}
#rm -rf
function fuck(){
rm -rf $1
}
#chkconfig
function chon(){
chkconfig $1 on
}
EOF
source /root/.bashrc
#set ulimit
cat >>/etc/rc.local<<EOF
#open files
ulimit -HSn 65535
#stack size
ulimit -s 65535
EOF
+-------------------------------------------------+
| optimizer is done |
| it's recommond to restart this server ! |
+-------------------------------------------------+
EOF