centos 服务器初始化脚本

#/bin/bash  # 设置时区并同步时间  ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime  if ! crontab -l |grep ntpdate &>/dev/null ; then      (echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontab  fi    # 禁用selinux  sed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config    # 关闭防火墙  if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then      systemctl stop firewalld      systemctl disable firewalld  elif egrep "6.[0-9]" /etc/redhat-release &>/dev/null; then      service iptables stop      chkconfig iptables off  fi    # 历史命令显示操作时间  if ! grep HISTTIMEFORMAT /etc/bashrc; then      echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrc  fi    # SSH超时时间  if ! grep "TMOUT=600" /etc/profile &>/dev/null; then      echo "export TMOUT=600" >> /etc/profile  fi    # 禁止root远程登录 cp /etc/ssh/sshd_config /etc/ssh/sshd_config-`date +%Y%m%d%H` sed  -i 's/PasswordAuthentication yes/PasswordAuthentication  no/g' /etc/ssh/sshd_config   sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config  sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config  && service sshd restart   # 禁止定时任务向发送邮件  sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab  
# 禁止普通用户使用crontabecho root >/etc/cron.allow
  # 设置最大打开文件数  if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then      cat >> /etc/security/limits.conf << EOF    
    *    soft    nofile    500000    *    hard    nofile    500000    root    soft    nofile    500000    root    hard    nofile    500000     * soft nproc 65535    * hard nproc 65535    * soft core 0    * hard core 0    * soft stack unlimited    * hard stack unlimited    * soft memlock unlimited    * hard memlock unlimitedEOF  fi  
cat <<EOF>> /etc/security/limits.conf 
EOF  # 系统内核优化  cat >> /etc/sysctl.conf << EOF  
# Controls whether core dumps will append the PID to the core filename.# Useful for debugging multi-threaded applications.kernel.core_uses_pid = 1
# Controls the use of TCP syncookiesnet.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in byteskernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queuekernel.msgmax = 65536
net.ipv4.conf.all.promote_secondaries = 1net.ipv4.conf.default.promote_secondaries = 1net.ipv6.neigh.default.gc_thresh3 = 4096 net.ipv4.neigh.default.gc_thresh3 = 4096
kernel.softlockup_panic = 1net.ipv6.conf.all.disable_ipv6=0net.ipv6.conf.default.disable_ipv6=0net.ipv6.conf.lo.disable_ipv6=0kernel.numa_balancing = 0kernel.shmmax = 68719476736kernel.printk = 5

## elight-ops        net.ipv6.conf.eth0.accept_dad = 0net.ipv6.conf.eth0.accept_ra = 1net.ipv6.conf.eth0.accept_ra_defrtr = 1net.ipv6.conf.eth0.accept_ra_rtr_pref = 1net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 1
#net.ipv4.neigh.default.gc_stale_time=120
# see details in https://help.aliyun.com/knowledge_detail/39428.htmlnet.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0net.ipv4.conf.default.arp_announce=2net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_announce=2
# see details in https://help.aliyun.com/knowledge_detail/41334.htmlnet.ipv4.tcp_max_tw_buckets=5000net.ipv4.tcp_syncookies=1net.ipv4.tcp_max_syn_backlog=1024net.ipv4.tcp_synack_retries=2
net.ipv6.conf.all.disable_ipv6=1net.ipv6.conf.default.disable_ipv6=1net.ipv6.conf.lo.disable_ipv6=1
#net.nf_conntrack_max=1048576#net.netfilter.nf_conntrack_max=1048576#net.bridge.bridge-nf-call-iptables=1
net.core.netdev_max_backlog = 655350net.core.somaxconn = 65535net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216
net.ipv4.ip_local_port_range = 15000 65000net.ipv4.tcp_max_syn_backlog = 3240000net.ipv4.tcp_rmem = 10240 87380 12582912net.ipv4.tcp_wmem = 10240 87380 12582912net.ipv4.tcp_mem  = 12582912 12582912 12582912net.ipv4.tcp_syncookies = 1net.ipv4.tcp_tw_reuse   = 1net.ipv4.tcp_tw_recycle = 0net.ipv4.tcp_timestamps = 0net.ipv4.tcp_fin_timeout  = 2net.ipv4.tcp_no_metrics_save = 1net.ipv4.tcp_moderate_rcvbuf = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_max_tw_buckets = 20480net.ipv4.tcp_congestion_control = cubicnet.ipv4.ip_forward = 1net.ipv4.tcp_congestion_control = cubicnet.ipv4.tcp_keepalive_time = 200 

net.netfilter.nf_conntrack_max=200000net.netfilter.nf_conntrack_tcp_timeout_time_wait=2
fs.file-max=655360vm.max_map_count=500000net.ipv4.tcp_sack=0net.ipv4.tcp_max_orphans=655360vm.swappiness=10vm.overcommit_memory = 1kernel.sysrq = 1
EOF  cat <<EOF>> /etc/profile.d/skydong-ops.sh ### by author:albert-dong alias grep='grep --color=auto'alias ls='ls -hF --color=auto'alias la='ls -ahF --color=auto'alias dir='ls --color=auto --format=long'alias ll='ls -l --color=auto'alias drop='f(){ sync;sleep 3; echo 3 > /proc/sys/vm/drop_caches; free -h;}; f'alias p100='ping -c 100 -i 0.01'alias tarl='f(){ tar -tvf $1;};f'alias size='f(){ du -sh $1* | sort -hr; }; f'alias cd='f(){ cd $1;ls -lrtkh;};f'alias nets='netstat -ntlp
### 历史记录HISTSIZE=HISTFILESIZE=#USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`  #export HISTTIMEFORMAT="%F %T [${USER_IP}] `whoami`: "alias cman='man -M /usr/share/man/zh_CN'alias sd='sudo su - 'alias fsh='/usr/bin/fish'alias ll='ls -l --color=auto'export PS1='\[\033[1;33;1m\][\[\033[0;32;1m\]\u@\h \[\033[1;33;1m\]\W\[\033[1;33;1m\]]\[\033[1;33;1m\]\$\[\033[0m\]'#export PS1="[\u@\h \W \A]\$ "export HISTCONTROL=ignorespace:erasedups:ignoredups HISTIGNORE="&:[ ]*:exit:chattr:ls:bg:fg:history:clear:vim:chattr:vi:mysql:useradd:chpasswd"#eval "$(thefuck --alias)"source /etc/profile.d/bash_completion.sh
EOF    # 减少SWAP使用  echo "0" > /proc/sys/vm/swappiness    # 安装系统性能分析工具及其他  yum install gcc make bc tcpdump nmap autoconf vim sysstat net-tools iostat iftop htop atop