【Linux Shell脚本编程】系统初始化脚本

在实际工作中，一台服务器安装完系统后还需要做完很多初始化的工作才能正式交付。包括但不限于：

1、安装常用软件包便于工作，如gcc、cmake等

2、关闭不必开启的服务来节约资源，如关闭IPv6、SELINUX

3、优化系统参数，如修改TIME_WAIT值

为了省去重复性操作，可以把这一系列的操作写成一个通用脚本，脚本内容大致如下（参数均为举例，根据实际需求修改）：

#!/bin/bash

# get OS verison

RELEASEVER=$(rpm -q --qf "%{Version}"  $(rpm -q --whatprovides readhat-release) )


#configure yum

if [ $RELEASEVER == 6 ];then

    wget http://mirrors.163.com/.help/CentOS6-Base.repo

fi

if [ $RELEASEVER == 7 ];then

    wget http://mirrors.163.com/.help/CentOS7-Base.repo
fi

yum clean all

yum makecache


#install base rpm package

yum -y install vim iftop iotop htop ntpdate


#update rpm package and kernel

yum -y update


#ulimit

> /etc/security/limits.conf

cat >> /etc/security/limits.conf <<EOF

* soft nproc 65535

* hard nproc 65535  #最大进程数

* soft nofile 65535

* hard nofile 65535  #最大文件打开数

EOF


#time zone

[ -f /etc/localtime ] && rm -rf /etc/localtime

ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime


#update time

if [ $RELEASEVER == 6 ];then

    /usr/bin/ntpdate pool.ntp.org

    grep -q ntpdate /var/spool/cron/root

    if [ $? -ne 0 ];then

   

#iptables

if [ $RELEASEVER == 6 ];then

    /sbin/iptables -F

    service iptables save

    chkconfig iptables off

fi


if [ $RELEASEVER == 7 ];then
    systemctl disable firewalld

fi


#SELINUX

setenforce 0

sed -i  's/SELINUX=enabled/SELINUX=disabled/'  /etc/selinux/config


#DNS

> /etc/resolv.conf

cat >> /etc/resolv.conf <<EOF

nameserver 114.114.114.114

nameserver 8.8.8.8

EOF


#sysctl

cat >> /etc/sysctl.conf << EOF

net.ipv4.tcp_tw_reuse=1

net.ipv4.tcp_recycle=0

EOF

sysctl -p