最小化安装Linux系统初始化脚本

最小化安装Linux系统初始化脚本

注：此脚本适用于centos 7/8、Ubuntu1804，具体需要根据实际情况进行测试调整。

此脚本包含的功能：

1. 允许 root 用户使用 ssh 登录
2. 关闭 selinux
3. 关闭防火墙
4. 设置 ps1
5. 设置默认编辑器为 vim
6. 自定义 vim
7. 自定义历史命令
8. 修改内核参数
9. 设置资源限制
10. 修改软件源
11. 安装常用包
12. 设置时间同步
13. 修改网卡为传统命令格式
14. 设置IP地址等

[root@centos8 ~]# cat init_v1.sh
#!/bin/bash
#
#**************************************************
#Author: Xan_Yum
#QQ: 7993167
#Email: waluna@qq.com
#Version: 1.0
#Date: 2021-11-03
#FileName: init_v1.sh
#Description: system init
#URL: https://blog.waluna.top
#Copyroght (C): 2021 ALL rights reserved
#**************************************************
OS=`awk -F'"' '/PRETTY_NAME/{print $2}' /etc/os-release|tr ' ' '-'`
#1
set_ssh () {
 if [[ $OS == Ubuntu-18.04* ]];then
 sed -i.bak '/#PermitRootLogin/a PermitRootLogin yes' /etc/ssh/sshd_config
 systemctl restart sshd
 fi
 echo -e "\e[32;1mPermit root login set complete\e[0m"
}
#2
disable_selinux () {
 if [[ $OS == CentOS* ]];then
 sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
 fi
 echo -e "\e[32;1mSElinux already disabled,Restart to take effect\e[0m"
}
#3
disbale_firewall () {
 systemctl disable --now firewalld &> /dev/null
 echo -e "\e[32;1mFirewall already disabled\e[0m"
}
#4
set_ps1 () {
 if [[ $OS == CentOS* ]];then
 echo "PS1='\[\e[1;36m\][\u@\h \W]\\$ \[\e[0m\]'" >> /etc/profile.d/env.sh
 . /etc/profile.d/env.sh
 elif [[ $OS == Ubuntu* ]];then
 echo 'PS1="\[\e[1;32m\][${debian_chroot:+($debian_chroot)}\u@\h \w]\\$ \[\e[0m\]"' >> .bashrc
 . .bashrc
 fi
 echo -e "\e[32;1mPS1 already modify,Please login again\e[0m"
}
#5
set_default_text_editor_vim () {
 echo "export EDITOR=vim" >> /etc/profile.d/env.sh
 . /etc/profile.d/env.sh
 echo -e "\e[32;1mdefault_text_editor already modify vim,Please login again\e[0m"
}
#6
set_vim () {
cat > ~/.vimrc <<EOF
set ts=4
set expandtab
set ignorecase
set cursorline
set autoindent
autocmd BufNewFile *.sh exec ":call SetTitle()"
func SetTitle()
 if expand("%:e")=='sh'
 call setline(1,"#!/bin/bash")
 call setline(2,"#")
 call setline(3,"#**************************************************")
 call setline(4,"#Author: Xan_Yum")
 call setline(5,"#QQ: 7993167")
 call setline(6,"#Email: waluna@qq.com")
 call setline(7,"#Version: 1.0")
 call setline(8,"#Date: ".strftime("%Y-%m-%d"))
 call setline(9,"#FileName: ".expand("%"))
 call setline(10,"#Description: The test script")
 call setline(11,"#URL: https://blog.waluna.top")
 call setline(12,"#Copyroght (C): ".strftime("%Y")." ALL rights reserved")
 call setline(13,"#**************************************************")
 endif
endfunc
autocmd BufNewFile * normal G
EOF
 echo -e "\e[32;1mVim already modify\e[0m"
}
#7
set_history () {
 echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile.d/env.sh
 echo -e "\e[32;1mHistory modify\e[0m"
}
#8
modify_kernel_parameters () {
 mv /etc/sysctl.conf{,.bak}
cat > /etc/sysctl.conf <<EOF
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
# 表示是否打开TCP同步标签（syncookie），内核必须打开了CONFIG_SYN_COOKIES项进行编译，同步标签可以防止一个套接字在有过多试图连接到达时引起过载。 
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
# net.bridge.bridge-nf-call-arptables：是否在arptables的FORWARD中过滤网桥的ARP包
# net.bridge.bridge-nf-call-ip6tables：是否在ip6tables链中过滤IPv6包
# net.bridge.bridge-nf-call-iptables：是否在iptables链中过滤IPv4包
# net.bridge.bridge-nf-filter-vlan-tagged：是否在iptables/arptables中过滤打了vlan标签的包
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
EOF
 echo -e "\e[32;1mKernel parameters modify complete\e[0m"
}
#9
modify_resource_limits () {
cat >> /etc/security/limits.conf <<EOF
* - core unlimited
* - nproc 1000000
* - nofile 1000000
* - memlock 32000
* - msgqueue 8192000
root - core unlimited
root - nproc 1000000
root - nofile 1000000
root - memlock 32000
root - msgqueue 8192000
EOF
 echo -e "\e[32;1mResource limits modify complete\e[0m"
}
#10
set_software_source () {
 if [[ $OS == CentOS-Linux-7* ]];then
 mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
 curl -o /etc/yum.repos.d/Centos-7.repo https://mirrors.aliyun.com/repo/Centos-7.repo
 curl -o /etc/yum.repos.d/epel-7.repo https://mirrors.aliyun.com/repo/epel-7.repo
 yum clean all && yum makecache
 elif [[ $OS == CentOS-Linux-8* ]];then
 mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
 curl -o /etc/yum.repos.d/Centos-8.repo https://mirrors.aliyun.com/repo/Centos-8.repo
 yum clean all && yum makecache
 yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
 sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
 sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
 elif [[ $OS == Ubuntu-18.04* ]];then
 mkdir /etc/apt/backup && mv /etc/apt/sources.list /etc/apt/backup
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
 rm -f /var/lib/apt/lists/lock && apt update
 fi
 echo -e "\e[32;1mSoftware source set complete\e[0m"
}
#11
install_package () {
 if [[ $OS == CentOS-Linux-7* ]];then
 yum install bash-completion vim-enhanced tree psmisc wget bc iotop gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools lrzsz ntpdate telnet lsof tcpdump libevent libevent-devel openssh-server openssh-clients postfix -y
 elif [[ $OS == CentOS-Linux-8* ]];then
 dnf install bash-completion vim-enhanced tree psmisc wget bc iotop gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools lrzsz chrony telnet lsof tcpdump libevent libevent-devel openssh-server openssh-clients postfix -y
 elif [[ $OS == Ubuntu-18.04* ]];then
 apt install make gcc iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree zip unzip openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev iotop libreadline-dev libsystemd-dev -y
 fi
 echo -e "\e[32;1mCommon Package already install\e[0m"
}
#12
set_time_sync () {
 if [[ $OS == CentOS-Linux-7* ]];then
 echo '*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w' >> /var/spool/cron/root
 systemctl restart crond
 elif [[ $OS == CentOS-Linux-8* ]];then
 sed -i.bak '/^pool /c pool time1.aliyun.com iburst' /etc/chrony.conf
 systemctl restart chronyd && systemctl enable chronyd
 echo '*/5 * * * * chronyc -a makestep &> /dev/null && hwclock -w' >> /var/spool/cron/root
 systemctl restart crond
 elif [[ $OS == Ubuntu-18.04* ]];then
 echo '*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w' >> /var/spool/cron/root
 systemctl restart cron
 fi
 echo -e "\e[32;1mTime sync complete\e[0m"
}
#13
set_eth () {
 if [[ $OS == CentOS* ]];then
 sed -i.bak '/GRUB_CMDLINE_LINUX/s#"$# net.ifnames=0"#' /etc/default/grub
 grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null
 elif [[ $OS == Ubuntu-18.04* ]];then
 sed -i.bak '/GRUB_CMDLINE_LINUX/s#"$#net.ifnames=0"#' /etc/default/grub
 grub-mkconfig -o /boot/grub/grub.cfg &> /dev/null
 fi
 
 echo -e "\e[32;1mNetname already modify,Restart to take effect\e[0m"
}
set_eth0 () {
 if [[ $OS == Ubuntu-18.04* ]];then
 mv /etc/netplan/01-netcfg.yaml{,.bak}
cat > /etc/netplan/01-netcfg.yaml <<EOF
network:
 version: 2
 renderer: networkd
 ethernets:
 eth0:
 dhcp4: no
 addresses: [10.0.0.9/24]
 gateway4: 10.0.0.2
 nameservers:
 addresses: [223.5.5.5,114.114.114.114]
EOF
 fi
 echo -e "\e[32;1mIP already set\e[0m"
}
#14
set_ip () {
 if [[ $OS == CentOS-Linux-8* ]];then
 mv /etc/sysconfig/network-scripts/ifcfg-ens160{,.bak}
 read -p "Please input IP: " IP
 read -p "Please input Prefix: " PREFIX
 read -p "Please input Gateway: " GATEWAY
 read -p "Please input DNS1: " DNS1
 read -p "Please input DNS2: " DNS2
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
NAME=eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=$IP
PREFIX=$PREFIX
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
 elif [[ $OS == CentOS-Linux-7* ]];then
 mv /etc/sysconfig/network-scripts/ifcfg-ens33{,.bak}
 read -p "Please input IP: " IP
 read -p "Please input Prefix: " PREFIX
 read -p "Please input Gateway: " GATEWAY
 read -p "Please input DNS1: " DNS1
 read -p "Please input DNS2: " DNS2
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
NAME=eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=$IP
PREFIX=$PREFIX
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
 elif [[ $OS == Ubuntu-18.04* ]];then
 mv /etc/netplan/01-netcfg.yaml{,.bak}
 read -p "Please input IP/PREFIX: " IP_MASK
 read -p "Please input Gateway: " GATEWAY
 read -p "Please input DNS: " DNS
cat > /etc/netplan/01-netcfg.yaml <<EOF
network:
 version: 2
 renderer: networkd
 ethernets:
 eth0:
 dhcp4: no
 addresses: [$IP_MASK]
 gateway4: $GATEWAY
 nameservers:
 addresses: [$DNS]
EOF
 fi
 echo -e "\e[32;1mIP already set\e[0m"
}
echo -en "\e[32;1m"
cat <<EOF
This script applies to centos7 centos8 ubuntu1804!!!
Please select: 
1)Perimtrootlogin
2)Disable SElinux
3)Disable Firewall
4)Modify PS1
5)Set default text editor
6)Modify vim
7)Set History
8)Modify kernel parameters
9)Modify resource limits
10)set_software_source
11)Install Common Package
12)Set Time Sync
13)Modify NetName
14)Set IP
15)All realized
EOF
echo -en '\e[0m'
read -p "Please input number 1-15: " MENU
case $MENU in
1)
 set_ssh
 ;;
2)
 disable_selinux
 ;;
3)
 disbale_firewall
 ;;
4)
 set_ps1
 ;;
5)
 set_default_text_editor_vim
 ;;
6)
 set_vim
 ;;
7)
 set_history
 ;;
8)
 modify_kernel_parameters
 ;;
9)
 modify_resource_limits
 ;;
10)
 set_software_source
 ;;
11)
 install_package
 ;;
12)
 set_time_sync
 ;;
13)
 set_eth
 set_eth0
 ;;
14)
 set_ip
 ;;
15)
 #set_ssh
 disable_selinux
 disbale_firewall
 set_ps1
 set_default_text_editor_vim
 set_vim
 set_history
 modify_kernel_parameters
 modify_resource_limits
 set_software_source
 install_package
 set_time_sync
 set_eth
 set_eth0
 #set_ip
 echo -e "\e[32;1mAll done\e[0m"
 ;;
*)
 echo -e "\e[32;1mINPUY FLASE!\e[0m"
 ;;
esac

关于我
全网可搜《阿贤Linux》
CSDN、知乎、哔哩哔哩、博客园、51CTO、开源中国、掘金、思否、阿里云、腾讯云、华为云、今日头条、GitHub、个人博客
公众号：阿贤Linux
个人博客：blog.waluna.top
https://blog.waluna.top/

原文链接: 最小化安装系统初始化脚本.