Linux 系统相关设置优化shell脚本

56 阅读 0 评论 37 点赞

我是靠谱客的博主单薄外套，最近开发中收集的这篇文章主要介绍Linux 系统相关设置优化shell脚本，觉得挺不错的，现在分享给大家，希望可以做个参考。

概述

#!/bin/bash
:<<!
          此脚本主要是优化系统设置

①、修改sshd端口为非常规端口，此脚本修改为51022，防火墙放行及隐藏ssh版本号。
②、修改selinux 为disable状态。
③、修改Centos7默认文件打开数ulimit -a 查看最大文件打开数，修改为65535或者更多，以避免连接超过1024影响业务。
④、添加阿里云时间同步服务器
⑤、后期继续更新
!
# 脚本参考：https://www.cnblogs.com/hackerer/p/10131698.html
# Defined result function
sshport="51022"
function Msg(){
        if [ $? -eq 0 ];then
             action "$1" /bin/true
        else
             action "$1" /bin/false
        fi
 
}

function openfiles(){
        if [ `grep "nofile 65535" /etc/security/limits.conf|wc -l` -eq 0 ];then
             echo '*  -  nofile  65535' >> /etc/security/limits.conf
			 echo '* soft noproc 65535' >> /etc/security/limits.conf
             echo '* hard noproc 65535' >> /etc/security/limits.conf
             echo '* soft nofile 65535' >> /etc/security/limits.conf
             echo '* hard nofile 65535' >> /etc/security/limits.conf
			 
             #ulimit -SHn 65535
			 echo "文件数修改重启服务器后生效！"
        fi
}

# Defined Close selinux Functions
function selinux(){
    if [ -f "/etc/selinux/config"  ];then 
       sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
         setenforce 0
	else
	   echo "文件不存在！"
    fi
}

# Defined change sshd port
function sshd(){
    sshd_file=/etc/ssh/sshd_config
    if [ `grep ${sshport} $sshd_file|wc -l` -eq 0 ];then
      #sed -ir "13 iPort ${sshport}nPermitRootLogin nonPermitEmptyPasswords nonUseDNS nonGSSAPIAuthentication no" $sshd_file
	  sed -i "13 iPort ${sshport}n" $sshd_file
      #sed -i 's@#ListenAddress 0.0.0.0@ListenAddress '${IP}':52113@g' $sshd_file
	  firewall-cmd --permanent --add-port=${sshport}/tcp
	  firewall-cmd --reload
      systemctl restart sshd
    fi
	hidesshdver
}

# Defined Hide sshd version
function hidesshdver(){
    newver=OpenSSH_7.7
	sshversion=$(strings  /usr/sbin/sshd | grep OpenSSH |awk 'NR==2')
	echo "${sshversion}"
	sed -i "s/${sshversion}/${newver}/g" /usr/sbin/sshd
	# 变量中有_ 特殊符号，引用时使用双引号
	sshversion2=$(strings  /usr/sbin/sshd | grep OpenSSH |awk 'NR==2')
	echo "${sshversion2}"
}

# Defined change chrony server 0 
function uptime(){
   if [ -f "/etc/chrony.conf"  ];then 
     sed -i 's#server 0.centos.pool.ntp.org iburst#server ntp1.aliyun.com iburst#g' /etc/chrony.conf
     systemctl restart chronyd
   else
     echo "文件不存在！"
   fi
}

# Defined main Functions
function main(){
        openfiles
        selinux
		sshd
		uptime
}
 
main

脚本参考：https://www.cnblogs.com/hackerer/p/10131698.html