1. #!/bin/sh
    3. . /etc/rc.d/init.d/functions
    4. export LANG=zh_CN.UTF-8
    6. #一级菜单
    7. menu1()
    8. {
    9.         clear
    10.         cat <<EOF
    11. ----------------------------------------
    12. |****   欢迎使用cetnos7.9优化脚本    ****|
    13. |****                               ****|
    14. ----------------------------------------
    15. 1. 一键优化
    16. 2. 自定义优化
    17. 3. 退出
    18. EOF
    19.         read -p "please enter your choice[1-3]:" num1
    20. }
    22. #二级菜单
    23. menu2()
    24. {
    25.  clear
    26.  cat <<EOF
    27. ----------------------------------------
    28. |****Please Enter Your Choice:[0-13]****|
    29. ----------------------------------------
    30. 1. 修改字符集
    31. 2. 关闭selinux
    32. 3. 关闭firewalld
    33. 4. 精简开机启动
    34. 5. 修改文件描述符
    35. 6. 安装常用工具及修改yum
    36. 7. 优化系统内核
    37. 8. 加快ssh登录速度
    38. 9. 禁用ctrl+alt+del重启
    39. 10.设置时间同步
    40. 11.history优化
    41. 12.返回上级菜单
    42. 13.退出
    43. EOF
    44.  read -p "please enter your choice[1-13]:" num2
    46. }
    48. #1.修改字符集
    49. localeset()
    50. {
    51.  echo "========================修改字符集========================="
    52.  cat > /etc/locale.conf <<EOF
    53. LANG="zh_CN.UTF-8"
    54. #LANG="en_US.UTF-8"
    55. SYSFONT="latarcyrheb-sun16"
    56. EOF
    57.  source /etc/locale.conf
    58.  echo "#cat /etc/locale.conf"
    59.  cat /etc/locale.conf
    60.  action "完成修改字符集" /bin/true
    61.  echo "==========================================================="
    62.  sleep 2
    63. }
    65. #2.关闭selinux
    66. selinuxset() 
    67. {
    68.  selinux_status=`grep "SELINUX=disabled" /etc/sysconfig/selinux | wc -l`
    69.  echo "========================禁用SELINUX========================"
    70.  if [ $selinux_status -eq 0 ];then
    71.   sed  -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/sysconfig/selinux
    72.   setenforce 0
    73.   echo '#grep SELINUX=disabled /etc/sysconfig/selinux'
    74.   grep SELINUX=disabled /etc/sysconfig/selinux
    75.   echo '#getenforce'
    76.   getenforce
    77.  else
    78.   echo 'SELINUX已处于关闭状态'
    79.   echo '#grep SELINUX=disabled /etc/sysconfig/selinux'
    80.                 grep SELINUX=disabled /etc/sysconfig/selinux
    81.                 echo '#getenforce'
    82.                 getenforce
    83.  fi
    84.   action "完成禁用SELINUX" /bin/true
    85.  echo "==========================================================="
    86.  sleep 2
    87. }
    89. #3.关闭firewalld
    90. firewalldset()
    91. {
    92.  echo "=======================禁用firewalld========================"
    93.  systemctl stop firewalld.service &> /dev/null
    94.  echo '#firewall-cmd  --state'
    95.  firewall-cmd  --state
    96.  systemctl disable firewalld.service &> /dev/null
    97.  echo '#systemctl list-unit-files | grep firewalld'
    98.  systemctl list-unit-files | grep firewalld
    99.  action "完成禁用firewalld,生产环境下建议启用!" /bin/true
    100.  echo "==========================================================="
    101.  sleep 5
    102. }
    104. #4.精简开机启动
    105. chkset()
    106. {
    107.  echo "=======================精简开机启动========================"
    108.  systemctl disable auditd.service
    109.  systemctl disable postfix.service
    110.  systemctl disable dbus-org.freedesktop.NetworkManager.service
    111.  echo '#systemctl list-unit-files | grep -E "auditd|postfix|dbus-org\.freedesktop\.NetworkManager"'
    112.  systemctl list-unit-files | grep -E "auditd|postfix|dbus-org\.freedesktop\.NetworkManager"
    113.  action "完成精简开机启动" /bin/true
    114.  echo "==========================================================="
    115.  sleep 2
    116. }
    118. #5.修改文件描述符
    119. limitset()
    120. {
    121.  echo "======================修改文件描述符======================="
    122.  echo '* - nofile 65535'>/etc/security/limits.conf
    123.  ulimit -SHn 65535
    124.  echo "#cat /etc/security/limits.conf"
    125.  cat /etc/security/limits.conf
    126.  echo "#ulimit -Sn ; ulimit -Hn"
    127.  ulimit -Sn ; ulimit -Hn
    128.  action "完成修改文件描述符" /bin/true
    129.  echo "==========================================================="
    130.  sleep 2
    131. }
    133. #6.安装常用工具及修改yum源
    134. yumset()
    135. {
    136.  echo "=================安装常用工具及修改yum源==================="
    137.  yum install wget -y &> /dev/null
    138.  if [ $? -eq 0 ];then
    139.   cd /etc/yum.repos.d/
    140.   \cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
    141.   ping -c 1 mirrors.aliyun.com &> /dev/null
    142.   if [ $? -eq 0 ];then
    143.    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
    144.    yum clean all &> /dev/null
    145.    yum makecache &> /dev/null
    146.   else
    147.    echo "无法连接网络"
    148.        exit $?
    149.     fi
    150.  else
    151.   echo "wget安装失败"
    152.   exit $?
    153.  fi
    154.  yum -y install ntpdate lsof net-tools telnet vim lrzsz tree nmap nc sysstat &> /dev/null
    155.  action "完成安装常用工具及修改yum源" /bin/true
    156.  echo "==========================================================="
    157.  sleep 2
    158. }
    160. #7. 优化系统内核
    161. kernelset()
    162. {
    163.  echo "======================优化系统内核========================="
    164.  chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l`
    165.  if [ $chk_nf -eq 0 ];then
    166.   cat >>/etc/sysctl.conf<<EOF
    167. net.ipv4.tcp_fin_timeout = 2
    168. net.ipv4.tcp_tw_reuse = 1
    169. net.ipv4.tcp_tw_recycle = 1
    170. net.ipv4.tcp_syncookies = 1
    171. net.ipv4.tcp_keepalive_time = 600
    172. net.ipv4.ip_local_port_range = 4000 65000
    173. net.ipv4.tcp_max_syn_backlog = 16384
    174. net.ipv4.tcp_max_tw_buckets = 36000
    175. net.ipv4.route.gc_timeout = 100
    176. net.ipv4.tcp_syn_retries = 1
    177. net.ipv4.tcp_synack_retries = 0
    178. net.core.somaxconn = 16384
    179. net.core.netdev_max_backlog = 16384
    180. net.ipv4.tcp_max_orphans = 16384
    181. net.netfilter.nf_conntrack_max = 25000000
    182. net.netfilter.nf_conntrack_tcp_timeout_established = 180
    183. net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
    184. net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
    185. net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
    186. EOF
    187.  sysctl -p
    188.  else
    189.   echo "优化项已存在。"
    190.  fi
    191.  action "内核调优完成" /bin/true
    192.  echo "==========================================================="
    193.  sleep 2
    194. }
    196. #8.加快ssh登录速度
    197. sshset()
    198. {
    199.  echo "======================加快ssh登录速度======================"
    200.  sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
    201.  sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
    202.  systemctl restart sshd.service
    203.  echo "#grep GSSAPIAuthentication /etc/ssh/sshd_config"
    204.  grep GSSAPIAuthentication /etc/ssh/sshd_config
    205.  echo "#grep UseDNS /etc/ssh/sshd_config"
    206.  grep UseDNS /etc/ssh/sshd_config
    207.  action "完成加快ssh登录速度" /bin/true
    208.  echo "==========================================================="
    209.  sleep 2
    210. }
    212. #9. 禁用ctrl+alt+del重启
    213. restartset()
    214. {
    215.  echo "===================禁用ctrl+alt+del重启===================="
    216.  rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
    217.  action "完成禁用ctrl+alt+del重启" /bin/true
    218.  echo "==========================================================="
    219.  sleep 2
    220. }
    222. #10. 设置时间同步
    223. ntpdateset()
    224. {
    225.  echo "=======================设置时间同步========================"
    226.  yum -y install ntpdate &> /dev/null
    227.  if [ $? -eq 0 ];then
    228.   /usr/sbin/ntpdate time.windows.com
    229.   echo "*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com &>/dev/null" >> /var/spool/cron/root
    230.  else
    231.   echo "ntpdate安装失败"
    232.   exit $?
    233.  fi
    234.  action "完成设置时间同步" /bin/true
    235.  echo "==========================================================="
    236.  sleep 2
    237. }
    239. #11. history优化
    240. historyset()
    241. {
    242.  echo "========================history优化========================"
    243.  chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l`
    244.  if [ $chk_his -eq 0 ];then
    245.   cat >> /etc/profile <<'EOF'
    246. #设置history格式
    247. export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: "
    248. #记录shell执行的每一条命令
    249. export PROMPT_COMMAND='\
    250. if [ -z "$OLD_PWD" ];then
    251.     export OLD_PWD=$PWD;
    252. fi;
    253. if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
    254.     logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
    255. fi;
    256. export LAST_CMD="$(history 1)";
    257. export OLD_PWD=$PWD;'
    258. EOF
    259.   source /etc/profile
    260.  else
    261.   echo "优化项已存在。"
    262.  fi
    263.  action "完成history优化" /bin/true
    264.  echo "==========================================================="
    265.  sleep 2
    266. }
    268. #控制函数
    269. main()
    270. {
    271.  menu1
    272.  case $num1 in
    273.   1)
    274.    localeset
    275.    selinuxset
    276.    firewalldset
    277.    chkset
    278.    limitset
    279.    yumset
    280.    kernelset
    281.    sshset
    282.    restartset
    283.    ntpdateset
    284.    historyset
    285.    ;;
    286.   2)
    287.    menu2
    288.    case $num2 in
    289.                   1)
    290.                     localeset
    291.                     ;;
    292.                   2)
    293.                     selinuxset
    294.                     ;;
    295.                   3)
    296.                     firewalldset
    297.                     ;;
    298.                   4)
    299.                     chkset
    300.                     ;;
    301.                   5)
    302.                     limitset
    303.                     ;;
    304.                   6)     
    305.             yumset
    306.                     ;;
    307.                   7)
    308.                     kernelset
    309.                     ;;
    310.                   8)
    311.                     sshset
    312.                     ;;
    313.                   9)
    314.                     restartset
    315.                     ;;
    316.                   10)
    317.                     ntpdateset
    318.                     ;;
    319.     11)
    320.       historyset
    321.       ;;
    322.     12)
    323.       main
    324.       ;;
    325.     13)
    326.       exit
    327.       ;;
    328.     *)
    329.       echo 'Please select a number from [1-13].'
    330.       ;;
    331.    esac
    332.    ;;
    333.   3)
    334.    exit
    335.    ;;
    336.   *)
    337.    echo 'Err:Please select a number from [1-3].'
    338.    sleep 3
    339.    main
    340.    ;;
    341.  esac
    342. }
    343. main $*