新安装centos7初始化脚本 - 《运维专栏》

echo "修改IP地址"
# 修改IP地址
sudo sed -i -e"s/BOOTPROTO=dhcp/BOOTPROTO=static/" /etc/sysconfig/network-scripts/ifcfg-ens192
sudo sed -i -e"s/ONBOOT=no/ONBOOT=yes/" /etc/sysconfig/network-scripts/ifcfg-ens192
sudo sed -i -e"16iIPADDR=192.168.72.122\nGATEWAY=192.168.72.254\nDNS1=114.114.114.114\nDNS2=8.8.8.8" /etc/sysconfig/network-scripts/ifcfg-ens192
sudo service network restart
echo "设置免密操作"
#设置免密操作
# 授权可编辑/etc/sudoers 文件
sudo chmod -v u+w /etc/sudoers 
# 在101行添加xcsoft ALL=(ALL) NOPASSWD:ALL
sudo sed -i -e"101ixcsoft ALL=(ALL) NOPASSWD:ALL" /etc/sudoers
# 替换
sudo sed -i -e"s/%wheel\s*ALL=(ALL)\s*ALL/%wheel ALL=(ALL) NOPASSWD:ALL/" /etc/sudoers
# 取消sudoers文件写权限
sudo chmod -v u-w /etc/sudoers
echo "禁root登录"
# 禁root登录
sudo sed -i -e"39iPermitRootLogin no" /etc/ssh/sshd_config
echo "修改ssh端口号"
# 修改ssh端口号
sudo sed -i -e"17iPort 922" /etc/ssh/sshd_config
sudo service sshd restart
echo "配置系统yum源"
# 备份系统旧配置文件
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
# 编辑源
cat >> /etc/yum.repos.d/CentOS-Base.repo << "EOF"
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[os]
name=Qcloud centos os - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
[updates]
name=Qcloud centos updates - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/updates/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
[centosplus]
name=Qcloud centosplus - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/centosplus/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
[cloud]
name=Qcloud centos contrib - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/cloud/$basearch/openstack-kilo/
enabled=0
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
[cr]
name=Qcloud centos cr - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/cr/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
[extras]
name=Qcloud centos extras - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/extras/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
[fasttrack]
name=Qcloud centos fasttrack - $basearch
baseurl=http://mirrors.cloud.tencent.com/centos/$releasever/fasttrack/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://mirrors.cloud.tencent.com/centos/RPM-GPG-KEY-CentOS-7
EOF
sudo yum clean all
sudo yum makecache
sudo yum install -y vim wget
# 安装 epel源
sudo mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
sudo wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
sudo yum clean all
sudo yum makecache
sudo yum update
echo "安装Fail2ban防爆破"
# 安装 Fail2ban
sudo yum install -y fail2ban
# 进入fail2ban目录
cd /etc/fail2ban 
 # 复制一份配置文件
sudo cp fail2ban.conf fail2ban.local 
sudo cp jail.conf jail.local 
vim 
sudo cat >> jail.d/sshd.local << "EOF"
[sshd]
enabled=true
bandtime=1y
findtime=1m
maxretry=5
EOF
sudo service fail2ban restart
sudo systemctl enable fail2ban
echo "修改hostname"
# 修改hostname
sudo sed -i -e"s/\w*/demo/" /etc/hostname