这个是Ubuntu18.04系统的优化脚本
#!/bin/bash system_check(){ SYSVER=`cat /etc/issue | awk '{print $1}'` while [ $SYSVER != Ubuntu ];do echo "---------ERROR:Please confirm whether it is a Ubuntu system!!!------------" break done } user_check(){ if [ $(id -u) != 0 ];then echo "-------------ERROT:Please use root to execute the script!!!---------------" sudo su - fi } apt_install(){ apt update && apt upgrade apt install gcc g++ make vim wget curl net-tools lrzsz openssh-server ntpdate curl -y if [ $? != 0 ];then exit echo "--------------Apt installation error!!!---------------" fi apt clean && apt autoremove } crontab(){ DATE=`date +"%Z %z"` if [ "$DATE" != "CST +0800" ];then tzselect dpkg-reconfigure tzdata cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime fi find / -name "cron.log" if [ $? != 0 ];then sed -i "s/#cron.*/cron.*/g" /etc/rsyslog.d/50-default.conf systemctl restart cron systemctl restart rsyslog fi echo "0 0 * * * /usr/sbin/ntpdate 0.asia.pool.ntp.org" >>/var/spool/cron/crontabs/root hwclock --systohc } echo 'export HISTTIMEFORMAT="%F `whoami` "'>>/etc/profile echo TMOUT=3600 >> /etc/profile . /etc/profile echo DefaultLimitNOFILE=65535 >> /etc/systemd/user.conf cat >> /etc/security/limits.conf << END soft nofile 32768 hard nofile 65536 END #sudo chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow #chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow jdk_install(){ java -version JDK=jdk-8u91-linux-x64.tar.gz if [ ! -f $JDK ];then echo "----------------------------Please confirm that the MYSQLfile exists!!!----------------------------" exit else tar zxf jdk-8u91-linux-x64.tar.gz mv jdk1.8.0_91/ /usr/local/java cat >> /etc/profile << END export JAVA_HOME=/usr/local/java export PATH=$PATH:$JAVA_HOME/bin END source /etc/profile java -version if [ $? != 0 ];then echo "----------------------" fi } alter_ssh(){ SSHFile="/etc/ssh/sshd_config" if [ ! -x "$SSHFile" ];then read -p "Please enter new user name:" username useradd -r -m -s /bin/bash $username passwd $username chmod u+w /etc/sudoers echo "$username ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers cd /home/$username mkdir -p .ssh/ chown $username:$username .ssh/ touch .ssh/authorized_keys chown $username:$username .ssh/authorized_key cd - # 下面的这部分是密钥,需要自己准备一对密钥,公钥放在这个文件内 echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2/pjYzP7iH8P6I4x65vfSBMvuYVcgWDrb4G13SDiXG3a0GYUa8ZfcMiD6OND2/l+WuL0OJa1mFgBwweM/kNjdOOGUz/ELMJjh1PvJPVAPOM8XoSAuGHBwoiieclc9XfXAt3bZydijfOAX9bl9GX7HMLkroOE3VIJ3mrXMX1txD4Ihg5CyvsFCB6sf7Sfg67We8D5RWwOb7AyJeWhkpVA+wOlyflemON2L3VrEuxnNYOty1jbed9xpotPBOb+I23xHkMKvfSkU+UwMCoYtdnc94r5lnTLhzILJ41xXX4Y49qs6v5Avj3PEH4HJuoleAFCLWBz96dfj9Li9z2yVtgYQ==" >>/home/$username/.ssh/authorized_keys chmod 0600 /home/$username/.ssh/authorized_keys chmod 755 /home/$username/.ssh sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config #sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config sed -i 's/PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#Port 22/Port 3600/g' /etc/ssh/sshd_config bash -c "echo AllowUsers $username>> /etc/ssh/sshd_config" #echo DenyUsers $username>> /etc/ssh/sshd_config /etc/init.d/ssh restart netstat -anpt | grep 3600 if [ $? = 1 ];then echo "-----------SSH startup fail-----------" fi fi } system_check user_check apt_install #jdk_install crontab alter_ssh #reboot新手一枚,请多多指教。
