标签：bin 初始化 shell 1net tcp etc ipv4 half usr

#!/bin/bash
# Used for other system-environment update!

echo -e '\n\033[35m~~请使用root权限运行此脚本~~\033[0m\n'
read -n 1 -p "Sure?(y/n):" sure
echo
if [ $sure == 'y' ]
then
echo -e '\n\033[32mcontinue......\033[0m\n'
else
exit 126
fi
echo -e "\033[34m[请输入nginx配置文件所在目录路径]：\033[0m" && read nginx_conf_dir
echo -e "\033[34m[请输入php配置文件所在目录路径]：\033[0m" && read php_conf_dir

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0
for i in {adm,games,lp,operator,systemd-network,dbus,polkitd,halt}
do /usr/sbin/userdel -r $i
done
/usr/sbin/useradd -M www;/usr/sbin/useradd -M ops
openssl rand -base64 8 >/home/ops.pass;openssl rand -base64 8 >/home/www.pass
cat /home/ops.pass | passwd --stdin ops
cat /home/www.pass | passwd --stdin www

mkdir -p /data/{bak,bin,logs,package,soft,store,tmp,upload,www}
echo '
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 62144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
' >>/etc/sysctl.conf
sysctl -p
echo '
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
' >> /etc/security/limits.conf
sed -i 's/env_reset$/env_reset,pwfeedback/g' /etc/sudoers
echo '
ops ALL=(ALL) NOPASSWD: ALL
www ALL=(ALL) NOPASSWD: /bin/whoami,/usr/bin/pwd,!/usr/bin/chattr,!/usr/bin/yum,!/usr/bin/chmod,!/usr/bin/rm
' >> /etc/sudoers
/usr/bin/chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
#args1:是nginx配置文件目录
sed -i 's/^#user nobody;/user www;/g' $nginx_conf_dir
#args2:是php-fpm配置文件目录
sed -i 's/^user = nobody$/user = www/g;s/^group = nobody$/group = www/g' $php_conf_dir

标签：bin,初始化,shell,1net,tcp,etc,ipv4,half,usr
来源： https://www.cnblogs.com/immense/p/11402817.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。