# 服务器脚本
一键式脚本
```
#!/bin/bash
#修改hostname
#echo "ip hostname">>/etc/hosts
groupadd hadoop
useradd -g hadoop -s /bin/bash -d /home/hadoop hadoop
#修改密码--password
#echo "Hadoop!@#123" | passwd root --stdin > /dev/null 2>&1
echo "Hadoop!@#123" | passwd dzjf --stdin > /dev/null 2>&1
#usermod -G wheel dzjf
systemctl stop firewalld
systemctl disable firewalld
#系统优化
#修改打开文件数和进程数
echo "* soft nproc 65535" >> /etc/security/limits.conf
echo "* hard nproc 65535" >> /etc/security/limits.conf
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
#系统内核参数优化
echo "net.ipv4.tcp_mem =524288 699050 1048576">>/etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 4096 16384 4194304">>/etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 16384 4194304">>/etc/sysctl.conf
echo "net.ipv4.tcp_retries2 = 10">>/etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 3">>/etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 262144">>/etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 0">>/etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 15">>/etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 10000 65535">>/etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 65535">>/etc/sysctl.conf
echo "net.core.somaxconn = 65535">>/etc/sysctl.conf
echo "net.core.netdev_max_backlog = 200000">>/etc/sysctl.conf
sysctl -p
#修改java.security,解决应用服务器连接数据库慢的问题
sed -i "s/dev\/urandom/dev\/.\/urandom/g" `grep 'dev/urandom' -rl /usr/lib/jvm`
#sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
export PATH=$PATH:/usr/local/openssl2/bin
export TMOUT=600
echo "export JAVA_HOME=/opt/jdk1.8.0_181" >> /etc/profile
echo "export CLASSPATH=.:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib/tools.jar" >> /etc/profile
echo "export PATH=\$JAVA_HOME/bin:\$PATH" >> /etc/profile
echo "ulimit -u 65535 -n 65535" >> /etc/profile
source /etc/profile
#sudo权限设置
#touch /var/log/sudo.log
#echo "Cmnd_Alias GLY_CMD =ALL,!/usr/bin/passwd *,!/usr/sbin/visudo,/bin/vim /var/log/sudo.log,/bin/vi /var/log/sudo.log">>/etc/sudoers
#echo "zfcgyw ALL=(root) NOPASSWD:GLY_CMD ">>/etc/sudoers
#日志审计
echo "Defaults logfile=/var/log/sudo.log">>/etc/sudoers
##----锁定无用账号--启用账号passwd -u
egrep "^lp:|^sync:|^halt:|^news:|^uucp:|^operator:|^games:|^gopher:|^smmsp:|^nfsnobody:|^nobody:" /etc/passwd|awk -F: '($7!~/bin\/false/) {print $1":"$7}' > log
cat log | awk -F ":" '{print $1}' >log1
doCommand1()
{
accs1=`sed -n '/^[^#]/p' log1`
for acc1 in $accs1
do
echo ""
echo zhanghao $acc1
passwd -l $acc1
done
return 0
}
doCommand1
##------
egrep "^lp:|^sync:|^halt:|^news:|^uucp:|^operator:|^games:|^gopher:|^smmsp:|^nfsnobody:|^nobody:" /etc/shadow|awk -F: '($2!~/^*/) && ($2!~/^!!/) {print $1":"}' > log
cat log | awk -F ":" '{print $1}' >log1
doCommand2()
{
accs2=`sed -n '/^[^#]/p' log1`
for acc2 in $accs2
do
echo ""
echo zhanghao $acc2
passwd -l $acc2
done
return 0
}
doCommand2
##----
#修改ssh登录方式
#禁止root登录
#echo "PermitRootLogin no" >>/etc/ssh/sshd_config
#禁止密码为空
echo "PermitEmptyPasswords no" >>/etc/ssh/sshd_config
#ssh端口修改为50022
#echo "Port 60022" >>/etc/ssh/sshd_config
#sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config
#sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
systemctl restart sshd
#密码使用时间99天
#sed -i "s/PASS_MAX_DAYS/PASS_MAX_DAYS 99 #/g" /etc/login.defs
#sed -i "s/PASS_MAX_DAYS/#PASS_MAX_DAYS/g" /etc/login.defs
#echo "PASS_MAX_DAYS 99" >>/etc/login.defs
#密码长度至少为6
#sed -i "s/PASS_MIN_LEN/PASS_MIN_LEN 6 #/g" /etc/login.defs
#sed -i "s/PASS_MIN_LEN/#PASS_MIN_LEN/g" /etc/login.defs
#echo "PASS_MIN_LEN 6" >>/etc/login.defs
#sed -i "/pam_pwquality.so/i\password requisite pam_cracklib.so retry=5 difok=3 minlen=7 ucredit=-1 lcredit=-1 dcredit=-1 dictpath=/usr/share/cracklib/pw_dict" /etc/pam.d/system-auth
#echo "auth required pam_tally.so deny=5 unlock_time=600 " >>/etc/pam.d/system-auth
#echo "account required pam_tally.so" >>/etc/pam.d/system-auth
#密码最多尝试5次,修改的密码跟旧密码至少3个字符不同,长度至少7位,至少一个大写字母,一个小写字母,一个数字
#防火墙设置
#setenforce 0
#sed -i 7s/enforcing/disabled/ /etc/selinux/config
#这个文件只能增加数据,不能删减或删除
#chattr +a /var/log/sudo.log
#chattr +a /var/log/messages
#设置自动退出终端,防止非法关闭ssh客户端造成登录进程过多,可以设置大一些,单位为秒
echo "export TMOUT=600">> /etc/profile
#echo "export TMOUT">> /etc/profile
#export LANG="zh_CN.UTF-8">> /etc/profile
source /etc/profile
```
- 服务工具
- Go编程
- 开始
- 入门
- Java编程
- Spring编程
- SpringBoot编程
- SpringCloud编程
- 服务组件
- 环境浏览
- 版本查看
- 新建用户和用户组
- 初始化脚本
- 通用组件
- 安装Zookeeper
- 安装Jdk
- 安装Go
- 安装Nginx
- 安装Git
- 安装Maven
- 安装RabbitMQ
- 安装Node
- 容器部署
- 安装Docker
- 安装DockerCompose
- 安装Redis
- 安装Jenkins
- 安装Zookeeper
- 安装zentao
- 数据库搭建
- 安装MySQL
- 安装Oracle
- OSS存储搭建
- 安装MinIO
- 私服存储搭建
- 安装Gogs
- 安装Gitlab
- 安装Harbor
- 服务中心
- 高可用
- 配置中心高可用
- eureka注册中心高可用
- consul注册中心高可用
- nacos注册中心高可用
- 服务应用
- 微服务
- 单体服务
- 微信小程序
- 服务助手
- 比对工具
- 快速查询工具
- Postman工具
- 代码生成工具
- 数据库设计生成工具
- 服务生产
- 前端部署
- 后端部署
- 服务监控
- 链路监控
- Zipkin
- Pinpoint
- Skywarking
- ELK日志收集
- 服务企业
- 分表分库
- 任务调度
- XXL-JOB
- 缓存管理
- 文件系统
- 七牛云
- 阿里云
- Fastdfs
- MinIO
- MongoDB
- 聚合文档
- 灰度发布