CentOS 7 系统优化脚本

#!/bin/bash
##############################################################
# File Name: youhua.sh
# Update: 2023-07-14 16:00:00
# Author: wanhebin
# Organization: www.wanhebin.com
##############################################################

#引用系统函数库
[ -f /etc/init.d/functions ] && source /etc/init.d/functions 

#定义函数
##############################################################
#关闭防火墙、Selinux
stop_secure(){
    #关闭防火墙
    systemctl disable firewalld &>/dev/null
    systemctl stop firewalld &>/dev/null
    [ $? -eq 0 ] && action "防火墙关闭成功！" /bin/true || action "防火墙关闭失败！" /bin/false
    #关闭Selinux
    sed -i 's#^SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config
    setenforce 0 &>/dev/null

}

#更新yum源
update_repo(){

    #定义函数
    repo(){
        #更新CentOS源
        curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-${Version}.repo &>/dev/null  
        [ $? -eq 0 ] && action "CentOS-Base源更新成功！" /bin/true || action "CentOS-Base源更新失败！" /bin/false
        #跟新epel源
        curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-${Version}.repo &>/dev/null
        [ $? -eq 0 ] && action "epel源更新成功！" /bin/true || action "epel源更新失败！" /bin/false
    }
    #获取当前系统的版本号
    local Version=$(awk -F'[ .]' '{print $4}' /etc/centos-release)
    #根据系统版本跟新yum源
    if [ $Version -eq 7 ];then
        repo
        [ $? -eq 0 ] && action "yum仓库更新完毕！" /bin/true
    elif [ $Version -eq 6 ];then
        repo
        [ $? -eq 0 ] && action "yum仓库更新完毕！" /bin/true
    elif [ $Version -eq 8 ];then
        repo
        [ $? -eq 0 ] && action "yum仓库更新完毕！" /bin/true
    else
        action "暂不支持当前系统的更新！" /bin/false
    fi
}

#安装常用系统软件
install_base(){
    yum -y install htop iftop iotop sshpass tree expect wget nmap screen psmisc sysstat lrzsz telnet tcpdump bash-completion bash-completion-extras vim lsof net-tools rsync ntpdate nfs-utils jq  &> /dev/null
    [ $? -eq 0 ] && action "安装成功！" /bin/true || action "安装失败！" /bin/false
}

#同步系统时间
ntpdate_aly(){
    #安装ntpdate
    yum -y install ntpdate &> /dev/null
    #同步系统时间
    ntpdate -u ntp.aliyun.com &> /dev/null
    [ $? -eq 0 ] && action "时间同步成功！" /bin/true || action "时间同步失败！" /bin/false
    #定时任务同步时间
    echo -e "# 同步阿里云时间\n* * */1 * * /usr/sbin/ntpdate -u ntp.aliyun.com &>/dev/null" >> /var/spool/cron/root
}

#关闭NetworkManager
stop_nm(){
    systemctl  disable   NetworkManager
    systemctl  stop  NetworkManager
    [ $? -eq 0 ] && action "关闭NetworkManager成功！" /bin/true || action "关闭NetworkManager失败！" /bin/false
}

#加大文件描述符数量 
update_limits(){
    echo -e "* soft nofile 100001\n* hard nofile 100002\nroot soft nofile 100001\nroot hard nofile 100002\n* soft memlock unlimited\n* hard memlock unlimited" >> /etc/security/limits.conf 
    [ $? -eq 0 ] && action "文件句柄修改成功！" /bin/true || action "文件句柄修改失败！" /bin/false
}

#优化SSH服务
update_ssh(){
    #禁止DNS反向解析
    sed -i 's#^\#UseDNS.*#UseDNS no#g' /etc/ssh/sshd_config &>/dev/null
    #禁止GSS认证，优化连接速度
    sed -i  's#^GSSAPIA.*#GSSAPIAuthentication no#g'  /etc/ssh/sshd_config &>/dev/null
    #重启sshd服务
    systemctl restart sshd 
    [ $? -eq 0 ] && action "SSH优化成功！" /bin/true || action "SSH服务优化失败！" /bin/false
}

#内核优化
update_kernal(){
cat >>/etc/sysctl.conf<<EOF
net.ipv4.ip_forward = 1
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
[ $? -eq 0 ] && action "内核优化成功！" /bin/true || action "内核优化失败！" /bin/false
}

#别名及环境变量优化
set_env(){
cat>>/etc/profile.d/color.sh<<"EOF"
alias ll='ls -l --color=auto --time-style=long-iso'
PS1="\[\e[37;40m\][\[\e[32;1m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\[\e[32;1m\]\\$ \[\e[0m\]"
export HISTTIMEFORMAT='%F-%T '
EOF
[ $? -eq 0 ] && action "别名及环境变量优化成功！" /bin/true || action "别名及环境变量优化失败！" /bin/false
}

#修改主机名和ip地址的脚本
set_ip(){
cat>/root/hostname_ip.sh<<"EOF"
#!/usr/bin/sh
[ -f /etc/init.d/functions ] && source /etc/init.d/functions
if [ $# -ne 2 ];then
    echo "/bin/sh $0 New hostname New IP address"
    exit 1
fi
hostnamectl set-hostname $1
if [ $? -eq 0 ];then
    action "hostname update Successfull." /bin/true
else
    action "hostname update Failed." /bin/false
fi
sed -ri "/^IPA/s#(.*\.).*#\1$2#g" /etc/sysconfig/network-scripts/ifcfg-eth[01]
if [ $? -eq 0 ];then
action "IP update Successfull." /bin/true
    systemctl restart network
else
    action "IP update Failed！" /bin/false
fi
bash
EOF
[ $? -eq 0 ] && action "主机名及IP地址修改脚本编写成功！" /bin/true || action "主机名及IP地址修改脚本编写失败！" /bin/false
}

##############################################################

#定义菜单函数
menu(){
cat<<EOF
+-------------------------------------------------------+
|   1.关闭防火墙、Selinux       6.加大文件句柄数        |
|   2.更新系统yum仓库           7.优化SSH服务           |
|   3.安装常用系统软件          8.优化内核              |
|   4.同步系统时间              9.别名及环境变量优化    |
|   5.关闭NetworkManager        10.修改IP及主机名脚本   |
|                   0.退出脚本                          |
+-------------------------------------------------------+
EOF
}

#判断当前用户是否为超级管理员
if [ $USER != "root" -o $UID -ne 0 ];then
    echo "您不是超级管理员，没有权限执行该${0}脚本！"
    exit
fi

#打印菜单
menu

##提示用户输入优化编号
#read -p "请输入您要优化项目的编号：" Num
##判断是否为数字
#if [[ ! $Num =~ ^[0-9]+$ ]];then
#    echo "您的输入不符合要求！"
#    exit
#fi

while true
do
    #提示用户输入优化编号
    read -p "请输入您要优化项目的编号：" Num
    #判断是否为数字
    if [[ ! $Num =~ ^[0-9]+$ ]];then
        echo "您的输入不符合要求！"
        exit
    fi
    #case语句
    case $Num in
        1)
            echo "开始关闭防火墙和Selinux......"
            stop_secure
            echo "------------------------------------------------------------------"
            ;;
        2)
            echo "开始更新yum仓库......"
            update_repo
            echo "------------------------------------------------------------------"
            ;;
        3)
            echo "开始安装常用系统软件......"
            install_base
            echo "------------------------------------------------------------------"
            ;;
        4)
            echo "开始同步系统时间......"
            ntpdate_aly
            echo "------------------------------------------------------------------"
            ;;
        5)  
            echo "开始关闭NetworkManager......"
            stop_nm
            echo "------------------------------------------------------------------"
            ;;
        6)
            echo "开始修增加文件句柄数......"
            update_limits
            echo "------------------------------------------------------------------"
            ;;
        7)
            echo "开始优化SSH服务......"
            update_ssh
            echo "------------------------------------------------------------------"
            ;;
        8)
            echo "开始进行内核优化......"
            update_kernal
            echo "------------------------------------------------------------------"
            ;;
        9)
            echo "开始优化别名及环境变量......"
            set_env
            echo "------------------------------------------------------------------"
            ;;
        10)
            echo "修改主机名和ip地址的脚本......"
            set_ip
            echo "------------------------------------------------------------------"
            ;;
        0)
            echo "正在为您退出脚本..."
            exit
            ;;
        *)
            echo "没有此优化项目，请重新选择！"
            continue
            echo "------------------------------------------------------------------"
    esac
done