xc_sysinit.sh

#!/bin/bash
# ---------------------------------------------
# File Name   : sys.sh
# Author      : qiao
# Mail        : 181864031@qq.com
# Date        : 2024-10-21
# Description : wps系统基础优化
# ---------------------------------------------

#set -e


function user_wps (){


USER=${1:-wps}
PASSWORD=${2:-'Ki'}



#while true; do
read -p "请输入部署用户,默认 '${USER}':" user_input

if [[ -z "$user_input" ]]; then
   echo ${USER}
else
#if [[  "$user_input" !=  "${USER}" ]]; then
    USER=${user_input}
fi

#done
echo "部署用户为 $USER"
echo "================"
echo "检查用户是否存在"
    id "${USER}"
    if [[ $? = 0 ]]  ;then
      echo "user(${USER}) already exist; safety exit "
      # 慎重执行删除操作: userdel -r ${USER}
      exit 0
    fi
#查看是否有expct命令
    command -v expect &> /dev/null 
    if  [[ $? != 0 ]];then
    echo "expect not exist; install expect"
    yum install expect -y
    fi
# 添加用户
useradd -d /home/"${USER}" "${USER}"

# 添加密码
expect << EOF
spawn passwd ${USER}
expect "新的 密码:"
send "${PASSWORD}\r"
expect "重新输入新的 密码:"
send "${PASSWORD}\r"
expect eof;
EOF
# 设置${USER}用户权限
    cp /etc/sudoers /etc/sudoers_create_user
    sed -i "/^${USER} /d" /etc/sudoers
    echo "${USER}     ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers

}
function modify_env() {
#关闭防火墙和selinux
    setenforce  0
    sed -ri 's/SELINUX=enforcing/SELINUX=disabled/'  /etc/selinux/config

    echo "selinux关闭成功"

    systemctl status  firewalld.service >/dev/null   && echo "firewalld 服务存在,正在关闭" && systemctl disable --now  firewalld.service   ||  echo "firewalld 服务未启动"
#关闭9090端口
    systemctl status  cockpit.socket  >/dev/null   && echo "cockpit.socket 服务存在,正在关闭" && systemctl stop cockpit.socket    ||  echo "cockpit.socket 服务未启动"

#关闭swap
    swapoff -a
    sed -ri 's/.*swap.*/#&/' /etc/fstab
#系统内核参数
    sed -i '/^DefaultLimitNOFILE=/d' /etc/systemd/system.conf
    echo "DefaultLimitNOFILE=65535"  >> /etc/systemd/system.conf
    sed -i '/^dns=none$/d' /etc/NetworkManager/NetworkManager.conf
    sed -i '/^\[main\]$/a\dns=none' /etc/NetworkManager/NetworkManager.conf


    modprobe br_netfilter
    sed -i '/^vm.max_map_count/d'    /etc/sysctl.conf
    sed -i '/^vm.swappiness/d'       /etc/sysctl.conf
    sed -i '/^net.ipv4.ip_local_port_range/d'        /etc/sysctl.conf
    sed -i '/^net.ipv4.ip_forward/d'                 /etc/sysctl.conf
    sed -i '/^net.bridge.bridge-nf-call-iptables/d'  /etc/sysctl.conf
    sed -i '/^net.bridge.bridge-nf-call-ip6tables/d' /etc/sysctl.conf
    sed -i '/^net.bridge.bridge-nf-call-arptables/d' /etc/sysctl.conf
    sed -i '/^fs.inotify.max_user_watches/d'         /etc/sysctl.conf
    sed -i '/^fs.inotify.max_user_instances/d'       /etc/sysctl.conf
    sed -i '/^fs.file-max/d'       /etc/sysctl.conf
    sed -i '/^fs.protected_regular' /etc/sysctl.conf
cat >> /etc/sysctl.conf <<SYS
vm.max_map_count=655360
vm.swappiness = 0
net.ipv4.ip_local_port_range=32768 64999
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 1
fs.inotify.max_user_watches = 1048576
fs.inotify.max_user_instances = 1024
fs.file-max=65535
fs.protected_regular = 0
SYS
sysctl -p

ulimit -HSn 65536
ulimit -c unlimited

sed -i '/^\* soft nofile 65535/d'     /etc/security/limits.conf
sed -i '/^\* hard nofile 65535/d'     /etc/security/limits.conf
sed -i '/^\* soft nproc 65535/d'     /etc/security/limits.conf
sed -i '/^\* hard nproc 65535/d'     /etc/security/limits.conf
cat >> /etc/security/limits.conf <<LIM
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
LIM
#去掉ipv6本地回环
sed -i 's/^::1.*localhost /::1\t/g' /etc/hosts
}
function main() {
    user_wps  wps
    modify_env
}
main
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容