#!/bin/bash
# ---------------------------------------------
# File Name : sys.sh
# Author : qiao
# Mail : 181864031@qq.com
# Date : 2024-10-21
# Description : wps系统基础优化
# ---------------------------------------------
#set -e
function user_wps (){
USER=${1:-wps}
PASSWORD=${2:-'Ki'}
#while true; do
read -p "请输入部署用户,默认 '${USER}':" user_input
if [[ -z "$user_input" ]]; then
echo ${USER}
else
#if [[ "$user_input" != "${USER}" ]]; then
USER=${user_input}
fi
#done
echo "部署用户为 $USER"
echo "================"
echo "检查用户是否存在"
id "${USER}"
if [[ $? = 0 ]] ;then
echo "user(${USER}) already exist; safety exit "
# 慎重执行删除操作: userdel -r ${USER}
exit 0
fi
#查看是否有expct命令
command -v expect &> /dev/null
if [[ $? != 0 ]];then
echo "expect not exist; install expect"
yum install expect -y
fi
# 添加用户
useradd -d /home/"${USER}" "${USER}"
# 添加密码
expect << EOF
spawn passwd ${USER}
expect "新的 密码:"
send "${PASSWORD}\r"
expect "重新输入新的 密码:"
send "${PASSWORD}\r"
expect eof;
EOF
# 设置${USER}用户权限
cp /etc/sudoers /etc/sudoers_create_user
sed -i "/^${USER} /d" /etc/sudoers
echo "${USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
}
function modify_env() {
#关闭防火墙和selinux
setenforce 0
sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
echo "selinux关闭成功"
systemctl status firewalld.service >/dev/null && echo "firewalld 服务存在,正在关闭" && systemctl disable --now firewalld.service || echo "firewalld 服务未启动"
#关闭9090端口
systemctl status cockpit.socket >/dev/null && echo "cockpit.socket 服务存在,正在关闭" && systemctl stop cockpit.socket || echo "cockpit.socket 服务未启动"
#关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#系统内核参数
sed -i '/^DefaultLimitNOFILE=/d' /etc/systemd/system.conf
echo "DefaultLimitNOFILE=65535" >> /etc/systemd/system.conf
sed -i '/^dns=none$/d' /etc/NetworkManager/NetworkManager.conf
sed -i '/^\[main\]$/a\dns=none' /etc/NetworkManager/NetworkManager.conf
modprobe br_netfilter
sed -i '/^vm.max_map_count/d' /etc/sysctl.conf
sed -i '/^vm.swappiness/d' /etc/sysctl.conf
sed -i '/^net.ipv4.ip_local_port_range/d' /etc/sysctl.conf
sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf
sed -i '/^net.bridge.bridge-nf-call-iptables/d' /etc/sysctl.conf
sed -i '/^net.bridge.bridge-nf-call-ip6tables/d' /etc/sysctl.conf
sed -i '/^net.bridge.bridge-nf-call-arptables/d' /etc/sysctl.conf
sed -i '/^fs.inotify.max_user_watches/d' /etc/sysctl.conf
sed -i '/^fs.inotify.max_user_instances/d' /etc/sysctl.conf
sed -i '/^fs.file-max/d' /etc/sysctl.conf
sed -i '/^fs.protected_regular' /etc/sysctl.conf
cat >> /etc/sysctl.conf <<SYS
vm.max_map_count=655360
vm.swappiness = 0
net.ipv4.ip_local_port_range=32768 64999
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 1
fs.inotify.max_user_watches = 1048576
fs.inotify.max_user_instances = 1024
fs.file-max=65535
fs.protected_regular = 0
SYS
sysctl -p
ulimit -HSn 65536
ulimit -c unlimited
sed -i '/^\* soft nofile 65535/d' /etc/security/limits.conf
sed -i '/^\* hard nofile 65535/d' /etc/security/limits.conf
sed -i '/^\* soft nproc 65535/d' /etc/security/limits.conf
sed -i '/^\* hard nproc 65535/d' /etc/security/limits.conf
cat >> /etc/security/limits.conf <<LIM
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
LIM
#去掉ipv6本地回环
sed -i 's/^::1.*localhost /::1\t/g' /etc/hosts
}
function main() {
user_wps wps
modify_env
}
main
xc_sysinit.sh
最后编辑于 :
©著作权归作者所有,转载或内容合作请联系作者
- 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
- 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
- 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
推荐阅读更多精彩内容
- 演示环境 问题现象? 为什么会出现这种问题? 刚开始以为是我脚本本身有语法错误,但是打开脚本细细看了下,并没有发现...
- 这里运行一个脚本老报错脚本如下: 但是一运行 原因两个,第一是脚本是win的,和unix的文档字符有所差别,需要清...
- 一、应用程序无法正常启动0xc0000007b 出现应用程序无法正常启动0xc0000007b,主要是虚拟机缺少C...
- XC7A35T-2FGG484I 描述Artix®-7 器件在单个成本优化的 FPGA 中提供了最高性能功耗比结构...
