服务器centos6初始化脚本,包含几个方面:
修改主机名
添加用户秘钥
ssh 端口修改
ulimit值修改
防火墙修改
添加追踪日志
时间同步
安装一些基础软件包
nagios客户端安装
zabbix客户端安装
salt客户端安装
第一个脚本:
#!/bin/bash
# DATE 2017-02-03 17:01
SPORT=51029
SURL=http://XX.XX.XX.XX
IPTBL="/etc/sysconfig/iptables"
AUTH="authorized_keys"
MD5_DIR="/root/.md5_back"
userlist="user1 user2 user3"
sudouser="user1 user2 user3"
MINION_PATH="/etc/salt/minion"
MASTER="XX.XX.XX.XX"
LANIP=`ifconfig eth0 | grep inet | awk '{print $2}'`
NagiosServer="XX.XX.XX.XX"
TNagios="XX.XX.XX.XX"
NagiosDir="/etc/nagios/nrpe.cfg"
SCRIPT="/mnt/log/script"
if [ ! -d "$MD5_DIR" ];then
mkdir -p $MD5_DIR
fi
function get_md5() {
md5_value=`echo -n $1|md5sum|cut -d' ' -f1`
echo "$1 -----> $md5_value" >>$MD5_DIR/command_md5.log
}
get_md5 /bin/ls
get_md5 /bin/cp
get_md5 /bin/vi
get_md5 /usr/bin/crontab
get_md5 /etc/passwd
get_md5 /etc/crontab
get_md5 /usr/bin/last
get_md5 /usr/bin/lastlog
INIT(){
NAME=`hostname`
sed -i '/'$NAME'/d' /etc/hosts
NEWNAME=$1
if [ $# -eq 1 -a ! -z "$NEWNAME" ];then
echo "Setting HOSTNAME"
sed -i "s/$NAME/$NEWNAME/" /etc/sysconfig/network
hostname $NEWNAME
else
echo "The hostname of this server must not be empty"
exit 1
fi
#修改/etc/hosts 文件的主机名
echo "$LANIP $NEWNAME" >> /etc/hosts
###sed -i 's/localhost.localdomain/$HNAME/g' /etc/sysconfig/network
sed -i 's/enforcing/disabled/g' /etc/sysconfig/selinux
#### limit 值修改
cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
useradd -u 1001 -G wheel user1
useradd -u 1002 -G wheel user2
useradd -u 1003 -G wheel user3
sed -i "/# User_Alias ADMINS = jsmith, mikem/ aUser_Alias ADMINS = $sudouser" /etc/sudoers
sed -i '/^root/ aADMINS ALL=\(ALL\) ALL' /etc/sudoers
sed -i '/NOPASSWD: ALL$/ a%wheel ALL=\(ALL\) NOPASSWD\: ALL' /etc/sudoers
#sed -i 's/PasswordAuthentication yes/#PasswordAuthentication yes/g' /etc/ssh/sshd_config
#sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
sed -i '/#Port 22/a\Port $SPORT' /etc/ssh/sshd_config
service sshd restart
#添加用户登录密钥
for i in $userlist
do
wget $SURL/secret/$i/$AUTH -P /home/$i/.ssh/
chown $i.$i /home/$i/.ssh/$AUTH
chmod 600 /home/$i/.ssh/$AUTH
done
####添加防火墙
RESTART=0
HAVE=$(grep $SPORT $IPTBL | grep -c ACCEPT)
if [ $HAVE -eq 0 ]; then
sed -i "/-i\ lo\ -j\ ACCEPT/a-A INPUT -p tcp -m tcp --dport $SPORT -j ACCEPT" $IPTBL
RESTART=1
fi
if [ $RESTART -eq 1 ]; then
service iptables restart
fi
##添加追踪日志 script log
if [ ! -d $SCRIPT ];then
mkdir -p $SCRIPT
chmod 743 $SCRIPT
fi
cat >> /etc/profile <<EOF
if [ \$UID -ge 1000 ]; then
exec /usr/bin/script -t 2>$SCRIPT/\$USER-\$UID-\`date +%Y%m%d%H%M\`.date -a -f -q $SCRIPT/\$USER-\$UID-\`date +%Y%m%d%H%M\`.log
fi
EOF
#时间同步
yum -y install ntpdate
echo '02 3 * * * root /usr/sbin/ntpdate cn.pool.ntp.org' >> /etc/crontab
###INSTALL make 编译器
yum -y install gcc gcc-c++ make autoconf automake libtool zlib zlib-devel openssl openssl-devel pcre-devel ncurses-devel unixODBC-devel perl-ExtUtils-Embed mesa* gtk+extra-devel mesa* freeglut* lrzsz openssh-clients unzip patch
}
nagios_client(){
yum -y install nrpe nagios-plugins nagios-plugins-nrpe nrpe nagios-plugins-load nagios-plugins-disk nagios-plugins-swap
sed -i 's/allowed_hosts=127.0.0.1/allowed_hosts='$NagiosServer','$TNagios'/g' $NagiosDir
sed -i '/check_total_procs/a \command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 15% -c 10% -p /mnt' $NagiosDir
service nrpe start
}
salt_agent(){
# Install salt 2016.03.01
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm
yum -y update
if [ $? -eq 0 ];then
yum -y install salt-minion
else
echo "yum update error"
exit 3
fi
#Config /etc/salt/minion
sed -i 's/#master: salt/master: '$MASTER'/g' $MINION_PATH
sed -i 's/#hash_type: sha256/hash_type: sha256/g' $MINION_PATH
sed -i '/#key_logfile/a\log_file: \/var\/log\/salt\/minion/' $MINION_PATH
sed -i 's/#key_logfile: \/var\/log\/salt\/key/key_logfile: \/var\/log\/salt\/key/' $MINION_PATH
service salt-minion start
}
INIT
nagios_client
salt_agent
以上为初始化脚本。
第二个脚本: 添加zabbix客户端
hname=`hostname`
SURL=http://XX.XX.XX.XX
MASTER="XX.XX.XX.XX"
#判断用户是否存在
add_user_zabbix()
{
name="zabbix"
a=`grep -c $name /etc/passwd`
if [ "$a" -eq 1 ];then
echo "THE user $zabbix is aready exist"
return 1
else
echo "Add zabbix user"
groupadd "$name" -g 201
useradd -g "$name" -u 201 -m "$name"
fi
}
zabbix_agentd_install()
{
log_d="/var/log/zabbix"
#安装所需软件
yum install -y ntpdate gcc gcc-c++
sleep 3
#同步时间
ntpdate asia.pool.ntp.org
sleep 3
#安装zabbix
#切换到src
cd /usr/local/src
echo "Installing zabbix_agentd"
rm -rf zabbix-3.0.4.tar.gz*
sleep 1
echo "Downloading"
wget $SURL/zabbix/zabbix-3.0.4.tar.gz
sleep 1
if [ ! -f "zabbix-3.0.4.tar.gz" ];then
echo "zabbix-3.0.4.tar.gz is not exist"
exit 1
fi
tar zxvf zabbix-3.0.4.tar.gz
cd zabbix-3.0.4
sleep 1
/bin/bash configure --prefix=/usr --sysconfdir=/etc/zabbix --enable-agent
sleep 3
if [ $? != 0 ]; then
echo "configure was wrong!!"
exit 1
else
echo "The zabbix is aready installed!!"
fi
make && make install
if [ $? != 0 ]; then
echo "There were something wrong in make!!!"
exit 1
fi
#创建zabbix日志目录
if [ ! -d "$log_d" ];then
mkdir $log_d
fi
chown zabbix.zabbix $log_d
#修改配置文件
/bin/cp misc/init.d/fedora/core/zabbix_agentd /etc/init.d/
chmod 755 /etc/init.d/zabbix_agentd
sed -i "s#BASEDIR=/usr/local#BASEDIR=/usr/#g" /etc/init.d/zabbix_agentd
sed -i "s/Server\=127.0.0.1/Server\=127.0.0.1,$MASTER/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s/ServerActive\=127.0.0.1/ServerActive\=$MASTER:10051/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s/Hostname=Zabbix server/Hostname=$hname/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s#tmp/zabbix_agentd.log#var/log/zabbix/zabbix_agentd.log#g" /etc/zabbix/zabbix_agentd.conf
sed -i "#UnsafeUserParameters=0#aUnsafeUserParameters=1\n" /etc/zabbix/zabbix_agentd.conf
#启动服务
chkconfig zabbix_agentd on
service zabbix_agentd start
return 1
}
pid=`pgrep zabbix_agentd`
if [ -n "$pid" ];then
echo "the zabbix_agentd is aready installed!"
echo "Do want to reload the zabbix_agentd? Y/N"
read choice
case $choice in
Y) service zabbix_agentd stop;zabbix_agentd_install ;;
N) echo "You choose N,the script will be break";exit 2;;
*) echo "UNknow anwser!";exit 3;;
esac
else
add_user_zabbix
zabbix_agentd_install
exit 4
fi
以上为整理的初始化centos 6 服务器的脚本。隐藏了一些ip,不能直接使用于你的服务器。可以为读者提供一些思路。或者后续会完善为更简便的脚本。