improve OS init

README.md

@@ -6,7 +6,7 @@ Script properties:
 - Continually updated, Provide Shell Interaction and Autoinstall
 - Source compiler installation, most stable source is the latest version, and download from the official site
 - Some security optimization
-- Providing a plurality of database versions (MySQL-5.7, MySQL-5.6, MySQL-5.5, MariaDB-10.1, MariaDB-10.0, MariaDB-5.5, Percona-5.7, Percona-5.6, Percona-5.5, AliSQL-5.6, PostgreSQL, MongoDB)
+- Providing a plurality of database versions (MySQL-8.0, MySQL-5.7, MySQL-5.6, MySQL-5.5, MariaDB-10.1, MariaDB-10.0, MariaDB-5.5, Percona-5.7, Percona-5.6, Percona-5.5, AliSQL-5.6, PostgreSQL, MongoDB)
 - Providing multiple PHP versions (PHP-7.2, PHP-7.1, PHP-7.0, PHP-5.6, PHP-5.5, PHP-5.4, PHP-5.3)
 - Provide Nginx, Tengine, OpenResty
 - Providing a plurality of Tomcat version (Tomcat-9, Tomcat-8, Tomcat-7, Tomcat-6)

include/check_download.sh

@@ -146,8 +146,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       2)
@@ -183,8 +181,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       3)
@@ -220,8 +216,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       4)
@@ -258,8 +252,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       5)
@@ -298,8 +290,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       6)
@@ -338,8 +328,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       7)
@@ -378,8 +366,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       8)
@@ -418,8 +404,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       9)
@@ -452,8 +436,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       10)
@@ -487,8 +469,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       11)
@@ -522,8 +502,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       12)
@@ -563,8 +541,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
       14)
@@ -589,8 +565,6 @@ checkDownload() {
         if [ "${tryDlCount}" == '6' ]; then
           echo "${CFAILURE}${FILE_NAME} download failed, Please contact the author! ${CEND}"
           kill -9 $$
-        else
-          echo "[${CMSG}${FILE_NAME}${CEND}] found."
         fi
         ;;
     esac

include/init_CentOS.sh

@@ -142,12 +142,7 @@ if [ "${iptables_yn}" == 'y' ]; then
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
--A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
--A INPUT -f -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
--A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
--A syn-flood -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 COMMIT
 EOF
   fi

include/init_Debian.sh

@@ -37,14 +37,14 @@ sed -i 's@^"syntax on@syntax on@' /etc/vim/vimrc
 sed -i '/^# End of file/,$d' /etc/security/limits.conf
 cat >> /etc/security/limits.conf <<EOF
 # End of file
-* soft nproc 65535
-* hard nproc 65535
-* soft nofile 65535
-* hard nofile 65535
-root soft nproc 65535
-root hard nproc 65535
-root soft nofile 65535
-root hard nofile 65535
+* soft nproc 1000000
+* hard nproc 1000000
+* soft nofile 1000000
+* hard nofile 1000000
+root soft nproc 1000000
+root hard nproc 1000000
+root soft nofile 1000000
+root hard nofile 1000000
 EOF
 
 # /etc/hosts
@@ -62,7 +62,7 @@ ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 
 # /etc/sysctl.conf
 [ -z "$(grep 'fs.file-max' /etc/sysctl.conf)" ] && cat >> /etc/sysctl.conf << EOF
-fs.file-max=65535
+fs.file-max = 1000000
 fs.inotify.max_user_instances = 8192
 net.ipv4.tcp_syncookies = 1
 net.ipv4.tcp_fin_timeout = 30
@@ -111,12 +111,7 @@ if [ "${iptables_yn}" == 'y' ]; then
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
--A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
--A INPUT -f -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
--A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
--A syn-flood -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 COMMIT
 EOF
   fi

include/init_Ubuntu.sh

@@ -39,14 +39,14 @@ sed -i 's@^"syntax on@syntax on@' /etc/vim/vimrc
 sed -i '/^# End of file/,$d' /etc/security/limits.conf
 cat >> /etc/security/limits.conf <<EOF
 # End of file
-* soft nproc 65535
-* hard nproc 65535
-* soft nofile 65535
-* hard nofile 65535
-root soft nproc 65535
-root hard nproc 65535
-root soft nofile 65535
-root hard nofile 65535
+* soft nproc 1000000
+* hard nproc 1000000
+* soft nofile 1000000
+* hard nofile 1000000
+root soft nproc 1000000
+root hard nproc 1000000
+root soft nofile 1000000
+root hard nofile 1000000
 EOF
 
 # /etc/hosts
@@ -64,7 +64,7 @@ ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 
 # /etc/sysctl.conf
 [ -z "$(grep 'fs.file-max' /etc/sysctl.conf)" ] && cat >> /etc/sysctl.conf << EOF
-fs.file-max=65535
+fs.file-max = 1000000
 fs.inotify.max_user_instances = 8192
 net.ipv4.tcp_syncookies = 1
 net.ipv4.tcp_fin_timeout = 30
@@ -119,12 +119,7 @@ if [ "${iptables_yn}" == 'y' ]; then
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
--A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
--A INPUT -f -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
--A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
--A syn-flood -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 COMMIT
 EOF
   fi

install.sh

@@ -164,7 +164,7 @@ while :; do
       ;;
     --ssh_port)
       ssh_port=$2; shift 2
-      [ ${ssh_port} -ne 22 >/dev/null 2>&1 -o ${ssh_port} -lt 1024 >/dev/null 2>&1 -a ${ssh_port} -gt 65535 >/dev/null 2>&1 ] && { echo "${CWARNING}ssh_port input error! Input range: 22,1025~65534${CEND}"; exit 1; }
+      [ ${ssh_port} -eq 22 >/dev/null 2>&1 -o ${ssh_port} -gt 1024 >/dev/null 2>&1 -a ${ssh_port} -lt 65535 >/dev/null 2>&1 ] || { echo "${CWARNING}ssh_port input error! Input range: 22,1025~65534${CEND}"; exit 1; }
       ;;
     --iptables)
       iptables_yn=y; shift 1