首頁 探索 說明
登入
joker
/
oneinstack
镜像来自 https://github.com/oneinstack/oneinstack/
1
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: 1fbb2fe3b3
分支列表 標籤列表
oneinstack
/
include
/
init_Ubuntu.sh

init_Ubuntu.sh 6.4 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. #!/bin/bash
    2. 

  2. # Author:  yeho <lj2007331 AT gmail.com>
    3. 

  3. # BLOG:  https://blog.linuxeye.com
    4. 

  4. #
    5. 

  5. # Notes: OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+
    6. 

  6. #
    7. 

  7. # Project home page:
    8. 

  8. #       https://oneinstack.com
    9. 

  9. #       https://github.com/lj2007331/oneinstack
    10. 

  10. 

  11. for Package in apache2 apache2-doc apache2-utils apache2.2-common apache2.2-bin apache2-mpm-prefork apache2-doc apache2-mpm-worker mysql-client mysql-server mysql-common libmysqlclient18 php5 php5-common php5-cgi php5-mysql php5-curl php5-gd libmysql* mysql-*
    12. 

  12. do
    13. 

  13.     apt-get -y remove --purge $Package
    14. 

  14. done
    15. 

  15. dpkg -l | grep ^rc | awk '{print $2}' | xargs dpkg -P
    16. 

  16. 

  17. apt-get -y update
    18. 

  18. 

  19. # check upgrade OS
    20. 

  20. [ "$upgrade_yn" == 'y' ] && apt-get -y upgrade
    21. 

  21. 

  22. # Install needed packages
    23. 

  23. for Package in gcc g++ make cmake autoconf libjpeg8 libjpeg8-dev libpng12-0 libpng12-dev libpng3 libfreetype6 libfreetype6-dev libxml2 libxml2-dev zlib1g zlib1g-dev libc6 libc6-dev libglib2.0-0 libglib2.0-dev bzip2 libzip-dev libbz2-1.0 libncurses5 libncurses5-dev libaio1 libaio-dev libreadline-dev curl libcurl3 libcurl4-openssl-dev e2fsprogs libkrb5-3 libkrb5-dev libltdl-dev libidn11 libidn11-dev openssl libssl-dev libtool libevent-dev re2c libsasl2-dev libxslt1-dev libicu-dev patch vim zip unzip tmux htop bc expect rsync git lsof lrzsz ntpdate
    24. 

  24. do
    25. 

  25.     apt-get -y install $Package
    26. 

  26. done
    27. 

  27. 

  28. if [[ "$Ubuntu_version" =~ ^14$|^15$ ]];then
    29. 

  29.     apt-get -y install libcloog-ppl1
    30. 

  30.     apt-get -y remove bison
    31. 

  31.     cd src
    32. 

  32.     src_url=http://ftp.gnu.org/gnu/bison/bison-2.7.1.tar.gz && Download_src
    33. 

  33.     tar xzf bison-2.7.1.tar.gz
    34. 

  34.     cd bison-2.7.1
    35. 

  35.     ./configure
    36. 

  36.     make -j ${THREAD} && make install
    37. 

  37.     cd ..
    38. 

  38.     rm -rf bison-2.7.1
    39. 

  39.     cd ..
    40. 

  40.     ln -sf /usr/include/freetype2 /usr/include/freetype2/freetype
    41. 

  41. elif [ "$Ubuntu_version" == '13' ];then
    42. 

  42.     apt-get -y install bison libcloog-ppl1
    43. 

  43. elif [ "$Ubuntu_version" == '12' ];then
    44. 

  44.     apt-get -y install bison libcloog-ppl0
    45. 

  45. fi
    46. 

  46. 

  47. # check sendmail
    48. 

  48. #[ "$sendmail_yn" == 'y' ] && apt-get -y install sendmail
    49. 

  49. 

  50. # PS1
    51. 

  51. [ -z "`grep ^PS1 ~/.bashrc`" ] && echo "PS1='\${debian_chroot:+(\$debian_chroot)}\\[\\e[1;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '" >> ~/.bashrc
    52. 

  52. 

  53. # history size
    54. 

  54. sed -i 's/HISTSIZE=.*$/HISTSIZE=100/g' ~/.bashrc
    55. 

  55. [ -z "`grep history-timestamp ~/.bashrc`" ] && echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> ~/.bashrc
    56. 

  56. 

  57. # /etc/security/limits.conf
    58. 

  58. [ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
    59. 

  59. [ -z "`grep 'session required pam_limits.so' /etc/pam.d/common-session`" ] && echo 'session required pam_limits.so' >> /etc/pam.d/common-session
    60. 

  60. sed -i '/^# End of file/,$d' /etc/security/limits.conf
    61. 

  61. cat >> /etc/security/limits.conf <<EOF
    62. 

  62. # End of file
    63. 

  63. * soft nproc 65535
    64. 

  64. * hard nproc 65535
    65. 

  65. * soft nofile 65535
    66. 

  66. * hard nofile 65535
    67. 

  67. root soft nproc 65535
    68. 

  68. root hard nproc 65535
    69. 

  69. root soft nofile 65535
    70. 

  70. root hard nofile 65535
    71. 

  71. EOF
    72. 

  72. 

  73. # /etc/hosts
    74. 

  74. [ "$(hostname -i | awk '{print $1}')" != "127.0.0.1" ] && sed -i "s@^127.0.0.1\(.*\)@127.0.0.1   `hostname` \1@" /etc/hosts
    75. 

  75. 

  76. # Set timezone
    77. 

  77. rm -rf /etc/localtime
    78. 

  78. ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
    79. 

  79. 

  80. # Set DNS
    81. 

  81. #cat > /etc/resolv.conf << EOF
    82. 

  82. #nameserver 114.114.114.114
    83. 

  83. #nameserver 8.8.8.8
    84. 

  84. #EOF
    85. 

  85. 

  86. # alias vi
    87. 

  87. [ -z "`grep 'alias vi=' ~/.bashrc`" ] && sed -i "s@^alias l=\(.*\)@alias l=\1\nalias vi='vim'@" ~/.bashrc
    88. 

  88. sed -i 's@^"syntax on@syntax on@' /etc/vim/vimrc
    89. 

  89. 

  90. # /etc/sysctl.conf
    91. 

  91. [ -z "`grep 'fs.file-max' /etc/sysctl.conf`" ] && cat >> /etc/sysctl.conf << EOF
    92. 

  92. fs.file-max=65535
    93. 

  93. fs.inotify.max_user_instances = 8192
    94. 

  94. net.ipv4.tcp_syncookies = 1
    95. 

  95. net.ipv4.tcp_fin_timeout = 30
    96. 

  96. net.ipv4.tcp_tw_reuse = 1
    97. 

  97. net.ipv4.tcp_tw_recycle = 1
    98. 

  98. net.ipv4.ip_local_port_range = 1024 65000
    99. 

  99. net.ipv4.tcp_max_syn_backlog = 65536
    100. 

  100. net.ipv4.tcp_max_tw_buckets = 6000
    101. 

  101. net.ipv4.route.gc_timeout = 100
    102. 

  102. net.ipv4.tcp_syn_retries = 1
    103. 

  103. net.ipv4.tcp_synack_retries = 1
    104. 

  104. net.core.somaxconn = 65535
    105. 

  105. net.core.netdev_max_backlog = 262144
    106. 

  106. net.ipv4.tcp_timestamps = 0
    107. 

  107. net.ipv4.tcp_max_orphans = 262144
    108. 

  108. EOF
    109. 

  109. sysctl -p
    110. 

  110. 

  111. sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES="/dev/tty[1-2]"@' /etc/default/console-setup
    112. 

  112. sed -i 's@^@#@g' /etc/init/tty[3-6].conf
    113. 

  113. echo 'en_US.UTF-8 UTF-8' > /var/lib/locales/supported.d/local
    114. 

  114. sed -i 's@^@#@g' /etc/init/control-alt-delete.conf
    115. 

  115. 

  116. # Update time
    117. 

  117. ntpdate pool.ntp.org
    118. 

  118. [ ! -e "/var/spool/cron/crontabs/root" -o -z "`grep ntpdate /var/spool/cron/crontabs/root 2>/dev/null`" ] && { echo "*/20 * * * * `which ntpdate` pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/crontabs/root;chmod 600 /var/spool/cron/crontabs/root; }
    119. 

  119. service cron restart
    120. 

  120. 

  121. # iptables
    122. 

  122. if [ -e '/etc/iptables.up.rules' ] && [ -n "`grep ':INPUT DROP' /etc/iptables.up.rules`" -a -n "`grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules`" -a -n "`grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules`" ];then
    123. 

  123.     IPTABLES_STATUS=yes
    124. 

  124. else
    125. 

  125.     IPTABLES_STATUS=no
    126. 

  126. fi
    127. 

  127. 

  128. if [ "$IPTABLES_STATUS" == 'no' ];then
    129. 

  129.     [ -e '/etc/iptables.up.rules' ] && /bin/mv /etc/iptables.up.rules{,_bk}
    130. 

  130.     cat > /etc/iptables.up.rules << EOF
    131. 

  131. # Firewall configuration written by system-config-securitylevel
    132. 

  132. # Manual customization of this file is not recommended.
    133. 

  133. *filter
    134. 

  134. :INPUT DROP [0:0]
    135. 

  135. :FORWARD ACCEPT [0:0]
    136. 

  136. :OUTPUT ACCEPT [0:0]
    137. 

  137. :syn-flood - [0:0]
    138. 

  138. -A INPUT -i lo -j ACCEPT
    139. 

  139. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    140. 

  140. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    141. 

  141. -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    142. 

  142. -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    143. 

  143. -A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
    144. 

  144. -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
    145. 

  145. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
    146. 

  146. -A INPUT -j REJECT --reject-with icmp-host-prohibited
    147. 

  147. -A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
    148. 

  148. -A syn-flood -j REJECT --reject-with icmp-port-unreachable
    149. 

  149. COMMIT
    150. 

  150. EOF
    151. 

  151. fi
    152. 

  152. 

  153. FW_PORT_FLAG=`grep -ow "dport $SSH_PORT" /etc/iptables.up.rules`
    154. 

  154. [ -z "$FW_PORT_FLAG" -a "$SSH_PORT" != '22' ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport $SSH_PORT -j ACCEPT@" /etc/iptables.up.rules
    155. 

  155. iptables-restore < /etc/iptables.up.rules
    156. 

  156. cat > /etc/network/if-pre-up.d/iptables << EOF
    157. 

  157. #!/bin/bash
    158. 

  158. /sbin/iptables-restore < /etc/iptables.up.rules
    159. 

  159. EOF
    160. 

  160. chmod +x /etc/network/if-pre-up.d/iptables
    161. 

  161. service ssh restart
    162. 

  162. 

  163. . ~/.bashrc
    164.