Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
joker
/
oneinstack
-ын хуулбар https://github.com/oneinstack/oneinstack/
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 56ca69af53
Салаанууд Тагууд
oneinstack
/
include
/
init_Ubuntu.sh

init_Ubuntu.sh 6.5 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 
  1. #!/bin/bash
    2. 

  2. # Author:  yeho <lj2007331 AT gmail.com>
    3. 

  3. # BLOG:  https://blog.linuxeye.com
    4. 

  4. #
    5. 

  5. # Notes: OneinStack for CentOS/RadHat 5+ Debian 6+ and Ubuntu 12+
    6. 

  6. #
    7. 

  7. # Project home page:
    8. 

  8. #       https://oneinstack.com
    9. 

  9. #       https://github.com/lj2007331/oneinstack
    10. 

  10. 

  11. for Package in apache2 apache2-doc apache2-utils apache2.2-common apache2.2-bin apache2-mpm-prefork apache2-doc apache2-mpm-worker mysql-client mysql-server mysql-common libmysqlclient18 php5 php5-common php5-cgi php5-mysql php5-curl php5-gd libmysql* mysql-*
    12. 

  12. do
    13. 

  13.     apt-get -y remove --purge $Package
    14. 

  14. done
    15. 

  15. dpkg -l | grep ^rc | awk '{print $2}' | xargs dpkg -P
    16. 

  16. 

  17. apt-get -y update
    18. 

  18. 

  19. # critical security updates 
    20. 

  20. grep security /etc/apt/sources.list > /tmp/security.sources.list
    21. 

  21. apt-get -y upgrade -o Dir::Etc::SourceList=/tmp/security.sources.list
    22. 

  22. 

  23. # Install needed packages
    24. 

  24. for Package in gcc g++ make cmake autoconf libjpeg8 libjpeg8-dev libpng12-0 libpng12-dev libpng3 libfreetype6 libfreetype6-dev libxml2 libxml2-dev zlib1g zlib1g-dev libc6 libc6-dev libglib2.0-0 libglib2.0-dev bzip2 libzip-dev libbz2-1.0 libncurses5 libncurses5-dev libaio1 libaio-dev libreadline-dev curl libcurl3 libcurl4-openssl-dev e2fsprogs libkrb5-3 libkrb5-dev libltdl-dev libidn11 libidn11-dev openssl libssl-dev libtool libevent-dev re2c libsasl2-dev libxslt1-dev libicu-dev patch vim zip unzip tmux htop bc expect rsync git lsof lrzsz ntpdate
    25. 

  25. do
    26. 

  26.     apt-get -y install $Package
    27. 

  27. done
    28. 

  28. 

  29. if [[ "$Ubuntu_version" =~ ^14$|^15$ ]];then
    30. 

  30.     apt-get -y install libcloog-ppl1
    31. 

  31.     apt-get -y remove bison
    32. 

  32.     cd src
    33. 

  33.     tar xzf bison-${bison_version}.tar.gz
    34. 

  34.     cd bison-${bison_version}
    35. 

  35.     ./configure
    36. 

  36.     make -j ${THREAD} && make install
    37. 

  37.     cd ..
    38. 

  38.     rm -rf bison-${bison_version}
    39. 

  39.     cd ..
    40. 

  40.     ln -sf /usr/include/freetype2 /usr/include/freetype2/freetype
    41. 

  41. elif [ "$Ubuntu_version" == '13' ];then
    42. 

  42.     apt-get -y install bison libcloog-ppl1
    43. 

  43. elif [ "$Ubuntu_version" == '12' ];then
    44. 

  44.     apt-get -y install bison libcloog-ppl0
    45. 

  45. fi
    46. 

  46. 

  47. # Custom profile
    48. 

  48. cat > /etc/profile.d/oneinstack.sh << EOF
    49. 

  49. HISTSIZE=10000
    50. 

  50. HISTTIMEFORMAT="%F %T \`whoami\` "
    51. 

  51. 

  52. alias l='ls -AFhlt --color=auto'
    53. 

  53. alias lh='l | head'
    54. 

  54. alias ll='ls -l --color=auto'
    55. 

  55. alias ls='ls --color=auto'
    56. 

  56. alias vi=vim
    57. 

  57. 

  58. GREP_OPTIONS="--color=auto"
    59. 

  59. alias grep='grep --color'
    60. 

  60. alias egrep='egrep --color'
    61. 

  61. alias fgrep='fgrep --color'
    62. 

  62. EOF
    63. 

  63. 

  64. sed -i 's@^"syntax on@syntax on@' /etc/vim/vimrc
    65. 

  65. 

  66. # PS1
    67. 

  67. [ -z "`grep ^PS1 ~/.bashrc`" ] && echo "PS1='\${debian_chroot:+(\$debian_chroot)}\\[\\e[1;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '" >> ~/.bashrc
    68. 

  68. 

  69. # history
    70. 

  70. [ -z "`grep history-timestamp ~/.bashrc`" ] && echo "PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; });user=\$(whoami); echo \$(date \"+%Y-%m-%d %H:%M:%S\"):\$user:\`pwd\`/:\$msg ---- \$(who am i); } >> /tmp/\`hostname\`.\`whoami\`.history-timestamp'" >> ~/.bashrc
    71. 

  71. 

  72. # /etc/security/limits.conf
    73. 

  73. [ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
    74. 

  74. [ -z "`grep 'session required pam_limits.so' /etc/pam.d/common-session`" ] && echo 'session required pam_limits.so' >> /etc/pam.d/common-session
    75. 

  75. sed -i '/^# End of file/,$d' /etc/security/limits.conf
    76. 

  76. cat >> /etc/security/limits.conf <<EOF
    77. 

  77. # End of file
    78. 

  78. * soft nproc 65535
    79. 

  79. * hard nproc 65535
    80. 

  80. * soft nofile 65535
    81. 

  81. * hard nofile 65535
    82. 

  82. root soft nproc 65535
    83. 

  83. root hard nproc 65535
    84. 

  84. root soft nofile 65535
    85. 

  85. root hard nofile 65535
    86. 

  86. EOF
    87. 

  87. 

  88. # /etc/hosts
    89. 

  89. [ "$(hostname -i | awk '{print $1}')" != "127.0.0.1" ] && sed -i "s@^127.0.0.1\(.*\)@127.0.0.1   `hostname` \1@" /etc/hosts
    90. 

  90. 

  91. # Set timezone
    92. 

  92. rm -rf /etc/localtime
    93. 

  93. ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
    94. 

  94. 

  95. # Set DNS
    96. 

  96. #cat > /etc/resolv.conf << EOF
    97. 

  97. #nameserver 114.114.114.114
    98. 

  98. #nameserver 8.8.8.8
    99. 

  99. #EOF
    100. 

  100. 

  101. # /etc/sysctl.conf
    102. 

  102. [ -z "`grep 'fs.file-max' /etc/sysctl.conf`" ] && cat >> /etc/sysctl.conf << EOF
    103. 

  103. fs.file-max=65535
    104. 

  104. fs.inotify.max_user_instances = 8192
    105. 

  105. net.ipv4.tcp_syncookies = 1
    106. 

  106. net.ipv4.tcp_fin_timeout = 30
    107. 

  107. net.ipv4.tcp_tw_reuse = 1
    108. 

  108. net.ipv4.tcp_tw_recycle = 1
    109. 

  109. net.ipv4.ip_local_port_range = 1024 65000
    110. 

  110. net.ipv4.tcp_max_syn_backlog = 65536
    111. 

  111. net.ipv4.tcp_max_tw_buckets = 6000
    112. 

  112. net.ipv4.route.gc_timeout = 100
    113. 

  113. net.ipv4.tcp_syn_retries = 1
    114. 

  114. net.ipv4.tcp_synack_retries = 1
    115. 

  115. net.core.somaxconn = 65535
    116. 

  116. net.core.netdev_max_backlog = 262144
    117. 

  117. net.ipv4.tcp_timestamps = 0
    118. 

  118. net.ipv4.tcp_max_orphans = 262144
    119. 

  119. EOF
    120. 

  120. sysctl -p
    121. 

  121. 

  122. sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES="/dev/tty[1-2]"@' /etc/default/console-setup
    123. 

  123. sed -i 's@^@#@g' /etc/init/tty[3-6].conf
    124. 

  124. echo 'en_US.UTF-8 UTF-8' > /var/lib/locales/supported.d/local
    125. 

  125. sed -i 's@^@#@g' /etc/init/control-alt-delete.conf
    126. 

  126. 

  127. # Update time
    128. 

  128. ntpdate pool.ntp.org
    129. 

  129. [ ! -e "/var/spool/cron/crontabs/root" -o -z "`grep ntpdate /var/spool/cron/crontabs/root 2>/dev/null`" ] && { echo "*/20 * * * * `which ntpdate` pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/crontabs/root;chmod 600 /var/spool/cron/crontabs/root; }
    130. 

  130. 

  131. # iptables
    132. 

  132. if [ -e '/etc/iptables.up.rules' ] && [ -n "`grep '^:INPUT DROP' /etc/iptables.up.rules`" -a -n "`grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules`" -a -n "`grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules`" ];then
    133. 

  133.     IPTABLES_STATUS=yes
    134. 

  134. else
    135. 

  135.     IPTABLES_STATUS=no
    136. 

  136. fi
    137. 

  137. 

  138. if [ "$IPTABLES_STATUS" == 'no' ];then
    139. 

  139.     [ -e '/etc/iptables.up.rules' ] && /bin/mv /etc/iptables.up.rules{,_bk}
    140. 

  140.     cat > /etc/iptables.up.rules << EOF
    141. 

  141. # Firewall configuration written by system-config-securitylevel
    142. 

  142. # Manual customization of this file is not recommended.
    143. 

  143. *filter
    144. 

  144. :INPUT DROP [0:0]
    145. 

  145. :FORWARD ACCEPT [0:0]
    146. 

  146. :OUTPUT ACCEPT [0:0]
    147. 

  147. :syn-flood - [0:0]
    148. 

  148. -A INPUT -i lo -j ACCEPT
    149. 

  149. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    150. 

  150. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    151. 

  151. -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    152. 

  152. -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    153. 

  153. -A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
    154. 

  154. -A INPUT -f -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
    155. 

  155. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
    156. 

  156. -A INPUT -j REJECT --reject-with icmp-host-prohibited
    157. 

  157. -A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
    158. 

  158. -A syn-flood -j REJECT --reject-with icmp-port-unreachable
    159. 

  159. COMMIT
    160. 

  160. EOF
    161. 

  161. fi
    162. 

  162. 

  163. FW_PORT_FLAG=`grep -ow "dport $SSH_PORT" /etc/iptables.up.rules`
    164. 

  164. [ -z "$FW_PORT_FLAG" -a "$SSH_PORT" != '22' ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport $SSH_PORT -j ACCEPT@" /etc/iptables.up.rules
    165. 

  165. iptables-restore < /etc/iptables.up.rules
    166. 

  166. cat > /etc/network/if-pre-up.d/iptables << EOF
    167. 

  167. #!/bin/bash
    168. 

  168. /sbin/iptables-restore < /etc/iptables.up.rules
    169. 

  169. EOF
    170. 

  170. chmod +x /etc/network/if-pre-up.d/iptables
    171. 

  171. service ssh restart
    172. 

  172. 

  173. . /etc/profile
    174. 

  174. . ~/.bashrc
    175.