平常少不了进行新系统的安装,每次安装完新系统后都需要一个一个手动设置,异常繁琐,于是写了个脚本,每次安装完后直接运行就可以了
#CentOS安装iptables centos_iptables_install () { read -p "是否安装iptables?[Y/n] " iptables_bool_path case $iptables_bool_path in y|Y|yes|YES) echo -e "现在开始安装iptables\n" yum install iptables-services -y return 1 ;; n|N|no|NO) echo -e "不安装iptables\n" return 0 ;; *) echo -e "输入有误,请重新输入\n" centos_iptables_install ;; esac } #Ubuntu安装iptables ubuntu_iptables_install () { read -p "是否安装iptables?[Y/n] " iptables_bool_path case $iptables_bool_path in y|Y|yes|YES) echo -e "现在开始安装iptables\n" #iptables脚本 touch /etc/iptables.rules #设置开机启动 touch /etc/network/interfaces.d/interfaces.tail echo "pre-up iptables-restore < /etc/iptables.rules" >> /etc/network/interfaces.d/interfaces.tail echo "iptables配置文件路径:/etc/iptables.rules" return 1 ;; n|N|no|NO) echo -e "不安装iptables\n" return 0 ;; *) echo -e "输入有误,请重新输入\n" ubuntu_iptables_install ;; esac } #CentOS安装open-vm-tools centos_vm_tools_install () { read -p "当前系统是否为虚拟机?[Y/n] " vm_bool case $vm_bool in y|Y|yes|YES) echo -e "现在开始安装open-vm-tools\n" yum install open-vm-tools* -y ;; n|N|no|NO) echo -e "不安装open-vm-tools\n" ;; *) echo -e "输入有误,请重新输入\n" centos_vm_tools_install ;; esac } #Ubuntu安装open-vm-tools ubuntu_vm_tools_install () { read -p "当前系统是否为虚拟机?[Y/n] " vm_bool case $vm_bool in y|Y|yes|YES) echo -e "现在开始安装open-vm-tools\n" apt install open-vm-tools* -y ;; n|N|no|NO) echo -e "不安装open-vm-tools\n" ;; *) echo -e "输入有误,请重新输入\n" ubuntu_vm_tools_install ;; esac } #CentOS设置openssh-server centos_ssh_server () { echo "禁止DNS反向解析" sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config systemctl start sshd } #Ubuntu安装openssh-server ubuntu_ssh_server_install () { echo "开始安装openssh-server" apt install openssh-server -y read -p "是否开启ssh根用户登陆?[Y/n] " ssh_root_bool case $ssh_root_bool in y|Y|yes|YES) sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sed -i '/#PermitRootLogin prohibit-password/a\PermitRootLogin yes' /etc/ssh/sshd_config systemctl start ssh systemctl enable ssh ;; n|N|no|NO) sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sed -i '/#PermitRootLogin prohibit-password/a\PermitRootLogin no' /etc/ssh/sshd_config systemctl start ssh systemctl enable ssh ;; *) echo -e "输入有误,请重新输入\n" ubuntu_ssh_server_install ;; esac } #关闭SELINUX selinux () { read -p "是否关闭SELinux?[Y/n] " selinux_bool case $selinux_bool in y|Y|yes|YES) echo -e "正在关闭SELinux" sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux ;; n|N|no|NO) echo -e "不关闭SELinux\n" ;; *) echo -e "输入有误,请重新输入\n" selinux ;; esac } #关闭ufw ufw_status () { read -p "是否关闭ufw?[Y/n] " ufw_bool case $ufw_bool in y|Y|yes|YES) echo -e "正在关闭ufw" ufw disable ;; n|N|no|NO) echo -e "不关闭ufw\n" ;; *) echo -e "输入有误,请重新输入\n" ufw_status ;; esac } #关闭firewalld firewalld_status () { read -p "是否关闭firewalld?[Y/n] " ufw_bool case $ufw_bool in y|Y|yes|YES) echo -e "正在关闭firewalld" systemctl stop firewalld.service systemctl disable firewalld.service ;; n|N|no|NO) echo -e "不关闭firewalld\n" ;; *) echo -e "输入有误,请重新输入\n" firewalld_status ;; esac } #系统选择 system_choice () { if [ -z $# ] then echo "===============================================" echo " 请选择系统发行版 " echo " 1.Ubuntu 16.04 " echo " 2.CentOS 7 " echo "===============================================" read -p "请选择[1/2] " system_release_num case $system_release_num in 1) system_release="ubuntu" echo -e "系统为Ubuntu,现在开始执行" ;; 2) system_release="centos" echo -e "系统为CentOS,现在开始执行" ;; *) echo -e "输入有误,请重新输入\n" system_choice ;; esac elif [[ $# -eq 1 && $1 -eq 1 ]] then system_release="ubuntu" elif [[ $# -eq 1 && $1 -eq 2 ]] then system_release="centos" fi } #检测root身份 if [[ "$(whoami)" != "root" ]] then echo -e "\033[41;37m 请使用root用户运行 \033[0m" exit 1 fi #获取系统发行版名称 if grep -Eqi "CentOS" /etc/issue || grep -Eq "CentOS" /etc/*-release; then release='CentOS' elif grep -Eqi "Ubuntu" /etc/issue || grep -Eq "Ubuntu" /etc/*-release; then release='Ubuntu' else release='unknow' echo -e "\033[41;37m 您的系统发行版不是CentOS或Ubuntu,若要继续安装,请选择以哪个系统方式安装 \033[0m" system_choice fi if [[ -s /etc/redhat-release ]];then version=`grep -oE "[0-9.]+" /etc/redhat-release | awk -F . '{ print $1 }'` else version=`grep -oE "[0-9.]+" /etc/issue| awk -F . '{ print $1 }'` fi if [[ $release == "Ubuntu" && $version -ge 16 ]] then system_choice 1 elif [[ $release == "CentOS" && $version -ge 7 ]] then system_choice 2 fi case $system_release in ubuntu) kill -9 `ps -ef | grep /var/lib/dpkg/ | grep -v grep | awk '{print $2}'` echo -e "系统发行版为ubuntu,现在执行安装\n" ubuntu_ssh_server_install ubuntu_vm_tools_install ufw_status ubuntu_iptables_install if [[ $? -eq 1 ]] then echo -e "\033[41;37m 已安装iptables \033[0m" else echo -e "\033[41;37m 未进行安装iptables \033[0m" fi apt install lrzsz vim wget -y #个性化.bashrc echo > /root/.bashrc cat >> /root/.bashrc << 'EOF' # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # If not running interactively, don't do anything case $- in *i*) ;; *) return;; esac # don't put duplicate lines or lines starting with space in the history. # See bash(1) for more options HISTCONTROL=ignoreboth # append to the history file, don't overwrite it shopt -s histappend # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) HISTSIZE=1000 HISTFILESIZE=2000 # check the window size after each command and, if necessary, # update the values of LINES and COLUMNS. shopt -s checkwinsize # If set, the pattern "**" used in a pathname expansion context will # match all files and zero or more directories and subdirectories. #shopt -s globstar # make less more friendly for non-text input files, see lesspipe(1) [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" # set variable identifying the chroot you work in (used in the prompt below) if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then debian_chroot=$(cat /etc/debian_chroot) fi # set a fancy prompt (non-color, unless we know we "want" color) case "$TERM" in xterm-color|*-256color) color_prompt=yes;; esac # uncomment for a colored prompt, if the terminal has the capability; turned # off by default to not distract the user: the focus in a terminal window # should be on the output of commands, not on the prompt force_color_prompt=yes if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # We have color support; assume it's compliant with Ecma-48 # (ISO/IEC-6429). (Lack of such support is extremely rare, and such # a case would tend to support setf rather than setaf.) color_prompt=yes else color_prompt= fi fi if [ "$color_prompt" = yes ]; then PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' else PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' fi unset color_prompt force_color_prompt # If this is an xterm set the title to user@host:dir case "$TERM" in xterm*|rxvt*) PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" ;; *) ;; esac # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" alias ls='ls --color=auto' #alias dir='dir --color=auto' #alias vdir='vdir --color=auto' alias grep='grep --color=auto' alias fgrep='fgrep --color=auto' alias egrep='egrep --color=auto' fi # colored GCC warnings and errors export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' # some more ls aliases alias ll='ls -alhF' alias la='ls -A' alias l='ls -CF' alias nano='nano -$' # Add an "alert" alias for long running commands. Use like so: # sleep 10; alert alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"' # Alias definitions. # You may want to put all your additions into a separate file like # ~/.bash_aliases, instead of adding them here directly. # See /usr/share/doc/bash-doc/examples in the bash-doc package. if [ -f ~/.bash_aliases ]; then . ~/.bash_aliases fi # enable programmable completion features (you don't need to enable # this, if it's already enabled in /etc/bash.bashrc and /etc/profile # sources /etc/bash.bashrc). if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then . /etc/bash_completion fi fi #set time style export TIME_STYLE='+%Y-%m-%d %H:%M:%S' #history格式化 用户-IP-时间-命令 USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` if [ -z $USER_IP ] then USER_IP="NO_client_IP" fi export HISTTIMEFORMAT="$USER from $USER_IP %F %T " man() { env \ LESS_TERMCAP_mb=$(printf "\e[1;31m") \ LESS_TERMCAP_md=$(printf "\e[1;31m") \ LESS_TERMCAP_me=$(printf "\e[0m") \ LESS_TERMCAP_se=$(printf "\e[0m") \ LESS_TERMCAP_so=$(printf "\e[1;44;33m") \ LESS_TERMCAP_ue=$(printf "\e[0m") \ LESS_TERMCAP_us=$(printf "\e[1;32m") \ man "$@" } EOF #root用户添加.profile cp /etc/skel/.profile /root/ #开启root用户桌面登录 sudo echo -e "[SeatDefaults]\n#autologin-user=root\nuser-session=ubuntu\ngreeter-show-manual-login=true" > /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ;; centos) kill -9 `ps -ef | grep yum | grep -v grep | awk '{print $2}'` #配置源 echo -e "系统发行版为centos,现在执行安装\n" echo "开始配置yum源" echo "正在配置163源" mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup wget -O /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo echo "正在配置aliyun源" wget -O /etc/yum.repos.d/CentOS-Base-Aliyun.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo selinux centos_ssh_server centos_vm_tools_install firewalld_status centos_iptables_install if [[ $? -eq 1 ]] then echo -e "\033[41;37m 已安装iptables \033[0m" else echo -e "\033[41;37m 未进行安装iptables \033[0m" fi yum install lrzsz nano vim -y #个性化.bashrc echo > /root/.bashrc cat >> /root/.bashrc << 'EOF' # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # If not running interactively, don't do anything case $- in *i*) ;; *) return;; esac # don't put duplicate lines or lines starting with space in the history. # See bash(1) for more options HISTCONTROL=ignoreboth # append to the history file, don't overwrite it shopt -s histappend # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) HISTSIZE=1000 HISTFILESIZE=2000 # check the window size after each command and, if necessary, # update the values of LINES and COLUMNS. shopt -s checkwinsize # If set, the pattern "**" used in a pathname expansion context will # match all files and zero or more directories and subdirectories. #shopt -s globstar # make less more friendly for non-text input files, see lesspipe(1) [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" # set variable identifying the chroot you work in (used in the prompt below) if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then debian_chroot=$(cat /etc/debian_chroot) fi # set a fancy prompt (non-color, unless we know we "want" color) case "$TERM" in xterm-color|*-256color) color_prompt=yes;; esac # uncomment for a colored prompt, if the terminal has the capability; turned # off by default to not distract the user: the focus in a terminal window # should be on the output of commands, not on the prompt force_color_prompt=yes if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # We have color support; assume it's compliant with Ecma-48 # (ISO/IEC-6429). (Lack of such support is extremely rare, and such # a case would tend to support setf rather than setaf.) color_prompt=yes else color_prompt= fi fi if [ "$color_prompt" = yes ]; then PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' else PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' fi unset color_prompt force_color_prompt # If this is an xterm set the title to user@host:dir case "$TERM" in xterm*|rxvt*) PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" ;; *) ;; esac # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" alias ls='ls --color=auto' #alias dir='dir --color=auto' #alias vdir='vdir --color=auto' alias grep='grep --color=auto' alias fgrep='fgrep --color=auto' alias egrep='egrep --color=auto' fi # colored GCC warnings and errors export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' # some more ls aliases alias ll='ls -alhF' alias la='ls -A' alias l='ls -CF' alias nano='nano -$' # Add an "alert" alias for long running commands. Use like so: # sleep 10; alert alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"' # Alias definitions. # You may want to put all your additions into a separate file like # ~/.bash_aliases, instead of adding them here directly. # See /usr/share/doc/bash-doc/examples in the bash-doc package. if [ -f ~/.bash_aliases ]; then . ~/.bash_aliases fi # enable programmable completion features (you don't need to enable # this, if it's already enabled in /etc/bash.bashrc and /etc/profile # sources /etc/bash.bashrc). if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then . /etc/bash_completion fi fi #set time style export TIME_STYLE='+%Y-%m-%d %H:%M:%S' #history格式化 用户-IP-时间-命令 USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` if [ -z $USER_IP ] then USER_IP="NO_client_IP" fi export HISTTIMEFORMAT="$USER from $USER_IP %F %T " man() { env \ LESS_TERMCAP_mb=$(printf "\e[1;31m") \ LESS_TERMCAP_md=$(printf "\e[1;31m") \ LESS_TERMCAP_me=$(printf "\e[0m") \ LESS_TERMCAP_se=$(printf "\e[0m") \ LESS_TERMCAP_so=$(printf "\e[1;44;33m") \ LESS_TERMCAP_ue=$(printf "\e[0m") \ LESS_TERMCAP_us=$(printf "\e[1;32m") \ man "$@" } EOF ;; *) echo -e "传入参数有误" ;; esac