平常少不了进行新系统的安装,每次安装完新系统后都需要一个一个手动设置,异常繁琐,于是写了个脚本,每次安装完后直接运行就可以了
#CentOS安装iptables
centos_iptables_install ()
{
read -p "是否安装iptables?[Y/n] " iptables_bool_path
case $iptables_bool_path in
y|Y|yes|YES)
echo -e "现在开始安装iptables\n"
yum install iptables-services -y
return 1
;;
n|N|no|NO)
echo -e "不安装iptables\n"
return 0
;;
*)
echo -e "输入有误,请重新输入\n"
centos_iptables_install
;;
esac
}
#Ubuntu安装iptables
ubuntu_iptables_install ()
{
read -p "是否安装iptables?[Y/n] " iptables_bool_path
case $iptables_bool_path in
y|Y|yes|YES)
echo -e "现在开始安装iptables\n"
#iptables脚本
touch /etc/iptables.rules
#设置开机启动
touch /etc/network/interfaces.d/interfaces.tail
echo "pre-up iptables-restore < /etc/iptables.rules" >> /etc/network/interfaces.d/interfaces.tail
echo "iptables配置文件路径:/etc/iptables.rules"
return 1
;;
n|N|no|NO)
echo -e "不安装iptables\n"
return 0
;;
*)
echo -e "输入有误,请重新输入\n"
ubuntu_iptables_install
;;
esac
}
#CentOS安装open-vm-tools
centos_vm_tools_install ()
{
read -p "当前系统是否为虚拟机?[Y/n] " vm_bool
case $vm_bool in
y|Y|yes|YES)
echo -e "现在开始安装open-vm-tools\n"
yum install open-vm-tools* -y
;;
n|N|no|NO)
echo -e "不安装open-vm-tools\n"
;;
*)
echo -e "输入有误,请重新输入\n"
centos_vm_tools_install
;;
esac
}
#Ubuntu安装open-vm-tools
ubuntu_vm_tools_install ()
{
read -p "当前系统是否为虚拟机?[Y/n] " vm_bool
case $vm_bool in
y|Y|yes|YES)
echo -e "现在开始安装open-vm-tools\n"
apt install open-vm-tools* -y
;;
n|N|no|NO)
echo -e "不安装open-vm-tools\n"
;;
*)
echo -e "输入有误,请重新输入\n"
ubuntu_vm_tools_install
;;
esac
}
#CentOS设置openssh-server
centos_ssh_server ()
{
echo "禁止DNS反向解析"
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
systemctl start sshd
}
#Ubuntu安装openssh-server
ubuntu_ssh_server_install ()
{
echo "开始安装openssh-server"
apt install openssh-server -y
read -p "是否开启ssh根用户登陆?[Y/n] " ssh_root_bool
case $ssh_root_bool in
y|Y|yes|YES)
sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sed -i '/#PermitRootLogin prohibit-password/a\PermitRootLogin yes' /etc/ssh/sshd_config
systemctl start ssh
systemctl enable ssh
;;
n|N|no|NO)
sed -i 's/PermitRootLogin prohibit-password/#PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sed -i '/#PermitRootLogin prohibit-password/a\PermitRootLogin no' /etc/ssh/sshd_config
systemctl start ssh
systemctl enable ssh
;;
*)
echo -e "输入有误,请重新输入\n"
ubuntu_ssh_server_install
;;
esac
}
#关闭SELINUX
selinux ()
{
read -p "是否关闭SELinux?[Y/n] " selinux_bool
case $selinux_bool in
y|Y|yes|YES)
echo -e "正在关闭SELinux"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
;;
n|N|no|NO)
echo -e "不关闭SELinux\n"
;;
*)
echo -e "输入有误,请重新输入\n"
selinux
;;
esac
}
#关闭ufw
ufw_status ()
{
read -p "是否关闭ufw?[Y/n] " ufw_bool
case $ufw_bool in
y|Y|yes|YES)
echo -e "正在关闭ufw"
ufw disable
;;
n|N|no|NO)
echo -e "不关闭ufw\n"
;;
*)
echo -e "输入有误,请重新输入\n"
ufw_status
;;
esac
}
#关闭firewalld
firewalld_status ()
{
read -p "是否关闭firewalld?[Y/n] " ufw_bool
case $ufw_bool in
y|Y|yes|YES)
echo -e "正在关闭firewalld"
systemctl stop firewalld.service
systemctl disable firewalld.service
;;
n|N|no|NO)
echo -e "不关闭firewalld\n"
;;
*)
echo -e "输入有误,请重新输入\n"
firewalld_status
;;
esac
}
#系统选择
system_choice ()
{
if [ -z $# ]
then
echo "==============================================="
echo " 请选择系统发行版 "
echo " 1.Ubuntu 16.04 "
echo " 2.CentOS 7 "
echo "==============================================="
read -p "请选择[1/2] " system_release_num
case $system_release_num in
1)
system_release="ubuntu"
echo -e "系统为Ubuntu,现在开始执行"
;;
2)
system_release="centos"
echo -e "系统为CentOS,现在开始执行"
;;
*)
echo -e "输入有误,请重新输入\n"
system_choice
;;
esac
elif [[ $# -eq 1 && $1 -eq 1 ]]
then
system_release="ubuntu"
elif [[ $# -eq 1 && $1 -eq 2 ]]
then
system_release="centos"
fi
}
#检测root身份
if [[ "$(whoami)" != "root" ]]
then
echo -e "\033[41;37m 请使用root用户运行 \033[0m"
exit 1
fi
#获取系统发行版名称
if grep -Eqi "CentOS" /etc/issue || grep -Eq "CentOS" /etc/*-release; then
release='CentOS'
elif grep -Eqi "Ubuntu" /etc/issue || grep -Eq "Ubuntu" /etc/*-release; then
release='Ubuntu'
else
release='unknow'
echo -e "\033[41;37m 您的系统发行版不是CentOS或Ubuntu,若要继续安装,请选择以哪个系统方式安装 \033[0m"
system_choice
fi
if [[ -s /etc/redhat-release ]];then
version=`grep -oE "[0-9.]+" /etc/redhat-release | awk -F . '{ print $1 }'`
else
version=`grep -oE "[0-9.]+" /etc/issue| awk -F . '{ print $1 }'`
fi
if [[ $release == "Ubuntu" && $version -ge 16 ]]
then
system_choice 1
elif [[ $release == "CentOS" && $version -ge 7 ]]
then
system_choice 2
fi
case $system_release in
ubuntu)
kill -9 `ps -ef | grep /var/lib/dpkg/ | grep -v grep | awk '{print $2}'`
echo -e "系统发行版为ubuntu,现在执行安装\n"
ubuntu_ssh_server_install
ubuntu_vm_tools_install
ufw_status
ubuntu_iptables_install
if [[ $? -eq 1 ]]
then
echo -e "\033[41;37m 已安装iptables \033[0m"
else
echo -e "\033[41;37m 未进行安装iptables \033[0m"
fi
apt install lrzsz vim wget -y
#个性化.bashrc
echo > /root/.bashrc
cat >> /root/.bashrc << 'EOF'
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
alias ll='ls -alhF'
alias la='ls -A'
alias l='ls -CF'
alias nano='nano -$'
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
#set time style
export TIME_STYLE='+%Y-%m-%d %H:%M:%S'
#history格式化 用户-IP-时间-命令
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ -z $USER_IP ]
then
USER_IP="NO_client_IP"
fi
export HISTTIMEFORMAT="$USER from $USER_IP %F %T "
man() {
env \
LESS_TERMCAP_mb=$(printf "\e[1;31m") \
LESS_TERMCAP_md=$(printf "\e[1;31m") \
LESS_TERMCAP_me=$(printf "\e[0m") \
LESS_TERMCAP_se=$(printf "\e[0m") \
LESS_TERMCAP_so=$(printf "\e[1;44;33m") \
LESS_TERMCAP_ue=$(printf "\e[0m") \
LESS_TERMCAP_us=$(printf "\e[1;32m") \
man "$@"
}
EOF
#root用户添加.profile
cp /etc/skel/.profile /root/
#开启root用户桌面登录
sudo echo -e "[SeatDefaults]\n#autologin-user=root\nuser-session=ubuntu\ngreeter-show-manual-login=true" > /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
;;
centos)
kill -9 `ps -ef | grep yum | grep -v grep | awk '{print $2}'`
#配置源
echo -e "系统发行版为centos,现在执行安装\n"
echo "开始配置yum源"
echo "正在配置163源"
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
echo "正在配置aliyun源"
wget -O /etc/yum.repos.d/CentOS-Base-Aliyun.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
selinux
centos_ssh_server
centos_vm_tools_install
firewalld_status
centos_iptables_install
if [[ $? -eq 1 ]]
then
echo -e "\033[41;37m 已安装iptables \033[0m"
else
echo -e "\033[41;37m 未进行安装iptables \033[0m"
fi
yum install lrzsz nano vim -y
#个性化.bashrc
echo > /root/.bashrc
cat >> /root/.bashrc << 'EOF'
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
alias ll='ls -alhF'
alias la='ls -A'
alias l='ls -CF'
alias nano='nano -$'
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
#set time style
export TIME_STYLE='+%Y-%m-%d %H:%M:%S'
#history格式化 用户-IP-时间-命令
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ -z $USER_IP ]
then
USER_IP="NO_client_IP"
fi
export HISTTIMEFORMAT="$USER from $USER_IP %F %T "
man() {
env \
LESS_TERMCAP_mb=$(printf "\e[1;31m") \
LESS_TERMCAP_md=$(printf "\e[1;31m") \
LESS_TERMCAP_me=$(printf "\e[0m") \
LESS_TERMCAP_se=$(printf "\e[0m") \
LESS_TERMCAP_so=$(printf "\e[1;44;33m") \
LESS_TERMCAP_ue=$(printf "\e[0m") \
LESS_TERMCAP_us=$(printf "\e[1;32m") \
man "$@"
}
EOF
;;
*)
echo -e "传入参数有误"
;;
esac