#!/bin/bash ##### name:debian初始化脚本 ##### ##### author:xiaoz ##### ##### date:2022/08/18 ##### #获取SSH端口 ssh_port=$1 #初始化软件 init_soft(){ echo '--------------------------------------------------------------'; echo 'Install curl/wget and ufw.' echo '--------------------------------------------------------------'; #更新软件 apt-get update #使用nftables #update-alternatives --set iptables /usr/sbin/iptables-nft #update-alternatives --set ip6tables /usr/sbin/ip6tables-nft #update-alternatives --set arptables /usr/sbin/arptables-nft #update-alternatives --set ebtables /usr/sbin/ebtables-nft #安装必要软件 apt-get -y install curl wget ufw net-tools #apt-get -y install firewalld #启动firewalld #systemctl start firewalld && systemctl enable firewalld #FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables #针对上面的错误,需要将iptables更换为nftables #sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf #放行常见端口 ufw allow 80 ufw allow 443 ufw allow 22 ufw --force enable systemctl enable ufw } #初始化SSH配置 #修改端口和允许root登录 init_ssh(){ echo '--------------------------------------------------------------'; echo 'Modifying SSH port.' echo '--------------------------------------------------------------'; #先放行端口 ufw allow ${ssh_port} #修改ssh配置文件 #修改SSH端口 echo "Port ${ssh_port}" >> /etc/ssh/sshd_config #允许root登录 echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config #重启SSH服务 systemctl restart sshd } #初始化时区 init_timezone(){ echo '--------------------------------------------------------------'; echo 'Setting time zone.' echo '--------------------------------------------------------------'; #设置时区为上海 timedatectl set-timezone Asia/Shanghai apt-get install -y cron #安装 chrony 或 systemd-timesyncd 以替代 ntpdate if apt-get install -y chrony; then systemctl enable chrony systemctl start chrony chronyc -a 'burst 4/4' else apt-get install -y systemd-timesyncd systemctl enable systemd-timesyncd systemctl start systemd-timesyncd fi #写入定时任务以确保时间同步 (crontab -l 2>/dev/null; echo "*/20 * * * * chronyc burst 4/4 > /dev/null 2>&1 || systemctl restart systemd-timesyncd > /dev/null 2>&1") | crontab - #重载定时任务 /etc/init.d/cron reload } #设置虚拟内存,如果存在虚拟内存,则不设置 set_swap() { echo '--------------------------------------------------------------'; echo 'Setting swap.' echo '--------------------------------------------------------------'; curl -s "https://raw.githubusercontent.com/helloxz/shell/master/set_swap.sh" | bash } #开启BBR enable_bbr(){ echo '--------------------------------------------------------------'; echo 'Enabling BBR.' echo '--------------------------------------------------------------'; #写入配置文件 echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf #使内核参数生效 sysctl -p } #修改默认的描述符限制 change_ulimit() { echo '--------------------------------------------------------------'; echo 'Modifying ulimit.' echo '--------------------------------------------------------------'; echo 'fs.file-max = 65535' >> /etc/sysctl.conf echo '* soft nofile 65535' >> /etc/security/limits.conf echo '* hard nofile 65535' >> /etc/security/limits.conf echo 'ulimit -SHn 65535' >> /etc/profile #使内核参数生效 sysctl -p } #安装vim install_vim() { apt-get remove vim-common -y apt-get install vim -y sed -i 's/mouse=a/mouse-=a/g' /usr/share/vim/vim*/defaults.vim } # add_lias add_alias() { cp ~/.bashrc ~/.bashrc.bak echo "alias ll='ls -l'" >> ~/.bashrc source ~/.bashrc } #调用函数执行 init_soft && init_timezone && set_swap && enable_bbr && change_ulimit && install_vim && add_alias