平时写的各种linux shell脚本
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

137 lines
4.1 KiB

#!/bin/bash
##### name:debian初始化脚本 #####
##### author:xiaoz #####
##### date:2022/08/18 #####
#获取SSH端口
ssh_port=$1
#初始化软件
init_soft(){
echo '--------------------------------------------------------------';
echo 'Install curl/wget and ufw.'
echo '--------------------------------------------------------------';
#更新软件
apt-get update
#使用nftables
#update-alternatives --set iptables /usr/sbin/iptables-nft
#update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
#update-alternatives --set arptables /usr/sbin/arptables-nft
#update-alternatives --set ebtables /usr/sbin/ebtables-nft
#安装必要软件
apt-get -y install curl wget ufw net-tools
#apt-get -y install firewalld
#启动firewalld
#systemctl start firewalld && systemctl enable firewalld
#FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables
#针对上面的错误,需要将iptables更换为nftables
#sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf
#放行常见端口
ufw allow 80
ufw allow 443
ufw allow 22
ufw --force enable
systemctl enable ufw
}
#初始化SSH配置
#修改端口和允许root登录
init_ssh(){
echo '--------------------------------------------------------------';
echo 'Modifying SSH port.'
echo '--------------------------------------------------------------';
#先放行端口
ufw allow ${ssh_port}
#修改ssh配置文件
#修改SSH端口
echo "Port ${ssh_port}" >> /etc/ssh/sshd_config
#允许root登录
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
#重启SSH服务
systemctl restart sshd
}
#初始化时区
init_timezone(){
echo '--------------------------------------------------------------';
echo 'Setting time zone.'
echo '--------------------------------------------------------------';
#设置时区为上海
timedatectl set-timezone Asia/Shanghai
#安装 chrony 或 systemd-timesyncd 以替代 ntpdate
if apt-get install -y chrony; then
systemctl enable chrony
systemctl start chrony
chronyc -a 'burst 4/4'
else
apt-get install -y systemd-timesyncd
systemctl enable systemd-timesyncd
systemctl start systemd-timesyncd
fi
#写入定时任务以确保时间同步
(crontab -l 2>/dev/null; echo "*/20 * * * * chronyc burst 4/4 > /dev/null 2>&1 || systemctl restart systemd-timesyncd > /dev/null 2>&1") | crontab -
#重载定时任务
systemctl reload cron
}
#设置虚拟内存,如果存在虚拟内存,则不设置
set_swap() {
echo '--------------------------------------------------------------';
echo 'Setting swap.'
echo '--------------------------------------------------------------';
curl -s "https://raw.githubusercontent.com/helloxz/shell/master/set_swap.sh" | bash
}
#开启BBR
enable_bbr(){
echo '--------------------------------------------------------------';
echo 'Enabling BBR.'
echo '--------------------------------------------------------------';
#写入配置文件
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
#使内核参数生效
sysctl -p
}
#修改默认的描述符限制
change_ulimit() {
echo '--------------------------------------------------------------';
echo 'Modifying ulimit.'
echo '--------------------------------------------------------------';
echo 'fs.file-max = 65535' >> /etc/sysctl.conf
echo '* soft nofile 65535' >> /etc/security/limits.conf
echo '* hard nofile 65535' >> /etc/security/limits.conf
echo 'ulimit -SHn 65535' >> /etc/profile
#使内核参数生效
sysctl -p
}
#安装vim
install_vim() {
apt-get remove vim-common -y
apt-get install vim -y
sed -i 's/mouse=a/mouse-=a/g' /usr/share/vim/vim*/defaults.vim
}
# add_lias
add_alias() {
cp ~/.bashrc ~/.bashrc.bak
echo "alias ll='ls -l'" >> ~/.bashrc
source ~/.bashrc
}
#调用函数执行
init_soft && init_timezone && set_swap && enable_bbr && change_ulimit && install_vim && add_alias