# 服務器腳本
一鍵式腳本
```
#!/bin/bash
#修改hostname
#echo "ip hostname">>/etc/hosts
groupadd hadoop
useradd -g hadoop -s /bin/bash -d /home/hadoop hadoop
#修改密碼--password
#echo "Hadoop!@#123" | passwd root --stdin > /dev/null 2>&1
echo "Hadoop!@#123" | passwd dzjf --stdin > /dev/null 2>&1
#usermod -G wheel dzjf
systemctl stop firewalld
systemctl disable firewalld
#系統優化
#修改打開文件數和進程數
echo "* soft nproc 65535" >> /etc/security/limits.conf
echo "* hard nproc 65535" >> /etc/security/limits.conf
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
#系統內核參數優化
echo "net.ipv4.tcp_mem =524288 699050 1048576">>/etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 4096 16384 4194304">>/etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 16384 4194304">>/etc/sysctl.conf
echo "net.ipv4.tcp_retries2 = 10">>/etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 3">>/etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 262144">>/etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 0">>/etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 15">>/etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 10000 65535">>/etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 65535">>/etc/sysctl.conf
echo "net.core.somaxconn = 65535">>/etc/sysctl.conf
echo "net.core.netdev_max_backlog = 200000">>/etc/sysctl.conf
sysctl -p
#修改java.security,解決應用服務器連接數據庫慢的問題
sed -i "s/dev\/urandom/dev\/.\/urandom/g" `grep 'dev/urandom' -rl /usr/lib/jvm`
#sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
export PATH=$PATH:/usr/local/openssl2/bin
export TMOUT=600
echo "export JAVA_HOME=/opt/jdk1.8.0_181" >> /etc/profile
echo "export CLASSPATH=.:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib/tools.jar" >> /etc/profile
echo "export PATH=\$JAVA_HOME/bin:\$PATH" >> /etc/profile
echo "ulimit -u 65535 -n 65535" >> /etc/profile
source /etc/profile
#sudo權限設置
#touch /var/log/sudo.log
#echo "Cmnd_Alias GLY_CMD =ALL,!/usr/bin/passwd *,!/usr/sbin/visudo,/bin/vim /var/log/sudo.log,/bin/vi /var/log/sudo.log">>/etc/sudoers
#echo "zfcgyw ALL=(root) NOPASSWD:GLY_CMD ">>/etc/sudoers
#日志審計
echo "Defaults logfile=/var/log/sudo.log">>/etc/sudoers
##----鎖定無用賬號--啟用賬號passwd -u
egrep "^lp:|^sync:|^halt:|^news:|^uucp:|^operator:|^games:|^gopher:|^smmsp:|^nfsnobody:|^nobody:" /etc/passwd|awk -F: '($7!~/bin\/false/) {print $1":"$7}' > log
cat log | awk -F ":" '{print $1}' >log1
doCommand1()
{
accs1=`sed -n '/^[^#]/p' log1`
for acc1 in $accs1
do
echo ""
echo zhanghao $acc1
passwd -l $acc1
done
return 0
}
doCommand1
##------
egrep "^lp:|^sync:|^halt:|^news:|^uucp:|^operator:|^games:|^gopher:|^smmsp:|^nfsnobody:|^nobody:" /etc/shadow|awk -F: '($2!~/^*/) && ($2!~/^!!/) {print $1":"}' > log
cat log | awk -F ":" '{print $1}' >log1
doCommand2()
{
accs2=`sed -n '/^[^#]/p' log1`
for acc2 in $accs2
do
echo ""
echo zhanghao $acc2
passwd -l $acc2
done
return 0
}
doCommand2
##----
#修改ssh登錄方式
#禁止root登錄
#echo "PermitRootLogin no" >>/etc/ssh/sshd_config
#禁止密碼為空
echo "PermitEmptyPasswords no" >>/etc/ssh/sshd_config
#ssh端口修改為50022
#echo "Port 60022" >>/etc/ssh/sshd_config
#sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config
#sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
systemctl restart sshd
#密碼使用時間99天
#sed -i "s/PASS_MAX_DAYS/PASS_MAX_DAYS 99 #/g" /etc/login.defs
#sed -i "s/PASS_MAX_DAYS/#PASS_MAX_DAYS/g" /etc/login.defs
#echo "PASS_MAX_DAYS 99" >>/etc/login.defs
#密碼長度至少為6
#sed -i "s/PASS_MIN_LEN/PASS_MIN_LEN 6 #/g" /etc/login.defs
#sed -i "s/PASS_MIN_LEN/#PASS_MIN_LEN/g" /etc/login.defs
#echo "PASS_MIN_LEN 6" >>/etc/login.defs
#sed -i "/pam_pwquality.so/i\password requisite pam_cracklib.so retry=5 difok=3 minlen=7 ucredit=-1 lcredit=-1 dcredit=-1 dictpath=/usr/share/cracklib/pw_dict" /etc/pam.d/system-auth
#echo "auth required pam_tally.so deny=5 unlock_time=600 " >>/etc/pam.d/system-auth
#echo "account required pam_tally.so" >>/etc/pam.d/system-auth
#密碼最多嘗試5次,修改的密碼跟舊密碼至少3個字符不同,長度至少7位,至少一個大寫字母,一個小寫字母,一個數字
#防火墻設置
#setenforce 0
#sed -i 7s/enforcing/disabled/ /etc/selinux/config
#這個文件只能增加數據,不能刪減或刪除
#chattr +a /var/log/sudo.log
#chattr +a /var/log/messages
#設置自動退出終端,防止非法關閉ssh客戶端造成登錄進程過多,可以設置大一些,單位為秒
echo "export TMOUT=600">> /etc/profile
#echo "export TMOUT">> /etc/profile
#export LANG="zh_CN.UTF-8">> /etc/profile
source /etc/profile
```
- 服務工具
- Go編程
- 開始
- 入門
- Java編程
- Spring編程
- SpringBoot編程
- SpringCloud編程
- 服務組件
- 環境瀏覽
- 版本查看
- 新建用戶和用戶組
- 初始化腳本
- 通用組件
- 安裝Zookeeper
- 安裝Jdk
- 安裝Go
- 安裝Nginx
- 安裝Git
- 安裝Maven
- 安裝RabbitMQ
- 安裝Node
- 容器部署
- 安裝Docker
- 安裝DockerCompose
- 安裝Redis
- 安裝Jenkins
- 安裝Zookeeper
- 安裝zentao
- 數據庫搭建
- 安裝MySQL
- 安裝Oracle
- OSS存儲搭建
- 安裝MinIO
- 私服存儲搭建
- 安裝Gogs
- 安裝Gitlab
- 安裝Harbor
- 服務中心
- 高可用
- 配置中心高可用
- eureka注冊中心高可用
- consul注冊中心高可用
- nacos注冊中心高可用
- 服務應用
- 微服務
- 單體服務
- 微信小程序
- 服務助手
- 比對工具
- 快速查詢工具
- Postman工具
- 代碼生成工具
- 數據庫設計生成工具
- 服務生產
- 前端部署
- 后端部署
- 服務監控
- 鏈路監控
- Zipkin
- Pinpoint
- Skywarking
- ELK日志收集
- 服務企業
- 分表分庫
- 任務調度
- XXL-JOB
- 緩存管理
- 文件系統
- 七牛云
- 阿里云
- Fastdfs
- MinIO
- MongoDB
- 聚合文檔
- 灰度發布