linux-tutorial/codes/linux/sys/sys-settings.sh

#!/usr/bin/env bash

# ---------------------------------------------------------------------------------
# 控制台颜色
BLACK="\033[1;30m"
RED="\033[1;31m"
GREEN="\033[1;32m"
YELLOW="\033[1;33m"
BLUE="\033[1;34m"
PURPLE="\033[1;35m"
CYAN="\033[1;36m"
RESET="$(tput sgr0)"
# ---------------------------------------------------------------------------------

printHeadInfo() {
	printf "${BLUE}\n"
	cat << EOF
###################################################################################
# Linux Centos7 系统配置脚本（根据需要选择）
# @author: Zhang Peng
###################################################################################
EOF
	printf "${RESET}\n"
}

setLimit() {
	cat >> /etc/security/limits.conf << EOF
 *  -  nofile  65535
 *  -  nproc   65535
EOF
}

setLang() {
	cat > /etc/sysconfig/i18n << EOF
LANG="zh_CN.UTF-8"
EOF
}

closeShutdownShortkey() {
	printf "\n${CYAN}>>>> 关闭 Ctrl+Alt+Del 快捷键防止重新启动${RESET}\n"
	sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
}

closeSelinux() {
	# see http://blog.51cto.com/13570193/2093299
	printf "\n${CYAN}>>>> 关闭 selinux${RESET}\n"
	sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
}

setBootMode() {
	# 1. 停机(记得不要把 initdefault 配置为 0，因为这样会使 Linux 不能启动)
	# 2. 单用户模式，就像 Win9X 下的安全模式
	# 3. 多用户，但是没有 NFS
	# 4. 完全多用户模式，准则的运行级
	# 5. 通常不用，在一些特殊情况下可以用它来做一些事情
	# 6. X11，即进到 X-Window 系统
	# 7. 重新启动 (记得不要把 initdefault 配置为 6，因为这样会使 Linux 不断地重新启动)
	printf "\n${CYAN}>>>> 配置 Linux 启动模式${RESET}\n"
	sed -i 's/id:5:initdefault:/id:3:initdefault:/' /etc/inittab
}

# 配置 IPv4
configIpv4() {
	printf "\n${CYAN}>>>> 配置 IPv4${RESET}\n"

	cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog =  16384
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 2000  65535
net.ipv4.tcp_max_tw_buckets = 5000
vm.swappiness=10
EOF
}

# 关闭 IPv6
closeIpv6() {
	printf "\n${CYAN}>>>> 关闭 IPv6${RESET}\n"

	cat > /etc/modprobe.d/ipv6.conf << EOF
alias net-pf-10 off
options ipv6 disable=1
EOF

	echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
}

# 入口函数
main() {
	PS3="请选择要执行的操作："
	select ITEM in "配置 DNS" "配置 NTP" "关闭防火墙" "配置 IPv4" "关闭 IPv6" "全部执行"
	do

	case ${ITEM} in
		"配置 DNS")
			sh ${root}/set-dns.sh ;;
		"配置 NTP")
			sh ${root}/set-ntp.sh ;;
		"关闭防火墙")
			sh ${root}/stop-firewall.sh ;;
		"配置 IPv4")
			configIpv4 ;;
		"关闭 IPv6")
			closeIpv6 ;;
		"全部执行")
			sh ${root}/set-dns.sh
			sh ${root}/set-ntp.sh
			sh ${root}/stop-firewall.sh
			configIpv4
			closeIpv6
		;;
		*)
			printf "\n${RED}输入项不支持${RESET}\n"
			main
		;;
	esac
	break
	done
}

######################################## MAIN ########################################
root=$(pwd)
if [[ -n $1 ]]; then
	root=$1
fi

printHeadInfo
main