简单优化脚本-白红宇

简单优化脚本

阅读量：6639 次

发布时间：2019-06-25

本文共 5124 字，大约阅读时间需要 17 分钟。

#!/bin/sh

# Written by CoKiLi 2011.09.01 sleepcoki@gmail.com

# GPL

cat << EOF

+--------------------------------------------------------------+

| === Welcome to Centos System init === |

+--------------http://cokili.sinaapp.com/----------------------+

|--------------http://cokili.blog.51cto.com/-------------------|

+--------------------------------------------------------------+

EOF

echo "----------------------Stop Service-----------------------"

service avahi-daemon stop

chkconfig avahi-daemon off

service bluetooth stop

chkconfig bluetooth off

service cups stop

chkconfig cups off

service hidd stop

chkconfig hidd off

chkconfig pcmcia off

chkconfig isdn off

chkconfig firstboot off

chkconfig yum-updatesd off

#disable ipv6

cat << EOF

+--------------------------------------------------------------+

| === Welcome to Disable IPV6 === |

+--------------------------------------------------------------+

EOF

echo "1" > /proc/sys/net/ipv6/conf/all/disable_ipv6

echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf

echo "alias net-pf-10 off" >> /etc/modprobe.conf

echo "alias ipv6 off" >> /etc/modprobe.conf

/sbin/chkconfig --level 35 ip6tables off

echo "ipv6 is disabled!"

#disable selinux

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config

echo "selinux is disabled,you must reboot!"

#vim

sed -i "8 s/^/alias vi='vim'/" /root/.bashrc

echo 'syntax on' > /root/.vimrc

#zh_cn

sed -i -e 's/^LANG=.*/LANG="zh_CN.UTF-8"/' /etc/sysconfig/i18n

# configure file max to 52100

echo "* soft nofile 52100

* hard nofile 52100" >> /etc/security/limits.conf

cat << EOF

+--------------------------------------------------------------+

| === Welcome to Iptables Setting === |

+--------------------------------------------------------------+

EOF

service iptables stop

echo "Iptables stop!"

iptables -P INPUT ACCEPT

iptables -F

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED,UNTRACKED -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

#iptables -L -v

echo "Clear the firewall rules OK!"

iptables -A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT

iptables -A INPUT -p icmp -j DROP

#iptables -I INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT

iptables -I FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT

echo "Prevent the syn attack (DDOOS attack)"

iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

echo "Prevent port scanning OK!"

iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

echo "Ping of Death OK!"

iptables -A FORWARD -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT

#iptables -A INPUT -i eth1 -s 192.168.0.0/16 -j DROP #禁止来自eth1外网的所有192段IP

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

#iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT

iptables -A INPUT -p udp --sport 53 -j ACCEPT

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

echo "accept 80、8080"

iptables -A INPUT -p tcp -m multiport --dports 111,2049,892,32803,875,10005,10006 -s 192.168.1.0/24 -j ACCEPT

iptables -A OUTPUT -p tcp -m multiport --sports 111,2049,892,32803,875,10005,10006 -s 192.168.1.0/24 -j ACCEPT

iptables -A INPUT -p udp -m multiport --dports 111,2049,892,32796,875,10005,10006 -s 192.168.1.0/24 -j ACCEPT

iptables -A OUTPUT -p udp -m multiport --sports 111,2049,892,32796,875,10005,10006 -s 192.168.1.0/24 -j ACCEPT

echo "nfs port"

#service iptables save

#同时可以限制IP碎片，每秒钟只允许100个碎片，用来防止DoS***.

iptables -A INPUT -f -m limit --limit 100/sec --limit-burst 100 -j ACCEPT

#iptables --list -n -v --line-numbers 查看iptables链号

#iptables -D INPUT 6 删除INPUT的6号规则

#iptables -D INPUT -p tcp -m tcp --dport 443 -j ACCEPT 删除你不知道之前添加的某条-D后跟之前一样的命令

#iptables -A INPUT -p tcp --dport 6881:6890 -j ACCEPT 接受tcp6881-6890所有包

#iptables -I FORWARD -s 2.1.1.1 -p tcp --sport 80 -j DROP “server上禁止ip出站”

#iptables -I FORWARD -d 2.1.1.2 -p tcp --dport 80 -j DROP ”server上禁止ip进站"

#iptables -F

#iptables -X

#iptables -t nat -F

#iptables -t nat -X

#iptables -t mangle -F

#iptables -t mangle -X

#iptables -P INPUT ACCEPT

#iptables -P FORWARD ACCEPT

#iptables -P OUTPUT ACCEPT

cat << EOF

+--------------------------------------------------------------+

| === Welcome to Settings /etc/sysctl.conf === |

+--------------------------------------------------------------+

EOF

echo "81920" > /proc/sys/net/ipv4/ip_conntrack_max

echo "net.ipv4.ip_conntrack_max = 81920" >> /etc/sysctl.conf

echo "net.ipv4.netfilter.ip_conntrack_max = 81920" >> /etc/sysctl.conf

echo "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 300" >> /etc/sysctl.conf

echo "net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120" >> /etc/sysctl.conf

echo "net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf

echo "net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120" >>/etc/sysctl.conf

转载于:https://blog.51cto.com/cokili/670191

你可能感兴趣的文章

电信网络拓扑图自动布局之曲线布局

查看>>

xampp mac os x “this application requires admin privileges”问题解决

查看>>

FilterRegistrationBean从springboot的1.3.5到1.4.0的变化

查看>>

BaseRecyclerViewAdapterHelper

查看>>

Unity 程序纹理的设置

查看>>

GoJS 绘图 (四) ：构建节点与GraphObjects

Nokitjs 系列-01 - HelloWorld

BugHD for JavaScript上线，轻松收集前端 Error

查看>>

Windows下使用EasyBCD安装Linux双系统实践

查看>>

用户对物联网设备的“宽容”会让物联网陷入反乌托邦？

查看>>

工业相机接口标准详解

查看>>

ionic如何使用cordova-plugin-alipay支付