这是一个配置虚拟机基线的示例,包含关闭防火墙、禁用SElinux、设置时区、安装基础软件等。
这只是一个简单的模板,基线配置方面有很多,后续可以按照这个模板去逐步添加
[root@bogon ~]# cat bastic.sh
#!/bin/bash
RED='\E[1;31m'
GREEN='\E[1;32m'
RES='\E[0m'
# 显示菜单选项
echo "请选择一个选项:"
echo "1. 关闭防火墙,禁止开机自启动"
echo "2. 关闭SElinux"
echo "3. 设置时区"
echo "4. 设置最大文件打开数量为65535"
echo "5. 安装基础软件包:[tcpdump,net-tools,wget,telnet,nmap-ncat,rsync,lrzsz]"
echo "6. 执行全部选项"
echo "7. 退出"
function stop_firewalld {
systemctl stop firewalld
systemctl disable firewalld
if [ $? -eq 0 ]; then
echo -e "${GREEN} [+] 已关闭防火墙,禁止开机自启 ${RES}"
else
echo -e "${RED} [-] 关闭防火墙失败 ${RES}"
fi
}
function selinux_set {
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
if [ $? -eq 0 ]; then
echo -e "${GREEN} [+] SElinux 已关闭 ${RES}"
else
echo -e "${RED} [-] 关闭SElinux失败 ${RES}"
fi
}
function datetime_set {
timedatectl set-timezone Asia/Shanghai
if [ $? -eq 0 ]; then
echo -e "${GREEN} [+] 已设置时区为上海时区 ${RES}"
else
echo -e "${RED} [-] 设置时区失败 ${RES}"
fi
}
function fileopen_set {
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
sysctl -p
if [ $? -eq 0 ]; then
echo -e "${GREEN} [+] 已设置文件最大打开数量为65535 ${RES}"
else
echo -e "${RED} [-] 设置文件打开数量失败 ${RES}"
fi
}
function package_install {
if [[ $EUID -ne 0 ]]; then
echo -e "${RED} [-] 请使用root用户执行该脚本 ${RES}"
exit 1
fi
packages=(tcpdump
net-tools
wget
telnet
nmap-ncat
rsync
lrzsz
)
echo "------开始安装基础软件包------"
for package in "${packages[@]}";do
echo -e "------正在检查软件包:$package 是否安装------"
if rpm -q "$package" >> /dev/null 2>&1;then
echo "软件包 $package 已经安装,跳过..."
else
echo "------正在安装软件包------"
yum -y install "$package"
if [ $? -eq 0 ]; then
echo -e "${GREEN} [+] 基础依赖包 $package 安装成功 ${RES}"
else
echo -e "${RED} [-] 基础依赖包安装失败 ${RES}"
fi
fi
done
}
read choice
case $choice in
1)
stop_firewalld
;;
2)
selinux_set
;;
3)
datetime_set
;;
4)
fileopen_set
;;
5)
package_install
;;
6)
stop_firewalld
selinux_set
datetime_set
fileopen_set
package_install
;;
7)
exit
;;
*)
echo "无效选项"
;;
esac
输入6,就是执行全部选项
当然也能单独执行,例如输入5,就提示软件包已安装,跳过。。。