mirror of https://github.com/helloxz/shell.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
112 lines
3.5 KiB
112 lines
3.5 KiB
#!/bin/bash |
|
##### name:debian初始化脚本 ##### |
|
##### author:xiaoz ##### |
|
##### date:2022/08/18 ##### |
|
|
|
#获取SSH端口 |
|
ssh_port=$1 |
|
|
|
#初始化软件 |
|
init_soft(){ |
|
echo '--------------------------------------------------------------'; |
|
echo 'Install curl/wget and firewalld.' |
|
echo '--------------------------------------------------------------'; |
|
#更新软件 |
|
apt-get update |
|
#使用nftables |
|
update-alternatives --set iptables /usr/sbin/iptables-nft |
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft |
|
update-alternatives --set arptables /usr/sbin/arptables-nft |
|
update-alternatives --set ebtables /usr/sbin/ebtables-nft |
|
|
|
|
|
#安装必要软件 |
|
apt-get -y install curl wget |
|
apt-get -y install firewalld |
|
#启动firewalld |
|
systemctl start firewalld && systemctl enable firewalld |
|
|
|
#FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables |
|
#针对上面的错误,需要将iptables更换为nftables |
|
sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf |
|
|
|
#放行常见端口 |
|
firewall-cmd --zone=public --add-port=80/tcp --permanent |
|
firewall-cmd --zone=public --add-port=443/tcp --permanent |
|
firewall-cmd --reload |
|
} |
|
|
|
#初始化SSH配置 |
|
#修改端口和允许root登录 |
|
init_ssh(){ |
|
echo '--------------------------------------------------------------'; |
|
echo 'Modifying SSH port.' |
|
echo '--------------------------------------------------------------'; |
|
#先放行端口 |
|
firewall-cmd --zone=public --add-port=${ssh_port}/tcp --permanent |
|
firewall-cmd --reload |
|
|
|
#修改ssh配置文件 |
|
#修改SSH端口 |
|
echo "Port ${ssh_port}" >> /etc/ssh/sshd_config |
|
#允许root登录 |
|
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config |
|
|
|
#重启SSH服务 |
|
systemctl restart sshd |
|
} |
|
|
|
#初始化时区 |
|
init_timezone(){ |
|
echo '--------------------------------------------------------------'; |
|
echo 'Setting time zone.' |
|
echo '--------------------------------------------------------------'; |
|
#设置时区为上海 |
|
timedatectl set-timezone Asia/Shanghai |
|
#同步时间 |
|
apt-get install ntpdate |
|
ntp_path=$(which ntpdate) |
|
|
|
#写入定时任务 |
|
echo "${ntp_path} -u pool.ntp.org" >> /var/spool/cron/crontabs/root |
|
#重载定时任务 |
|
/etc/init.d/cron reload |
|
} |
|
|
|
#设置虚拟内存,如果存在虚拟内存,则不设置 |
|
set_swap() { |
|
echo '--------------------------------------------------------------'; |
|
echo 'Setting swap.' |
|
echo '--------------------------------------------------------------'; |
|
curl -s "https://raw.githubusercontent.com/helloxz/shell/master/set_swap.sh" | bash |
|
} |
|
|
|
#开启BBR |
|
enable_bbr(){ |
|
echo '--------------------------------------------------------------'; |
|
echo 'Enabling BBR.' |
|
echo '--------------------------------------------------------------'; |
|
#写入配置文件 |
|
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf |
|
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf |
|
|
|
#使内核参数生效 |
|
sysctl -p |
|
} |
|
|
|
#修改默认的描述符限制 |
|
change_ulimit() { |
|
echo '--------------------------------------------------------------'; |
|
echo 'Modifying ulimit.' |
|
echo '--------------------------------------------------------------'; |
|
echo 'fs.file-max = 65535' >> /etc/sysctl.conf |
|
echo '* soft nofile 65535' >> /etc/security/limits.conf |
|
echo '* hard nofile 65535' >> /etc/security/limits.conf |
|
echo 'ulimit -SHn 65535' >> /etc/profile |
|
|
|
#使内核参数生效 |
|
sysctl -p |
|
} |
|
|
|
#调用函数执行 |
|
init_soft && init_ssh && init_timezone && set_swap && enable_bbr && change_ulimit |