Contents
3.12. 收集的一些shell脚本¶
3.12.1. 监控服务器主要性能参数指标¶
#!/bin/bash
#功能描述(Description):监控服务器主要性能参数指标.
#监控项目:内核信息,主机名称,IP地址,登陆账户,内存与swap信息,磁盘信息,CPU负载.
kernel=$(uname -r) #内核信息
release=$(cat /etc/redhat-release) #操作系统版本
hostname=$HOSTNAME #主机名称
localip=$(ip a s | awk '/inet /{print $2}') #本地IP地址列表
mem_total=$(free | awk '/Mem/{print $2}') #总内存容量
mem_free=$(free | awk '/Mem/{print $NF}') #剩余内存容量
swap_total=$(free | awk '/Swap/{print $2}') #总swap容量
swap_free=$(free | awk '/Swap/{print $NF}') #剩余swap容量
disk=$(df | awk '/^\/dev/{print $1,$2,$4}'|column -t) #磁盘信息
load1=$(uptime | sed 's/,//g' | awk '{print $(NF-2)}') #CPU最近1分钟平均负载
load5=$(uptime | sed 's/,//g' | awk '{print $(NF-1)}') #CPU最近5分钟平均负载
load15=$(uptime | sed 's/,//g' | awk '{print $NF}') #CPU最近15分钟平均负载
login_users=$(who | wc -l) #登陆用户数量
procs=$(ps aux | wc -l) #进程数量
users=$(sed -n '$=' /etc/passwd) #系统总账户数量
cpu_info=$(LANG=C lscpu | awk -F: '/Model name/ {print $2}') #CPU型号
cpu_core=$(awk '/processor/{core++} END{print core}' /proc/cpuinfo) #CPU内核数量
yum -y -q install sysstat &>/dev/null #安装性能监控软件
echo -e "\033[34m提取磁盘性能指标,请稍后...\033[0m"
tps=$(LANG=C sar -d -p 1 6 | awk '/Average/' | tail -n +2 | awk '{print "["$2"]磁盘平均IO数量:"$3}') &
read_write=$(LANG=C sar -d -p 1 6 | awk '/Average/' | tail -n +2 | awk '{print "["$2"]平均每秒读写扇区量:"$4,$5}') &
irq=$(vmstat 1 2 | tail -n +4 | awk '{print $11}') #中断数量
cs=$(vmstat 1 2 | tail -n +4 | awk '{print $12}') #上下文切换数量
top_proc_mem=$(ps --no-headers -eo comm,rss | sort -k2 -n | tail -10) #占用内存资源最多的10个进程列表
top_proc_cpu=$(ps --no-headers -eo comm,pcpu | sort -k2 -n | tail -5) #占用CPU资源最多的5个进程列表
#获取网卡流量,接收|发送的数据流量,单位为字节bytes).
net_monitor=$(cat /proc/net/dev | tail -n +3 | \
awk 'BEGIN{ print "网卡名称 入站数据流量(bytes) 出站数据流量(bytes)" } \
{ print $1,$2,$10 }' | column -t)
#输出数据信息.
echo -e "\033[32m--------------本机主要数据参数表-----------------\033[0m"
echo -e "本机IP地址列表:\033[32m$localip\033[0m"
echo -e "本机主机名称:\033[32m$hostname\033[0m"
echo -e "操作系统版本:\033[32m$release\033[0m,内核版本:\033[32m$kernel\033[0m"
echo -e "CPU型号为:\033[32m$cpu_info\033[0m,CPU内核数量:\033[32m$cpu_core\033[0m"
echo -e "本机总内存容量:\033[32m$mem_total\033[0m,剩余可用内存容量:\033[32m$mem_free\033[0m"
echo -e "本机swap总容量:\033[32m$swap_total\033[0m,剩余容量:\033[32m$swap_free\033[0m"
echo -e "CPU最近1分钟,5分钟,15分钟的平均负载分别为:\033[32m$load1 $load5 $load15\033[0m"
echo -e "本机总账户数量为:\033[32m$users\033[0m,当前登陆系统的账户数量:\033[32m$login_users\033[0m"
echo -e "当前系统中启动的进程数量:\033[32m$procs\033[0m"
echo -e "占用CPU资源最多的5个进程列表为:"
echo -e "\033[32m$top_proc_cpu\033[0m"
echo -e "占用内存资源最多的10个进程列表为:"
echo -e "\033[32m$top_proc_mem\033[0m"
echo -e "CPU中断数量:\033[32m$irq\033[0m,CPU上下文切换数量:\033[32m$cs\033[0m"
echo -e "每个磁盘分区的总容量与剩余容量信息如下:"
echo -e "$disk"
echo -e "$tps"
echo -e "$read_write"
echo -e "$net_monitor"
echo -e "\033[32m------------------The End------------------------\033[0m"
3.12.2. 修改SSHD配置文件¶
#!/bin/bash
#功能描述(Description):修改SSHD配置文件,提升SSH安全性.
config_file="/etc/ssh/sshd_config"
PORT=12345
#将默认端口号修改为自定义端口号.
if grep -q "^Port" $config_file;then
sed -i "/^Port/c Port $PORT" $config_file
else
echo "Port $PORT" >> $config_file
fi
#禁止root远程登陆SSH服务器.
if grep -q "^PermitRootLogin" $config_file;then
sed -i '/^PermitRootLogin/s/yes/no/' $config_file
else
sed -i '$a PermitRootLogin no' $config_file
fi
#禁止使用密码远程登陆SSH服务器.
if grep -q "^PasswordAuthentication" $config_file;then
sed -i '/^PasswordAuthentication/s/yes/no/' $config_file
else
sed -i '$a PasswordAuthentication no' $config_file
fi
#禁止X11图形转发功能.
if grep -q "^X11Forwarding" $config_file;then
sed -i '/^X11Forwarding/s/yes/no/' $config_file
else
sed -i '$a X11Forwarding no' $config_file
fi
#禁止DNS查询.
if grep -q "^UseDNS" $config_file;then
sed -i '/^UseDNS/s/yes/no/' $config_file
else
sed -i '$a UseDNS no' $config_file
fi
3.12.3. 一键安装部署DHCP服务¶
#!/bin/bash
#功能描述(Description):一键安装部署DHCP服务.
#定义变量:显示信息的颜色属性及配置文件路径.
SUCCESS="echo -en \\033[1;32m" #绿色.
FAILURE="echo -en \\033[1;31m" #红色.
WARNING="echo -en \\033[1;33m" #黄色.
NORMAL="echo -en \\033[0;39m" #黑色.
conf_file=/etc/dhcp/dhcpd.conf
#测试YUM源是否可用.
test_yum(){
num=$(yum repolist | tail -1 | sed 's/.*: *//;s/,//')
if [ $num -le 0 ];then
$FAILURE
echo "没有可用的Yum源."
$NORMAL
exit
else
if ! yum list dhcp &> /dev/null ;then
$FAILURE
echo "Yum源中没有dhcp软件包."
$NORMAL
exit
fi
fi
}
#安装部署dhcp软件包.
install_dhcp(){
#如果软件包已经安装则提示警告信息并退出脚本.
if rpm -q dhcp &> /dev/null ;then
$WARNING
echo "dhcp已安装."
$NORMAL
exit
else
yum -y install dhcp
fi
}
#修改dhcp配置文件.
modify_conf(){
#拷贝模板配置文件.
/bin/cp -f /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
sed -i '/10.152.187.0/{N;d}' $conf_file #删除多余配置,通过N读取多行,然后d删除.
sed -i '/10.254.239.0/,+3d' $conf_file #删除多余配置,通过正则匹配某行以及之后的3行都删除.
sed -i '/10.254.239.32/,+4d' $conf_file #删除多余配置,正则匹配某行以及后面的4行都删除.
sed -i "s/10.5.5.0/$subnet/" $conf_file #设置DHCP网段.
sed -i "s/255.255.255.224/$netmask/" $conf_file #设置DHCP网段的子网掩码.
sed -i "s/10.5.5.26/$start/" $conf_file #设置DHCP为客户端分配的IP地址池起始IP.
sed -i "s/10.5.5.30/$end/" $conf_file #设置DHCP为客户端分配的IP地址池结束IP.
sed -i "s/ns1.internal.example.org/$dns/" $conf_file #设置为客户端分配的DNS.
sed -i '/internal.example.org/d' $conf_file #删除多余的配置行.
sed -i "/routers/s/10.5.5.1/$router/" $conf_file #设置为客户端分配的默认网关.
sed -i '/broadcast-address/d' $conf_file #删除多余的配置行.
}
test_yum #调用函数,测试yum源.
install_dhcp #调用函数,安装软件包.
#读取必要的配置参数.
echo -n "请输入DHCP网段(如:192.168.4.0):"
$SUCCESS
read subnet
$NORMAL
echo -n "请输入DHCP网段的子网掩码(如:255.255.255.0):"
$SUCCESS
read netmask
$NORMAL
echo -n "请输入为客户端分配的地址池(如:192.168.4.1-192.168.4.10):"
$SUCCESS
read pools
$NORMAL
echo -n "请输入为客户端分配的默认网关:"
$SUCCESS
read router
$NORMAL
echo -n "请输入为客户端分配的DNS服务器:"
$SUCCESS
read dns
$NORMAL
start=$(echo $pools | cut -d- -f1) #获取起始IP.
end=$(echo $pools | cut -d- -f2) #获取结束IP.
modify_conf #调用函数,修改配置文件.
#重启服务.
systemctl restart dhcpd &>/dev/null
if [ $? -eq 0 ];then
$SUCCESS
echo "部署配置DHCP完毕."
else
$FAILURE
echo "部署配置DHCP失败,通过 journalctl -xe查看日志."
fi
$NORMAL
3.12.4. 自动部署配置vsftpd服务器¶
#!/bin/bash
#功能描述(Description):自动部署配置vsftpd服务器,管理FTP服务器,针对RHEL|CentOS系统.
#本地账户访问FTP的共享目录为/common,其中/common/pub为可上传目录.
#匿名账户访问FTP的共享目录为/var/ftp,其中/var/ftp/pub为可上传目录.
#定义变量:显示信息的颜色属性及配置文件路径.
SUCCESS="echo -en \\033[1;32m" #绿色.
FAILURE="echo -en \\033[1;31m" #红色.
WARNING="echo -en \\033[1;33m" #黄色.
NORMAL="echo -en \\033[0;39m" #黑色.
conf_file=/etc/vsftpd/vsftpd.conf
#####从这里开始先将所有需要的功能定义为函数.#####
#定义脚本的主菜单功能.
menu(){
clear
echo "-----------------------------------"
echo "# 菜单(Menu) #"
echo "-----------------------------------"
echo "# 1.安装配置vsftpd. #"
echo "# 2.创建FTP账户. #"
echo "# 3.删除FTP账户. #"
echo "# 4.配置匿名账户. #"
echo "# 5.启动关闭vsftpd. #"
echo "# 6.退出脚本. #"
echo "-----------------------------------"
echo
}
#定义配置匿名账户的子菜单.
anon_sub_menu(){
clear
echo "-----------------------------------"
echo "# 匿名配置子菜单(Menu) #"
echo "-----------------------------------"
echo "# 1.禁用匿名账户. #"
echo "# 2.启用匿名登陆. #"
echo "# 3.允许匿名账户上传. #"
echo "-----------------------------------"
echo
}
#定义服务管理的子菜单.
service_sub_menu(){
clear
echo "-----------------------------------"
echo "# 服务管理子菜单(Menu) #"
echo "-----------------------------------"
echo "# 1.启动vsftpd. #"
echo "# 2.关闭vsftpd. #"
echo "# 3.重启vsftpd. #"
echo "-----------------------------------"
echo
}
#测试YUM是否可用.
test_yum(){
num=$(yum repolist | tail -1 | sed 's/.*: *//;s/,//')
if [ $num -le 0 ];then
$FAILURE
echo "没有可用的Yum源."
$NORMAL
exit
else
if ! yum list vsftpd &> /dev/null ;then
$FAILURE
echo "Yum源中没有vsftpd软件包."
$NORMAL
exit
fi
fi
}
#安装部署vsftpd软件包.
install_vsftpd(){
#如果软件包已经安装则提示警告信息并退出脚本.
if rpm -q vsftpd &> /dev/null ;then
$WARNING
echo "vsftpd已安装."
$NORMAL
exit
else
yum -y install vsftpd
fi
}
#修改初始化配置文件.
init_config(){
#备份配置文件.
[ ! -e $conf_file.bak ] && cp $conf_file{,.bak}
#为本地账户创建共享目录/common,修改配置文件指定共享根目录.
[ ! -d /common/pub ] && mkdir -p /common/pub
chmod a+w /common/pub
grep -q local_root $conf_file || sed -i '$a local_root=/common' $conf_file
#默认客户端通过本地账户访问FTP时
#允许使用cd命令跳出共享目录,可以看到/etc等系统目录及文件.
#通过设置chroot_local_user=YES可以将账户禁锢在自己的家目录,无法进入其他目录.
sed -i 's/^#chroot_local_user=YES/chroot_local_user=YES/' $conf_file
}
#创建FTP账户,如果账户已存在则直接退出脚本.
create_ftpuser(){
if id $1 &> /dev/null ;then
$FAILURE
echo "$1账户已存在."
$NORMAL
exit
else
useradd $1
echo "$2" | passwd --stdin $1 &>/dev/null
fi
}
#删除FTP账户,如果账户不存在则直接退出脚本.
delete_ftpuser(){
if ! id $1 &> /dev/null ;then
$FAILURE
echo "$1账户不存在."
$NORMAL
exit
else
userdel $1
fi
}
#配置匿名账户.
#第一个位置参数为1则将匿名账户禁用.
#第一个位置参数为2则开启匿名账户登陆功能.
#第一个位置参数为3则设置允许匿名账户上传文件.
anon_config(){
if [ ! -f $conf_file ];then
$FAILURE
echo "配置文件不存在."
$NORMAL
exit
fi
#设置anonymous_enable=YES可以开启匿名登陆功能,默认为开启状态.
#设置anonymous_enable=NO可以禁止匿名登陆功能.
#设置anon_upload_enable=YES可以允许匿名上传文件,默认该配置被注释.
#设置anon_mkdir_write_enable=YES可以允许匿名账户创建目录,默认该配置被注释.
case $1 in
1)
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' $conf_file
systemctl restart vsftpd;;
2)
sed -i 's/anonymous_enable=NO/anonymous_enable=YES/' $conf_file
systemctl restart vsftpd;;
3)
sed -i 's/^#anon_/anon_/' $conf_file
chmod a+w /var/ftp/pub
systemctl restart vsftpd;;
esac
}
#服务管理.
#第一个位置参数为start时启动vsftpd服务.
#第一个位置参数为stop时关闭vsftpd服务.
#第一个位置参数为restart时重启vsftpd服务.
proc_manager(){
if ! rpm -q vsftpd &>/dev/null ;then
$FAILURE
echo "未安装vsftpd软件包."
$NORMAL
exit
fi
case $1 in
start)
systemctl start vsftpd;;
stop)
systemctl stop vsftpd;;
restart)
systemctl restart vsftpd;;
esac
}
######从这里开始调用前面定义的函数.#####
menu
read -p "请输入选项[1-6]:" input
case $input in
1)
test_yum #测试yum源.
install_vsftpd #安装vsftpd软件包.
init_config;; #初始化修改配置文件.
2)
read -p "请输入账户名称:" username
read -s -p "请输入账户密码:" password
echo
create_ftpuser $username $password;; #创建FTP账户.
3)
read -p "请输入账户名称:" username
delete_ftpuser $username $password;; #删除FTP账户.
4)
anon_sub_menu
read -p "请输入选项[1-3]:" anon
if [ $anon -eq 1 ];then
anon_config 1 #禁止匿名登陆.
elif [ $anon -eq 2 ];then
anon_config 2 #启用匿名登陆.
elif [ $anon -eq 3 ];then
anon_config 3 #允许匿名上传.
fi;;
5)
service_sub_menu
read -p "请输入选项[1-3]:" proc
if [ $proc -eq 1 ];then
proc_manager start #启动vsftpd服务.
elif [ $proc -eq 2 ];then
proc_manager stop #关闭vsftpd服务.
elif [ $proc -eq 3 ];then
proc_manager restart #重启vsftpd服务.
fi;;
6)
exit;;
*)
$FAILURE
echo "您的输入有误."
$NORMAL
exit;;
esac
3.12.5. 使用脚本操作MySQL数据库¶
# 操作数据库
mysql -uUSER -pPASSWORD -e"SQL STATEMENTS"
#查看本地所有数据库
mysql -uroot -ppassword -e"show databases"
操作数据库脚本
[root@localhost ~]# cat mysql01.sh
#!/bin/bash
HOSTNAME="localhost"
USERNAME="root"
PASSWORD="password"
MYSQL=/usr/bin/mysql
SH_DB="show databases"
$MYSQL -u$USERNAME -p$PASSWORD -e"$SH_DB"
下面列举了常用的数据库操作脚本:
#创建数据库
create_db_sql="create database ${DBNAME}"
mysql -u${USERNAME} -p${PASSWORD} -e "${create_db_sql}"
#创建表
create_table_sql="create table ${TABLE} (name varchar(20), id int(10))"
mysql -u${USERNAME} -p${PASSWORD} ${DBNAME} -e"${create_table_sql}"
#插入数据
insert_sql="insert into ${TABLENAME} values('john',1)"
mysql -u${USERNAME} -p${PASSWORD} ${DBNAME} -e"${insert_sql}"
#查询
select_sql="select * from ${TABLENAME}"
mysql -u${USERNAME} -p${PASSWORD} ${DBNAME} -e"${select_sql}"
#更新数据
update_sql="update ${TABLENAME} set id=3"
mysql -u${USERNAME} -p${PASSWORD} ${DBNAME} -e"${update_sql}"
#删除数据
delete_sql="delete from ${TABLENAME}"
mysql -u${USERNAME} -p${PASSWORD} ${DBNAME} -e"${delete_sql}"
使用Here Document执行SQL代码块,命令如下:
[root@localhost ~]# cat mysql02.sh
#!/bin/bash
mysql -uroot -ppassword << EOF
CREATE DATABASE DB01;
use DB01;
CREATE TABLE user
(
userID int(20) not null,
userName varchar(20) not null,
userPass varchar(20) not null,
age int(10) not null,
primary key(userID)
);
EOF
使用管道或重定向符执行SQL代码块,命令如下:
mysql -uroot -ppassword < update.sql
cat update.sql | mysql -uroot -ppassword
3.12.6. system_opt系统优化¶
system_opt.sh
#!/usr/bin/env bash
#usage:xxx
#scripts_name:${NAME}.sh
# author:xiaojian
#usage() {
# echo "请按如下格式执行"
# echo "USAGE: bash $0 函数名1#函数名2"
# echo "USAGE: bash $0 epel#ulimits#ssh"
# exit 1
#}
#
function epel(){
yum install epel-release -y >/dev/null 2>&1
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/epel.repo
sed -i 's/#baseurl/baseurl/g' /etc/yum.repos.d/epel.repo
sed -i '6s/enabled=0/enabled=1/g' /etc/yum.repos.d/epel.repo
sed -i '7s/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/epel.repo
yum clean all >/dev/null 2>&1
#阿里云机器用aliyun epel
#echo "[EPEL 配置] ==> OK"
}
function ulimits(){
cat > /etc/security/limits.conf <<EOF
* soft noproc 65536
* hard noproc 65536
* soft nofile 65536
* hard nofile 65536
EOF
# centos 7.3 还是 7.4开始, 这个文件有一部分soft 和 nproc 内容,登陆后会被覆盖,/etc/security/limits.conf 不会生效
echo > /etc/security/limits.d/20-nproc.conf
ulimit -n 65536
ulimit -u 65536
#echo "[ulimits 配置] ==> OK"
}
# 系统默认没有 /etc/init.d/sshd 需要使用 systemctl restart sshd
function ssh(){
[ -f /etc/ssh/sshd_config ] && sed -ir '13 iUseDNS no\nGSSAPIAuthentication no' /etc/ssh/sshd_config && systemctl restart sshd >/dev/null 2>&1
#echo "[SSH 优化] ==> OK"
}
# 修改内核参数,增加缓存区,减少等待时间
# 可以接收更大的包,增加对轻量ddos抗性
function kernel(){
cat > /etc/sysctl.conf <<EOF
fs.file-max = 65536
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
EOF
sysctl -p >/dev/null 2>&1
#echo "[内核 优化] ==> OK"
}
# 增加操作系统记录数量
function history(){
if ! grep "HISTTIMEFORMAT" /etc/profile >/dev/null 2>&1
then echo '
UserIP=$(who -u am i | cut -d"(" -f 2 | sed -e "s/[()]//g")
export HISTTIMEFORMAT="[%F %T] [`whoami`] [${UserIP}] " ' >> /etc/profile;
fi
sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile
#echo "[history 优化] ==> OK"
}
# 这个稍后我再试一试,我是倾向不要关闭selinux,而是使用系统权限完善来控制软件运行。
# 稍后测试一下看看
function security(){
> /etc/issue
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0 >/dev/null 2>&1
#systemctl stop firewalld.service
#systemctl disable firewalld.service
yum install -y openssl openssh bash >/dev/null 2>&1
#echo "[安全配置] ==> OK"
}
function other(){
yum groupinstall Development tools -y >/dev/null 2>&1
yum install -y vim wget lrzsz telnet traceroute iotop tree >/dev/null 2>&1
yum install -y ncftp axel git zlib-devel openssl-devel unzip xz libxslt-devel libxml2-devel libcurl-devel >/dev/null 2>&1
#echo "[安装常用工具] ==> OK"
echo "export HOME=/root" >> /etc/profile
source /etc/profile
useradd -M -s /sbin/nologin nginx >/dev/null 2>&1
mkdir -p /root/ops_scripts /data1/www
mkdir -p /opt/codo/
}
export -f epel
export -f ulimits
export -f ssh
export -f kernel
export -f history
export -f security
export -f other
##格式必须是: bash script 函数名1#函数2
## 例如: bash system_init_v1.sh epel#ulimits#ssh
#echo $1 | awk -F "#" '{for(i=1;i<=NF;++i) system($i)}'
epel
ulimits
ssh
kernel
history
security
other
#echo '[Success]System Init OK'
3.12.7. Centos6最小化安装后优化1¶
#!/bin/bash
#系统基础升级,建议以root执行
#必须使用root才能执行此脚本
if [ $USER != "root" ]; then
echo "需要使用 sudo 才能使用本脚本"
exit 1
fi
cd /usr/local/src
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.bak
cp /usr/local/src/CentOS6-Base-163.repo ./CentOS-Base.repo
yum clean all #清除yum缓存
yum makecache #重建缓存
yum update -y #升级Linux系统
cd ../
#添加epel外部yum扩展源
cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
#安装gcc基础库文件以及sysstat工具
yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat
#配置ntpdate自动对时
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab
/usr/sbin/ntpdate ntp.api.bz
service crond restart
#配置文件的ulimit值
ulimit -SHn 65534
echo "ulimit -SHn 65534" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
echo "fs.file-max=419430" >> /etc/sysctl.conf
#基础系统内核优化
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65535
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
/sbin/sysctl -p
#禁用control-alt-delete组合键以防止误操作
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab
#关闭SElinux
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config
#关闭iptables
service iptables stop
chkconfig iptables off
#ssh服务配置优化,请至少保持机器中至少有一个具有sudo权限的用户,下面的配置会禁止root远程登录
sed -i 's@#PermitRootLogin yes@PermitRootLogin no@' /etc/ssh/sshd_config
#禁止空密码登录
sed -i 's@#PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config
#禁止SSH反向解析
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config /etc/ssh/sshd_config
service sshd restart
#禁用ipv6地址,根据实际需求来设,如果需要安装lvs服务的机器,建议保留此选项
echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf
#每当系统需要加载IPv6模块时,强制执行/bin/true来代替实际加载的模块
echo "IPV6INIT=no" >> /etc/sysconfig/network-scripts/ifcfg-eth0
#禁用基于IPv6网络,使之不会被触发启动
chkconfig ip6tables off
#vim基础语法优化
cat >> /root/.vimrc << EOF
set number
set ruler
set nohlsearch
set shiftwidth=2
set tabstop=4
set expandtab
set cindent
set autoindent
set mouse=v
syntax on
EOF
#精简开机自启动服务,安装最小化服务的机器初始可以只留crond|network|rsyslog|sshd这四个服务
for i in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $i off;done
for CURSRV in crond rsyslog sshd network;do chkconfig --level 3 $CURSRV on;done
#重启服务器
reboot
3.12.8. Centos6最小化安装后优化2¶
#!/bin/bash
#添加epel外部yum扩展源
cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
#安装gcc基础库文件以及sysstat工具
yum -y install gcc gcc-c++ vim-enhanced unzip unrar sysstat
#配置ntpdate自动对时
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz >> /dev/null 2>&1" >> /etc/crontab
ntpdate ntp.api.bz
service crond restart
#配置文件的ulimit值
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat>> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
#基础系统内核优化
cat>> /etc/sysctl.conf << EOF
fs.file-max=419430
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
/sbin/sysctl -p
#禁用control-alt-delete组合键以防止误操作
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now@' /etc/inittab
#关闭SElinux
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config
#关闭iptables
service iptables stop
chkconfig iptables off
#ssh服务配置优化,请至少保持机器中至少有一个具有sudo权限的用户,下面的配置会禁止root远程登录
sed -i 's@#PermitRootLogin yes@PermitRootLogin no@' /etc/ssh/sshd_config #禁止root远程登录
sed -i 's@#PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config #禁止空密码登录
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config /etc/ssh/sshd_config
service sshd restart
#禁用ipv6地址
echo "alias net-pf-10 off" >> /etc/modprobe.d/dist.conf
echo "alias ipv6 off" >> /etc/modprobe.d/dist.conf
chkconfig ip6tables off
#vim基础语法优化
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
#精简开机自启动服务,安装最小化服务的机器初始可以只保留crond,network,rsyslog,sshd这四个服务。
for i in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $i off;done
for CURSRV in crond rsyslog sshd network;do chkconfig --level 3 $CURSRV on;done
#重启服务器
reboot
3.12.9. Centos7安装后优化¶
#!/bin/bash
#author shunxin by
#this script is only for CentOS 7.x
#check the OS
platform=`uname -i`
if [ $platform != "x86_64" ];then
echo "this script is only for 64bit Operating System !"
exit 1
fi
echo "the platform is ok"
cat << EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF
#Yum源更换为国内阿里源
yum install wget -y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#添加阿里的epel源
#add the epel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#yum重新建立缓存
yum clean all
yum makecache
#同步时间
yum -y install ntp
/usr/sbin/ntpdate ntp1.aliyun.com
echo "* 3 * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1" >> /var/spool/cron/root
systemctl restart crond.service
#设置主机名
hostnamectl set-hostname qiuyuetao
#设置字符集
#设置最大打开文件描述符数
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 655350
* hard nofile 655350
EOF
#禁用selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
#关闭防火墙
systemctl disable firewalld.service
systemctl stop firewalld.service
#set ssh
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
systemctl restart sshd.service
#内核参数优化
cat >> /etc/sysctl.conf << EOF
#CTCDN系统优化参数
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#决定检查过期多久邻居条目
net.ipv4.neigh.default.gc_stale_time=120
#使用arp_announce / arp_ignore解决ARP映射问题
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
# 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1
# 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
#开启路由转发
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.default.send_redirects = 1
#开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#关闭sysrq功能
kernel.sysrq = 0
#core文件名中添加pid作为扩展名
kernel.core_uses_pid = 1
# 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 1
#修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536
#设置最大内存共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#timewait的数量,默认180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 262144
#限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
#未收到客户端确认信息的连接请求的最大值
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#内核放弃建立连接之前发送SYNACK 包的数量
net.ipv4.tcp_synack_retries = 1
#内核放弃建立连接之前发送SYN 包的数量
net.ipv4.tcp_syn_retries = 1
#启用timewait 快速回收
net.ipv4.tcp_tw_recycle = 0
#开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
#当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
#允许系统打开的端口范围
net.ipv4.ip_local_port_range = 1024 65000
#修改防火墙表大小,默认65536
net.netfilter.nf_conntrack_max=655350
net.netfilter.nf_conntrack_tcp_timeout_established=1200
# 确保无人能修改路由表
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
EOF
/sbin/sysctl -p
#vim定义退格键可删除最后一个字符类型
echo 'alias vi=vim' >> /etc/profile
echo 'stty erase ^H' >> /etc/profile
echo 'curl ip.6655.com/ip.aspx&&echo' >> /etc/profile
cat >> /root/.vimrc << EOF
set tabstop=4
set shiftwidth=4
set expandtab
syntax on
"set number
EOF
#update soft
yum -y update
cat << EOF
+-------------------------------------------------+
| 优 化 已 完 成 |
| 5s 后 重启 这台服务器 ! |
+-------------------------------------------------+
EOF
sleep 5
echo -e "\n\033[31m请重启机器 使内核修改生效!!!\033[0m\n" ##重启加载内核修改
3.12.10. 备份数据库脚本¶
#!/usr/bin/env bash
#this scripts is backup_mysql_db
mysqldump="/usr/local/mysql/bin/mysqldump"
bakuser="backup"
passwd="admin#123"
bakdir="/data/backup"
remote_dir='rsync://10.10.10.122/mysqlbak'
d1=`date +%F`
d2=`date +%d`
#定义日志
exec &> /tmp/mysql_bak.log
echo "mysql backup begin at `date`"
#对所有数据库进行遍历
for db in item1 item2 item3 ; do
$mysqldump -u$bakuser -p$passwd $db > $bakdir/$db-$d1.sql
done
#对1天前的所有sql文件压缩
find $bakdir/ -type f -name "*.sql" -mtime +1 |xargs gzip
#查找一周以前的老文件,并删除
find $bakdir/ -type f -mtime +7 | xargs rm
#当天备份文件同步到远程
for db in item1 item2 item3 ; do
rsync -a $bakdir/$db-$d1.sql $remote_dir/$db-$d2.sql
done
echo "mysql bacup end at `date`"
3.12.11. 备份数据库上传到S3存储库¶
#!/bin/bash
#
# Filename:
# backupdatabase.sh
# Description:
# backup cms database and remove backup data before 7 days
# crontab
# 55 23 * * * /bin/sh /yundisk/cms/crontab/backupdatabase.sh >> /yundisk/cms/crontab/backupdatabase.log 2>&1
DATE=`date +%Y-%m-%d`
OLDDATE=`date +%Y-%m-%d -d '-7 days'`
#MYSQL=/usr/local/mysql/bin/mysql
#MYSQLDUMP=/usr/local/mysql/bin/mysqldump
#MYSQLADMIN=/usr/local/mysql/bin/mysqladmin
BACKDIR=/yundisk/cms/database
[ -d ${BACKDIR} ] || mkdir -p ${BACKDIR}
[ -d ${BACKDIR}/${DATE} ] || mkdir ${BACKDIR}/${DATE}
[ ! -d ${BACKDIR}/${OLDDATE} ] || rm -rf ${BACKDIR}/${OLDDATE}
mysqldump --default-character-set=utf8 --no-autocommit --quick --hex-blob --single-transaction -uroot cms_production | gzip > ${BACKDIR}/${DATE}/cms-backup-${DATE}.sql.gz
echo "Database cms_production and bbs has been backup successful"
/bin/sleep 5
aws s3 cp ${BACKDIR}/${DATE}/* s3://example-share/cms/databackup/
3.12.12. 控制进程数执行run.py脚本¶
#!/bin/bash
#每5分钟运行一次脚本
CE_HOME='/data/ContentEngine'
LOG_PATH='/data/logs'
# 控制爬虫数量为8
MAX_SPIDER_COUNT=8
# current count of spider
count=`ps -ef | grep -v grep | grep run.py | wc -l`
# 下面的逻辑是控制run.py进程数量始终为8,充分挖掘机器的性能,并且为了防止形成死循环,这里没有用while语句。
try_time=0
cd $CE_HOME
while [ $count -lt $MAX_SPIDER_COUNT -a $try_time -lt $MAX_SPIDER_COUNT ];do
let try_time+=1
python run.py >> ${LOG_PATH}/spider.log 2>&1 &
count=`ps -ef | grep -v grep | grep run.py | wc -l`
done
3.12.13. 转换数据库表存储引擎¶
#/bin/bash
DB=pharma
USER=root
PASSWD=root@change
/usr/local/mysql/bin/mysql -u$USER -p$PASSWD $DB -e "select TABLE_NAME from information_schema.TABLES where TABLE_SCHEMA='"$DB"' and ENGINE='"MyISAM"';" | grep -v "TABLE_NAME" > mysql_table.txt
cat mysql_table.txt | while read LINE
do
echo "Starting convert table engine..."
/usr/local/mysql/bin/mysql -u$USER -p$PASSWD $DB -e "alter table $LINE engine='"InnoDB"'"
sleep 1
done
3.12.14. 监控网站状态脚本¶
#!/usr/bin/env bash
source /etc/init.d/functions
if [ $# -ne 1 ]; then
echo $"usage $0 url"
exit 1
fi
while true; do
if [ `curl -o /dev/null --connect-timeout 5 -s -w "%{http_code}" $1 | egrep -w "200|301|302"|wc -l` -ne 1 ]; then
action "$1 is error." /bin/false
#echo "$1 is error."|mail -s "$1 is error." 1879324764@qq.com
else
action "$1 is ok " /bin/true
fi
sleep 10
done
3.12.15. 监控httpd服务状态脚本¶
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
# author:xiaojian
LogTime=$(date +%Y%m%d-%T)
Log_File="/home/check_httpd.log"
while true; do
HTTPD_STATUS=`service httpd status | grep running`
if test -z "$HTTPD_STATUS"; then
echo "$LogTime HTTPD is stopped, try to restart" >> $Log_File
service httpd restart
else
echo "HTTPD is running ,wait 2 sec until next check" &>/dev/null
sleep 2
fi
done
3.12.16. 监控Nginx进程,如果尝试启动失败就stop Keepalived¶
#!/bin/bash
while :
do
nginxpid=`ps -C nginx --no-header | wc -l`
if [ $nginxpid -eq 0 ];then
ulimit -SHn 65535
/usr/local/nginx/sbin/nginx
sleep 5
if [ $nginxpid -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
sleep 5
done
3.12.17. 进程控制示例¶
#!/usr/bin/env bash
pidpath=/tmp/a.pid
if test -f "$pidpath"; then
kill `cat $pidpath` > /dev/null 2>&1 #杀掉与前一个进程对应的进程
rm -rf $pidpath
fi
echo $$ > $pidpath ##<==将当前Shell进程号记录到pid文件里。
sleep 300
3.12.18. lnmp一键安装示例¶
#!/bin/bash
## written by aming.
## 2015-06-24.
#######Begin########
echo "It will install lamp or lnmp."
sleep 1
##check last command is OK or not.
check_ok() {
if [ $? != 0 ]
then
echo "Error, Check the error log."
exit 1
fi
}
##get the archive of the system,i686 or x86_64.
ar=`arch`
##close seliux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
selinux_s=`getenforce`
if [ $selinux_s == "enforcing" ]
then
setenforce 0
fi
##close iptables
iptables-save > /etc/sysconfig/iptables_`date +%s`
iptables -F
service iptables save
##if the packge installed ,then omit.
myum() {
if ! rpm -qa|grep -q "^$1"
then
yum install -y $1
check_ok
else
echo $1 already installed.
fi
}
## install some packges.
for p in gcc wget perl perl-devel libaio libaio-devel pcre-devel zlib-devel
do
myum $p
done
##install epel.
if rpm -qa epel-release >/dev/null
then
rpm -e epel-release
fi
if ls /etc/yum.repos.d/epel-6.repo* >/dev/null 2>&1
then
rm -f /etc/yum.repos.d/epel-6.repo*
fi
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-6.repo
##function of installing mysqld.
install_mysqld() {
case $mysql_v in
5.1)
cd /usr/local/src
[ -f mysql-5.1.72-linux-$ar-glibc23.tar.gz ] || wget http://mirrors.sohu.com/mysql/MySQL-5.1/mysql-5.1.72-linux-$ar-glibc23.tar.gz
tar zxf mysql-5.1.72-linux-$ar-glibc23.tar.gz
check_ok
[ -d /usr/local/mysql ] && /bin/mv /usr/local/mysql /usr/local/mysql_`date +%s`
mv mysql-5.1.72-linux-$ar-glibc23 /usr/local/mysql
check_ok
if ! grep '^mysql:' /etc/passwd
then
useradd -M mysql -s /sbin/nologin
check_ok
fi
myum compat-libstdc++-33
[ -d /data/mysql ] && /bin/mv /data/mysql /data/mysql_`date +%s`
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
cd /usr/local/mysql
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
check_ok
/bin/cp support-files/my-huge.cnf /etc/my.cnf
check_ok
sed -i '/^\[mysqld\]$/a\datadir = /data/mysql' /etc/my.cnf
/bin/cp support-files/mysql.server /etc/init.d/mysqld
sed -i 's#^datadir=#datadir=/data/mysql#' /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
check_ok
break
;;
5.6)
cd /usr/local/src
[ -f mysql-5.6.26-linux-glibc2.5-$ar.tar.gz ] || wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.26-linux-glibc2.5-$ar.tar.gz
tar zxf mysql-5.6.26-linux-glibc2.5-$ar.tar.gz
check_ok
[ -d /usr/local/mysql ] && /bin/mv /usr/local/mysql /usr/local/mysql_bak
mv mysql-5.6.26-linux-glibc2.5-$ar /usr/local/mysql
if ! grep '^mysql:' /etc/passwd
then
useradd -M mysql -s /sbin/nologin
fi
myum compat-libstdc++-33
[ -d /data/mysql ] && /bin/mv /data/mysql /data/mysql_bak
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
cd /usr/local/mysql
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
check_ok
/bin/cp support-files/my-default.cnf /etc/my.cnf
check_ok
sed -i '/^\[mysqld\]$/a\datadir = /data/mysql' /etc/my.cnf
/bin/cp support-files/mysql.server /etc/init.d/mysqld
sed -i 's#^datadir=#datadir=/data/mysql#' /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
check_ok
break
;;
*)
echo "only 1(5.1) or 2(5.6)"
exit 1
;;
esac
}
##function of install httpd.
install_httpd() {
echo "Install apache version 2.2."
cd /usr/local/src
[ -f httpd-2.2.16.tar.gz ] || wget http://syslab.comsenz.com/downloads/linux/httpd-2.2.16.tar.gz
tar zxf httpd-2.2.16.tar.gz && cd httpd-2.2.16
check_ok
./configure \
--prefix=/usr/local/apache2 \
--with-included-apr \
--enable-so \
--enable-deflate=shared \
--enable-expires=shared \
--enable-rewrite=shared \
--with-pcre
check_ok
make && make install
check_ok
}
##function of install lamp's php.
install_php() {
echo -e "Install php.\nPlease chose the version of php."
case $php_v in
5.4)
cd /usr/local/src/
[ -f php-5.4.45.tar.bz2 ] || wget 'http://cn2.php.net/get/php-5.4.45.tar.bz2/from/this/mirror' -O php-5.4.45.tar.bz2
tar jxf php-5.4.45.tar.bz2 && cd php-5.4.45
for p in openssl-devel bzip2-devel \
libxml2-devel curl-devel libpng-devel \
libjpeg-devel freetype-devel libmcrypt-devel\
libtool-ltdl-devel perl-devel
do
myum $p
done
check_ok
./configure \
--prefix=/usr/local/php \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-config-file-path=/usr/local/php/etc \
--with-mysql=/usr/local/mysql \
--with-libxml-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-zlib-dir \
--with-bz2 \
--with-openssl \
--with-mcrypt \
--enable-soap \
--enable-gd-native-ttf \
--enable-mbstring \
--enable-sockets \
--enable-exif \
--disable-ipv6
check_ok
make && make install
check_ok
[ -f /usr/local/php/etc/php.ini ] || /bin/cp php.ini-production /usr/local/php/etc/php.ini
break
;;
5.6)
cd /usr/local/src/
[ -f php-5.6.6.tar.gz ] || wget http://mirrors.sohu.com/php/php-5.6.6.tar.gz
tar zxf php-5.6.6.tar.gz && cd php-5.6.6
for p in openssl-devel bzip2-devel \
libxml2-devel curl-devel libpng-devel \
libjpeg-devel freetype-devel libmcrypt-devel\
libtool-ltdl-devel perl-devel
do
myum $p
done
./configure \
--prefix=/usr/local/php \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-config-file-path=/usr/local/php/etc \
--with-mysql=/usr/local/mysql \
--with-libxml-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-zlib-dir \
--with-bz2 \
--with-openssl \
--with-mcrypt \
--enable-soap \
--enable-gd-native-ttf \
--enable-mbstring \
--enable-sockets \
--enable-exif \
--disable-ipv6
check_ok
make && make install
check_ok
[ -f /usr/local/php/etc/php.ini ] || /bin/cp php.ini-production /usr/local/php/etc/php.ini
break
;;
*)
echo "only 1(5.4) or 2(5.6)"
;;
esac
}
##function of apache and php configue.
join_apa_php() {
sed -i '/AddType .*.gz .tgz$/a\AddType application\/x-httpd-php .php' /usr/local/apache2/conf/httpd.conf
check_ok
sed -i 's/DirectoryIndex index.html/DirectoryIndex index.php index.html index.htm/' /usr/local/apache2/conf/httpd.conf
check_ok
cat > /usr/local/apache2/htdocs/index.php <<EOF
<?php
phpinfo();
?>
EOF
if /usr/local/php/bin/php -i |grep -iq 'date.timezone => no value'
then
sed -i '/;date.timezone =$/a\date.timezone = "Asia\/Chongqing"' /usr/local/php/etc/php.ini
fi
/usr/local/apache2/bin/apachectl restart
check_ok
}
##function of check service is running or not, example nginx, httpd, php-fpm.
check_service() {
if [ "$1" == "phpfpm" ]
then
s="php-fpm"
else
s=$1
fi
n=`ps aux |grep "$s"|wc -l`
if [ $n -gt 1 ]
then
echo "$1 service is already started."
else
if [ -f /etc/init.d/$1 ]
then
/etc/init.d/$1 start
check_ok
else
install_$1
fi
fi
}
##function of install lamp
lamp() {
check_service mysqld
check_service httpd
install_php
join_apa_php
echo "LAMP done,Please use 'http://your ip/index.php' to access."
}
##function of install nginx
install_nginx() {
cd /usr/local/src
[ -f nginx-1.8.0.tar.gz ] || wget http://nginx.org/download/nginx-1.8.0.tar.gz
tar zxf nginx-1.8.0.tar.gz
cd nginx-1.8.0
myum pcre-devel
./configure --prefix=/usr/local/nginx
check_ok
make && make install
check_ok
if [ -f /etc/init.d/nginx ]
then
/bin/mv /etc/init.d/nginx /etc/init.d/nginx_`date +%s`
fi
curl http://www.apelearn.com/study_v2/.nginx_init -o /etc/init.d/nginx
check_ok
chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
curl http://www.apelearn.com/study_v2/.nginx_conf -o /usr/local/nginx/conf/nginx.conf
check_ok
service nginx start
check_ok
echo -e "<?php\n phpinfo();\n?>" > /usr/local/nginx/html/index.php
check_ok
}
##function of install php-fpm
install_phpfpm() {
echo -e "Install php.\nPlease chose the version of php."
case $php_v in
5.4)
cd /usr/local/src/
[ -f php-5.4.45.tar.bz2 ] || wget 'http://cn2.php.net/get/php-5.4.45.tar.bz2/from/this/mirror' -O php-5.4.45.tar.bz2
tar jxf php-5.4.45.tar.bz2 && cd php-5.4.45
for p in openssl-devel bzip2-devel \
libxml2-devel curl-devel libpng-devel \
libjpeg-devel freetype-devel libmcrypt-devel\
libtool-ltdl-devel perl-devel
do
myum $p
done
if ! grep -q '^php-fpm:' /etc/passwd
then
useradd -M -s /sbin/nologin php-fpm
check_ok
fi
./configure \
--prefix=/usr/local/php-fpm \
--with-config-file-path=/usr/local/php-fpm/etc \
--enable-fpm \
--with-fpm-user=php-fpm \
--with-fpm-group=php-fpm \
--with-mysql=/usr/local/mysql \
--with-mysql-sock=/tmp/mysql.sock \
--with-libxml-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-zlib-dir \
--with-mcrypt \
--enable-soap \
--enable-gd-native-ttf \
--enable-ftp \
--enable-mbstring \
--enable-exif \
--enable-zend-multibyte \
--disable-ipv6 \
--with-pear \
--with-curl \
--with-openssl
check_ok
make && make install
check_ok
[ -f /usr/local/php-fpm/etc/php.ini ] || /bin/cp php.ini-production /usr/local/php-fpm/etc/php.ini
if /usr/local/php-fpm/bin/php -i |grep -iq 'date.timezone => no value'
then
sed -i '/;date.timezone =$/a\date.timezone = "Asia\/Chongqing"' /usr/local/php-fpm/etc/php.ini
check_ok
fi
[ -f /usr/local/php-fpm/etc/php-fpm.conf ] || curl http://www.apelearn.com/study_v2/.phpfpm_conf -o /usr/local/php-fpm/etc/php-fpm.conf
[ -f /etc/init.d/phpfpm ] || /bin/cp sapi/fpm/init.d.php-fpm /etc/init.d/phpfpm
chmod 755 /etc/init.d/phpfpm
chkconfig phpfpm on
service phpfpm start
check_ok
break
;;
5.6)
cd /usr/local/src/
[ -f php-5.6.6.tar.gz ] || wget http://mirrors.sohu.com/php/php-5.6.6.tar.gz
tar zxf php-5.6.6.tar.gz && cd php-5.6.6
for p in openssl-devel bzip2-devel \
libxml2-devel curl-devel libpng-devel \
libjpeg-devel freetype-devel libmcrypt-devel\
libtool-ltdl-devel perl-devel
do
myum $p
done
if ! grep -q '^php-fpm:' /etc/passwd
then
useradd -M -s /sbin/nologin php-fpm
fi
check_ok
./configure \
--prefix=/usr/local/php-fpm \
--with-config-file-path=/usr/local/php-fpm/etc \
--enable-fpm \
--with-fpm-user=php-fpm \
--with-fpm-group=php-fpm \
--with-mysql=/usr/local/mysql \
--with-mysql-sock=/tmp/mysql.sock \
--with-libxml-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-zlib-dir \
--with-mcrypt \
--enable-soap \
--enable-gd-native-ttf \
--enable-ftp \
--enable-mbstring \
--enable-exif \
--disable-ipv6 \
--with-pear \
--with-curl \
--with-openssl
check_ok
make && make install
check_ok
[ -f /usr/local/php-fpm/etc/php.ini ] || /bin/cp php.ini-production /usr/local/php-fpm/etc/php.ini
if /usr/local/php-fpm/bin/php -i |grep -iq 'date.timezone => no value'
then
sed -i '/;date.timezone =$/a\date.timezone = "Asia\/Chongqing"' /usr/local/php-fpm/etc/php.ini
check_ok
fi
[ -f /usr/local/php-fpm/etc/php-fpm.conf ] || curl http://www.apelearn.com/study_v2/.phpfpm_conf -o /usr/local/php-fpm/etc/php-fpm.conf
check_ok
[ -f /etc/init.d/phpfpm ] || /bin/cp sapi/fpm/init.d.php-fpm /etc/init.d/phpfpm
chmod 755 /etc/init.d/phpfpm
chkconfig phpfpm on
service phpfpm start
check_ok
break
;;
*)
echo 'only 1(5.4) or 2(5.6)'
;;
esac
}
##function of install lnmp
lnmp() {
check_service mysqld
check_service nginx
check_service phpfpm
echo "The lnmp done, Please use 'http://your ip/index.php' to access."
}
read -p "Please chose which type env you install, (lamp|lnmp)? " t
case $t in
lamp)
read -p "Please chose the version of mysql. (5.1|5.6)" mysql_v
read -p "Please chose the version of php. (5.4|5.6)" php_v
lamp
;;
lnmp)
read -p "Please chose the version of mysql. (5.1|5.6)" mysql_v
read -p "Please chose the version of php. (5.4|5.6)" php_v
lnmp
;;
*)
echo "Only 'lamp' or 'lnmp' your can input."
;;
esac
3.12.19. 服务器初始化脚本示例¶
#!/usr/bin/env bash
export PATH=$PATH:/bin:/sbin:/usr/sbin
#root check
if test "$UID" != "0"; then
echo "Please run this scripts by root"
exit 1
fi
#define cmd var
SERVICE=`which service`
CHKCONIFIG=`which chkconfig`
mod_yum(){
if test -e /etc/yum.repos.d/CentOS-Base.repo; then
cp /etc/yum.repos.d/CentOS-Base.repo{,_bak}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
fi
}
close_selinux(){
#close_selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
##grep SELINUX=disabled /etc/selinux/config
setenforce 0 &>/dev/null
}
close_iptables(){
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfi iptables off
}
least_service(){
chkconfig|awk '{print "chkconfig",$1,"off"}'|bash
chkconfig|egrep "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"on"}'|bash
#export LANG=en
# chkconfig --list|grep 3:on
}
time_sync(){
cron=/var/spool/cron/root
if [ `grep -w "ntpdate" $cron|wc -l` -lt 1 ]; then
echo '#time sync by oldboy at 2010-2-1' >>$cron
echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' >>$cron
crontab -l
fi
}
com_line_set(){
#7.command set.
if [ `egrep "TMOUT|HISTSIZE|ISTFILESIZE" /etc/profile|wc -l` -lt 3 ]
then
echo 'export TMOUT=300' >>/etc/profile
echo 'export HISTSIZE=5' >>/etc/profile
echo 'export HISTFILESIZE=5' >>/etc/profile
. /etc/profile
fi
}
open_file_set(){
# increase open file.
if [`grep 65535 /etc/security/limits.conf|wc -l -lt 1`]; then
echo '* - nofile 65535 ' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
fi
}
3.12.20. 服务启动脚本示例¶
#!/usr/bin/env bash
. /etc/init.d/functions
usage(){
echo $"usage:$0 {start|stop|restart}"
exit
}
start(){
rsync --daemon
sleep 1
if test ``netstat -lntup|grep rsync|wc -l` -ge 1`; then
action "rsync is started." /bin/true
else
action "rsyncd is started." /bin/false
fi
}
stop(){
killall rsync &>/dev/null
sleep 2
if test `netstat -lntup|grep rsync|wc -l` -eq 0; then
action "rsyncd is stopped. " /bin/true
else
action "rsyncd is started." /bin/false
fi
}
main (){
if [ $# -ne 1 ]; then
usage
elif [ "$1" = "start" ]; then
start
elif [ "$1" = "stop" ];then
stop
elif [ "$1" = "restart" ];then
stop
sleep 1
start
else
usage
fi
}
eg2
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
# author:xiaojian
# Starts the at daemon
#chkconfig: 345 95 5
# 345 默认开启atd
# 955 默认设置为on的时候是95
# 5 默认设置为off的时候是5
# Source function library
. /etc/init.d/functions
[ -f /etc/sysconfig/atd ] && . /etc/sysconfig/atd
test -x /usr/sbin/atd || exit 0
RETVAL=0
prog = "atd"
start() {
# Check if atd is already running
if [ ! -f /var/lock/subsys/atd ]; then
echo -n $"Starting $prog: "
daemon /usr/sbin/atd $OPTS && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/atd
echo
fi
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc /usr/sbin/atd
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/atd
echo
return $RETVAL
}
restart() {
stop
start
}
reload() {
restart
}
#是调用/etc/init.d/functions 中定义的函数status
status_at() {
status /usr/sbin/atd
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
condrestart)
if test -f /var/lock/subsys/atd; then
restart
fi
;;
status)
status_at
;;
*)
echo -e "\033[31mUsage :`basename $0` {Start|Stop|Restart|condrestart|status}\033[0m"
;;
esac
exit $?
exit $RETVAL
eg3
#!/bin/sh
# chkconfig: 2345 55 25
# description: Redis Service
### BEGIN INIT INFO
# Provides: Redis
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts Redisrm -
# Description: starts the BT-Web
### END INIT INFO
# Simple Redis init.d script conceived to work on Linux systems
# as it does use of the /proc filesystem.
REDISPORT=6379
EXEC="/usr/local/redis/bin/redis-server"
CLIEXEC="/usr/local/redis/bin/redis-cli"
LOF_file="/usr/local/redis/redis.log"
PIDFILE="/var/run/redis.pid"
CONF="/usr/local/redis/redis.conf"
redis_start(){
if [ -f $PIDFILE ]
then
echo "$PIDFIILE exists, process is already running or crashed"
else
echo "Starting Redis server..."
nohup $EXEC $CONF >> $LOF_file 2>&1 &
fi
}
redis_stop(){
if [ ! -f $PIDFILE ]
then
echo "$PIDFILE does not exist, process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping ..."
$CLIEXEC -p $REDISPORT shutdown
rm -rf $PIDFILE
while [ -x /proc/${PID} ]
do
echo "Waiting for Redis to shutdown ..."
sleep 1
done
echo "Redis stopped"
fi
}
case "$1" in
start)
redis_start
;;
stop)
redis_stop
;;
restart|reload)
${0} stop
${0} start
;;
*)
echo "Please use start or stop as first argument"
;;
esac
eg4
#!/usr/bin/env bash
#usage:xxx
#scripts_name:${NAME}.sh
# author:xiaojian
PID="/usr/local/squid/var/run/squid"
CONF='/etc/squid.conf'
CMD='/usr/local/squid/sbin/squid'
case "$1" in
start)
netstat -anpt| grep squid &>/dev/null
if [ $? -eq 0 ]; then
echo "squid is running"
else
echo "正在启动Squid"
$CMD
fi
;;
stop)
$CMD -k kill & >/dev/null
rm -rf $PID & > /dev/null
;;
status)
if [ -f $PID ]; then
netstat -anpt| grep squid
else
echo "Squid is not running."
fi
;;
restart)
$0 stop & >/dev/null
echo "正在关闭Squid......"
$0 start & >/dev/null
echo "正在启动Squid....."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "Usage: $0 {start|stop|restart|reload|check|status}"
;;
esac
3.12.21. 监控mysql数据库示例¶
#!/usr/bin/env bash
#方法1
if [ `lsof -i tcp:3306|wc -l` -gt 0 ] #<==过滤端口转成数字,很优秀的取值判断方法。
then
echo "MySQL is Running."
else
echo "MySQL is Stopped."
/etc/init.d/mysqld start
fi
#方法2
if [ `ps aux| grep -v grep | grep mysql |wc - l` -gt 0]; then
echo "Mysql is Running"
else
echo "Mysql is Stopped. "
/etc/init.d/mysqld start
fi
3.12.22. 每周五使用tar命令备份/var/log下的所有日志文件¶
#!/usr/bin/env bash
#usage:每周五使用tar命令备份/var/log下的所有日志文件
#scripts_name:logbak.sh
#编写计划任务,执行备份脚本
# crontab -e
#00 03 * * 5 /root/logbak.sh
tar -zcf log-`date +%Y%m%d`.tar.gz /var/log
3.12.23. 一些常用的函数¶
#判断是否是false
is_false() {
case "$1" in
[fF] | [nN] | [nN][oO] | [fF][aA][lL][sS][eE] | 0)
return 0
;;
esac
return 1
}
#判断进程是否运行
is_running()
{
if [ -f $1 ]; then
read pid < $1
if [ -d "/proc/$pid" ]; then
return 0
fi
fi
return -1
}
#安装epel源
function _install_epel {
# NOTE: We always remove and install latest -- some environments
# use snapshot images, and if EPEL version updates they break
# unless we update them to latest version.
if sudo yum repolist enabled epel | grep -q 'epel'; then
uninstall_package epel-release || true
fi
# This trick installs the latest epel-release from a bootstrap
# repo, then removes itself (as epel-release installed the
# "real" repo).
#
# You would think that rather than this, you could use
# $releasever directly in .repo file we create below. However
# RHEL gives a $releasever of "6Server" which breaks the path;
# see https://bugzilla.redhat.com/show_bug.cgi?id=1150759
cat <<EOF | sudo tee /etc/yum.repos.d/epel-bootstrap.repo
[epel-bootstrap]
name=Bootstrap EPEL
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOF
# Enable a bootstrap repo. It is removed after finishing
# the epel-release installation.
is_package_installed yum-utils || install_package yum-utils
sudo yum-config-manager --enable epel-bootstrap
yum_install epel-release || \
die $LINENO "Error installing EPEL repo, cannot continue"
sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo
}
#记录日志的function
function fnLogInfo()
{
local infomsg=$1
echo ${infomsg}
echo `date "${data_format}"` "Info:${infomsg}" >> ${log_file}
}
#备份文件的function
fnBackupBeforeModify()
{
local file=$1
local backupFile="${file}.bak"
fnLogInfo "Start to backup file $file"
cp ${file} -p ${backupFile}
fnLogInfo "End to backup file $file"
}
# 1. change the network config as DHCP
# 2. delete the 70-persistent-net.rules file
fnModifyNetworkConfig()
{
fnLogInfo "----------------------------------------"
fnLogInfo "Start to modify the network configuration"
local files=''
#1. change the network config as DHCP
case $os_type in
#/etc/sysconfig/network-scripts
"redhat")
files="`ls /etc/sysconfig/network-scripts/ifcfg-eth* |grep -v .bak`"
files="${files} `ls /etc/sysconfig/network-scripts/ifcfg-ens* |grep -v .bak`"
for file in $files
do
fnLogInfo "Start to modify the network configuration: $file"
#backup the file
fnBackupBeforeModify $file
#modify the file
sed -i '/PERSISTENT_DHCLIENT/d' $file
sed -i '$a\PERSISTENT_DHCLIENT=yes' $file
fnLogInfo "End to modify the network configuration: $file"
done
;;
#/etc/sysconfig/network/dhcp
"suse")
file='/etc/sysconfig/network/dhcp'
#first backup file
fnBackupBeforeModify $file
sed -i "s/DHCLIENT_USE_LAST_LEASE=yes\|DHCLIENT_USE_LAST_LEASE='yes'\|DHCLIENT_USE_LAST_LEASE=\"yes\"/DHCLIENT_USE_LAST_LEASE=\"no\"/g" $file
;;
#/etc/network/interfaces
"debian" | "ubuntu")
file='/etc/network/interfaces'
#backup the file
fnBackupBeforeModify $file
sed -i "s/static\| manual/ dhcp/g" $file
sed -i "s/address /#address /g" $file
sed -i "s/netmask /#netmask /g" $file
sed -i "s/gateway /#gateway /g" $file
;;
*)
fnLogInfo "Other Linux, network configuration cannot be modified."
;;
esac
#2. delete the 70-persistent-net.rules file
rm -rf /etc/udev/rules.d/70-persistent-net.rules
fnLogInfo "Delete 70-persistent-net.rules file, resut: $?"
fnLogInfo "End to modify the network configuration"
}
#check OS的function
fnGetOSType()
{
fnLogInfo "---------------------------"
fnLogInfo "Start to get the os type"
local version="/proc/version"
if ! [ -e "${version}" ];then
return 1
elif [ -n "$(grep -i 'suse' ${version})" ];then
os_type='suse'
elif [ -n "$(grep -i 'ubuntu' ${version})" ];then
os_type='ubuntu'
elif [ -n "$(grep -i 'Red Hat' ${version})" ];then
os_type='redhat'
elif [ -n "$(grep -i 'debian' ${version})" ];then
os_type='debian'
fi
fnLogInfo "End to get the os type: $os_type"
}
#输入选择Yes和No函数
YES_NO_choice(){
read -t 10 -p "Please input you commit ,wait 5.....to exit: " input
case $input in
[yY]|[yY][eE][sS] )
echo "YES!!!!!"
;;
[nN]|[nN][oO] )
echo "NO Error!!!!!"
;;
*)
echo "============================"
;;
esac
#错误提示函数
die () {
echo "ERROR: $1. Aborting!"
exit 1
}
#判断用户输入如果没有输入,选择默认值 redis为例
_REDIS_PORT=6379
_MANUAL_EXECUTION=false #标志信息
check_input_redis_port(){
if ! echo $REDIS_PORT | egrep -q '^[0-9]+$' ; then
_MANUAL_EXECUTION=true #重置标志信息
#Read the redis port
read -p "Please select the redis port for this instance: [$_REDIS_PORT] " REDIS_PORT
if ! echo $REDIS_PORT | egrep -q '^[0-9]+$' ; then
echo "Selecting default: $_REDIS_PORT"
REDIS_PORT=$_REDIS_PORT
fi
fi
}
Get_OS_Bit()
{
if [[ `getconf WORD_BIT` = '32' && `getconf LONG_BIT` = '64' ]] ; then
Is_64bit='y'
else
Is_64bit='n'
fi
}
Download_Files()
{
local URL=$1
local FileName=$2
if [ -s "${FileName}" ]; then
echo "${FileName} [found]"
else
echo "Notice: ${FileName} not found!!!download now..."
wget -c --progress=bar:force --prefer-family=IPv4 --no-check-certificate ${URL}
fi
}
#批量安装基础包
CentOS_Dependent()
{
\cp /etc/yum.conf /etc/yum.conf.lnmp
sed -i 's:exclude=.*:exclude=:g' /etc/yum.conf
Echo_Blue "[+] Yum installing dependent packages..."
for packages in make cmake gcc gcc-c++ gcc-g77 flex bison file libtool libtool-libs autoconf kernel-devel patch wget crontabs libjpeg libjpeg-devel libpng libpng-devel libpng10 libpng10-devel gd gd-devel libxml2 libxml2-devel zlib zlib-devel glib2 glib2-devel unzip tar bzip2 bzip2-devel libevent libevent-devel ncurses ncurses-devel curl curl-devel libcurl libcurl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel vim-minimal gettext gettext-devel ncurses-devel gmp-devel pspell-devel unzip libcap diffutils ca-certificates net-tools libc-client-devel psmisc libXpm-devel git-core c-ares-devel libicu-devel libxslt libxslt-devel xz;
do yum -y install $packages; done
mv -f /etc/yum.conf.lnmp /etc/yum.conf
}
#设置cron计划任务
Crontab_func(){
#!/bin/bash
cat <<EOF > /var/spool/cron/root
*/30 * * * * sh /home/cheungssh/mysite/mysite/cheungssh/cheungssh_demo.sh 2>>/home/cheungssh/logs/demo.log >> /home/cheungssh/logs/demo.log
EOF
}
#判断进程信息,杀掉进程
kill_Process(){
ps -fel|grep websocket_server_cheung.py|grep -v "$$"|awk '{print $4}'|xargs -i kill -9 {}
}
#获取MD5值
MD5_value(){
md5sum /etc/hosts |awk '{print $1}'
}
data_format="+%Y-%m-%d %H:%M:%S"
#记录日志的function
function fnLogInfo()
{
local infomsg=$1
echo ${infomsg}
echo `date "${data_format}"` "Info:${infomsg}" >> ${log_file}
}
#scritps path
dir_path(){
pwd=`dirname $0`
}
3.12.24. 检查监控内存、硬盘¶
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
#提取根分区剩余空间
disk_size=$(df / | awk '/\// {print $4}')
#提取内存剩余空间
mem_size=$(free | awk '/Mem/{print $4}')
while :; do
#大小为kb
if [ $disk_size -le 512000 -a $mem_size -le 1024000 ]; then
mail -s Warning root <<-EOF
insufficient resources,资源不足
EOF
fi
done
3.12.25. 猜随机数¶
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
#取余的算法将随机数变为1-100之间
num=$[RANDOM%100+1]
#使用read捕获输入
#使用if判断
while True; do
read -p "计算生成的一个1-100的随机数:" cai
if [ $cai -eq $num ]; then
echo "恭喜,猜对了"
elif [ $cai -gt $num ]; then
echo "oops,猜大了"
else
echo "oops,猜小了"
fi
done
3.12.26. 检查网段内存活的主机IP信息¶
#版本一
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
i=1
while [ $VAR -le 254 ]; do
ping -c2 -i0.3 -W1 192.168.4.$VAR >/dev/null 2>&1
if test $? -eq 0; then
echo "192.168.4.$VAR is up"
else
echo "192.169.4.$VAR is down"
fi
let i++
done
#版本二
#!/usr/bin/env bash
#usage:xxx
#scripts_name:test_network.sh
for VAR in {1..254} ; do
#ping -c2 -i0.3 -W1 192.168.4.$VAR &>/dev/null
ping -c2 -i0.3 -W1 192.168.4.$VAR >/dev/null 2>&1
if test $? -eq 0; then
echo "192.168.4.$VAR is up"
else
echo "192.168.4.$VAR is down"
echo ""
fi
done
#版本三
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
myping(){
ping -c2 -i0.3 -W1 192.168.4.$VAR &>/dev/null
if test $? -eq 0; then
echo "$1 is up"
else
echo "$1 is down"
echo
fi
}
for VAR in {1..254} ; do
myping 192.168.4.$VAR & #将执行函数放入后台执行,不需要等待ping的回应过程
done
3.12.27. 进度条¶
eg
#!/bin/bash
#功能描述(Description):为拷贝文件设计一个进度条效果.
#防止提前执行Ctrl+C后无法结束进度条.
trap 'kill $!' INT
#定义函数:实现无限显示不换行的#符号.
bar(){
while :
do
echo -n '#'
sleep 0.3
done
}
#调用函数,屏幕显示#进度,直到拷贝结束kill杀死进度函数.
#$!变量保存的是最后一个后台进程的进程号.
bar &
cp -r $1 $2
kill $!
echo "拷贝结束!"
eg
#!/bin/bash
#功能描述(Description):为拷贝文件设计一个进度条效果.
#防止提前执行Ctrl+C后无法结束进度条.
trap 'kill $!' INT
#定义函数:实现无限显示不换行的背景色块.
bar(){
while :
do
echo -ne '\033[42m \033[0m'
sleep 0.3
done
}
#调用函数,屏幕显示色块进度,直到拷贝结束kill杀死进度函数.
#$!变量保存的是最后一个后台进程的进程号.
bar &
cp -r $1 $2
kill $!
echo "拷贝结束!"
eg
#!/bin/bash
#功能描述(Description):为拷贝文件设计一个进度条效果.
#防止提前执行Ctrl+C后无法结束进度条.
trap 'kill $!' INT
#定义函数:在宽度为50的范围内输出进度条,#和空格占用48个宽度,竖线占用2个宽度.
#1个#组合47个空格=48,2个#组合46个空格=48,3个#组合45个空格=48,依此类推.
#输出完成后不换号将光标切换至行首,准备下一次进度条的显示.
bar(){
while :
do
pound=""
for ((i=47;i>=1;i--))
do
pound+=#
printf "|%s%${i}s|\r" "$pound"
sleep 0.2
done
done
}
#调用函数,显示进度符号,直到拷贝结束kill杀死进度函数.
#$!变量保存的是最后一个后台进程的进程号.
bar &
cp -r $1 $2
kill $!
echo "拷贝结束!"
eg
#!/bin/bash
#功能描述(Description):为拷贝文件设计一个进度条效果.
#防止提前执行Ctrl+C后无法结束进度条.
trap 'kill $!' INT
#定义变量,存储指针的四个符号.
rotate='|/-\'
#定义函数:实现动态指针进度条.
bar() {
#回车到下一行打印一个空格,第一次打印指针符号时会把这个空格删除.
#这里的空格主要目的是换行.
printf ' '
while :
do
#删除前一个字符后,仅打印rotate变量中的第一个字符.
#没循环一次就将rotate中四个字符的位置调整一次.
printf "\b%.1s" "$rotate"
rotate=${rotate#?}${rotate%???}
sleep 0.2
done
}
bar &
cp -r $1 $2
kill $!
echo "拷贝结束!"
eg
#!/bin/bash
#功能描述(Description):为拷贝文件设计一个进度条效果.
#防止提前执行Ctrl+C后无法结束进度条.
trap 'kill $!' INT
#定义变量,存储源与目标的容量大小,目标初始大小为0.
src=$(du -s $1 | cut -f1)
dst=0
#定义函数:实时对比源文件与目标文件的大小,计算拷贝进度.
bar() {
while :
do
size=$(echo "scale=2;$dst/$src*100" | bc)
echo -en "\r|$size%|"
[ -f $2 ] && dst=$(du -s $2 | cut -f1)
[ -d $2 ] && dst=$(du -s $2/$1 | cut -f1)
sleep 0.3
done
}
bar $1 $2 &
cp -r $1 $2
kill $!
echo "拷贝结束!"
3.12.28. nginx启动脚本¶
#!/usr/bin/env bash
#usage:xxx
#scripts_name:xxx.sh
#放置位置/etc/init.d/目录下
#脚本名称为nginx,则service nginx start就可以启动该服务
# service nginx stop 关闭服务
# service nginx start 开启服务
# service nginx restart 重启服务
program=/usr/local/nginx/sbin/nginx
pid=/usr/local/nginx/logs/nginx.pid
start(){
if test -f $pid; then
echo "nginx 服务启动正常"
else
$program
fi
}
stop(){
if [ -! -f $pid ]; then
echo "nginx 服务已经关闭"
else
$program -s stop
echo "关闭服务ok"
fi
}
status(){
if [[ -f $pid ]]; then
echo "服务正在运行....."
else
echo "服务已经关闭......"
fi
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
status)
status
;;
*)
echo "unknow program!..........."
;;
esac
3.12.29. 3种test的写法¶
#!/usr/bin/env bash
FreeMem=`free -m|awk 'NR==3 {print $NF}'`
if (( $FreeMem < 1000 )); then
echo "xxxxxxxxxx"
fi
if [[ $FreeMem -lt 1000 ]]; then
echo "xxxxxxxx"
fi
if test $FreeMem -lt 1000; then
echo "xxxxxxxxxxxx"
fi
if grep /etc/passwd >/dev/null 2>&1; then
echo "xxxxxxxxxx"
fi
3.12.30. case+color用法¶
#!/usr/bin/env bash
function AddColor(){
#<==定义加颜色函数AddColor
RED_COLOR='\E[1;31m'
GREEN_COLOR='\E[1;32m'
YELLOW_COLOR='\E[1;33m'
BLUE_COLOR='\E[1;34m'
PINK='\E[1;35m'
RES='\E[0m'
}
[ $# -ne 2 ] && { echo "Usage $0 content {red|yellow|blue|green}";exit; }
case "$2" in
red|RED)
echo -e "${RED_COLOR}$1${RES}"
;;
yellow|YELLOW)
echo -e "${YELLOW_COLOR}$1${RES}"
;;
green|GREEN)
echo -e "${GREEN_COLOR}$1${RES}"
;;
blue|BLUE)
echo -e "${BLUE_COLOR}$1${RES}"
;;
pink|PINK)
echo -e "${PINK_COLOR}$1${RES}"
;;
*)
echo "Usage $0 content {red|yellow|blue|green}"
exit
esac
main(){
AddColor$1 $2
}
main $*
3.12.31. 监控磁盘IO脚本¶
#!/usr/bin/env bash
##监控磁盘IO使用率,并找出哪个进程造成磁盘使用率很高
#判断机器上是否安装iostat命令
if ! which iostat &>/dev/null
then
yum install -y sysstat
#如果你的机器为ubuntu,请使用这个命令:apt-get install -y sysstat
fi
#判断机器上是否安装iotop命令
if ! which iotop &>/dev/null
then
yum install -y iotop
#如果你的机器为ubuntu,请使用这个命令:apt-get install -y iotop
fi
#定义记录日志的目录
logdir=/tmp/iolog
[ -d $logdir ] || mkdir $logdir
#定义日志名字
dt=`date +%F`
#定义获取io的函数(取5次平均值)
get_io()
{
iostat -dx 1 5 > $logdir/iostat.log
sum=0
#取最后一列的%util值循环遍历然后相加
for ut in `grep "^$1" $logdir/iostat.log|awk '{print $NF}'|cut -d. -f1`
do
sum=$[$sum+$ut]
done
echo $[$sum/5]
}
#这里的true表示条件为真
while true
do
#获取所有设备,对所有设备名遍历
for d in `iostat -dx|egrep -v '^$|Device:|CPU\)'|awk '{print $1}'`
do
io=`get_io $d`
#如果io使用率大于等于80
if [ $io -ge 80 ]
then
#向日志里记录时间、iostat和iotop信息
date >> $logdir/$dt
cat $logdir/iostat.log >>$logdir/$dt
iotop -obn2 >>$logdir/$dt
echo "####################" >>$logdir/$dt
fi
#休眠10秒,继续以上步骤
done
sleep 10
done
3.12.32. color_print¶
#!/usr/bin/env bash
#ийие1
color_printf1(){
if [[ $1 == "red" ]]; then
echo -e "\033[32;40m$2\033[0m"
elif [[ $1 == "green" ]];then
echo -e "\033[31;40m$2\033[0m"
fi
}
color_printf2(){
case "$1" in
"red")
echo -e "\033[32;40m$2\033[0m"
;;
"green")
echo -e "\033[31;40m$2\033[0m"
;;
*)
echo -e "Example: color_printf2 red xxxxxx"
;;
esac
}
3.12.33. 网页检测¶
检测网页状态发送邮件¶
#!/bin/bash
#功能描述(Description):使用curl访问具体的HTTP页面,检测HTTP状态码
#连续测试3次都失败则发送邮件报警.
#curl命令选项说明:
#-m设置超时时间
#-s设置静默连接
#-o下载数据另存为
#-w返回附加信息,HTTP状态码
url=http://192.168.4.5/index.html
date=$(date +"%Y-%m-%d %H:%M:%S")
mail_to="root@localhost"
mail_subject="http_warning"
fail_times=0
for i in 1 2 3
do
status_code=$(curl -m 3 -s -o /dev/null -w %{http_code} $url)
#使用<<-重定向可以忽略tab键缩进的内容,代码可读性更好.
if [ $status_code -ne 200 ];then
let fail_times++
fi
sleep 1
done
if [ $fail_times -eq 3 ];then
mail -s $mail_subject $mail_to <<- EOF
检测时间为:$date
$url页面异常,服务器返回状态码:${status_code}.
请尽快排查异常.
EOF
else
cat >> /var/log/http_check.log <<- EOF
$date "$url 页面访问正常."
EOF
fi
检测网页状态是否变化¶
#!/bin/bash
#功能描述(Description):根据数据的HASH值监控网站数据是否被篡改.
url="http://192.168.4.5/index.html"
date=$(date +"%Y-%m-%d %H:%M:%S")
#定义变量并赋值为源数据的HASH值.
source_hash="e3eb0a1df437f3f97a64aca5952c8ea0"
#实时检测网页数据的HASH值
url_hash=$(curl -s $url |md5sum | cut -d ' ' -f1)
if [ "$url_hash" != "$source_hash" ];then
mail -s http_Warning root@localhost <<- EOF
检测时间为:$date
数据完整性校验失败,$url,页面数据被篡改.
请尽快排查异常.
EOF
else
cat >> /var/log/http_check.log <<- EOF
$date "$url,数据完整性校验正常."
EOF
fi
#!/bin/bash
#功能描述(Description):使用nmap的端口扫描功能监控HTTP端口
ip=192.168.4.254
mail_to=root@localhost
nmap -n -sS -p80 192.168.4.254 | grep -q "^80/tcp open"
if [ $? -eq 0 ];then
echo "http service is running on $ip" | mail -s http_status_OK $mail_to
else
echo "http service is stoped on $ip" | mail -s http_status_error $mail_to
fi
3.12.34. 函数检查服务¶
#!/bin/bash
#功能描述(Description):使用函数检查服务是否启动的案例脚本.
date_time=$(date +'%Y-%m-%dT%H:%M:%S%z')
function check_services() {
for i in "$@"
do
if systemctl --quiet is-active ${i}.service; then
echo -e "[$date_time)]: \033[92mservice $i is active\033[0m"
else
echo "[$date_time]: service $i is not active" >&2
fi
done
}
check_services httpd sshd vsftpd
3.12.35. 编写脚本抓取单个网页中的图片数据¶
#!/bin/bash
#功能描述(Description)编写脚本抓取单个网页中的图片数据.
#需要抓取数据的网页链接与种子URL文件名.
page="http://www.tmooc.cn"
URL="/tmp/spider_$$.txt"
#将网页源代码保存到文件中.
curl -s http://www.tmooc.cn/ > $URL
#对文件进行过滤和清洗,获取需要的种子URL链接.
echo -e "\033[32m正在获取种子URL,请稍后...\033[0m"
sed -i '/<img/!d' $URL #删除不包含<img的行.
sed -i 's/.*src="//' $URL #删除src="及其前面的所有内容.
sed -i 's/".*//' $URL #删除双引号及其后面的所有内容.
echo
#检测系统如果没有wget下载工具则安装该软件.
if ! rpm -q wget &>/dev/null;
then
yum -y install wget
fi
#利用循环批量下载所有图片数据.
#wget为下载工具,其参数选项描述如下:
# -P指定将数据下载到特定目录(prefix).
# -c支持断点续传(continue).
# -q不显示下载过程(quiet).
echo -e "\033[32m正在批量下载种子数据,请稍后...\033[0m"
for i in $(cat $URL)
do
wget -P /tmp/ -c -q $i
done
#删除临时种子列表文件.
rm -rf $URL