科技密码
记录网络点滴生活

Centos服务器基本设置脚本

简介

经常有新购的vps或者旧的vps要重装系统折腾,每次新系统都要进行一些基本的安全设置,次数多了就渐渐没有耐心了。所以就写了这个脚本,求省事。

脚本做了什么

1.新增一个普通用户,并设置这个用户的密码
2.根据输入的字符修改root密码(没有输入任何字符则不修改)。
3.更新系统,并安装常用软件包:screen zip unzip sendmail lrzsz(可通过xshell客户端直接上传下载文件)
4.关闭selinux
5.修改ssh端口,禁止root登陆ssh。所以一定要记住你新建的用户名和密码。
6.iptables开放新的ssh端口

使用方法

运行脚本:

wget https://raw.githubusercontent.com/mn-s/server-first-set/master/server-first-set.sh && chmod +x server-first-set.sh && ./server-first-set.sh

上面是保存在github上的文件。也可以使用:

wget http://sh.335.im/server-first-set.sh && chmod +x server-first-set.sh && ./server-first-set.sh

另外说明一下,这是本人亲手写的第一个shell脚本,边看教程边写的。项目地址:https://github.com/mn-s/server-first-set

源码:

#!/bin/bash

read -p "input add username:" username
read -p "input password of ${username}:" userpass
read -p "input root password(press enter to skip):" rootpass
read -p "input ssh port:" port
echo -e "\033[36muser ${username}'s password is:${userpass}\033[0m"
echo -e "\033[36myour root password:${rootpass}\033[0m"
echo -e "\033[36myour ssh port is:${port}\033[0m"
read -p "is continue?[Y/n]" isok
if [ "$isok" == 'n' ]; then
        echo -e "\033[31mended\033[0m"
        exit 1
fi
yum -y update
yum install -y screen zip unzip sendmail lrzsz

if cat /etc/passwd | grep ^${username}; then
        echo "user ${username} already exist."
else
        echo "add user:${username}"
        useradd ${username}
fi
echo ${username}:${userpass} | chpasswd
if [ "${rootpass}" != '' ]; then
        echo "root:${rootpass}" | chpasswd
else
        echo -e "\033[31mDo not set root pass.\033[0m"
fi
sed -in "s/[# ]*Port [0-9]\+/Port ${port}/" /etc/ssh/ssh_config
sed -in "s/[# ]*Port [0-9]\+/Port ${port}/" /etc/ssh/sshd_config
sed -in 's/[# ]*PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
if [ -s /usr/sbin/firewalld ]; then
        systemctl stop firewalld
        systemctl disable firewalld
        systemctl mask firewalld
        yum install -y iptables-services iptables-devel
        systemctl enable iptables.service
        chkconfig iptables on
fi
if iptables -L -n | grep ${port}; then
        echo "port ${port} is already opened."
else
        echo "add iptables rule for port:${port}"
        iptables -A INPUT -p tcp --dport ${port} -j ACCEPT
fi
service iptables save
echo "close selinux."
setenforce 0
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
service sshd restart
echo "your ssh port is:${port}"
echo -e "\033[31mPlease remove old port rule from iptables by yourself.The command is:\n\033[36miptables -D -p tcp --dport {yourport} -j ACCEPT\033[0m"
赞(0) 打赏
猛牛哥原创:科技密码 » Centos服务器基本设置脚本

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏