#!/bin/bash   #========================================================================== #   FILE: Init.sh #  #   DESCRIPTION: This script is used to install usual libs, #   close unnecessary services，optimize kernel parameters and so on #  #   REVISION: 1.0  #==========================================================================set -o nounset                          # Treat unset variables as an error# VARIABLES DEFINED# SRV_ON="acpid crond iptables kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion"SRV_ON="acpid crond kdump messagebus network ntpd readahead_early rsyslog sshd sysstat salt-minion"SRV_TEMP="/tmp/chkconfig_list.tmp" INSTALL_LIBS="gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel libxslt-devel libevent-devel libtool-ltdl bison libtool vim-enhanced salt-minion"DONE="\e[0;32m\033[1mdone\e[m" # check os versionplatform=`uname -i`if [ $platform != "x86_64" ];then	echo "this script is only for 64bit Operating System!"exit 1ficat << EOF+---------------------------------------+|   your system is CentOS 6 x86_64      ||      start optimizing.......          |+---------------------------------------EOF# add the third-party epel reporpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm# lock userpasswd -l dbuspasswd -l vcsapasswd -l gamespasswd -l nobodypasswd -l avahipasswd -l haldaemonpasswd -l gopherpasswd -l ftppasswd -l mailnullpasswd -l pcappasswd -l mailpasswd -l shutdownpasswd -l haltpasswd -l uucppasswd -l operatorpasswd -l syncpasswd -l admpasswd -l lp# install usual libsyum -y install ${INSTALL_LIBS} 1>/dev/null echo -e "Install the usual libs ${DONE}." #echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/rootsed -i 's/#master: salt/master: salt.enai.corp/' /etc/salt/minionservice salt-minion restart# directory pathmkdir -p /data/scripts/shell# set static route# mount share# set the file limitecho "ulimit -SHn 65535" >> /etc/rc.localcat >> /etc/security/limits.conf << EOF*           soft   nofile       65535*           hard   nofile       65535*           soft   nproc        65535*           hard   nproc        65535EOF# set sshsed -i 's/#Port 22/Port 28290/' /etc/ssh/sshd_configsed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_configservice sshd restart# tune kernel parametrescat >> /etc/sysctl.conf << EOFnet.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_fin_timeout = 1EOF/sbin/sysctl -p# stop some crontabmkdir /etc/cron.daily.bakmv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak# close all services and set necessary services on  chkconfig  --list | awk '{print $1}' > ${SRV_TEMP}  # close all services  while read SERVICE do     chkconfig --level 345 ${SERVICE} off 1>/dev/null  done < ${SRV_TEMP}  # open necessary services  for SRVS in ${SRV_ON} do     if [ -e /etc/init.d/${SRVS} ]     then          chkconfig --level 345 ${SRVS} on 1>/dev/null     else         echo -e "Service ${SRVS} is \e[0;31m\033[1mnot exits\e[m."     fi      done # disable the ipv6cat > /etc/modprobe.d/ipv6.conf << EOFIalias net-pf-10 offoptions ipv6 disable=1EOFIecho "NETWORKING_IPV6=off" >> /etc/sysconfig/networkcat << EOF+-------------------------------------------------+|               optimizer is done                 ||   it's recommond to restart this server !       |+-------------------------------------------------+EOF# init done,and reboot system  echo -e "Do you want to \e[0;31m\033[1mreboot\e[m system now? [Y/N]:\t " read REPLY case $REPLY in      Y|y)         echo "The system will reboot now ..."         shutdown -r now          ;;     N|n)         echo "You must reboot later..."         source /etc/profile          ;;     *)         echo "You must input [Y/N]."         source /etc/profile          ;; esac ====cat > /etc/resolv.conf <