systemctl stop firewalld
systemctl disable firewalld

检查是否关闭
[root@oldboy-muban ~]# getenforce
Disabled
结果要求Disabled或命令找不到.

setenforce 0
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config

配置base源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
增加epel源
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

yum install -y vim tree wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate
yum install -y sl cowsay

增加epel源
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
安装麒麟常用软件
yum install -y vim tree wget bash-completion lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ntpdate

cp /etc/apt/sources.list{,.bak}
cat >/etc/apt/sources.list<<EOF
deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF

修改ssh服务端配置文件
1.注释掉已有的配置
sed -i ‘/^GSSAPIAuthentication/s@^@#@g’ /etc/ssh/sshd_config
2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
关闭dns反向解析 ip–>域名
EOF
3.重启sshd
systemctl restart sshd
4.检查
egrep ‘^(UseDNS)’ /etc/ssh/sshd_config
结果有1个no即可.

cat >/var/spool/cron/root<<EOF
1. sync time by lidao996 at 20230101
*/3 * * * * /sbin/ntpdate ntp.aliyun.com >/dev/null 2>&1
EOF

PS1
编辑/etc/profile,写入到文件末尾
export PS1='[[\e[34;1m]\u@[\e[0m][\e[32;1m]\H[\e[0m][\e[31;1m] \w[\e[0m]]\$ ‘

1.写入别名到/etc/profile中
alias rm=’echo pls do not use rm’
2.回收站别名
cat 07.recyle-rm.sh
!/bin/bash
#
File Name:07.recyle-rm.sh
Version:V1.0
Author:oldboy lidao996
Organization:www.oldboyedu.com
Desc:
#
1.vars
files=”$@”
dir=/recyle/
2.判断
if [ $# -eq 0 ];then
echo “Help: $0 file dir ….”
exit
fi
3.创建临时目录
后期可以加入判断 目录不存在则创建
mkdir -p $dir
tmp_dir=mktemp -d -p ${dir}
4.把文件,目录…移动到临时目录
这里未来可以加入更多的判断.
mv -t ${tmp_dir} ${files}
5.文件,目录已经移动到回收站
echo “文件,目录已经移动到回收站:${tmp_dir}”
alias rm=’bash /server/scripts/07.recyle-rm.sh’

2.注释掉已有的rm别名
sed -i ‘/rm/s@^@#@g’ ~/.bashrc
sed -i ‘s@alias.*rm@#&@g’ ~/.bashrc
3.重新登录系统检查

cat >>/etc/profile<<EOF
alias grep=’grep –color=auto’
alias egrep=’egrep –color=auto’
EOF

sh /server/scripts/change.sh 主机名 ip地址
sh /server/scripts/change.sh web01 10.0.0.7
1.修改主机名
hostnamectl set-hostname $1
主机名修改为web01
2.修改ip地址
1)取出目标ip的最后1位
2)替换 eth0 eth1网卡配置文件内容 210–>最后1位(7)
10.0.0.210 –> 10.0.0.7
172.16.1.210 –> 172.16.1.7
3)重启网卡
ip地址eth0: 10.0.0.7
ip地址eth1: 172.16.1.7

#!/bin/bash
#author: lidao996
#desc: change ip and hostname
#version: v7.0 fina
#sh 脚本 主机名 ip地址(新的ip)
eth0_name=ens33
eth1_name=ens34
eth0=/etc/sysconfig/network-scripts/ifcfg-$eth0_name
eth1=/etc/sysconfig/network-scripts/ifcfg-$eth1_name
bak=/backup/
0.backup network config
mkdir -p $bak
\cp $eth0 $eth1 $bak
1.脚本参数个数
if [ $# -ne 2 ] ;then
echo “请输入2个参数”
exit 1
fi
2.模板机ip地址(最后1位)
ip=hostname -I |awk '{print $1}'|sed 's#.*\.##g'
3.新的ip
ip_new=echo $2 |sed 's#^.*\.##g'
4.新的主机名
hostname=$1
5.修改ip
if [ -f $eth0 ];then
sed -i “s#10.0.0.$ip#10.0.0.$ip_new#g” $eth0
else
echo “eth0网卡不存在,修改失败”
fi
if [ -f $eth1 ];then
sed -i “s#172.16.1.$ip#172.16.1.$ip_new#g” $eth1
else
echo “eth1网卡不存在,修改失败”
fi
ifdown $eth0_name && ifup $eth0_name
ifdown $eth1_name && ifup $eth1_name
6.修改主机名
hostnamectl set-hostname $hostname

vim /server/scripts/changeip.sh
chmod +x /server/scripts/changeip.sh
ln -s /server/scripts/changeip.sh /bin/
changeip.sh

set ignorecase
autocmd BufNewFile .py,.cc,.sh,.java,*.bash exec “:call SetTitle()”
func SetTitle()
if expand(“%:e”) =~ ‘sh|bash’
call setline(1, “#!/bin/bash”)
call setline(2,”##############################################################”)
call setline(3, “# File Name:”.expand(“%”))
call setline(4, “# Version:V1.0”)
call setline(5, “# Author:oldboy lidao996”)
call setline(6, “# Organization:www.oldboyedu.com”)
call setline(7, “# Desc:”)
call setline(8,”##############################################################”)
endif
endfunc

1.命令关闭
systemctl disable –now kdump
2.修改启动配置文件
sed -i ‘s#crashkernel=1024M,high##g’ /boot/grub2/grub.cfg
3.重启linux系统

systemctl mask tmp.mount
umount /tmp/
重启检查结果

修改ssh服务端配置文件
2.关闭对应功能
cat >>/etc/ssh/sshd_config<<EOF
UseDNS no
GSSAPIAuthentication no
PermitRootLogin yes
EOF
3.重启sshd
systemctl restart sshd
4.检查
egrep ‘^(PermitRootLogin|GSSAPIAuthentication|UseDNS)’ /etc/ssh/sshd_config
结果有2个no即可.

systemctl disable ufw
systemctl stop ufw

cat >/etc/apt/sources.list<<EOF
deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF
apt update

apt install -y tree vim telnet lrzsz nmap ncat ntpdate

cat >/var/spool/cron/crontabs/root<<EOF
1. sync time by lidao996 at 20230101
*/3 * * * * /sbin/ntpdate ntp.aliyun.com >/dev/null 2>&1
EOF
select-editor选2
vim.basic

set ignorecase
autocmd BufNewFile .py,.cc,.sh,.java,*.bash exec “:call SetTitle()”
func SetTitle()
if expand(“%:e”) =~ ‘sh|bash’
call setline(1, “#!/bin/bash”)
call setline(2,”##############################################################”)
call setline(3, “# File Name:”.expand(“%”))
call setline(4, “# Version:V1.0”)
call setline(5, “# Author:oldboy lidao996”)
call setline(6, “# Organization:www.oldboyedu.com”)
call setline(7, “# Desc:”)
call setline(8,”##############################################################”)
endif
endfunc

sudo su – root用户
cat /etc/netplan/00-installer-config.yaml


#This is the network config written by ‘subiquity’
network:
ethernets:
ens33:
addresses:
– 10.0.0.211/24 #IP地址 ens33
nameservers:
addresses:
– 223.5.5.5
– 223.6.6.6
search: []
routes:
– to: default
via: 10.0.0.2
ens34:
addresses:
– 172.16.1.211/24 #IP地址 ens34
nameservers:
addresses: []
search: []
version: 2
netplan apply #配置文件生效.

#!/bin/bash
#author: lidao996
#desc: change ip and hostname
#version: v7.0 fina
#sh 脚本 主机名 ip地址(新的ip)
net_config=/etc/netplan/00-installer-config.yaml
0.root?
[ $UID -ne 0 ] && {
echo “pls run as root”.
exit 1
}
1.脚本参数个数
if [ $# -ne 2 ] ;then
echo “请输入2个参数”
exit 2
fi
2.模板机ip地址(最后1位)
ip=hostname -I |awk '{print $1}'|sed 's#.*\.##g'
3.新的ip
ip_new=echo $2 |sed 's#^.*\.##g'
4.新的主机名
hostname=$1
5.修改ip
if [ -f $net_config ];then
sed -i “s#10.0.0.$ip#10.0.0.$ip_new#g” $net_config
sed -i “s#172.16.1.$ip#172.16.1.$ip_new#g” $net_config
else
echo “eth0网卡不存在,修改失败”
fi
6.生效
netplan apply
networkctl reload
7.修改主机名
hostnamectl set-hostname $hostname

vim ~/.bashrc
export PS1='[[\e[34;1m]\u@[\e[0m][\e[32;1m]\H[\e[0m][\e[31;1m] \w[\e[0m]]\$ ‘