#!/bin/bash
#linux 7 禁止 ctrl + alt + del
#rm -f /usr/lib/systemd/system/ctrl-alt-del.target
#关闭ipv6
#echo "关闭IPv6....."
##echo "alias net-pf-10 off" >> /etc/modprobe.conf
#echo "alias ipv6 off" >> /etc/modprobe.conf
#/sbin/chkconfig --level 35 ip6tables off
#echo -e "\033[031m ipv6 is disabled.\033[0m"
#关闭selinux
echo "关闭SElinux......"
sed -i '/^SELINUX=/c\SELINUX=disabled' /etc/selinux/config
#关闭防火墙linux7.X
#echo "关闭 firewalld "
#systemctl stop firewalld
#systemctl disabled firewalld
#更新yum源
#yum -y install wget
echo "备份yum源......"
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
#sys_ver=`cat /etc/redhat-release |awk '{print $3}' | awk -F '.' '{print $1}'`
sys_ver=`cat /etc/redhat-release | awk -F '.' '{print $1}'| awk '{print $4}'`
if [ $sys_ver -eq 6 ];then
        wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
        yum clean all
        yum makecache
elif [ $sys_ver -eq 7 ];then
        wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 
        yum clean all
        yum makecache
fi
#安装epel
echo "安装epel......"
yum remove epel-release
wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
 
#安装基础库
echo "安装基础环境和库......"
#yum -y install "Development Tools"
yum -y install java-1.8.0-openjdk.x86_64 lsof lrzsz ntpdate gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel  openssl openssl-devel nss_ldap openldap openldap-devel  openldap-clients openldap-servers libxslt-devel libevent-devel ntp  libtool-ltdl bison libtool vim-enhanced
#设置时区 (linux 7.x)
zone_7_time(){
echo "安装ntp并设置时区为东八区......"
# Install ntp
yum -y install ntp ntpdate
systemctl enable ntpd
# Time zone
if [ `date +%z` != "+0800" ]; then
rm -f /etc/localtime
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
cat > /etc/sysconfig/clock << ER
ZONE="Asia/Shanghai"
UTC=false
ARC=false
ER
fi
# Start ntp server
systemctl start ntpd
systemctl enabld ntpd.service
echo "Present time zone:"`date +%z`
echo -e "\033[31m linux 7 time zone ok \033[0m"
}
zone_7_time
#linux 7 的字符集 
Character_install(){
#安装中文支持
yum -y install kde-l10n-Chinese
yum -y reinstall glibc-common
sed -i '/^LANG=/c\LANG="zh_CN.UTF-8"' /etc/locale.conf
source /etc/locale.conf
}
Character_install
#优化内核参数
echo "优化内核参数....."
#sed -i 's/net.ipv4.tcp_syncookies.*$/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
#cat >> /etc/sysctl.conf << ENDF
#net.ipv4.tcp_max_syn_backlog = 65536
#net.core.netdev_max_backlog =  32768
#net.core.somaxconn = 32768
#net.core.wmem_default = 8388608
#net.core.rmem_default = 8388608
#net.core.rmem_max = 16777216
#net.core.wmem_max = 16777216
#net.ipv4.tcp_timestamps = 0
#net.ipv4.tcp_synack_retries = 2
#net.ipv4.tcp_syn_retries = 2
#net.ipv4.tcp_tw_recycle = 1
##net.ipv4.tcp_tw_len = 1
#net.ipv4.tcp_tw_reuse = 1
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_mem = 94500000 915000000 927000000
#net.ipv4.tcp_max_orphans = 3276800
#net.ipv4.ip_local_port_range = 1024  65535
#ENDF
#sysctl -p
#优化ssh参数
echo "优化ssh....."
sed -i '/^#UseDNS/s/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
#sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
service sshd restart
#设置最大打开文件数
echo 'DefaultLimitCORE=infinity' >> /etc/systemd/system.conf
echo 'DefaultLimitNOFILE=1024000' >> /etc/systemd/system.conf
echo 'DefaultLimitNPROC=1024000' >> /etc/systemd/system.conf

#if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then
    cat >> /etc/security/limits.conf << EOF
    root            soft    fsize           unlimited
	root            hard    fsize           unlimited
	root            soft    cpu             unlimited
	root            hard    cpu             unlimited
	root            soft    as              unlimited
	root            hard    as              unlimited
	root            soft    nofile          1024000
	root            hard    nofile          1024000
	root            soft    nproc           1024000
	root            hard    nproc           1024000
EOF
#fi
cat >> /etc/security/limits.d/20-nproc.conf << EOF
    *          soft    nproc     1024000
    root       soft    nproc     unlimited
EOF

#删除软件包管理程序并禁止自动升级
systemctl stop packagekit
systemctl disable packagekit
systemctl status packagekit
yum remove -y PackageKit*
#删除已经下载的缓存：
rm -rf /var/cache/yum

#升级内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install -y https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 kernel-headers -y
yum --disablerepo=\* --enablerepo=elrepo-kernel install  kernel-lt.x86_64 kernel-lt-devel.x86_64 kernel-lt-tools.x86_64 kernel-lt-tools-libs.x86_64 kernel-lt-headers.x86_64 kernel-lt-tools-libs-devel.x86_64  -y
yum install -y gcc gcc-c++ glibc-devel glibc-headers libtool 
grub2-set-default 0