分类
Linux技巧

Redhat Linux 虚拟机模板初始化脚本

在虚拟化环境中往往利用虚拟机模板部署测试、生成系统,上一篇写了《REDHAT LINUX 安全设置脚本》实际上是对模板的初始设置,一般是按照公司对系统安全的要求来设置。但是针对具体部署的应用系统还有其他方面的要求,比如vCpu个数、内存大小、Swap大小、用户挂载文件系统大小等等,那么在用模板部署完虚拟机后还需要进一步制定虚拟机配置。

在我管理的虚拟化环境中虚拟机初始设置包括:IP地址、主机名称、应用账户、应用账户文件目录、系统管理和监控组件。针对Redhat 5.8 和Redhat 6.4做了一个专门的初始化脚本,目的就是加快虚拟机的部署。按需求自己修改使用吧。

在虚拟化环境中往往利用虚拟机模板部署测试、生成系统,上一篇写了《REDHAT LINUX 安全设置脚本》实际上是对模板的初始设置,一般是按照公司对系统安全的要求来设置。但是针对具体部署的应用系统还有其他方面的要求,比如vCpu个数、内存大小、Swap大小、用户挂载文件系统大小等等,那么在用模板部署完虚拟机后还需要进一步制定虚拟机配置。

在我管理的虚拟化环境中虚拟机初始设置包括:IP地址、主机名称、应用账户、应用账户文件目录、系统管理和监控组件。针对Redhat 5.8 和Redhat 6.4做了一个专门的初始化脚本,目的就是加快虚拟机的部署。按需求自己修改使用吧。

1.setup-redhat-v5.8.sh 针对 Redhat 5.8 版本

#!/bin/sh
clear
cat << EOF
++++++++++ The files will be modified +++++++++++
ETHCONF=/etc/sysconfig/network-scripts/ifcfg-eth0
HOSTS=/etc/hosts
NETWORK=/etc/sysconfig/network
NETMASK=255.255.255.0
PASSWD=/etc/passwd
FSTAB=/etc/fstab
BACKUP DIR=/data/backup/`date +%Y%m%d`
+++++++++++++++++++++++++++++++++++++++++++++++++
EOF
#Define Path

  ETHCONF=/etc/sysconfig/network-scripts/ifcfg-eth0
  HOSTS=/etc/hosts
  NETWORK=/etc/sysconfig/network
  NETMASK=255.255.255.0
  PASSWD=/etc/passwd
  FSTAB=/etc/fstab
  DIR=/data/backup/`date +%Y%m%d`

echo "================================================="
echo
#Define change_ip
function Change_ip ()
{
#判断备份目录是否存在,中括号前后都有空格,!叹号在shell表示相反的意思#
if
   [ ! -d $DIR ];then

   mkdir -p $DIR

fi

  echo "Now Change ip address ,Doing Backup Interface eth0"
  cp $ETHCONF $DIR

  grep "dhcp"  $ETHCONF
#如下$?用来判断上一次操作的状态,为0,表示上一次操作状态正确或者成功#
if

  [ $? -eq 0 ];then
#read -p 交互输入变量IPADDR,注冒号后有空格,sed -i 修改配置文件#
  read -p "Please insert ip Address:" IPADDR
  sed -i 's/dhcp/static/g' $ETHCONF
#awk -F. 意思是以.号为分隔域,打印前三列#
  echo -e "IPADDR=$IPADDR\nNETMASK=$NETMASK\nGATEWAY=`echo $IPADDR|awk -F. '{print $1"."$2"."$3}'`.1" >>$ETHCONF
  echo "This IP address Change success !"

else

  echo -n  "This $ETHCONF is static exist ,please ensure Change Yes or NO":
  read i

fi

if
  [ "$i" == "y" -o "$i" == "yes" ];then
  read -p "Please insert ip Address:" IPADDR

  count=(`echo $IPADDR|awk -F. '{print $1,$2,$3,$4}'`)
 #定义数组, ${#count[@]}代表获取变量值总个数#
  A=${#count[@]}
 #while条件语句判断,个数是否正确,不正确循环提示输入,也可以用[0-9]来判断ip#
while

  [ "$A" -ne "4" ]

do

  read -p "Please re Inster ip Address,example 192.168.0.11 ip": IPADDR
  count=(`echo $IPADDR|awk -F. '{print $1,$2,$3,$4}'`)
  A=${#count[@]}

done
 #sed -e 可以连续修改多个参数#
  sed -i -e 's/^IPADDR/#IPADDR/g' -e 's/^NETMASK/#NETMASK/g' -e 's/^GATEWAY/#GATEWAY/g' $ETHCONF 
#echo -e \n为连续追加内容,并自动换行#
  echo -e "IPADDR=$IPADDR\nNETMASK=$NETMASK\nGATEWAY=`echo $IPADDR|awk -F. '{print $1"."$2"."$3}'`.1" >>$ETHCONF
  echo "This IP address Change success !"
else
  echo "This $ETHCONF static exist,please exit"
  exit $?

fi

}
 
#定义hosts函数
############function hosts##############
function Change_hosts ()
{

if

   [ ! -d $DIR ];then
   mkdir -p $DIR

fi

  cp $HOSTS $DIR
  read -p "Please insert hostname": HOSTNAME

  host=`echo $HOSTNAME|sed 's/\./-/g'`
  cat $HOSTS |grep 127.0.0.1 |grep "$host"

if
  [ $? -ne 0 ];then
  sed -i "s/127.0.0.1/127.0.0.1 $host/g" $HOSTS
  echo "This hosts change success "

else
  echo "This hostname <$host> is Exist in hosts file!"

fi


 if

   [ ! -d $DIR ];then
   mkdir -p $DIR

 fi
  cp $NETWORK $DIR

  host=`echo $HOSTNAME|sed 's/\./-/g'`
  grep "$host" $NETWORK

   if
  [ $? -ne 0 ];then
  sed -i "s/^HOSTNAME/#HOSTNAME/g" $NETWORK
  echo "HOSTNAME=$host" >>$NETWORK

else
  echo "This hostname <$host> is Exist in network file!"

  fi

}

###########fuction storage###############  
#定义network函数  
function Add_App_User ()
{
 echo "********************** Important ********************************"
 echo "Make sure the UserName is not same with the </> subdirectory name"
 echo "*****************************************************************"

 if

   [ ! -d $DIR ];then
   mkdir -p $DIR

 fi
  cp $PASSWD $DIR
  read -p "Please insert APP user name": APPUSER
  read -p "Please insert APP user home": APPUSERHOME
  username=`echo $APPUSER|sed 's/\./-/g'`
  userhome=`echo $APPUSERHOME|sed 's/\./-/g'`
  grep "$username" $PASSWD

  if
  [ $? -ne 0 ];then

  groupadd $username
  useradd -g $username -c $username $username
  echo "[email protected]" | passwd --stdin $username

  mkdir /$userhome
# chown $username:$username /$userhome
  echo "Create APP User folder Success!"

  usermod -d /$userhome $username
  echo "Change APP User folder permissions Success!"

else
  echo "This user <$username> is Exist in passwd file!"

  fi

}  

function Add_App_Storage ()
{
 echo "********************** Important ********************************"
 echo "Make sure the input device name is a newly added vDisk like <sdb>"
 echo "*****************************************************************"

 if

   [ ! -d $DIR ];then
   mkdir -p $DIR

 fi
  read -p "Please insert the newly added vDisk name,example <sdb> ": DISK
  read -p "Please insert the user home (In step 3 you created)": APPUSERHOME
  diskname=`echo $DISK|sed 's/\./-/g'`
  userhome=`echo $APPUSERHOME|sed 's/\./-/g'`
  grep "$diskname" $FSTAB
  grep "$userhome" $FSTAB 

  if
  [ $? -ne 0 ];then
 
  size1=`fdisk -l|grep sdb |awk -F "," '{print $2}'|awk '{print $1}'`
# echo $size1 
  size2=$((size1/1024/1024/1024-1))GB
# echo $size2
  pvcreate /dev/$diskname
  vgcreate vg$userhome /dev/$diskname
  lvcreate -L $size2 -n lv$userhome vg$userhome
  mkfs.ext3 /dev/vg$userhome/lv$userhome
  mount  /dev/vg$userhome/lv$userhome /$userhome
  echo "Mount LV <vg$userhome/lv$userhome> To UserHome </$userhome> Success!"
  chown $username:$username /$userhome 
  cp $FSTAB $DIR
# echo "/dev/mapper/vg$userhome-lv$userhome			/$userhome			ext4	defaults	0 0" >>$FSTAB
  echo "/dev/vg$userhome/lv$userhome				/$userhome			ext3	defaults	0 0" >>$FSTAB

else
  echo "This Disk <$diskname> OR Mount Point <$userhome> is Exist in fstab file!"

  fi

}

function Check ()
{
echo "****************************************************"
echo "****************************************************"
echo "****************************************************"
#操作系统版本
echo ====================操作系统版本====================
cat /etc/redhat-release

#操作系统位数
echo ====================操作系统位数====================
getconf LONG_BIT

#主机名
echo =======================主机名=======================
hostname

#IP地址
echo =======================IP地址=======================
ifconfig | grep 'inet addr:' |awk -F ":" '{print $2}' |awk '{print $1}'

echo ====================查看selinux=====================
getenforce selinux

#时间
echo =====================时间配置=======================
cat /etc/ntp.conf | grep server |head -n 5 |awk 'NR>4'
echo =====================当前时间=======================
date
echo =====================查看时区=======================
date -R
echo ====================时钟同步状态====================
ntpstat
echo =====================ntp服务状======================
service ntpd status
chkconfig ntpd --list

#无响应注销
echo ====================用户超时设置====================
tail -n2 /etc/profile |awk 'NR>1'

#配置history时间戳
echo ===================history时间戳====================
#tail -n2 /etc/bashrc | grep HISTTIMEFORMAT
cat /etc/bashrc |grep HISTTIMEFORMAT

#访问控制
echo ====================访问控制配置====================
tail -n1 /etc/bashrc

#登录失败用户锁定策略
echo =================用户锁定策略配置===================
tail -n1 /etc/pam.d/system-auth

#口令策略配置
echo =====================密码最长使用期限 ====================
cat /etc/login.defs | grep PASS_MAX_DAYS |awk 'NR>1'
echo =====================密码最短使用期限 ====================
cat /etc/login.defs | grep PASS_MIN_DAYS |awk 'NR>1'
echo =========================口令策略=========================
cat /etc/pam.d/system-auth | grep "password    requisite" |awk 'NR>1'

#root用户远程登录
echo ====================不允许root用户直接登录====================
cat /etc/ssh/sshd_config | grep PermitRootLogin |awk '{print;exit}'
echo ===================修改SSH使用协议的版本号====================
cat /etc/ssh/sshd_config |grep Protocol|awk 'NR>1'

#ssh登录维护
echo ====================ssh登录维护=====================
cat /etc/ssh/sshd_config | grep IgnoreRhosts
cat /etc/ssh/sshd_config | grep RhostsAuthentication
cat /etc/ssh/sshd_config | grep RhostsRSAAuthentication |awk 'i=!i'
cat /etc/ssh/sshd_config | grep HostbasedAuthentication |awk 'i=!i'
cat /etc/ssh/sshd_config | grep PermitEmptyPasswords |awk 'i=!i'
cat /etc/ssh/sshd_config | grep "Banner /etc/motd"

#关键目录权限
echo ====================关键目录权限====================
ls -l /etc/shadow
ls -l /etc/group
ls -l /etc/passwd

#关闭control-alt-delete
echo ====================关闭control-alt-delete===================
#cat /etc/init/control-alt-delete.conf | grep control-alt-delete |awk 'NR>1'
#cat /etc/init/control-alt-delete.conf | grep Control-Alt-Delete |awk 'NR>1'
cat /etc/inittab  | grep ca |awk 'i=!i'

#查看SWAP空间
echo =========================SWAP空间============================
free -m | grep Mem
free -m | grep Swap
echo "*************************************************************"
echo "*************************************************************"
echo "*************************************************************"
}

function Exit ()
{
exit
}

#PS3一般为菜单提示信息#  
  PS3="Please Select in the Menu":
#select为菜单选择命令,格式为select $var in ..command.. do .... done    
  select i in  "Change_ip" "Change_hosts" "Add_App_User" "Add_App_Storage" "Check" "Exit"
do
#case 方式,一般用于多种条件下的判断 
case $i in
Change_ip )
Change_ip
;;
Change_hosts )
Change_hosts
;;
Add_App_User )
Add_App_User
;;
Add_App_Storage )
Add_App_Storage
;;
Check )
Check
;;
Exit )
Exit
;;
*)
echo
echo "Please Insert $0: Change_IPAddress(1)|Change_HostName(2)|Add_APP_User(3)|Add_APP_Storage(4)|Check(5)|Exit(6)"
echo
;;
esac

done

1.setup-redhat-v6.4.sh 针对 Redhat 6.4 版本

#!/bin/sh
clear
cat << EOF
++++++++++ The files will be modified +++++++++++
ETHCONF=/etc/sysconfig/network-scripts/ifcfg-eth0
HOSTS=/etc/hosts
NETWORK=/etc/sysconfig/network
NETMASK=255.255.255.0
PASSWD=/etc/passwd
FSTAB=/etc/fstab
BACKUP DIR=/data/backup/`date +%Y%m%d`
+++++++++++++++++++++++++++++++++++++++++++++++++
EOF
#Define Path

  ETHCONF=/etc/sysconfig/network-scripts/ifcfg-eth0
  HOSTS=/etc/hosts
  NETWORK=/etc/sysconfig/network
  NETMASK=255.255.255.0
  PASSWD=/etc/passwd
  FSTAB=/etc/fstab
  DIR=/data/backup/`date +%Y%m%d`

echo "================================================="
echo
#Define change_ip
function Change_ip ()
{
#判断备份目录是否存在,中括号前后都有空格,!叹号在shell表示相反的意思#
if
   [ ! -d $DIR ];then

   mkdir -p $DIR

fi

  echo "Now Change ip address ,Doing Backup Interface eth0"
  cp $ETHCONF $DIR

  grep "dhcp"  $ETHCONF
#如下$?用来判断上一次操作的状态,为0,表示上一次操作状态正确或者成功#
if

  [ $? -eq 0 ];then
#read -p 交互输入变量IPADDR,注冒号后有空格,sed -i 修改配置文件#
  read -p "Please insert ip Address:" IPADDR
  sed -i 's/dhcp/static/g' $ETHCONF
#awk -F. 意思是以.号为分隔域,打印前三列#
  echo -e "IPADDR=$IPADDR\nNETMASK=$NETMASK\nGATEWAY=`echo $IPADDR|awk -F. '{print $1"."$2"."$3}'`.1" >>$ETHCONF
  echo "This IP address Change success !"

else

  echo -n  "This $ETHCONF is static exist ,please ensure Change Yes or NO":
  read i

fi

if
  [ "$i" == "y" -o "$i" == "yes" ];then
  read -p "Please insert ip Address:" IPADDR

  count=(`echo $IPADDR|awk -F. '{print $1,$2,$3,$4}'`)
 #定义数组, ${#count[@]}代表获取变量值总个数#
  A=${#count[@]}
 #while条件语句判断,个数是否正确,不正确循环提示输入,也可以用[0-9]来判断ip#
while

  [ "$A" -ne "4" ]

do

  read -p "Please re Inster ip Address,example 192.168.0.11 ip": IPADDR
  count=(`echo $IPADDR|awk -F. '{print $1,$2,$3,$4}'`)
  A=${#count[@]}

done
 #sed -e 可以连续修改多个参数#
  sed -i -e 's/^IPADDR/#IPADDR/g' -e 's/^NETMASK/#NETMASK/g' -e 's/^GATEWAY/#GATEWAY/g' $ETHCONF 
#echo -e \n为连续追加内容,并自动换行#
  echo -e "IPADDR=$IPADDR\nNETMASK=$NETMASK\nGATEWAY=`echo $IPADDR|awk -F. '{print $1"."$2"."$3}'`.1" >>$ETHCONF
  echo "This IP address Change success !"
else
  echo "This $ETHCONF static exist,please exit"
  exit $?

fi

}
 
#定义hosts函数
############function hosts##############
function Change_hosts ()
{

if

   [ ! -d $DIR ];then
   mkdir -p $DIR

fi

  cp $HOSTS $DIR
  read -p "Please insert hostname": HOSTNAME

  host=`echo $HOSTNAME|sed 's/\./-/g'`
  cat $HOSTS |grep 127.0.0.1 |grep "$host"

if
  [ $? -ne 0 ];then
  sed -i "s/127.0.0.1/127.0.0.1 $host/g" $HOSTS
  echo "This hosts change success "

else
  echo "This hostname <$host> is Exist in hosts file!"

fi


 if

   [ ! -d $DIR ];then
   mkdir -p $DIR

 fi
  cp $NETWORK $DIR

  host=`echo $HOSTNAME|sed 's/\./-/g'`
  grep "$host" $NETWORK

   if
  [ $? -ne 0 ];then
  sed -i "s/^HOSTNAME/#HOSTNAME/g" $NETWORK
  echo "HOSTNAME=$host" >>$NETWORK

else
  echo "This hostname <$host> is Exist in network file!"

  fi

}

###########fuction storage###############  
#定义network函数  
function Add_App_User ()
{
 echo "********************** Important ********************************"
 echo "Make sure the UserName is not same with the </> subdirectory name"
 echo "*****************************************************************"

 if

   [ ! -d $DIR ];then
   mkdir -p $DIR

 fi
  cp $PASSWD $DIR
  read -p "Please insert APP user name": APPUSER
  read -p "Please insert APP user home": APPUSERHOME
  username=`echo $APPUSER|sed 's/\./-/g'`
  userhome=`echo $APPUSERHOME|sed 's/\./-/g'`
  grep "$username" $PASSWD

  if
  [ $? -ne 0 ];then

  groupadd $username
  useradd -g $username -c $username $username
  echo "[email protected]" | passwd --stdin $username

  mkdir /$userhome
# chown $username:$username /$userhome
  echo "Create APP User folder Success!"

  usermod -d /$userhome $username
  echo "Change APP User folder permissions Success!"

else
  echo "This user <$username> is Exist in passwd file!"

  fi

}  

function Add_App_Storage ()
{
 echo "********************** Important ********************************"
 echo "Make sure the input device name is a newly added vDisk like <sdb>"
 echo "*****************************************************************"

 if

   [ ! -d $DIR ];then
   mkdir -p $DIR

 fi
  read -p "Please insert the newly added vDisk name,example <sdb> ": DISK
  read -p "Please insert the user home (In step 3 you created)": APPUSERHOME
  diskname=`echo $DISK|sed 's/\./-/g'`
  userhome=`echo $APPUSERHOME|sed 's/\./-/g'`
  grep "$diskname" $FSTAB
  grep "$userhome" $FSTAB 

  if
  [ $? -ne 0 ];then
 
  size1=`fdisk -l|grep sdb |awk -F "," '{print $2}'|awk '{print $1}'`
# echo $size1 
  size2=$((size1/1024/1024/1024-1))GB
# echo $size2
  pvcreate /dev/$diskname
  vgcreate vg$userhome /dev/$diskname
  lvcreate -L $size2 -n lv$userhome vg$userhome
  mkfs.ext4 /dev/vg$userhome/lv$userhome
  mount  /dev/vg$userhome/lv$userhome /$userhome
  echo "Mount LV <vg$userhome/lv$userhome> To UserHome </$userhome> Success!"
  chown $username:$username /$userhome 
  cp $FSTAB $DIR
# echo "/dev/mapper/vg$userhome-lv$userhome			/$userhome			ext4	defaults	0 0" >>$FSTAB
  echo "/dev/vg$userhome/lv$userhome				/$userhome			ext4	defaults	0 0" >>$FSTAB

else
  echo "This Disk <$diskname> OR Mount Point <$userhome> is Exist in fstab file!"

  fi

}

function Check ()
{
echo "****************************************************"
echo "****************************************************"
echo "****************************************************"
#操作系统版本
echo ====================操作系统版本====================
cat /etc/redhat-release

#操作系统位数
echo ====================操作系统位数====================
getconf LONG_BIT

#主机名
echo =======================主机名=======================
hostname

#IP地址
echo =======================IP地址=======================
ifconfig | grep 'inet addr:' |awk -F ":" '{print $2}' |awk '{print $1}'

echo ====================查看selinux=====================
getenforce selinux

#时间
echo =====================时间配置=======================
cat /etc/ntp.conf | grep server |head -n 5 |awk 'NR>4'
echo =====================当前时间=======================
date
echo =====================查看时区=======================
date -R
echo ====================时钟同步状态====================
ntpstat
echo =====================ntp服务状======================
service ntpd status
chkconfig ntpd --list

#无响应注销
echo ====================用户超时设置====================
tail -n2 /etc/profile |awk 'NR>1'

#配置history时间戳
echo ===================history时间戳====================
#tail -n2 /etc/bashrc | grep HISTTIMEFORMAT
cat /etc/bashrc |grep HISTTIMEFORMAT

#访问控制
echo ====================访问控制配置====================
tail -n1 /etc/bashrc

#登录失败用户锁定策略
echo =================用户锁定策略配置===================
tail -n1 /etc/pam.d/system-auth

#口令策略配置
echo =====================密码最长使用期限 ====================
cat /etc/login.defs | grep PASS_MAX_DAYS |awk 'NR>1'
echo =====================密码最短使用期限 ====================
cat /etc/login.defs | grep PASS_MIN_DAYS |awk 'NR>1'
echo =========================口令策略=========================
cat /etc/pam.d/system-auth | grep "password    requisite" |awk 'NR>1'

#root用户远程登录
echo ====================不允许root用户直接登录====================
cat /etc/ssh/sshd_config | grep PermitRootLogin |awk '{print;exit}'
echo ===================修改SSH使用协议的版本号====================
cat /etc/ssh/sshd_config |grep Protocol

#ssh登录维护
echo ====================ssh登录维护=====================
cat /etc/ssh/sshd_config | grep IgnoreRhosts
cat /etc/ssh/sshd_config | grep RhostsAuthentication
cat /etc/ssh/sshd_config | grep RhostsRSAAuthentication |awk 'i=!i'
cat /etc/ssh/sshd_config | grep HostbasedAuthentication |awk 'i=!i'
cat /etc/ssh/sshd_config | grep PermitEmptyPasswords
cat /etc/ssh/sshd_config | grep "Banner /etc/motd"

#关键目录权限
echo ====================关键目录权限====================
ls -l /etc/shadow
ls -l /etc/group
ls -l /etc/passwd

#关闭control-alt-delete
echo ====================关闭control-alt-delete===================
cat /etc/init/control-alt-delete.conf | grep control-alt-delete |awk 'NR>1'
cat /etc/init/control-alt-delete.conf | grep Control-Alt-Delete |awk 'NR>1'

#查看SWAP空间
echo =========================SWAP空间============================
free -m | grep Mem
free -m | grep Swap
echo "*************************************************************"
echo "*************************************************************"
echo "*************************************************************"
}

function Exit ()
{
exit
}

#PS3一般为菜单提示信息#  
  PS3="Please Select in the Menu":
#select为菜单选择命令,格式为select $var in ..command.. do .... done    
  select i in  "Change_ip" "Change_hosts" "Add_App_User" "Add_App_Storage" "Check" "Exit"
do
#case 方式,一般用于多种条件下的判断 
case $i in
Change_ip )
Change_ip
;;
Change_hosts )
Change_hosts
;;
Add_App_User )
Add_App_User
;;
Add_App_Storage )
Add_App_Storage
;;
Check )
Check
;;
Exit )
Exit
;;
*)
echo
echo "Please Insert $0: Change_IPAddress(1)|Change_HostName(2)|Add_APP_User(3)|Add_APP_Storage(4)|Check(5)|Exit(6)"
echo
;;
esac

done

发表评论

邮箱地址不会被公开。 必填项已用*标注