#!/bin/bash
#author MacBlog 
#this script is only for CentOS 7.x
DATE=`date +%F-%T`

#1.添加公网DNS地址
cat >> /etc/resolv.conf << EOF
nameserver 114.114.114.114
EOF
#2.Yum源更换为国内阿里源安装常用软件
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum -y install bash-completion bash-completion-extras tree \
screen lrzsz nmap tree dos2unix nc wget vim lsof tcpdump \
gcc glibc gcc-c++ make net-tools unzip iftop telnet p7zip
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

#3.yum重新建立缓存
yum clean all
yum makecache
#4.同步时间
yum -y install ntp
/usr/sbin/ntpdate cn.pool.ntp.org
echo "* 4 * * * /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root
systemctl restart crond.service
#系统可生成最大线程数
cat /proc/sys/kernel/threads-max
#查看线程数
ulimit -s
#临时调整线程数
ulimit -s 102400
#永久调整线程数
cat >> /etc/security/limits.conf << EOF
* soft stack 102400
EOF

#5.设置最大打开文件描述符数
#系统可生成最大文件描述符数
cat /proc/sys/fs/file-max
#文件打开数查看
ulimit -a
ulimit -n
#临时调整文件打开数
ulimit -n 10240
#ulimit -n 131072
#655350
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 10240
EOF

#6.禁用selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0

#7.关闭防火墙
systemctl disable firewalld.service 
systemctl stop firewalld.service

#8.提权test用户可以使用sudo
#cp /etc/sudoers /etc/sudoers.$DATE.bak
#useradd test
#echo 123456|passwd --stdin test
#sed -i '/root ALL=(ALL) ALL/a test ALL=(ALL) ALL' /etc/sudoers
#grep test /etc/sudoers
#visudo -c &>/dev/null

####### 关机做快照
echo "您的服务器将在10秒后关机。"
shutdown -h -t 10