init7

#!/bin/bash
#################################################
#   author  xuhongbin
#   date    2017-02-07
#   email   xuhongbin@kaixinwealth.com
#   web     www.robinphotos.cn
#################################################

flagFile="/root/centos7-init.executed"

precheck(){

    if [[ "$(whoami)" != "root" ]]; then
    echo "please run this script as root ." >&2
    exit 1
    fi

    if [ -f "$flagFile" ]; then
    echo "this script had been executed, please do not execute again!!" >&2
    exit 1
    fi

    echo -e "\033[31m WARNING! THIS SCRIPT WILL \033[0m\n"
    echo -e "\033[31m *1 update the system; \033[0m\n"
    echo -e "\033[31m *2 stop  security permissions; \033[0m\n"
    echo -e "\033[31m *3 stop irrelevant services; \033[0m\n"
    echo -e "\033[31m *4 reconfig kernel parameters; \033[0m\n"
    echo -e "\033[31m *5 setup timezone and sync time periodically; \033[0m\n"
    echo -e "\033[31m *6 setup tcp_wrapper and netfilter firewall; \033[0m\n"
    sleep 5

}

yum_update(){
    yum -y update
    yum -y install wget vim sysstat net-snmp net-snmp-utils gcc gcc-c++ make
    #update system at 5:40pm daily
   # echo "40 3 * * * root yum -y update && yum clean packages" >> /etc/crontab
}


selinux(){
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    setenforce 0
}

stop_services(){
	systemctl stop firewalld
	systemctl disable firewalld
}

limits_config(){
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536
EOF
echo "ulimit -SH 65536" >> /etc/rc.local
}

sysctl_config(){
cat >> /usr/lib/sysctl.d/00-system.conf <<EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
vm.max_map_count = 262145
EOF
sysctl -p
}

time_config(){
    #timezone
    echo "TZ='Asia/Shanghai'; export TZ" >> /etc/profile

    # Update time
    if [ ! -f "/usr/sbin/ntpdate" ]; then
        yum -y install ntpdate
    fi

    /usr/sbin/ntpdate pool.ntp.org
    echo "30 3 * * * root (/usr/sbin/ntpdate pool.ntp.org && /sbin/hwclock -w) &> /dev/null" >> /etc/crontab
	systemctl restart crond
}

main(){
    precheck

    printf "\033[32m================%40s================\033[0m\n" "updating the system            "
    yum_update

    printf "\033[32m================%40s================\033[0m\n" "stoping selinux               "
    selinux

    printf "\033[32m================%40s================\033[0m\n" "stopping irrelevant services   "
    stop_services

    printf "\033[32m================%40s================\033[0m\n" "/etc/security/limits.config    "
    limits_config

    printf "\033[32m================%40s================\033[0m\n" "/etc/sysctl.conf               "
    sysctl_config

    printf "\033[32m================%40s================\033[0m\n" "configuring time               "
    time_config

    printf "\033[32m================%40s================\033[0m\n" "done! rebooting                "
    touch "$flagFile"
    sleep 5
    reboot
}

main