日期:2014-05-16  浏览次数:20723 次

linux基本配置
#!/bin/sh

/etc/init.d/iptables stop

yum -y install net-snmp telnet nc gcc* vsftpd ntpdate pcre pcre-devel

yum -y update


iptables -F

iptables -X

iptables -P INPUT DROP

iptables -P FORWARD DROP

#peng run ip

iptables -A INPUT -s 1.202.235.226/32 -j ACCEPT

iptables -A INPUT -s 1.202.235.227/32 -j ACCEPT

#chong qing ip

iptables -A INPUT -s 218.70.15.18/32 -j ACCEPT

iptables -A INPUT -s 211.139.62.226/32 -j ACCEPT

iptables -A INPUT -s 122.73.15.61 -j ACCEPT

iptables -A INPUT -s 122.73.15.62 -j ACCEPT

#sogo ip

iptables -A INPUT -s 219.143.32.0/24 -j ACCEPT

iptables -A INPUT -s 114.251.137.0/24 -j ACCEPT

iptables -A INPUT -s 211.157.28.234 -j ACCEPT

#lang fang ip

iptables -A INPUT -s 124.248.39.227 -j ACCEPT

iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT

#shi ji hu lian ip

iptables -A INPUT -s 59.151.53.55 -j ACCEPT

iptables -A INPUT -s 59.151.114.158 -j ACCEPT

iptables -A INPUT -s 59.151.114.159 -j ACCEPT

iptables -A INPUT -s 59.151.114.94 -j ACCEPT

#other ip

iptables -A INPUT -s 182.140.239.156/32 -j ACCEPT

iptables -A INPUT -s 119.253.46.242/32 -j ACCEPT 

iptables -A INPUT -s 112.91.147.37/32 -j ACCEPT

iptables -A INPUT -s 61.152.199.129 -j ACCEPT

iptables -A INPUT -s 61.152.199.130 -j ACCEPT

iptables -A INPUT -s 117.121.12.105 -j ACCEPT

iptables -A INPUT -s 60.220.212.23 -j ACCEPT

#define port

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

#iptables -A INPUT -p tcp --dport 443 -j ACCEPT

#zhu dong lian jie

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#localhost

iptables -A INPUT -i lo -j ACCEPT

/etc/init.d/iptables save


time=$(date -d "today" +"%Y%m%d%H%M%S")


read -p "输入用户名(可以是多个用户,中间用空格隔开):" NAME

for u in $NAME;do

echo "====   $u用户添加开始   ===="

useradd $u

passwd $u

echo "创建用$u完成"

done


sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd/vsftpd.conf

sed -i 's/#Port 22/Port 22022/g' /etc/ssh/sshd_config

sed -i 's/\#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

echo "* */4 * * * root /usr/sbin/ntpdate ntp.sjtu.edu.cn" >> /etc/cron.d/sysstat


cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak$time

cat /dev/null > /etc/snmp/snmpd.conf

echo "com2secnotConfigUserdefaultpublic" >> /etc/snmp/snmpd.conf

echo "groupnotConfigGroupv1notConfigUser" >> /etc/snmp/snmpd.conf

echo "groupnotConfigGroupv2cnotConfigUser" >> /etc/snmp/snmpd.conf

echo "viewsystemviewincluded.1" >> /etc/snmp/snmpd.conf

echo accessnotConfigGroup'"''"'anynoauthexactsystemview none none >> /etc/snmp/snmpd.conf

echo "dontLogTCPWrappersConnects yes" >> /etc/snmp/snmpd.conf


/etc/init.d/snmpd start

/etc/init.d/sshd restart

/etc/init.d/crond restart

/etc/init.d/vsftpd restart


chkconfig iptables off

chkconfig postfix off

chkconfig --level 2345 vsftpd on

chkconfig --level 2345 snmpd on