个人自用的新服务器DD后的初始化脚本
个人自用服务器初始化脚本,完成如下功能:
- 自动安装unzip curl wget sudo fail2ban rsyslog systemd-timesyncd ufw htop
- 修改grub配置,让网卡以ethX的格式命名
- 启用BBR
- 根据交互的方式修改hostname
- 根据交互的方式修改ssh端口,并使用fail2ban对ssh进行保护,使用ufw放行该端口
- 根据交互的方式修改dns,并对resolv.conf文件进行加锁
- 通过交互的方式创建swap交换文件并启用
以下脚本代码在DD Debian12系统后测试通过
#!/bin/bash
set -e # 移除 pipefail 和 -u,兼容低版本 bash
# 颜色定义
GREEN='\e[32m'
YELLOW='\e[33m'
RED='\e[31m'
NC='\e[0m' # 重置颜色
# 检测系统发行版和版本
detect_system() {
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
VERSION=$VERSION_CODENAME
else
echo -e "${RED}无法检测系统类型,仅支持 Debian/Ubuntu!${NC}"
exit 1
fi
# 兼容旧版 Debian/Ubuntu
if [ -z "$VERSION" ]; then
if [ "$OS" = "debian" ]; then
VERSION=$(lsb_release -cs 2>/dev/null || echo "bullseye")
else
VERSION=$(lsb_release -cs 2>/dev/null || echo "jammy")
fi
fi
echo -e "${GREEN}检测到系统:$OS $VERSION${NC}"
}
# 检查是否为 root 用户
check_root() {
if [ $(id -u) -ne 0 ]; then
echo -e "${RED}错误:请使用 sudo 执行该脚本!${NC}"
exit 1
fi
}
# 更换系统源函数
change_sources() {
echo -e "\n${GREEN}===== 更换系统源 =====${NC}"
echo -e "${YELLOW}可选源列表:${NC}"
echo "1. 阿里云源 (aliyun) - 推荐国内使用"
echo "2. 清华大学源 (tsinghua)"
echo "3. 中国科学技术大学源 (ustc)"
echo "4. 华为云源 (huaweicloud) - 稳定快速"
echo "5. 腾讯云源 (tencent) - 稳定快速"
echo "6. 网易源 (163) - 稳定快速"
echo "7. 恢复默认官方源 (default)"
read -p "请选择要使用的源(输入数字 1-7,直接回车跳过):" source_choice
case $source_choice in
1)
source_name="aliyun"
;;
2)
source_name="tsinghua"
;;
3)
source_name="ustc"
;;
4)
source_name="huaweicloud"
;;
5)
source_name="tencent"
;;
6)
source_name="163"
;;
7)
source_name="default"
;;
"")
echo -e "${YELLOW}跳过更换系统源...${NC}"
return 0
;;
*)
echo -e "${RED}无效选择,跳过更换系统源...${NC}"
return 0
;;
esac
# 备份原有源文件
SOURCES_FILE="/etc/apt/sources.list"
if [ ! -f "${SOURCES_FILE}.bak" ]; then
cp "${SOURCES_FILE}" "${SOURCES_FILE}.bak"
echo -e "${GREEN}已备份原有源文件至 ${SOURCES_FILE}.bak${NC}"
fi
# 根据系统类型和源名称动态生成源配置
echo -e "${GREEN}正在配置 ${source_name} 源...${NC}"
if [ "$OS" = "debian" ]; then
case $source_name in
aliyun)
cat > "${SOURCES_FILE}" << EOF
deb http://mirrors.aliyun.com/debian/ $VERSION main contrib non-free
deb http://mirrors.aliyun.com/debian/ $VERSION-updates main contrib non-free
deb http://mirrors.aliyun.com/debian/ $VERSION-backports main contrib non-free
deb http://mirrors.aliyun.com/debian-security/ $VERSION-security main contrib non-free
EOF
;;
tsinghua)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ $VERSION main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ $VERSION-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ $VERSION-backports main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security/ $VERSION-security main contrib non-free
EOF
;;
ustc)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.ustc.edu.cn/debian/ $VERSION main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ $VERSION-updates main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ $VERSION-backports main contrib non-free
deb https://mirrors.ustc.edu.cn/debian-security/ $VERSION-security main contrib non-free
EOF
;;
huaweicloud)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.huaweicloud.com/debian/ $VERSION main contrib non-free
deb https://mirrors.huaweicloud.com/debian/ $VERSION-updates main contrib non-free
deb https://mirrors.huaweicloud.com/debian/ $VERSION-backports main contrib non-free
deb https://mirrors.huaweicloud.com/debian-security/ $VERSION-security main contrib non-free
EOF
;;
tencent)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.cloud.tencent.com/debian/ $VERSION main contrib non-free
deb https://mirrors.cloud.tencent.com/debian/ $VERSION-updates main contrib non-free
deb https://mirrors.cloud.tencent.com/debian/ $VERSION-backports main contrib non-free
deb https://mirrors.cloud.tencent.com/debian-security/ $VERSION-security main contrib non-free
EOF
;;
163)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.163.com/debian/ $VERSION main contrib non-free
deb https://mirrors.163.com/debian/ $VERSION-updates main contrib non-free
deb https://mirrors.163.com/debian/ $VERSION-backports main contrib non-free
deb https://mirrors.163.com/debian-security/ $VERSION-security main contrib non-free
EOF
;;
default)
cat > "${SOURCES_FILE}" << EOF
deb http://deb.debian.org/debian/ $VERSION main contrib non-free
deb http://deb.debian.org/debian/ $VERSION-updates main contrib non-free
deb http://deb.debian.org/debian/ $VERSION-backports main contrib non-free
deb http://security.debian.org/debian-security/ $VERSION-security main contrib non-free
EOF
;;
esac
else
case $source_name in
aliyun)
cat > "${SOURCES_FILE}" << EOF
deb http://mirrors.aliyun.com/ubuntu/ $VERSION main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ $VERSION-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ $VERSION-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
tsinghua)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $VERSION main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $VERSION-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $VERSION-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
ustc)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.ustc.edu.cn/ubuntu/ $VERSION main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ $VERSION-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ $VERSION-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
huaweicloud)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.huaweicloud.com/ubuntu/ $VERSION main restricted universe multiverse
deb https://mirrors.huaweicloud.com/ubuntu/ $VERSION-updates main restricted universe multiverse
deb https://mirrors.huaweicloud.com/ubuntu/ $VERSION-backports main restricted universe multiverse
deb https://mirrors.huaweicloud.com/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
tencent)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.cloud.tencent.com/ubuntu/ $VERSION main restricted universe multiverse
deb https://mirrors.cloud.tencent.com/ubuntu/ $VERSION-updates main restricted universe multiverse
deb https://mirrors.cloud.tencent.com/ubuntu/ $VERSION-backports main restricted universe multiverse
deb https://mirrors.cloud.tencent.com/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
163)
cat > "${SOURCES_FILE}" << EOF
deb https://mirrors.163.com/ubuntu/ $VERSION main restricted universe multiverse
deb https://mirrors.163.com/ubuntu/ $VERSION-updates main restricted universe multiverse
deb https://mirrors.163.com/ubuntu/ $VERSION-backports main restricted universe multiverse
deb https://mirrors.163.com/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
default)
cat > "${SOURCES_FILE}" << EOF
deb http://archive.ubuntu.com/ubuntu/ $VERSION main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ $VERSION-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ $VERSION-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ $VERSION-security main restricted universe multiverse
EOF
;;
esac
fi
# 更新源缓存(忽略临时错误,避免个别源失效导致脚本中断)
echo -e "${GREEN}更新源缓存...${NC}"
apt update -y || echo -e "${YELLOW}源更新过程中出现警告,可忽略继续执行...${NC}"
echo -e "${GREEN}${source_name} 源配置完成!${NC}"
}
# 主执行流程
main() {
# 检查 root 权限
check_root
# 检测系统类型
detect_system
# 更换系统源
change_sources
# 系统升级
echo -e "\n${GREEN}===== 系统升级 =====${NC}"
apt upgrade -y
# 安装所需软件包
echo -e "\n${GREEN}===== 安装基础软件包 =====${NC}"
apt install -y unzip curl wget sudo fail2ban rsyslog systemd-timesyncd ufw htop
# 修改 hostname
echo -e "\n${GREEN}===== 修改主机名 =====${NC}"
read -p "是否修改 hostname?(y/N,默认不修改): " modify_hostname
if [[ "$modify_hostname" =~ ^[Yy]$ ]]; then
read -p "请输入新的 hostname: " new_hostname
if [ -n "$new_hostname" ]; then
hostnamectl set-hostname "$new_hostname"
# 修复 hosts 文件修改逻辑
sed -i "/127.0.1.1/d" /etc/hosts
echo "127.0.1.1 $new_hostname" >> /etc/hosts
echo -e "${GREEN}hostname 已修改为: $new_hostname${NC}"
fi
else
echo -e "${YELLOW}跳过修改 hostname...${NC}"
fi
# 交互式修改 SSH 端口
echo -e "\n${GREEN}===== 修改 SSH 端口 =====${NC}"
read -p "是否修改 SSH 端口?(y/N,默认不修改): " modify_ssh
ssh_port=22 # 默认端口
if [[ "$modify_ssh" =~ ^[Yy]$ ]]; then
read -p "请输入新的 SSH 端口(默认 22): " input_ssh_port
# 校验端口合法性
if [[ "$input_ssh_port" =~ ^[0-9]+$ ]] && [ "$input_ssh_port" -gt 0 ] && [ "$input_ssh_port" -lt 65536 ]; then
ssh_port=$input_ssh_port
# 修改 sshd 配置
sed -i "s/^#\?Port .*/Port $ssh_port/" /etc/ssh/sshd_config
sed -i "s/^#\?X11Forwarding .*/X11Forwarding no/" /etc/ssh/sshd_config
# 开放新端口
ufw allow "$ssh_port"/tcp
echo -e "${GREEN}SSH 端口已设置为: $ssh_port${NC}"
else
echo -e "${RED}端口输入无效,使用默认端口 22${NC}"
fi
else
echo -e "${YELLOW}跳过修改 SSH 端口...${NC}"
fi
# 配置 fail2ban
echo -e "\n${GREEN}===== 配置 fail2ban =====${NC}"
tee /etc/fail2ban/jail.local > /dev/null << EOF
[sshd]
ignoreip = 127.0.0.1/8
enabled = true
filter = sshd
port = $ssh_port
maxretry = 3
findtime = 300
bantime = -1
banaction = ufw
logpath = /var/log/auth.log
EOF
echo -e "${GREEN}fail2ban 配置完成!${NC}"
# 修改 DNS 配置
echo -e "\n${GREEN}===== 修改 DNS 配置 =====${NC}"
read -p "是否修改 DNS 配置?(y/N,默认不修改): " modify_dns
if [[ "$modify_dns" =~ ^[Yy]$ ]]; then
read -p "请输入新的 DNS 服务器(多个用空格分隔,推荐:223.5.5.5 223.6.6.6): " dns_servers
if [ -n "$dns_servers" ]; then
# 修复 DNS 配置逻辑
cp /etc/resolv.conf /etc/resolv.conf.bak
chattr -i /etc/resolv.conf 2>/dev/null || true
> /etc/resolv.conf
for dns in $dns_servers; do
echo "nameserver $dns" >> /etc/resolv.conf
done
# 仅在 systemd-resolved 未启用时锁定 resolv.conf
if ! systemctl is-active --quiet systemd-resolved; then
chattr +i /etc/resolv.conf 2>/dev/null || true
fi
echo -e "${GREEN}DNS 已配置为: $dns_servers${NC}"
fi
else
echo -e "${YELLOW}跳过修改 DNS 配置...${NC}"
fi
# 修改 GRUB 配置(仅 Linux 系统)
if [ -f /etc/default/grub ]; then
echo -e "\n${GREEN}===== 配置 GRUB =====${NC}"
if ! grep -q "net.ifnames=0 biosdevname=0" /etc/default/grub; then
sed -i 's/^GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="\1 net.ifnames=0 biosdevname=0"/' /etc/default/grub
update-grub 2>/dev/null || echo -e "${YELLOW}GRUB 更新警告,可忽略${NC}"
echo -e "${GREEN}GRUB 网卡命名规则已修改!${NC}"
else
echo -e "${YELLOW}GRUB 配置无需修改...${NC}"
fi
fi
# 配置 BBR
echo -e "\n${GREEN}===== 配置 BBR 拥塞算法 =====${NC}"
sed -i '/^net\.core\.default_qdisc/d' /etc/sysctl.conf
sed -i '/^net\.ipv4\.tcp_congestion_control/d' /etc/sysctl.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
# 验证 BBR 是否生效
if lsmod | grep -q tcp_bbr; then
echo -e "${GREEN}BBR 拥塞算法已启用!${NC}"
else
echo -e "${YELLOW}BBR 已配置,重启系统后生效!${NC}"
fi
# 启动服务
echo -e "\n${GREEN}===== 重启服务 =====${NC}"
systemctl restart sshd || echo -e "${YELLOW}sshd 重启警告:请确认 SSH 端口配置正确!${NC}"
systemctl restart fail2ban
systemctl enable fail2ban >/dev/null 2>&1
systemctl restart systemd-timesyncd
systemctl enable systemd-timesyncd >/dev/null 2>&1
# 启用 ufw
echo -e "\n${GREEN}===== 启用防火墙 =====${NC}"
# 确保 SSH 端口在防火墙规则中
if ufw status | grep -q "$ssh_port"; then
echo -e "${GREEN}SSH 端口 $ssh_port 已在防火墙规则中${NC}"
else
ufw allow "$ssh_port"/tcp
echo -e "${GREEN}已添加 SSH 端口 $ssh_port 到防火墙规则${NC}"
fi
ufw enable >/dev/null 2>&1
ufw reload >/dev/null 2>&1
echo -e "${GREEN}UFW 防火墙已启用!${NC}"
# 修改 Swap
echo -e "\n${GREEN}===== 配置 Swap =====${NC}"
read -p "是否修改 Swap 设置?(y/N,默认不修改): " modify_swap
if [[ "$modify_swap" =~ ^[Yy]$ ]]; then
read -p "请输入 Swap 大小 (单位 MB,正整数): " SWAP_SIZE
if ! [[ "$SWAP_SIZE" =~ ^[0-9]+$ ]] || [ "$SWAP_SIZE" -eq 0 ]; then
echo -e "${RED}无效输入,跳过 Swap 配置...${NC}"
else
read -p "请输入 Swappiness 值 (1-100, 默认 60): " SWAPPINESS
SWAPPINESS=${SWAPPINESS:-60}
if ! [[ "$SWAPPINESS" =~ ^[0-9]+$ ]] || [ "$SWAPPINESS" -lt 1 ] || [ "$SWAPPINESS" -gt 100 ]; then
SWAPPINESS=60
echo -e "${YELLOW}输入无效,使用默认值 60${NC}"
fi
# 清理原有 swap
EXISTING_SWAP=$(swapon --show=NAME --noheadings 2>/dev/null || true)
if [ -n "$EXISTING_SWAP" ]; then
swapoff "$EXISTING_SWAP"
rm -f "$EXISTING_SWAP"
sed -i "\|$EXISTING_SWAP|d" /etc/fstab
fi
# 创建新 swap
SWAP_FILE=${SWAP_FILE:-/swapfile}
fallocate -l ${SWAP_SIZE}M "$SWAP_FILE" || dd if=/dev/zero of="$SWAP_FILE" bs=1M count=$SWAP_SIZE
chmod 600 "$SWAP_FILE"
mkswap "$SWAP_FILE"
swapon "$SWAP_FILE"
if ! grep -q "$SWAP_FILE" /etc/fstab; then
echo "$SWAP_FILE none swap sw 0 0" >> /etc/fstab
fi
# 配置 swappiness
sed -i '/^vm\.swappiness/d' /etc/sysctl.conf
echo "vm.swappiness = $SWAPPINESS" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
echo -e "${GREEN}Swap 配置完成:${NC}"
swapon --show
fi
else
echo -e "${YELLOW}跳过修改 Swap...${NC}"
fi
# 时区设置
echo -e "\n${GREEN}===== 设置时区 =====${NC}"
read -p "是否设置时区为 Asia/Shanghai?(Y/n,默认设置): " set_timezone
if [[ ! "$set_timezone" =~ ^[Nn]$ ]]; then
timedatectl set-timezone Asia/Shanghai 2>/dev/null || ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo -e "${GREEN}时区已设置为 Asia/Shanghai${NC}"
timedatectl
else
echo -e "${YELLOW}跳过设置时区...${NC}"
fi
# 内核参数优化
echo -e "\n${GREEN}===== 内核参数优化 =====${NC}"
read -p "是否优化内核参数?(Y/n,默认优化): " optimize_kernel
if [[ ! "$optimize_kernel" =~ ^[Nn]$ ]]; then
# 备份原有配置
[ -f /etc/sysctl.conf ] && cp /etc/sysctl.conf /etc/sysctl.conf.bak
# 添加优化参数
cat >> /etc/sysctl.conf << 'EOF'
# 网络优化
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_slow_start_after_idle = 0
# 文件系统优化
fs.file-max = 2097152
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 524288
# 虚拟内存优化
vm.dirty_ratio = 10
vm.dirty_background_ratio = 5
vm.overcommit_memory = 1
EOF
sysctl -p >/dev/null 2>&1
echo -e "${GREEN}内核参数优化完成!${NC}"
else
echo -e "${YELLOW}跳过内核参数优化...${NC}"
fi
# 系统限制配置
echo -e "\n${GREEN}===== 系统限制配置 =====${NC}"
read -p "是否配置系统限制(ulimit、文件描述符)?(Y/n,默认配置): " configure_limits
if [[ ! "$configure_limits" =~ ^[Nn]$ ]]; then
# 配置 limits.conf
cat >> /etc/security/limits.conf << 'EOF'
# 系统限制配置
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
root soft nofile 65535
root hard nofile 65535
root soft nproc 65535
root hard nproc 65535
EOF
# 配置 systemd 限制
mkdir -p /etc/systemd/system.conf.d
cat > /etc/systemd/system.conf.d/limits.conf << 'EOF'
[Manager]
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535
EOF
echo -e "${GREEN}系统限制配置完成!${NC}"
echo -e "${YELLOW}注意:新配置将在用户重新登录后生效${NC}"
else
echo -e "${YELLOW}跳过系统限制配置...${NC}"
fi
# 磁盘清理
echo -e "\n${GREEN}===== 磁盘清理 =====${NC}"
read -p "是否清理系统缓存和临时文件?(Y/n,默认清理): " clean_disk
if [[ ! "$clean_disk" =~ ^[Nn]$ ]]; then
echo -e "${GREEN}正在清理系统...${NC}"
# 清理 apt 缓存
apt-get clean >/dev/null 2>&1
apt-get autoclean >/dev/null 2>&1
apt-get autoremove -y >/dev/null 2>&1
# 清理临时文件
rm -rf /tmp/* 2>/dev/null || true
rm -rf /var/tmp/* 2>/dev/null || true
# 清理日志文件(保留最近 7 天)
find /var/log -type f -name "*.log" -mtime +7 -delete 2>/dev/null || true
journalctl --vacuum-time=7d >/dev/null 2>&1
# 清理旧内核(保留当前和上一个版本)
if [ "$OS" = "debian" ]; then
apt-get autoremove -y --purge >/dev/null 2>&1 || true
fi
echo -e "${GREEN}磁盘清理完成!${NC}"
# 显示磁盘使用情况
df -h
else
echo -e "${YELLOW}跳过磁盘清理...${NC}"
fi
# 禁用不必要的服务
echo -e "\n${GREEN}===== 禁用不必要的服务 =====${NC}"
read -p "是否禁用不必要的服务?(Y/n,默认禁用): " disable_services
if [[ ! "$disable_services" =~ ^[Nn]$ ]]; then
echo -e "${GREEN}正在禁用不必要的服务...${NC}"
# 禁用不必要的服务
systemctl disable bluetooth >/dev/null 2>&1 || true
systemctl disable cups >/dev/null 2>&1 || true
systemctl disable snapd >/dev/null 2>&1 || true
echo -e "${GREEN}不必要的服务已禁用!${NC}"
else
echo -e "${YELLOW}跳过禁用服务...${NC}"
fi
echo -e "\n${GREEN}===== 所有配置完成!=====${NC}"
echo -e "${YELLOW}注意:部分配置(如 GRUB、BBR)需要重启系统后完全生效!${NC}"
}
# 执行主函数
main
版权声明:
作者:wkweb
链接:https://www.wkweb.cn/2955.html
来源:哇咔资源网
文章版权归作者所有,未经允许请勿转载。
THE END
0
二维码
海报
个人自用的新服务器DD后的初始化脚本
个人自用服务器初始化脚本,完成如下功能:
自动安装unzip curl wget sudo fail2ban rsyslog systemd-timesyncd ufw htop
修改grub配置,让网卡以ethX的格式……
共有 0 条评论