Ubuntu 18.04 系统初始化

#!/bin/bash
#Author: Created by MoWenJie
#Function: Ubuntu 18.04 Server System initialization

kernel_optimize() {
cat >/etc/sysctl.conf<<EOF
fs.file-max = 10000000
fs.nr_open = 10000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 204800
net.ipv4.tcp_max_tw_buckets = 204800
net.ipv4.tcp_max_orphans = 204800
net.core.netdev_max_backlog = 204800
net.core.somaxconn = 65000 
vm.swappiness = 0
net.ipv4.ip_nonlocal_bind = 1
net.ipv6.ip_nonlocal_bind = 1
net.unix.max_dgram_qlen = 128
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 28672
net.ipv4.neigh.default.gc_thresh3 = 32768
net.ipv6.neigh.default.gc_thresh1 = 512
net.ipv6.neigh.default.gc_thresh2 = 28672
net.ipv6.neigh.default.gc_thresh3 = 32768
EOF

sysctl --system
}

limits_process() {
cat >/etc/security/limits.d/sys_init.conf<<EOF
*       soft    nproc   2000000
*       hard    nproc   2000000
*       soft    nofile  2000000
*       hard    nofile  2000000
root    soft    nproc   2000000
root    hard    nproc   2000000
root    soft    nofile  2000000
root    hard    nofile  2000000
EOF
ulimit -HSn 2000000
}

time_sync() {
crontab -l | grep "ntpdate" > /dev/null
    if [ $? -eq 0 ];then
        echo  "Time sync already exists"
    else
        timedatectl set-local-rtc 1
        timedatectl set-timezone Asia/Shanghai
        echo "*/5 *  *  *  * /usr/sbin/ntpdate ntp.aliyun.com &>/dev/null" | crontab
        echo "Time sync Configuration successful"
    fi
}

sshd_permitrootlogin() {
grep "#PermitRootLogin prohibit-password" /etc/ssh/sshd_config
    if [ $? -eq 0 ];then
        sed -i 's!#PermitRootLogin prohibit-password!PermitRootLogin yes!g' /etc/ssh/sshd_config 
    else
        echo "root Remote Login open"
    fi
}

install_soft(){
apt update && apt upgrade
apt install -y tcpdump bash-completion tcptraceroute bc git gcc make net-tools mtr traceroute psmisc tcptrack nload ntpdate vim lsof tree
    if [ $? != 0 ];then
        echo "Apt installation error"
    fi
apt clean && apt autoremove
}

command_line(){
echo 'PS1="\[\e[0m\][\[\e[32;40m\]\u\[\e[33;40m\]@\[\e[34;40m\]\h \[\e[36;40m\]\w\[\e[0m\]]\\$ "' >> /root/.bashrc && bash
}

main() {
kernel_optimize
limits_process
time_sync
sshd_permitrootlogin
install_soft
command_line
}

main