fs.file-max = 262144
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.rmem_default = 1048576
net.core.wmem_default = 524288
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 2500
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.nf_conntrack_max = 655360
net.netfilter.nf_conntrack_tcp_timeout_established = 120

*           soft  nofile     65535
*           hard  nofile     65535
*           soft  nproc      65535
*           hard  nproc      65535

session required /lib64/security/pam_limits.so

#!/bin/bash

time=date -d yesterday +"%Y-%m-%d"

user="用户名"

host="主机ip"

passwd="用户密码"

#提前创建好一个存放目录：/opt/mysql/log/slowlog/

mv /opt/mysql/log/slow.log /opt/mysql/log/slowlog/slow-$time.log

gzip /opt/mysql/log/slowlog/slow-$time.log

mysqladmin -u$user -h$host -p$passwd  --socket=/opt/mysql/run/mysql.sock flush-logs slow

#!/bin/bash

#初始化

LOGS_PATH=/opt/server/nginx/logs

YESTERDAY=$(date -d "yesterday" +%Y%m%d)

#按天切割日志

mv ${LOGS_PATH}/access.log ${LOGS_PATH}/access_${YESTERDAY}.log

mv ${LOGS_PATH}/error.log ${LOGS_PATH}/error_${YESTERDAY}.log

#进行打包

cd ${LOGS_PATH}

tar -zcvf access_${YESTERDAY}.log.tar.gz access_${YESTERDAY}.log --remove-files

tar -zcvf error_${YESTERDAY}.log.tar.gz error_${YESTERDAY}.log --remove-files

#向nginx主进程发送USR1信号，重新打开日志文件，否则会继续往mv后的文件写数据的。原因在于：linux系统中，内核是根据文件描述符来找文件的。如果不这样操作导致日志切割失败。

kill -USR1 `ps axu | grep "nginx: master process" | grep -v grep | awk '{print $2}'`

#删除7天前的日志

#cd ${LOGS_PATH}

#find . -mtime +30 -name "*20[1-9][3-9]*" | xargs rm -f

exit 0

#!/bin/bash

##################################################################

#注释掉系统无用用户

sed -i '/^sync/s/^/#/' /etc/passwd

sed -i '/^halt/s/^/#/' /etc/passwd

sed -i '/^news/s/^/#/' /etc/passwd

sed -i '/^uucp/s/^/#/' /etc/passwd

sed -i '/^operator/s/^/#/' /etc/passwd

sed -i '/^games/s/^/#/' /etc/passwd

sed -i '/^gopher/s/^/#/' /etc/passwd

sed -i '/^smmsp/s/^/#/' /etc/passwd

sed -i '/^nfsnobody/s/^/#/' /etc/passwd

sed -i '/^nobody/s/^/#/' /etc/passwd

sed -i '/^lp/s/^/#/' /etc/passwd

#################################################################

#修改密码过期时间

DIR=/etc

##/etc/login.defs
##PASS_MAX_DAYS

cp -p /etc/login.defs /etc/login.defs_bak

echo "正在修改/etc/login.defs..."
sleep 1
max=cat $DIR/login.defs |grep ^PASS_MAX_DAYS |awk '{print $2}'
if [ $max != 90 ];then
    sed -i '/^PASS_MAX_DAYS/s/'"$max"'/90/g' $DIR/login.defs
fi

##PASS_MIN_DAYS
min=cat $DIR/login.defs |grep ^PASS_MIN_DAYS |awk '{print $2}'
if [ $min != 0 ];then
    sed -i '/^PASS_MIN_DAYS/s/'"$min"'/0/g' $DIR/login.defs
fi

##PASS_MIN_LEN
len=cat $DIR/login.defs |grep ^PASS_MIN_LEN |awk '{print $2}'
if [ $len != 8 ];then
    sed -i '/^PASS_MIN_LEN/s/'"$len"'/8/g' $DIR/login.defs
fi


##PASS_WARN_AGE
warn=cat $DIR/login.defs |grep ^PASS_WARN_AGE | awk '{print $2}'
if [ $warn != 7 ];then
    sed -i '/^PASS_WARN_AGE/s/'"$warn"'/7/g' $DIR/login.defs
fi


###########################################################

echo "正在修改系统命令行保存条目..."
sleep 1
cat /etc/profile |grep ^HISTSIZE > /dev/null
if [ $? == 0 ];then
    sed -i 's/^HISTSIZE=[0-9]\{1,4\}/HISTSIZE=30/g' /etc/profile
fi
cat /etc/profile |grep ^HISTFILESIZE > /dev/null
if [ $? == 1 ];then
    echo "HISTFILESIZE=30" >> /etc/profile
fi

###############################################

echo "正在修改密码设置策略..."

cp -p /etc/pam.d/system-auth /etc/pam.d/system-auth_bak

sed -i "14i password requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth


#########################################################################

echo "设置终端超时时间"
echo export TMOUT=300 >> /etc/profile
source /etc/profile


#########################################################################

echo "正在启用审计策略..."
echo -e "-w /etc/group -p wa -k CFG_group\n-w /etc/passwd -p wa -k CFG_passwd\n-w /etc/gshadow -k CFG_gshadow\n-w /etc/shadow -k CFG_shadow" >> /etc/audit/audit.rules
service auditd restart

##########################################################################################

echo "限制用户登录次数"
sed -i '2i auth required pam_tally2.so deny=3 unlock_time=300 even_deny_root root_unlock_time=300' /etc/pam.d/login
sed -i '2i auth required pam_tally2.so deny=3 unlock_time=300 even_deny_root root_unlock_time=300' /etc/pam.d/sshd

############################################################################################

 #Configure Minimum User Authorization
chmod 600 /etc/security

###########################################################################################

\# Log Security Event Log
sed -i '80i *.err;kern.debug;daemon.notice  /var/adm/messages' /etc/rsyslog.conf
mkdir -p /var/adm
touch /var/adm/messages
chmod 640 /var/adm/messages
/etc/init.d/rsyslog restart

############################################################################################

#修改历史命令保存条数

sed -i '/^HISTSIZE/s/1000/5/' /etc/profile

sed -i '49i  HISTFILESIZE=5' /etc/profile 

source /etc/profile

############################################################################################

#设置关键文件的属性

chattr +a /var/log/messages

###########################################################################################

#banner告警

touch /etc/ssh_banner
chown bin:bin /etc/ssh_banner
chmod 644 /etc/ssh_banner
echo " Authorized only. All activity will be monitored and reported " > /etc/ssh_banner
echo "Banner /etc/ssh_banner" >> /etc/ssh/sshd_config 
/etc/init.d/sshd restart

#! /bin/bash

while getopts ivh name
do
        case $name in
          i)iopt=1;;
          v)vopt=1;;
          h)hopt=1;;
         *)echo "Invalid arg";;
        esac
done

if [[ ! -z $iopt ]]
then
{
wd=$(pwd)
basename "$(test -L "$0" && readlink "$0" || echo "$0")" > /tmp/scriptname
scriptname=$(echo -e -n $wd/ && cat /tmp/scriptname)
su -c "cp $scriptname /usr/bin/monitor" root && echo "Congratulations! Script Installed, now run monitor Command" || echo "Installation failed"
}
fi

if [[ ! -z $vopt ]]
then
{
echo -e "tecmint_monitor version 0.1\nDesigned by Tecmint.com\nReleased Under Apache 2.0 License"
}
fi
if [[ ! -z $hopt ]]
then
{
echo -e " -i                                Install script"
echo -e " -v                                Print version information and exit"
echo -e " -h                                Print help (this information) and exit"
}
fi

if [[ $# -eq 0 ]]
then
{
clear

unset tecreset os architecture kernelrelease internalip externalip nameserver loadaverage

tecreset=$(tput sgr0)

ping -c 1 www.baidu.com &> /dev/null && echo -e '\E[32m'"Internet: $tecreset Connected" || echo -e '\E[32m'"Internet: $tecreset Disconnected"

os=$(uname -o)
echo -e '\E[32m'"Operating System Type :" $tecreset $os

###################################
OS=uname -s
REV=uname -r
MACH=uname -m

GetVersionFromFile()
{
    VERSION=cat $1 | tr "\n" ' ' | sed s/.*VERSION.*=\ //
}

if [ "${OS}" = "SunOS" ] ; then
    OS=Solaris
    ARCH=uname -p
    OSSTR="${OS} ${REV}(${ARCH} uname -v)"
elif [ "${OS}" = "AIX" ] ; then
    OSSTR="${OS} oslevel (oslevel -r)"
elif [ "${OS}" = "Linux" ] ; then
    KERNEL=uname -r
    if [ -f /etc/redhat-release ] ; then
        DIST='RedHat'
        PSUEDONAME=cat /etc/redhat-release | sed s/.*\(// | sed s/\)//
        REV=cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//
    elif [ -f /etc/SuSE-release ] ; then
        DIST=cat /etc/SuSE-release | tr "\n" ' '| sed s/VERSION.*//
        REV=cat /etc/SuSE-release | tr "\n" ' ' | sed s/.*=\ //
    elif [ -f /etc/mandrake-release ] ; then
        DIST='Mandrake'
        PSUEDONAME=cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//
        REV=cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//
    elif [ -f /etc/debian_version ] ; then
        DIST="Debian cat /etc/debian_version"
        REV=""

	fi

	if ${OSSTR} [ -f /etc/UnitedLinux-release ] ; then
    DIST="${DIST}[cat /etc/UnitedLinux-release | tr "\n" ' ' | sed s/VERSION.*//]"
	fi

	OSSTR="${OS} ${DIST} ${REV}(${PSUEDONAME} ${KERNEL} ${MACH})"

fi

##################################
#cat /etc/os-release | grep 'NAME\|VERSION' | grep -v 'VERSION_ID' | grep -v 'PRETTY_NAME' > /tmp/osrelease
#echo -n -e '\E[32m'"OS Name :" $tecreset  && cat /tmp/osrelease | grep -v "VERSION" | grep -v CPE_NAME | cut -f2 -d\"
#echo -n -e '\E[32m'"OS Version :" $tecreset && cat /tmp/osrelease | grep -v "NAME" | grep -v CT_VERSION | cut -f2 -d\"
echo -e '\E[32m'"OS Version :" $tecreset $OSSTR 

architecture=$(uname -m)
echo -e '\E[32m'"Architecture :" $tecreset $architecture


kernelrelease=$(uname -r)
echo -e '\E[32m'"Kernel Release :" $tecreset $kernelrelease


echo -e '\E[32m'"Hostname :" $tecreset $HOSTNAME


internalip=$(hostname -I)
echo -e '\E[32m'"Internal IP :" $tecreset $internalip


externalip=$(curl -s ipecho.net/plain;echo)
echo -e '\E[32m'"External IP : $tecreset "$externalip


nameservers=$(cat /etc/resolv.conf | sed '1 d' | awk '{print $2}')
echo -e '\E[32m'"Name Servers :" $tecreset $nameservers 


who>/tmp/who
echo -e '\E[32m'"Logged In users :" $tecreset && cat /tmp/who 

free -h | grep -v + > /tmp/ramcache
echo -e '\E[32m'"Ram Usages :" $tecreset
cat /tmp/ramcache | grep -v "Swap"
echo -e '\E[32m'"Swap Usages :" $tecreset
cat /tmp/ramcache | grep -v "Mem"


df -h| grep 'Filesystem\|/dev/sda*' > /tmp/diskusage
echo -e '\E[32m'"Disk Usages :" $tecreset 
cat /tmp/diskusage


loadaverage=$(top -n 1 -b | grep "load average:" | awk '{print $10 $11 $12}')
echo -e '\E[32m'"Load Average :" $tecreset $loadaverage


tecuptime=$(uptime | awk '{print $3,$4}' | cut -f1 -d,)
echo -e '\E[32m'"System Uptime Days/(HH:MM) :" $tecreset $tecuptime


unset tecreset os architecture kernelrelease internalip externalip nameserver loadaverage

rm /tmp/who /tmp/ramcache /tmp/diskusage
}
fi
shift $(($OPTIND -1))

[root@localhost ~]# monitor 
Operating System Type : GNU/Linux
OS Version : Linux RedHat 7.2(Maipo 3.10.0-327.el7.x86_64 x86_64)
Architecture : x86_64
Kernel Release : 3.10.0-327.el7.x86_64
Hostname : localhost
Internal IP : 1.1.1.1
Name Servers : *.*.com. 1.1.1.1 1.1.1.1
Logged In users :
aq       pts/0        2020-09-24 15:31 (172.30.1.199)
Ram Usages :
              total        used        free      shared  buff/cache   available
Mem:           7.6G        638M        161M        397M        6.9G        6.4G
Swap Usages :
              total        used        free      shared  buff/cache   available
Swap:          8.0G        3.4M        8.0G
Disk Usages :
Filesystem                   Size  Used Avail Use% Mounted on
/dev/vda1                     99G   63G   31G  67% /
devtmpfs                     3.9G     0  3.9G   0% /dev
tmpfs                        3.9G   52K  3.9G   1% /dev/shm
/dev/mapper/vg_data-lv_data  197G  3.2G  184G   2% /opt
Port Usages :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6509/haproxy       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      933/sshd: /usr/sbin  
tcp6       0      0 :::22                   :::*                    LISTEN      933/sshd: /usr/sbin 
Load Average : loadaverage:0.12,
System Uptime Days/(HH:MM) : 71 days