From 2bfa7cafee60b32e57e16752e5bf488cddfe5ced Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 09:16:55 +0800 Subject: [PATCH 1/9] =?UTF-8?q?=09=E5=90=88=E5=B9=B6limits.conf=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E7=9B=B8=E5=85=B3=E7=9A=84=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 删除set_kernel.sh文件,并将其内容并入set_limits.conf.sh 移除set_kernel.sh的调用 --- install_shell/set_kernel.sh | 18 ------------------ install_shell/set_limits.conf.sh | 17 +++++++++++++++++ setup.sh | 3 --- 3 files changed, 17 insertions(+), 21 deletions(-) delete mode 100755 install_shell/set_kernel.sh diff --git a/install_shell/set_kernel.sh b/install_shell/set_kernel.sh deleted file mode 100755 index 3fc56d8..0000000 --- a/install_shell/set_kernel.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# Parallel computing patch - -. ./check_function.sh - -LIMIT_CONFIG=/etc/security/limits.conf - - -# set limits.conf -grep -v ^# $LIMIT_CONFIG | grep stack | grep 16384 | grep hard &>/dev/null -if [ $? -eq 1 ];then - echo "* soft stack 8192" >> $LIMIT_CONFIG - echo "* hard stack 8192" >> $LIMIT_CONFIG -elif [ $? -eq 0 ];then - exit 0 -fi - - diff --git a/install_shell/set_limits.conf.sh b/install_shell/set_limits.conf.sh index 52f0aba..aa5e55b 100755 --- a/install_shell/set_limits.conf.sh +++ b/install_shell/set_limits.conf.sh @@ -1,5 +1,22 @@ #!/bin/bash + +. ./check_function.sh + +LIMIT_CONFIG=/etc/security/limits.conf + + +# set limits.conf +grep -v ^# $LIMIT_CONFIG | grep stack | grep 16384 | grep hard &>/dev/null +if [ $? -eq 1 ];then + echo "* soft stack 8192" >> $LIMIT_CONFIG + echo "* hard stack 8192" >> $LIMIT_CONFIG +elif [ $? -eq 0 ];then + exit 0 +fi + + + #本脚本更改同时打开文件数的限制为65536 ROOT_UID=0 diff --git a/setup.sh b/setup.sh index bf7718f..8daaaec 100755 --- a/setup.sh +++ b/setup.sh @@ -19,9 +19,6 @@ fi ./set_network.sh echo "====Set Bonding..." -./set_kernel.sh -echo "====Set Kernel parameters..." - ./set_ssh.sh $1 $2 $3 echo "====Set ssh...." From eb300e226749613f828379eae7a8bd57a0f62495 Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 10:50:07 +0800 Subject: [PATCH 2/9] =?UTF-8?q?=09=E4=BC=98=E5=8C=96crontab=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E7=9A=84=E5=86=85=E5=AE=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 修改update_time.sh的执行时间。 修改update_time.sh脚本的执行内容。 --- install_shell/crontab | 2 +- install_shell/update_time.sh | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/install_shell/crontab b/install_shell/crontab index f906c31..79364d8 100644 --- a/install_shell/crontab +++ b/install_shell/crontab @@ -13,5 +13,5 @@ MAILTO="" 0 20 * * * d5000 /usr/sbin/xrm.sh #Every Sunday morning, 5:0 0 5 * * 7 audadmin /usr/sbin/linx-watch-top.sh& -*/1 * * * * sysadmin /usr/sbin/update_time.sh +0 * * * * sysadmin /usr/sbin/update_time.sh */1 * * * * audadmin /usr/sbin/get_max_mem_process.sh diff --git a/install_shell/update_time.sh b/install_shell/update_time.sh index 36e9db0..3755d16 100755 --- a/install_shell/update_time.sh +++ b/install_shell/update_time.sh @@ -1,6 +1,2 @@ #!/bin/sh -NTPSERVER_A='net1-1' -NTPSERVER_B='net2-1' -NTPDATE='/usr/sbin/ntpdate' -${NTPDATE} ${NTPSERVER_A} || ${NTPDATE} ${NTPSERVER_B} hwclock -w From 319bace7d7f1f52e4b77dbce54e0cb51b00ead43 Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 13:04:59 +0800 Subject: [PATCH 3/9] =?UTF-8?q?=09Fix=20bug=201691,=E5=90=88=E5=B9=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 已经将set_linux-pam.sh文件中的配置 融入到软件包中,所以这里可以移除相关配置脚本 --- install_shell/set_linux-pam.sh | 20 -------------------- setup.sh | 2 -- 2 files changed, 22 deletions(-) delete mode 100755 install_shell/set_linux-pam.sh diff --git a/install_shell/set_linux-pam.sh b/install_shell/set_linux-pam.sh deleted file mode 100755 index dede2f3..0000000 --- a/install_shell/set_linux-pam.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -ROOT_UID=0 -E_ROOT=2 -DATE=$(date +%Y%m%d) -if [ $UID -ne $ROOT_UID ];then - echo "You must run this script use root ..." - exit $E_ROOT -fi -PASSWD_FILE=/etc/pam.d/passwd -LOGIN_FILE=/etc/pam.d/login -KDE_FILE=/etc/pam.d/kde -SSHD_FILE=/etc/pam.d/sshd -sed -i.bak_$DATE '/pam_cracklib.so/d' ${PASSWD_FILE} -sed -i.bak_$DATE '/pam_tally.so/d' ${LOGIN_FILE} -sed -i.bak_$DATE '/pam_tally.so/d' ${KDE_FILE} -sed -i.bak_$DATE '/pam_tally.so/d' ${SSHD_FILE} -sed -i "/pam_unix_passwd.so/i\password required pam_cracklib.so retry=3 minlen=12 difok=3 ucredit=1 lcredit=2 dcredit=1 ocredit=1" ${PASSWD_FILE} -echo "auth required /lib64/security/pam_tally.so per_user unlock_time=600 onerr=succeed audit deny=3">> ${LOGIN_FILE} -echo "auth required /lib64/security/pam_tally.so per_user unlock_time=600 onerr=succeed audit deny=3">> ${KDE_FILE} -echo "auth required /lib64/security/pam_tally.so per_user unlock_time=600 onerr=succeed audit deny=3">> ${SSHD_FILE} diff --git a/setup.sh b/setup.sh index 8daaaec..b18e57f 100755 --- a/setup.sh +++ b/setup.sh @@ -53,8 +53,6 @@ echo "====Set fonts & Input method..." ./other.sh $1 $2 $3 echo "===Set other===" -./set_linux-pam.sh -echo "===Set pam_cracklib.so and pam_tally.so ===" cd cgroup-d5000-install ./install.sh $1 $2 $3 From b81f1ec1fce37bb8c1f21fcbc524c5b1d0ba057a Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 14:09:57 +0800 Subject: [PATCH 4/9] =?UTF-8?q?=09=E5=88=A0=E9=99=A4=E4=B8=8E=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E7=9B=B8=E5=85=B3=E7=9A=84=E9=85=8D=E7=BD=AE=E6=96=87?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install_shell/audit.rules | 103 -------------------------------- install_shell/audit.rules.d5000 | 103 -------------------------------- install_shell/audit_patch.sh | 31 ---------- install_shell/auditd.conf | 25 -------- setup.sh | 4 -- 5 files changed, 266 deletions(-) delete mode 100644 install_shell/audit.rules delete mode 100644 install_shell/audit.rules.d5000 delete mode 100755 install_shell/audit_patch.sh delete mode 100644 install_shell/auditd.conf diff --git a/install_shell/audit.rules b/install_shell/audit.rules deleted file mode 100644 index a80ac8b..0000000 --- a/install_shell/audit.rules +++ /dev/null @@ -1,103 +0,0 @@ -## --D - - -## --b 32768 - - -## --f 1 - - -## --w /var/log/audit/ -k LOG_audit --w /etc/audit/ -p wa -k CFG_audit --w /etc/sysconfig/auditd -p wa -k CFG_auditd.conf --w /etc/libaudit.conf -p wa -k CFG_libaudit.conf --w /etc/audisp/ -p wa -k CFG_audisp - - - -## --w /home/d5000/fujian/bin/ -p wa -k BIN_d5000 --w /home/d5000/fujian/conf/ -p wa -k CFG_d5000 --w /home/d5000/fujian/.cshrc -p wa -k CFG_cshrc --w /etc/hosts -p wa -k CFG_hosts --w /etc/services -p wa -k CFG_services --w /etc/sysctl.conf -p wa -k CFG_sysctl.conf --w /etc/syslog.conf -p wa -k CFG_syslog.conf --w /etc/security/limits.conf -p wa -k CFG_limits.conf - - -## --a exit,always -F path=/home/d5000/fujian/bin/sca_analog -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_point -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_cal -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_op -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_manage -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_topo -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_handle -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_com -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_mgr -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_gps -S all --a exit,always -F path=/home/d5000/fujian/bin/rtdb_server -S all --a exit,always -F path=/home/d5000/fujian/bin/rtdb_modify -S all --a exit,always -F path=/home/d5000/fujian/bin/case_server -S all --a exit,always -F path=/home/d5000/fujian/bin/download_daemon -S all --a exit,always -F path=/home/d5000/fujian/bin/download_server -S all --a exit,always -F path=/home/d5000/fujian/bin/db_modify_server -S all --a exit,always -F path=/home/d5000/fujian/bin/sql_sp_server -S all --a exit,always -F path=/home/d5000/fujian/bin/db_commit -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_nicmonitor -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_procm -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_procm_mon -S all --a exit,always -F path=/home/d5000/fujian/bin/msg_bus -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_servicemanage -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_trans_alarm -S all --a exit,always -F path=/home/d5000/fujian/bin/remote_exed -S all --a exit,always -F path=/home/d5000/fujian/bin/locator -S all --a exit,always -F path=/home/d5000/fujian/bin/proxy -S all --a exit,always -F path=/home/d5000/fujian/bin/midmmi -S all --a exit,always -F path=/home/d5000/fujian/bin/midbrow -S all --a exit,always -F path=/home/d5000/fujian/bin/middata -S all --a exit,always -F path=/home/d5000/fujian/bin/evt_sender -S all --a exit,always -F path=/home/d5000/fujian/bin/evt_recv -S all --a exit,always -F path=/home/d5000/fujian/bin/hissam -S all --a exit,always -F path=/home/d5000/fujian/bin/hissec -S all --a exit,always -F path=/home/d5000/fujian/bin/midhs -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrep -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrec -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_ser -S all - - -## -#-w /database/ -p wa -k DAT_database - - - -## --w /etc/passwd -p wa -k CFG_passwd --w /etc/group -p wa -k CFG_group --w /etc/shadow -p wa -k CFG_shadow - - -## --a entry,always -F arch=b32 -S setxattr -S lsetxattr -S removexattr -S lremovexattr --a entry,always -F arch=b64 -S setxattr -S lsetxattr -S removexattr -S lremovexattr - - -## --w /etc/cron.allow -p wa -k CFG_cron.allow --w /etc/cron.deny -p wa -k CFG_cron.deny --w /etc/cron.d/ -p wa -k CFG_cron.d --w /etc/cron.daily/ -p wa -k CFG_cron.daily --w /etc/cron.hourly/ -p wa -k CFG_cron.hourly --w /etc/cron.monthly/ -p wa -k CFG_cron.monthly --w /etc/cron.weekly/ -p wa -k CFG_cron.weekly --w /etc/crontab -p wa -k CFG_crontab --w /var/spool/cron/crontabs/root -k CFG_crontab_root --w /var/spool/cron/crontabs/d5000 -p wa -k CFG_crontab_root -#trace kill -#-a entry,always -F arch=b32 -F a1>0 -S kill -#-a entry,always -F arch=b64 -F a1>0 -S kill diff --git a/install_shell/audit.rules.d5000 b/install_shell/audit.rules.d5000 deleted file mode 100644 index d76e32c..0000000 --- a/install_shell/audit.rules.d5000 +++ /dev/null @@ -1,103 +0,0 @@ -## --D - - -## --b 32768 - - -## --f 1 - - -## --w /var/log/audit/ -k LOG_audit --w /etc/audit/ -p wa -k CFG_audit --w /etc/sysconfig/auditd -p wa -k CFG_auditd.conf --w /etc/libaudit.conf -p wa -k CFG_libaudit.conf --w /etc/audisp/ -p wa -k CFG_audisp - - - -## --w /home/d5000/fujian/bin/ -p wa -k BIN_d5000 --w /home/d5000/fujian/conf/ -p wa -k CFG_d5000 --w /home/d5000/fujian/.cshrc -p wa -k CFG_cshrc --w /etc/hosts -p wa -k CFG_hosts --w /etc/services -p wa -k CFG_services --w /etc/sysctl.conf -p wa -k CFG_sysctl.conf --w /etc/syslog.conf -p wa -k CFG_syslog.conf --w /etc/security/limits.conf -p wa -k CFG_limits.conf - - -## --a exit,always -F path= PATH=/home/d5000/fujian/bin/sca_analog -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_point -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_cal -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_op -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_manage -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_topo -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_handle -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_com -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_mgr -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_gps -S all --a exit,always -F path=/home/d5000/fujian/bin/rtdb_server -S all --a exit,always -F path=/home/d5000/fujian/bin/rtdb_modify -S all --a exit,always -F path=/home/d5000/fujian/bin/case_server -S all --a exit,always -F path=/home/d5000/fujian/bin/download_daemon -S all --a exit,always -F path=/home/d5000/fujian/bin/download_server -S all --a exit,always -F path=/home/d5000/fujian/bin/db_modify_server -S all --a exit,always -F path=/home/d5000/fujian/bin/sql_sp_server -S all --a exit,always -F path=/home/d5000/fujian/bin/db_commit -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_nicmonitor -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_procm -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_procm_mon -S all --a exit,always -F path=/home/d5000/fujian/bin/msg_bus -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_servicemanage -S all --a exit,always -F path=/home/d5000/fujian/bin/sys_trans_alarm -S all --a exit,always -F path=/home/d5000/fujian/bin/remote_exed -S all --a exit,always -F path=/home/d5000/fujian/bin/locator -S all --a exit,always -F path=/home/d5000/fujian/bin/proxy -S all --a exit,always -F path=/home/d5000/fujian/bin/midmmi -S all --a exit,always -F path=/home/d5000/fujian/bin/midbrow -S all --a exit,always -F path=/home/d5000/fujian/bin/middata -S all --a exit,always -F path=/home/d5000/fujian/bin/evt_sender -S all --a exit,always -F path=/home/d5000/fujian/bin/evt_recv -S all --a exit,always -F path=/home/d5000/fujian/bin/hissam -S all --a exit,always -F path=/home/d5000/fujian/bin/hissec -S all --a exit,always -F path=/home/d5000/fujian/bin/midhs -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrep -S all --a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrec -S all --a exit,always -F path=/home/d5000/fujian/bin/fes_ser -S all - - -## -#-w /database/ -p wa -k DAT_database - - - -## --w /etc/passwd -p wa -k CFG_passwd --w /etc/group -p wa -k CFG_group --w /etc/shadow -p wa -k CFG_shadow - - -## --a entry,always -F arch=b32 -S setxattr -S lsetxattr -S removexattr -S lremovexattr --a entry,always -F arch=b64 -S setxattr -S lsetxattr -S removexattr -S lremovexattr - - -## --w /etc/cron.allow -p wa -k CFG_cron.allow --w /etc/cron.deny -p wa -k CFG_cron.deny --w /etc/cron.d/ -p wa -k CFG_cron.d --w /etc/cron.daily/ -p wa -k CFG_cron.daily --w /etc/cron.hourly/ -p wa -k CFG_cron.hourly --w /etc/cron.monthly/ -p wa -k CFG_cron.monthly --w /etc/cron.weekly/ -p wa -k CFG_cron.weekly --w /etc/crontab -p wa -k CFG_crontab --w /var/spool/cron/crontabs/root -k CFG_crontab_root --w /var/spool/cron/crontabs/d5000 -p wa -k CFG_crontab_root -#trace kill -#-a entry,always -F arch=b32 -F a1>0 -S kill -#-a entry,always -F arch=b64 -F a1>0 -S kill diff --git a/install_shell/audit_patch.sh b/install_shell/audit_patch.sh deleted file mode 100755 index 6852272..0000000 --- a/install_shell/audit_patch.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -. ./check_function.sh - -AUDIT_CONFIG=/etc/audit/audit.rules - -check_config $AUDIT_CONFIG '^-f' 1 -if [ $rtn -eq 1 ]; then - sed -i '/-f/s@[0-9]@1@' $AUDIT_CONFIG -elif [ $rtn -eq 2 ]; then - line=$(grep -n ^-b $AUDIT_CONFIG | cut -d: -f1) - num=`expr ${line} + 2` - sed -i "${num}a\-f 1" /etc/audit/audit.rules -fi -DATE=$(date +%Y%m%d) -sed -i.bak_$DATE '/kill/d' $AUDIT_CONFIG -echo "#trace kill">> $AUDIT_CONFIG -echo "#-a entry,always -F arch=b32 -F a1>0 -S kill">> $AUDIT_CONFIG -echo "#-a entry,always -F arch=b64 -F a1>0 -S kill">> $AUDIT_CONFIG -USER_NAME=$1 -USER_HOME=$2 -#if [ -z $1 ];then -# UNIT_NAME=guodiao -#else -# UNIT_NAME=$1 -#fi -# copy new script -cp auditd.conf /etc/audit -cp audit.rules /etc/audit/audit.rules.${USER_NAME} -#sed -i "s#fujian#${UNIT_NAME}#g" /etc/audit/audit.rules.${USER_NAME} -sed -i "s#/home/d5000/fujian#${USER_HOME}#g" /etc/audit/audit.rules.${USER_NAME} diff --git a/install_shell/auditd.conf b/install_shell/auditd.conf deleted file mode 100644 index 594bd43..0000000 --- a/install_shell/auditd.conf +++ /dev/null @@ -1,25 +0,0 @@ -# -# This file controls the configuration of the audit daemon -# - -log_file = /var/log/audit/audit.log -log_format = RAW -log_group = root -priority_boost = 4 -flush = INCREMENTAL -freq = 20 -num_logs = 16 -disp_qos = lossy -dispatcher = /sbin/audispd -name_format = NONE -##name = mydomain -max_log_file = 300 -max_log_file_action = ROTATE -space_left = 75 -space_left_action = SYSLOG -action_mail_acct = audadmin -admin_space_left = 50 -admin_space_left_action = SUSPEND -disk_full_action = SUSPEND -disk_error_action = SUSPEND - diff --git a/setup.sh b/setup.sh index b18e57f..8cd2039 100755 --- a/setup.sh +++ b/setup.sh @@ -25,10 +25,6 @@ echo "====Set ssh...." ./ntpd_cron_patch.sh echo "====Set ntp client..." - -./audit_patch.sh $1 $2 $3 -echo "====Set audit.rules ..." - ./set_fonts.sh echo "====add fonts====" From 563c19b2cc82950e302db4049b8d5afbe8e1aa92 Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 14:33:29 +0800 Subject: [PATCH 5/9] =?UTF-8?q?=09=E5=88=A0=E9=99=A4=E6=8A=80=E6=9C=AF?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=83=A8=E9=97=A8=E7=9A=84=E5=9B=9E=E6=94=B6?= =?UTF-8?q?=E7=AB=99=E6=9C=BA=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install_shell/set_recycling-station.sh | 46 ------------ install_shell/set_recycling-station.sh.bak | 83 ---------------------- setup.sh | 3 - 3 files changed, 132 deletions(-) delete mode 100755 install_shell/set_recycling-station.sh delete mode 100755 install_shell/set_recycling-station.sh.bak diff --git a/install_shell/set_recycling-station.sh b/install_shell/set_recycling-station.sh deleted file mode 100755 index 9c0e29f..0000000 --- a/install_shell/set_recycling-station.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -#set_recycling-station.sh -#Linux回收站,改写rm防止误删文件引起无法恢复 - -#Jincheng Ye -#2013/05/14 -#modified by Jincheng Ye,2013/10/28 -grep trash /root/.bashrc &> /dev/null -if [ $? -eq 0 ];then - echo "trash exist..." -else - -cat >> /root/.bashrc < /dev/null -if [ $? -eq 0 ];then - echo "trash exist..." -else - -cat >> /etc/profile <> ~/.bashrc <> /etc/csh.cshrc < Date: Tue, 18 Mar 2014 14:46:41 +0800 Subject: [PATCH 6/9] =?UTF-8?q?=09=E4=BF=AE=E6=94=B9cgroup=E7=9A=84?= =?UTF-8?q?=E8=BF=9B=E7=A8=8B=E6=95=B0=E5=A4=A7=E5=B0=8F=E9=99=90=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install_shell/cgroup-d5000-install/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install_shell/cgroup-d5000-install/install.sh b/install_shell/cgroup-d5000-install/install.sh index 81696a1..41cac09 100755 --- a/install_shell/cgroup-d5000-install/install.sh +++ b/install_shell/cgroup-d5000-install/install.sh @@ -8,6 +8,6 @@ sed -i "s#d5000#${USER_NAME}#g" /etc/cgconfig.conf sed -i "s#d5000#${USER_NAME}#g" /etc/cgrules.conf grep ^${USER_NAME} /etc/security/limits.conf|grep nproc &>/dev/null if [ $? -ne 0 ];then - echo "${USER_NAME} soft nproc 6000">>/etc/security/limits.conf - echo "${USER_NAME} hard nproc 6000">>/etc/security/limits.conf + echo "${USER_NAME} soft nproc 10240">>/etc/security/limits.conf + echo "${USER_NAME} hard nproc 10240">>/etc/security/limits.conf fi From 089b8a41f1e3facbd543fbacc907b440fd683dc3 Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 15:07:33 +0800 Subject: [PATCH 7/9] =?UTF-8?q?=09=E7=A7=BB=E9=99=A4other.sh=E4=B8=AD?= =?UTF-8?q?=E6=97=A0=E7=94=A8=E7=9A=84=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 移除的内容包括date能力配置和postfix访问权限。 --- install_shell/other.sh | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/install_shell/other.sh b/install_shell/other.sh index 0f12016..dc189f4 100755 --- a/install_shell/other.sh +++ b/install_shell/other.sh @@ -75,17 +75,6 @@ touch /var/lib/logrotate.status chown audadmin.audadmin /var/lib/logrotate.status chmod 755 /usr/sbin/runjobs -#解决以普通用户运行date命令设置当前时间的问题 -setcap "cap_sys_time+ep" /bin/date - -#解决/var/log/errors中postfix/sendmail:fatal:chair /var/spool/postfix:Permission denied?报错问题 -#解决/var/log/messages中的/usr/sbin/cron[2856]: (sysadmin) MAIL (mailed 126 bytes of output but got status 0x004b )的报错问题 -#mkfifo /var/spool/postfix/public/pickup -#chown postfix.postfix /var/spool/postfix/public/pickup -#setfacl -m u:sysadmin:rwx /var/spool/postfix -#setfacl -m u:sysadmin:rwx /var/spool/postfix/* -#setfacl -m u:sysadmin:rwx /usr/sbin/postdrop - #解决定时抓取占用最大内存的进程名,并记录到/var/log/messages文件中 cp get_max_mem_process.sh /usr/sbin/ From 9588a210913600eff8a96f161e1b728660f7c2d4 Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 15:54:48 +0800 Subject: [PATCH 8/9] =?UTF-8?q?=09=E6=B8=85=E7=90=86=E4=B8=8Entpd=E5=92=8C?= =?UTF-8?q?ntpdate=E7=9B=B8=E5=85=B3=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 删除ntpd_cron_patch.sh脚本,修改update_time.sh 做为它的替代品。在setup.sh中不再调用ntpd_cron_patch.sh 而改为调用update_time.sh。 --- install_shell/ntpd_cron_patch.sh | 43 -------------------------------- install_shell/update_time.sh | 19 +++++++++++++- setup.sh | 4 +-- 3 files changed, 20 insertions(+), 46 deletions(-) delete mode 100755 install_shell/ntpd_cron_patch.sh diff --git a/install_shell/ntpd_cron_patch.sh b/install_shell/ntpd_cron_patch.sh deleted file mode 100755 index d1796d6..0000000 --- a/install_shell/ntpd_cron_patch.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -if [ -f /var/spool/cron/crontabs/root ];then - grep update_time.sh /var/spool/cron/crontabs/root &> /dev/null - if [ $? = 0 ];then - sed -i '/update_time.sh/d' /var/spool/cron/crontabs/root - echo "*/1 * * * * sysadmin /usr/sbin/update_time.sh" >> /etc/crontab - fi -else - grep update_time.sh /etc/crontab | grep sysadmin &> /dev/null - if [ $? != 0 ];then - echo "*/1 * * * * sysadmin /usr/sbin/update_time.sh" >> /etc/crontab - fi -fi - - -#d5000 cron example -cp d5000_cron_example.sh /opt/ - -#ntp client -if [ -f /usr/sbin/update_time.sh ];then - chmod +x /usr/sbin/update_time.sh - chown sysadmin:sysadmin /usr/sbin/update_time.sh -else - -cat > /usr/sbin/update_time.sh << 'EOF' -#!/bin/bash -NTPSERVER_A='' -NTPSERVER_B='' -NTPDATE='/usr/sbin/ntpdate' -${NTPDATE} ${NTPSERVER_A} || ${NTPDATE} ${NTPSERVER_B} -hwclock -w -EOF - - ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime - chmod +x /usr/sbin/update_time.sh - chown sysadmin:sysadmin /usr/sbin/update_time.sh -fi - -#ntp server -sed -i '/ntps1*/d' /etc/ntp/ntp.conf -sed -i '/ntp1*/d' /etc/ntp/ntp.conf - diff --git a/install_shell/update_time.sh b/install_shell/update_time.sh index 3755d16..afd15fd 100755 --- a/install_shell/update_time.sh +++ b/install_shell/update_time.sh @@ -1,2 +1,19 @@ -#!/bin/sh +#!/bin/bash + +#ntp client +if [ -f /usr/sbin/update_time.sh ];then + rm /usr/sbin/update_time.sh +fi + +cat > /usr/sbin/update_time.sh << 'EOF' +#!/bin/bash hwclock -w +EOF + +chmod +x /usr/sbin/update_time.sh +chown sysadmin:sysadmin /usr/sbin/update_time.sh + +#ntp server +sed -i '/ntps1*/d' /etc/ntp/ntp.conf +sed -i '/ntp1*/d' /etc/ntp/ntp.conf + diff --git a/setup.sh b/setup.sh index 10752c2..7f5a581 100755 --- a/setup.sh +++ b/setup.sh @@ -22,8 +22,8 @@ echo "====Set Bonding..." ./set_ssh.sh $1 $2 $3 echo "====Set ssh...." -./ntpd_cron_patch.sh -echo "====Set ntp client..." +./update_time.sh +echo "====Set update time...." ./set_fonts.sh echo "====add fonts====" From 23a3d8d2477ad3f093662adaafa9b6a2f2becf5f Mon Sep 17 00:00:00 2001 From: Jinnan Wang Date: Tue, 18 Mar 2014 17:00:40 +0800 Subject: [PATCH 9/9] =?UTF-8?q?=09=E5=88=A0=E9=99=A4set=5Flimits.conf.sh?= =?UTF-8?q?=E4=B8=AD=E6=97=A0=E7=94=A8=E7=9A=84=E8=A1=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 由于默认的栈大小就是8192所以 删除冗余行 --- install_shell/set_limits.conf.sh | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/install_shell/set_limits.conf.sh b/install_shell/set_limits.conf.sh index aa5e55b..4cd97c1 100755 --- a/install_shell/set_limits.conf.sh +++ b/install_shell/set_limits.conf.sh @@ -3,18 +3,6 @@ . ./check_function.sh -LIMIT_CONFIG=/etc/security/limits.conf - - -# set limits.conf -grep -v ^# $LIMIT_CONFIG | grep stack | grep 16384 | grep hard &>/dev/null -if [ $? -eq 1 ];then - echo "* soft stack 8192" >> $LIMIT_CONFIG - echo "* hard stack 8192" >> $LIMIT_CONFIG -elif [ $? -eq 0 ];then - exit 0 -fi - #本脚本更改同时打开文件数的限制为65536