万金油脚本~
老规矩~先贴一张女神~

一键替换国内源并且安装EPEL、关闭SELinux、禁用firewalld、 配置默认的防火墙规则并启用iptables service、安装常用的软件包
注意:仅适用于CentOS8,并且建议对新装的系统使用,已经有过操作记录的不建议使用,避免配置被覆盖
cat > /tmp/install.sh << EOFEND #!/bin/bash # 替换源 cd /etc/yum.repos.d cp CentOS-Base.repo CentOS-Base.repo.bak cp CentOS-AppStream.repo CentOS-AppStream.repo.bak cp CentOS-Extras.repo CentOS-Extras.repo.bak # 问题未知,注释掉这个无法同步缓存 # sed -i 's/mirrorlist=/#mirrorlist=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo sed -i 's/#baseurl=/baseurl=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo sed -i 's/http:\/\/mirror.centos.org/https:\/\/mirrors.aliyun.com/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo # 安装epel并重建缓存 dnf update -y dnf install epel-release -y dnf makecache -y # 安装常用包 dnf install -y vim wget net-tools iproute lrzsz nano iftop bind-utils traceroute git zsh openssh-server screen NetworkManager-tui bash-completion procps passwd cronie chkconfig iputils util-linux-user tree sysstat iotop tmux # 关闭SELinux cat > /etc/selinux/config << EOF # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted EOF # 禁用firewalld systemctl disable --now firewalld.service # 安装iptables service dnf install iptables-services -y cat > /etc/sysconfig/iptables << EOF # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT EOF systemctl enable --now iptables.service EOFEND chmod a+x /tmp/install.sh /tmp/install.sh
执行完成后记得重启系统让SELinux生效~