扫码关注雪糕博客微信订阅号,即可订阅文章更新辣!万金油脚本~
老规矩~先贴一张女神~
一键替换国内源并且安装EPEL、关闭SELinux、禁用firewalld、 配置默认的防火墙规则并启用iptables service、安装常用的软件包
注意:仅适用于CentOS8,并且建议对新装的系统使用,已经有过操作记录的不建议使用,避免配置被覆盖
cat > /tmp/install.sh << EOFEND
#!/bin/bash
# 替换源
cd /etc/yum.repos.d
cp CentOS-Base.repo CentOS-Base.repo.bak
cp CentOS-AppStream.repo CentOS-AppStream.repo.bak
cp CentOS-Extras.repo CentOS-Extras.repo.bak
# 问题未知,注释掉这个无法同步缓存
# sed -i 's/mirrorlist=/#mirrorlist=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
sed -i 's/#baseurl=/baseurl=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
sed -i 's/http:\/\/mirror.centos.org/https:\/\/mirrors.aliyun.com/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
# 安装epel并重建缓存
dnf update -y
dnf install epel-release -y
dnf makecache -y
# 安装常用包
dnf install -y vim wget net-tools iproute lrzsz nano iftop bind-utils traceroute git zsh openssh-server screen NetworkManager-tui bash-completion procps passwd cronie chkconfig iputils util-linux-user tree sysstat iotop tmux
# 关闭SELinux
cat > /etc/selinux/config << EOF
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
EOF
# 禁用firewalld
systemctl disable --now firewalld.service
# 安装iptables service
dnf install iptables-services -y
cat > /etc/sysconfig/iptables << EOF
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
systemctl enable --now iptables.service
EOFEND
chmod a+x /tmp/install.sh
/tmp/install.sh
执行完成后记得重启系统让SELinux生效~