zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[init] 完善初始化脚本

Browse Source
This commit is contained in:
zeaslity
2023-10-08 09:27:58 +08:00
parent 65cb700649
commit 0b957c06d2
4 changed files with 174 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Public/dep/octopus_ssh_banner Normal file
View File

@@ -0,0 +1,25 @@
______ __ ______ __
/ \ | \ / \ | \
| $$$$$$\ _______ _| $$_ ______ ______ __ __ _______ | $$$$$$\ ______ ______ _______ _| $$_
| $$ | $$/ | $$ \ / \ / \| \ | \/ \ | $$__| $$/ \ / \| | $$ \
| $$ | $| $$$$$$$\$$$$$$ | $$$$$$| $$$$$$| $$ | $| $$$$$$$ | $$ $| $$$$$$| $$$$$$| $$$$$$$\$$$$$$
| $$ | $| $$ | $$ __| $$ | $| $$ | $| $$ | $$\$$ \ | $$$$$$$| $$ | $| $$ $| $$ | $$| $$ __
| $$__/ $| $$_____ | $$| | $$__/ $| $$__/ $| $$__/ $$_\$$$$$$\ | $$ | $| $$__| $| $$$$$$$| $$ | $$| $$| \
\$$ $$\$$ \ \$$ $$\$$ $| $$ $$\$$ $| $$ | $$ | $$\$$ $$\$$ | $$ | $$ \$$ $$
\$$$$$$ \$$$$$$$ \$$$$ \$$$$$$| $$$$$$$ \$$$$$$ \$$$$$$$ \$$ \$$_\$$$$$$$ \$$$$$$$\$$ \$$ \$$$$
| $$ | \__| $$
| $$ \$$ $$
\$$ \$$$$$$
__ __
| \ | \
____| $$ ______ ____| $$ ______ __ __ __ ______ _______ ______
______ ______ ______ / $$| \ / $$| \ | \ | \ | \| \| \ / \
| | | \ | $$$$$$$ \$$$$$$| $$$$$$$ \$$$$$$\ | $$ | $$ | $$ \$$$$$$| $$$$$$$| $$$$$$\
\$$$$$$\$$$$$$\$$$$$$ | $$ | $$/ $| $$ | $$/ $$ | $$ | $$ | $$/ $| $$ | $| $$ | $$
| $$__| $| $$$$$$| $$__| $| $$$$$$$ | $$_/ $$_/ $| $$$$$$| $$ | $| $$__| $$
\$$ $$\$$ $$\$$ $$\$$ $$ \$$ $$ $$\$$ $| $$ | $$\$$ $$
\$$$$$$$ \$$$$$$$ \$$$$$$$ \$$$$$$$ \$$$$$\$$$$ \$$$$$$$\$$ \$$_\$$$$$$$
| \__| $$
\$$ $$
\$$$$$$

1
Public/dep/ssh_key_pub.txt
View File

@@ -1 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL9S6CSAjTFe2fy4bAIfqu90ft6E+GBRvS59kno6LDeAbqUQNYf9hEnIg07Ee/x5DlnYE0S3Ykv3WCHuVyBH2zANnC0P87SqphDGmoqdqF3r6uDaCr4lBsUqEai9X2q6dyjZj6ym+r4zQhMApNDzbhcyfKQ54tKFylGIdx6siyktuU/VbOzWc6G8r+BfFsQpMCA1ihmCY1jGjsKPqFlZGLeTrlBb1Zk0OV+GtDhlf/t0cd0kRPJoydm2juTXrZO+tFmf9turfKZsBnRYKtQBLJG5mF1hsjIqo8DHr+PUL2wRrSxEhGTZiJL4rNJo/kHhKXXsomc5RM/AnfgAfxrLlH zeasl@DESKTOP-K2F9GG3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL9S6CSAjTFe2fy4bAIfqu90ft6E+GBRvS59kno6LDeAbqUQNYf9hEnIg07Ee/x5DlnYE0S3Ykv3WCHuVyBH2zANnC0P87SqphDGmoqdqF3r6uDaCr4lBsUqEai9X2q6dyjZj6ym+r4zQhMApNDzbhcyfKQ54tKFylGIdx6siyktuU/VbOzWc6G8r+BfFsQpMCA1ihmCY1jGjsKPqFlZGLeTrlBb1Zk0OV+GtDhlf/t0cd0kRPJoydm2juTXrZO+tFmf9turfKZsBnRYKtQBLJG5mF1hsjIqo8DHr+PUL2wRrSxEhGTZiJL4rNJo/kHhKXXsomc5RM/AnfgAfxrLlH zeasl@DESKTOP-K2F9GG3

174
Public/init-script-wdd.sh
View File

@@ -8,7 +8,7 @@ echo ""
echo "" echo ""
mkdir -p /root/wdd/lib/ mkdir -p /root/wdd/lib/
lib_file_list=(wdd-lib-log.sh wdd-lib-sys.sh) lib_file_list=(wdd-lib-log.sh wdd-lib-sys.sh)
for lib_file in ${lib_file_list[@]} ; do for lib_file in ${lib_file_list[@]}; do
wget "https://oss-s1.107421.xyz/${lib_file}" -qO "/root/wdd/lib/${lib_file}" wget "https://oss-s1.107421.xyz/${lib_file}" -qO "/root/wdd/lib/${lib_file}"
echo "加载库文件 < /root/wdd/lib/${lib_file}" echo "加载库文件 < /root/wdd/lib/${lib_file}"
. "/root/wdd/lib/${lib_file}" . "/root/wdd/lib/${lib_file}"
@@ -23,6 +23,7 @@ done
docker_version=20.10.10 docker_version=20.10.10
oss_url_prefix="https://oss-s1.107421.xyz" oss_url_prefix="https://oss-s1.107421.xyz"
modify_ssh_port=22333
# 脚本执行内容 # 脚本执行内容
deploy_in_cn=0 deploy_in_cn=0
@@ -107,15 +108,15 @@ shutdown_firewall() {
add_octopus_host() { add_octopus_host() {
FunctionStart "添加Octopus自定义Hosts" FunctionStart "添加Octopus自定义Hosts"
if grep -q "140.238" < /etc/hosts; then if grep -q "140.238" </etc/hosts; then
warn "自定义的Hosts已经配置完成 跳过!" warn "自定义的Hosts已经配置完成 跳过!"
else else
log "开始下载 自定义的Hosts文件" log "开始下载 自定义的Hosts文件"
wget "$oss_url_prefix/wdd-server-host.txt" -O /tmp/wdd-server-host.txt wget "$oss_url_prefix/wdd-server-host.txt" -O /tmp/wdd-server-host.txt
cat /tmp/wdd-server-host.txt >> /etc/hosts cat /tmp/wdd-server-host.txt >>/etc/hosts
fi fi
if grep -q "140.238" < /etc/hosts; then if grep -q "140.238" </etc/hosts; then
colorEchoGreen "自定义hosts添加成功" colorEchoGreen "自定义hosts添加成功"
SplitGreen SplitGreen
fi fi
@@ -141,7 +142,7 @@ disable_swap() {
colorEchoGreen " 备份完成 " colorEchoGreen " 备份完成 "
echo "" echo ""
log "正在修改文件系统表,去除虚拟内存的部分……" log "正在修改文件系统表,去除虚拟内存的部分……"
grep -v swap < /etc/fstab_bak >/etc/fstab grep -v swap </etc/fstab_bak >/etc/fstab
colorEchoGreen " 修改完成 " colorEchoGreen " 修改完成 "
FunctionEnd FunctionEnd
} }
@@ -197,7 +198,6 @@ install_docker() {
$CMD_REMOVE "$pre_one" $CMD_REMOVE "$pre_one"
done done
colorEchoGreen "----------docker环境清理完成----------" colorEchoGreen "----------docker环境清理完成----------"
SplitGreen SplitGreen
@@ -272,8 +272,8 @@ install_docker() {
log "开始添加 Docker官方 的docker源的apt源" log "开始添加 Docker官方 的docker源的apt源"
echo \ echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
colorEchoGreen " apt源添加成功 " colorEchoGreen " apt源添加成功 "
echo "" echo ""
fi fi
@@ -368,7 +368,7 @@ install_zsh() {
echo y | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" echo y | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
fi fi
SplitLine SplitLine
log log
if modify_zsh; then if modify_zsh; then
log "开始修改默认shell为zsh……" log "开始修改默认shell为zsh……"
local i local i
@@ -437,9 +437,9 @@ EOF
echo "" echo ""
colorEchoGreen "请检查当前zsh的插件开启情况" colorEchoGreen "请检查当前zsh的插件开启情况"
colorEchoGreen "------------------------------------------" colorEchoGreen "------------------------------------------"
grep "plugins=" < /root/.zshrc| grep -v "\#" grep "plugins=" </root/.zshrc | grep -v "\#"
grep "plugins=" < /root/.zshrc| grep -v "\#" grep "plugins=" </root/.zshrc | grep -v "\#"
grep "plugins=" < /root/.zshrc| grep -v "\#" grep "plugins=" </root/.zshrc | grep -v "\#"
colorEchoGreen "------------------------------------------" colorEchoGreen "------------------------------------------"
echo "" echo ""
@@ -562,7 +562,7 @@ time_sync_to_ali_by_chrony() {
} }
####################################### #######################################
# description # description 修改时区为东八区的时间并且开启NTP时间同步
# Globals: # Globals:
# BLUE # BLUE
# GREEN # GREEN
@@ -590,11 +590,107 @@ change_time_zone_and_ntp() {
FunctionEnd FunctionEnd
} }
modify_ssh_port(){
#######################################
# description 修改SSH的登录端口为 ${modify_ssh_port}
# Globals:
# modify_ssh_port 需要修改的ssh_port
# Arguments:
# None
#######################################
modify_ssh_port() {
FunctionStart "开始修改SSH的登录端口为 ${modify_ssh_port}"
local ssh_config_file="/etc/ssh/sshd_config"
if [[ -s /etc/ssh/sshd_config_wdd_back ]]; then
log "sshd_config文件已经备份跳过"
else
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_wdd_back
fi
SplitGreen
# 修改sshd的配置
local sshd_change_to_yes=("PermitRootLogin" "PasswordAuthentication" "TCPKeepAlive" "AllowTcpForwarding" "AllowAgentForwarding" "TCPKeepAlive")
local sshd_change_to_no=("ChallengeResponseAuthentication" "PermitEmptyPasswords" "StrictModes")
local yes_item
for yes_item in ${sshd_change_to_yes[@]}; do
if grep -x "$yes_item yes" $ssh_config_file; then
# 已经存在了,什么都不做
:
elif grep -x "#$yes_item yes" $ssh_config_file; then
# 被 # 注释,需要解开
sed -i "s/#$yes_item yes/$yes_item yes/g" $ssh_config_file
elif grep -x "$yes_item no" $ssh_config_file; then
# 被修改为no需要改为yes
sed -i "s/$yes_item no/$yes_item yes/g" $ssh_config_file
else
# 没有,那就添加
sed -i "$ a $yes_item yes" $ssh_config_file
fi
done
local no_item
for no_item in ${sshd_change_to_no[@]}; do
if grep -x "$no_item no" $ssh_config_file; then
:
elif grep -x "#$no_item no" $ssh_config_file; then
sed -i "s/#$no_item no/$no_item no/g" $ssh_config_file
elif grep -x "$no_item yes" $ssh_config_file; then
sed -i "s/$no_item yes/$no_item no/g" $ssh_config_file
else
sed -i "$ a $no_item no" $ssh_config_file
fi
done
SplitGreen
# 修改访问端口
if grep -xw "Port ${modify_ssh_port}" $ssh_config_file &>/dev/null; then
log "当前的ssh登录端口已经为${SSHLoginPort},无需修改!"
else
if sed -i "/^#Port 22/a Port ${modify_ssh_port}" $ssh_config_file; then
log "ssh的登陆端口已被修改为${modify_ssh_port},请修改防火墙以开放该端口!!"
fi
fi
SplitGreen
# 修改ssh的连接中断延时
log "修改ssh的连接中断延时!"
echo "ClientAliveInterval 30" >>$ssh_config_file
echo "ClientAliveCountMax 60" >>$ssh_config_file
SplitGreen
# 修改ssh的banner信息
log "修改ssh的banner信息 !"
wget $oss_url_prefix/octopus_ssh_banner -qO /etc/ssh/octopus_banner
sed -i "s/#Banner none/Banner \/etc\/ssh\/octopus_banner/g" $ssh_config_file
echo ""
log "banner 内容为 => $(cat /etc/ssh/octopus_banner)"
SplitGreen
# 重启SSHD服务
log "开始重启SSHD服务"
if systemctl restart sshd.service; then
log "sshd.service服务已经重启完成"
colorEchoGreen "sshd文件已经修改成功可以进行root登录请修改root密码~~"
else
error "sshd服务重启失败请检查原因!!!"
error "如果是CentOS大概率是防火墙的问题。"
fi
SplitGreen
FunctionEnd
} }
modify_ssh_login(){ #######################################
# description
# Arguments:
# None
# Returns:
# 1 ...
#######################################
modify_ssh_login() {
FunctionStart "开始配置SSH 登录密钥!" FunctionStart "开始配置SSH 登录密钥!"
if [[ ! -f /root/.ssh/id_rsa ]]; then if [[ ! -f /root/.ssh/id_rsa ]]; then
@@ -602,23 +698,27 @@ modify_ssh_login(){
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
fi fi
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys if grep $(cut -d " " -f3 < ~/.ssh/id_rsa.pub) < ~/.ssh/authorized_keys; then
chmod 600 ~/.ssh/authorized_keys log "本机的ssh-key信息已经写入跳过"
else
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
fi
SplitLine SplitLine
log "下载公共id_rsa.pub文件" log "下载公共id_rsa.pub文件"
wget https://oss-s1.107421.xyz/ssh_key_pub.txt -qO /tmp/ssh_key_pub.txt wget https://oss-s1.107421.xyz/ssh_key_pub.txt -qO /tmp/ssh_key_pub.txt
if [[ ! -s /tmp/ssh_key_pub.txt ]]; then if [[ ! -s /tmp/ssh_key_pub.txt ]]; then
error "下载 ssh-key 失败!" error "下载 ssh-key 失败!"
return 1 return 1
fi fi
log "开始写入ssh-key信息" log "开始写入ssh-key信息"
cat /tmp/ssh_key_pub.txt >> ~/.ssh/authorized_keys cat /tmp/ssh_key_pub.txt >>~/.ssh/authorized_keys
if grep -q "DESKTOP-K2F9GG3" < ~/.ssh/authorized_keys; then if grep -q "DESKTOP-K2F9GG3" <~/.ssh/authorized_keys; then
colorEchoGreen "公共SSH-Key已经写入成功" log $(grep "DESKTOP-K2F9GG3" <~/.ssh/authorized_keys)
colorEchoGreen " 公共SSH-Key已经写入成功 "
SplitGreen SplitGreen
fi fi
@@ -649,26 +749,39 @@ common_tool_install() {
# None # None
####################################### #######################################
help() { help() {
local call_script_command="source <(curl -sL https://oss-s1.107421.xyz/init-script-wdd.sh)"
local only_ssh_init_command="$call_script_command --ssh-login --ssh-port 22333 --firewall "
local base_init_command="$only_ssh_init_command --tools --host --zsh"
cat - 1>&2 <<EOF cat - 1>&2 <<EOF
# 打印使用说明
$call_script_command --help
# 修改sshd的端口的命令
$only_ssh_init_command
# 安装docker docker-compose的初始化 # 安装docker docker-compose的初始化
source <(curl -sL https://oss-s1.107421.xyz/init-script-wdd.sh) --firewall --tools --docker 20.10.10 --docker-compose --zsh --host --cn $base_init_command --docker 20.10.10 --docker-compose --cn
# 不安装docker的初始化 # 不安装docker的初始化
source <(curl -sL https://oss-s1.107421.xyz/init-script-wdd.sh) --firewall --tools --zsh --host --cn $base_init_command --cn
-h, --help 打印本说明文档 -h, --help 打印本说明文档
--firewall 关闭防火墙 --firewall 关闭防火墙
--swap 关闭Swap --swap 关闭Swap
--tools 安装通用的实用工具 --tools 安装通用的实用工具
--docker <version> 安装docker,并且指定相应的版本 --docker <version> 安装docker 版本<version>
--docker-compose 安装docker-compose 2.18.0 --docker-compose 安装docker-compose 2.18.0
--zsh 安装并且配置ZSH --zsh 安装并且配置ZSH
--cn 是否在国内安装 --cn 是否在国内安装
--host 是否配置服务器的Host解析 --host 是否配置服务器的Host解析
--time 是否配置时间同步 --time 是否配置时间同步
--ssh-login 修改ssh的登录密钥 --ssh-login 修改ssh的登录密钥
--ssh-port <port> 修改ssh的登录端口 --ssh-port <port> 修改ssh的登录端口 端口 <port>
EOF EOF
} }
@@ -710,12 +823,13 @@ while [[ $# -gt 0 ]]; do
is_modify_ssh_login=1 is_modify_ssh_login=1
;; ;;
--ssh-port) --ssh-port)
is_modify_ssh_login=1 is_modify_ssh_port=1
modify_ssh_port=$2
;; ;;
*) *)
# unknown option # unknown option
;; ;;
esac esac
shift # past argument or value shift # past argument or value
done done
@@ -738,7 +852,7 @@ main() {
check_root check_root
check_sys check_sys
if [[ "$is_shutdown_firewall" -eq "1" ]]; then if [[ $is_shutdown_firewall -eq "1" ]]; then
shutdown_firewall shutdown_firewall
fi fi
@@ -782,9 +896,6 @@ main() {
install_zsh install_zsh
fi fi
# 使用chrony进行NTP时间同步--包含下面的设置 # 使用chrony进行NTP时间同步--包含下面的设置
# time_sync_to_ali_by_chrony || return $? # time_sync_to_ali_by_chrony || return $?
@@ -793,4 +904,3 @@ main() {
} }
main main

4
Public/mid-script.sh
View File

@@ -1,5 +1,9 @@
#!/bin/bash #!/bin/bash
.
## 对外暴露的安装Redis的主函数 ## 对外暴露的安装Redis的主函数
InstallRedis() { InstallRedis() {
FunctionStart FunctionStart