个人自用服务器初始化脚本,完成如下功能:

  • 自动安装unzip curl wget sudo fail2ban rsyslog systemd-timesyncd ufw htop
  • 修改grub配置,让网卡以ethX的格式命名
  • 启用BBR
  • 根据交互的方式修改hostname
  • 根据交互的方式修改ssh端口,并使用fail2ban对ssh进行保护,使用ufw放行该端口
  • 根据交互的方式修改dns,并对resolv.conf文件进行加锁
  • 通过交互的方式创建swap交换文件并启用

以下脚本代码在DD Debian12系统后测试通过

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/bin/bash

# 颜色定义
GREEN='\e[32m'
NC='\e[0m' # 重置颜色

# 检查是否为 root 用户
if [ $(id -u) -ne 0 ]; then
    echo -e "${GREEN}请使用 sudo 执行该脚本!${NC}"
    exit 1
fi

# 更新系统源并升级
echo -e "${GREEN}更新系统源并升级...${NC}"
apt update && apt upgrade -y

# 安装所需软件包
echo -e "${GREEN}安装软件包...${NC}"
apt install -y unzip curl wget sudo fail2ban rsyslog systemd-timesyncd ufw htop

# 修改 hostname
echo -e "${GREEN}是否修改 hostname?(y/N)${NC}"
read -p "请输入 y 继续,否则默认不修改: " modify_hostname
if [[ "$modify_hostname" =~ ^[Yy]$ ]]; then
    read -p "请输入新的 hostname: " new_hostname
    if [ -n "$new_hostname" ]; then
        hostnamectl set-hostname "$new_hostname"
        if ! grep -q "$new_hostname" /etc/hosts; then
            sed -i "1s/127.0.0.1\tlocalhost/127.0.0.1\tlocalhost/" /etc/hosts
            sed -i "2i127.0.1.1\t$new_hostname" /etc/hosts
        fi
    fi
fi

# 交互式修改 SSH 端口
echo -e "${GREEN}是否修改 SSH 端口?(y/N)${NC}"
read -p "请输入 y 继续,否则默认不修改: " modify_ssh
if [[ "$modify_ssh" =~ ^[Yy]$ ]]; then
    read -p "请输入新的 SSH 端口(默认 22): " ssh_port
    ssh_port=${ssh_port:-22}
    sed -i "s/^#\?Port .*/Port $ssh_port/" /etc/ssh/sshd_config
    sed -i "s/^#\?X11Forwarding .*/X11Forwarding no/" /etc/ssh/sshd_config
    ufw allow "$ssh_port"/tcp
fi

# 配置 fail2ban
echo -e "${GREEN}配置 fail2ban...${NC}"
tee /etc/fail2ban/jail.local > /dev/null << EOF
[sshd]
ignoreip = 127.0.0.1/8
enabled = true
filter = sshd
port = $ssh_port
maxretry = 3
findtime = 300
bantime = -1
banaction = ufw
logpath = /var/log/auth.log
EOF

# 修改 DNS 配置
echo -e "${GREEN}是否修改 DNS 配置?(y/N)${NC}"
read -p "请输入 y 继续,否则默认不修改: " modify_dns
if [[ "$modify_dns" =~ ^[Yy]$ ]]; then
    read -p "请输入新的 DNS 服务器(多个用空格分隔): " dns_servers
    if [ -n "$dns_servers" ]; then
        cp /etc/resolv.conf /etc/resolv.conf.bak
        chattr -i /etc/resolv.conf
        > /etc/resolv.conf
        for dns in $dns_servers; do
            echo "nameserver $dns" >> /etc/resolv.conf
        done
        chattr +i /etc/resolv.conf
    fi
fi

# 修改 GRUB_CMDLINE_LINUX,添加 "net.ifnames=0 biosdevname=0"
echo -e "${GREEN}修改 GRUB 配置...${NC}"
if ! grep -q "net.ifnames=0 biosdevname=0" /etc/default/grub; then
    sed -i 's/^GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="\1 net.ifnames=0 biosdevname=0"/' /etc/default/grub
    update-grub
fi

# 修改 sysctl.conf 添加 BBR
echo -e "${GREEN}配置 BBR...${NC}"
sed -i 's/^net\.core\.default_qdisc=fq$/net.core.default_qdisc = fq/' /etc/sysctl.conf
sed -i 's/^net\.ipv4\.tcp_congestion_control=bbr$/net.ipv4.tcp_congestion_control = bbr/' /etc/sysctl.conf
if ! grep -q "net.core.default_qdisc = fq" /etc/sysctl.conf; then
    echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv4.tcp_congestion_control = bbr" /etc/sysctl.conf; then
    echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
fi
sysctl -p

# 启动服务,应用配置
echo -e "${GREEN}启动服务...${NC}"
systemctl restart sshd
systemctl restart fail2ban
systemctl enable fail2ban
systemctl restart systemd-timesyncd
systemctl enable systemd-timesyncd

# 启用 ufw
echo -e "${GREEN}启用 ufw...${NC}"
ufw enable

# 交互式确认是否修改 Swap
echo -e "${GREEN}是否修改 Swap 设置?(y/N)${NC}"
read -p "请输入 y 继续,否则默认不修改: " modify_swap
if [[ "$modify_swap" =~ ^[Yy]$ ]]; then
    echo -e "${GREEN}请输入 Swap 大小 (单位 MB): ${NC}"
    read SWAP_SIZE
    if ! [[ "$SWAP_SIZE" =~ ^[0-9]+$ ]]; then
        echo -e "${GREEN}无效输入,请输入一个正整数。${NC}"
        exit 1
    fi
    echo -e "${GREEN}请输入 Swappiness 值 (1-100, 默认 60): ${NC}"
    read SWAPPINESS
    SWAPPINESS=${SWAPPINESS:-60}
    if ! [[ "$SWAPPINESS" =~ ^[0-9]+$ ]] || [ "$SWAPPINESS" -lt 1 ] || [ "$SWAPPINESS" -gt 100 ]; then
        echo -e "${GREEN}无效输入,请输入 1 到 100 之间的整数。${NC}"
        exit 1
    fi
    EXISTING_SWAP=$(swapon --show=NAME --noheadings)
    if [ -n "$EXISTING_SWAP" ]; then
        swapoff "$EXISTING_SWAP"
        rm -f "$EXISTING_SWAP"
        sed -i "\|$EXISTING_SWAP|d" /etc/fstab
    fi
    echo -e "${GREEN}请输入新的 Swap 文件路径 (默认: /swapfile): ${NC}"
    read SWAP_FILE
    SWAP_FILE=${SWAP_FILE:-/swapfile}
    fallocate -l ${SWAP_SIZE}M "$SWAP_FILE" || dd if=/dev/zero of="$SWAP_FILE" bs=1M count=$SWAP_SIZE
    chmod 600 "$SWAP_FILE"
    mkswap "$SWAP_FILE"
    swapon "$SWAP_FILE"
    if ! grep -q "$SWAP_FILE" /etc/fstab; then
        echo "$SWAP_FILE none swap sw 0 0" >> /etc/fstab
    fi
    if grep -q "^vm.swappiness" /etc/sysctl.conf; then
        sed -i '/^vm\.swappiness/d' /etc/sysctl.conf
    fi
    echo "vm.swappiness = $SWAPPINESS" >> /etc/sysctl.conf
    sysctl -p
    swapon --show
fi

echo -e "${GREEN}配置完成!${NC}"
许可协议

本文采用 署名-非商业性使用-相同方式共享 4.0 国际 许可协议,转载请注明出处。

快来参与讨论吧~