Ecs初始化1

#!/bin/bash

###########################################
# Author : JRT                   #
# why :  #ecs初始化，预期以一个脚本完成常用的安全配置
# Version : 1.0                           #
# Create_Time : 2021.9.29  #
# Description : 1.创建普通用户，2.创建可免密切换root用户，3.修改端口 4.安装修改docker目录，5.操作日志 6.创建user白名单，7.配源和安装依赖
###########################################

#ip白名单
ip=1.1.1.1
port=22
#ip+端口
harbor=1.1.1.1:22

#环境检查
check_env()
{
   if [  -n "`cat /etc/os-release |grep CentOS-7`" ];then
    echo -e "\e[35;40mGood,Your env is CentOS-7 \e[0m"

    elif [  -n "`cat /etc/os-release |grep CentOS-8`" ];then
        echo -e "\e[35;40mGood,Your env is CentOS-8 \e[0m"

    elif [  -n "`cat /etc/os-release |grep ubuntu`" ];then
        echo -e "\e[35;40mGood,Your env is ubuntu \e[0m"
    else
        echo -e "\e[35;40m环境检查失败，请将脚本放在正确环境，重新执行 \e[0m"
    exit

    fi
}

#加入非ip的密钥登陆
ip_white()
{
    check_env
    #禁陌生IP登陆,允许ip登陆
    echo "sshd: $ip" >> /etc/hosts.allow
    if [ ! -n "`cat /etc/hosts.deny |grep sshd:ALL`"  ];then
        echo "sshd:ALL" >> /etc/hosts.deny
    else
        echo "NOT NULL"
    fi
    service sshd  restart
}

#数据盘初始化和挂载
i=0
for j in `lsblk |grep vd |grep  -v  vda |awk 'NF <7' |awk '{print $1}'` 
do

if [ $i == 0 ];then

    if [ ! -d "/data" ];then
        mkdir /data
        mkfs -t ext4 "/dev/$j"
        mount /dev/$j /data
        #永久挂载
        echo "/dev/$j                                 /data                   ext4    defaults        0 0" >> /etc/fstab
    else
        mkfs -t ext4 "/dev/$j"
        mount /dev/$j /data
        #永久挂载
        echo "/dev/$j                                 /data                   ext4    defaults        0 0" >> /etc/fstab
    fi
else
    mkdir "/data$i"
    mkfs -t ext4 "/dev/$j"
    mount /dev/$j "/data$i" 
    #永久挂载
    echo "/dev/$j                                 /data$i                   ext4    defaults        0 0" >> /etc/fstab
    df -TH
fi

i=`expr $i + 1`
done
}


#修改远程连接端口（涉及重新连接，放在最后）
alter_port()
{
    check_env
    read -p "请输入ssh连接的端口:" port
    sed -i "17i Port $port" /etc/ssh/sshd_config
    systemctl restart sshd.service
}

#加入镜像加速 ，harbor镜像 ，实验特性打开 
#安装docker20.10.8版本
install_docker()
{
    check_env
    if [ -n "`docker info`" ];then
        echo "docker 已安装"
    else
    curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
    fi
    #docker授权   
    if [ ! -d "/data" ];then
        mkdir /data
    fi
    mkdir /etc/docker
    touch  /etc/docker/daemon.json

cat > /etc/docker/daemon.json << EOF    
{
"insecure-registries":["https://119.3.173.212:8085","http://$harbor"],
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"graph" : "/data/docker",
"experimental": true

}

EOF
    mkdir -p /root/.docker
    touch /root/.docker/config.json
cat > /root/.docker/config.json << EOF  
{
"experimental": "enabled"

}

EOF
    echo "`pwd`"
    systemctl restart docker
    echo "`ls -la /run/docker.sock`"
    chmod a+rw /run/docker.sock
    systemctl restart docker 

}


#开机挂载
check_env
echo "开机挂载"
disk_mount
sleep 2s
check_env
#docker安装授权，及加速，修改docker目录，打开实验特性打开
echo "docker安装授权，及加速，修改docker目录，打开实验特性打开" 
install_docker