From aeafaa283251aa906d944bc1424d80aef45aea16 Mon Sep 17 00:00:00 2001 From: midoks Date: Sun, 10 Sep 2023 12:25:51 +0800 Subject: [PATCH] update --- scripts/install/centos.sh | 42 +++++++++++++++++++++++++-------------- scripts/install/euler.sh | 1 - 2 files changed, 27 insertions(+), 16 deletions(-) diff --git a/scripts/install/centos.sh b/scripts/install/centos.sh index 92c73b967..84c7e076e 100755 --- a/scripts/install/centos.sh +++ b/scripts/install/centos.sh @@ -13,6 +13,13 @@ VERSION_ID=`cat /etc/*-release | grep VERSION_ID | awk -F = '{print $2}' | awk - setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config +SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` +if [ "$SSH_PORT" == "" ];then + SSH_PORT_LINE=`cat /etc/ssh/sshd_config | grep "Port \d*" | tail -1` + SSH_PORT=${SSH_PORT_LINE/"Port "/""} +fi +echo "SSH PORT:${SSH_PORT}" + yum install -y wget lsof crontabs yum install -y python3-devel yum install -y python3-pip @@ -25,32 +32,37 @@ yum install -y mysql-devel yum install -y expect -if [ -f /usr/sbin/iptables ];then +# if [ -f /usr/sbin/iptables ];then - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT - service iptables save +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT +# service iptables save - iptables_status=`service iptables status | grep 'not running'` - if [ "${iptables_status}" == '' ];then - service iptables restart - fi +# iptables_status=`service iptables status | grep 'not running'` +# if [ "${iptables_status}" == '' ];then +# service iptables restart +# fi - #安装时不开启 - service iptables stop -fi +# #安装时不开启 +# service iptables stop +# fi -if [ ! -f /usr/sbin/iptables ];then +if [ ! -f /usr/sbin/firewalld ];then yum install firewalld -y systemctl enable firewalld #取消服务锁定 systemctl unmask firewalld systemctl start firewalld - firewall-cmd --permanent --zone=public --add-port=22/tcp + if [ "$SSH_PORT" != "" ];then + firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp + else + firewall-cmd --permanent --zone=public --add-port=22/tcp + fi + firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp diff --git a/scripts/install/euler.sh b/scripts/install/euler.sh index 75c8aaf4b..f535ab5df 100755 --- a/scripts/install/euler.sh +++ b/scripts/install/euler.sh @@ -62,7 +62,6 @@ if [ ! -f /usr/sbin/firewalld ];then firewall-cmd --permanent --zone=public --add-port=22/tcp fi - firewall-cmd --permanent --zone=public --add-port=22/tcp firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp