Update euler.sh

2 years ago · e74a511763
parent f86159eeac
commit e74a511763
1 changed files with 27 additions and 15 deletions
--- a/scripts/install/euler.sh
+++ b/scripts/install/euler.sh
@ -13,6 +13,13 @@ VERSION_ID=`cat /etc/*-release | grep VERSION_ID | awk -F = '{print $2}' | awk -
 setenforce 0
 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

+SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
+if [ "$SSH_PORT" == "" ];then
+	SSH_PORT_LINE=`cat /etc/ssh/sshd_config | grep "Port \d*" | tail -1`
+	SSH_PORT=${SSH_PORT_LINE/"Port "/""}
+fi
+echo "SSH PORT:${SSH_PORT}"
+
 yum install -y wget lsof crontabs
 yum install -y python3-devel
 yum install -y python3-pip
@ -25,31 +32,36 @@ yum install -y mysql-devel
 yum install -y expect


-if [ -f /usr/sbin/iptables ];then
+# if [ -f /usr/sbin/iptables ];then

-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
-	service iptables save
-
-	iptables_status=`service iptables status | grep 'not running'`
-	if [ "${iptables_status}" == '' ];then
-		service iptables restart
-	fi
+# 	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+# 	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+# 	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
+# 	iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
+# 	service iptables save

-	#安装时不开启
-	service iptables stop
-fi
+# 	iptables_status=`service iptables status | grep 'not running'`
+# 	if [ "${iptables_status}" == '' ];then
+# 		service iptables restart
+# 	fi

+# 	#安装时不开启
+# 	service iptables stop
+# fi

-if [ ! -f /usr/sbin/iptables ];then
+if [ ! -f /usr/sbin/firewalld ];then
 	yum install firewalld -y
 	systemctl enable firewalld
 	#取消服务锁定
 	systemctl unmask firewalld
 	systemctl start firewalld

+	if [ "$SSH_PORT" != "" ];then
+		firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp
+	else
+		firewall-cmd --permanent --zone=public --add-port=22/tcp
+	fi
+
 	firewall-cmd --permanent --zone=public --add-port=22/tcp
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp