#!/bin/bash
set -e

#date:20181204
#author:david
#description: ubuntu18.04 init

Kernel_Tuning(){
    cat > /etc/sysctl.d/kernel_tuning.conf <<EOF
# Syncookies make SYN flood attacks ineffective
net.ipv4.tcp_syncookies = 1

# Ignore bad ICMP
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 0

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Reply to ARPs only from correct interface (required for DSR load-balancers)
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
fs.file-max = 1024000

net.ipv4.tcp_max_syn_backlog = 4096
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 4096

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

#net.netfilter.nf_conntrack_tcp_timeout_time_wait=30

#net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 60
net.ipv4.ip_local_port_range = 1024  65535
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30

#net.ipv4.ip_conntrack_max = 250000
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 5
net.ipv4.tcp_keepalive_probes = 5

#net.netfilter.nf_conntrack_max = 1280000

vm.swappiness = 0
EOF
sysctl -p /etc/sysctl.d/kernel_tuning.conf
}

nofile_tuning(){
    cat >> /etc/security/limits.conf <<EOF
*               hard    core            128000
root            hard    core            128000
*               soft    core            128000
root            soft    core            128000
*	        hard    nproc           10000
root	        hard    nproc           10000
*	        soft    nproc           10000
root	        soft    nproc           10000
*	        hard    memlock         32000 
root	        hard    memlock         32000 
*	        soft    memlock         32000 
root	        soft    memlock         32000 
*	        hard    nofile          128000 
root	        hard    nofile          128000 
*	        soft    nofile          128000 
root	        soft    nofile          128000 
*	        hard    msgqueue        8192000 
root	        hard    msgqueue        8192000 
*	        soft    msgqueue        8192000 
root	        soft    msgqueue        8192000 
EOF
}

timezone_adjust(){
    ln -sf  /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
}

replace_apt() {
    cp /etc/apt/sources.list{,.bak}
    cat > /etc/apt/sources.list <<'EOF'
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
    apt update
}

modify_vimrc() {
cat > ~/.vimrc <<EOF
set ignorecase
set cursorline
set autoindent
set ai
autocmd BufNewFile *.sh exec ":call SetTitle()"

func SetTitle()
        if expand("%:e") == 'sh'
        call setline(1,"#!/bin/bash")
        call setline(2,"#**************************************************************")
        call setline(3,"#Author:                     Linus")
        call setline(4,"#QQ:                         599503252")
        call setline(5,"#Date:                       ".strftime("%Y-%m-%d"))
        call setline(6,"#FileName:                   ".expand("%"))
        call setline(7,"#URL:                        https://blog.51cto.com/14012942")
        call setline(8,"#Description:                Initialize the new server")         
        call setline(9,"#Copyright (C):              ".strftime("%Y")." Copyright ©  站点名称  版权所有")
        call setline(10,"#************************************************************")
        call setline(11,"")
        endif
endfunc
autocmd BufNewFile * normal G
EOF
}

ssh_adjust(){
    cp /etc/ssh/sshd_config{,_bak}
    sed '/^GSSAPIAuthentication/d' /etc/ssh/sshd_config -i
    sed '/^UseDNS/d' /etc/ssh/sshd_config -i
    echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config
    echo "UseDNS no" >> /etc/ssh/sshd_config
    systemctl restart sshd
}

judge_root() {
    [ $(id -u) != "0" ] && { echo -e "${RED}Error:${NO_COLOR} You must be root to run this script."; exit 1; } || :
}

install_software() {
    apt install  vim lrzsz tree screen lsof wget  ntpdate  iotop bc  zip unzip bash-completion  -y
}

modify_PS1() {
    echo 'PS1="\[\e[1;36m\][\u@\h \W]\\$\[\e[0m\] "' >> ~/.bashrc
}

main(){
    judge_root
    replace_apt
    install_software
    modify_vimrc
    modify_PS1
    timezone_adjust
    Kernel_Tuning
    ssh_adjust
}

main