ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -s 172.28.29.10 -p tcp -m state --state NEW -m tcp -j ACCEPT -A RH-Firewall-1-INPUT -s 100.100.100.100 -p tcp -m state --state NEW -m tcp -j ACCEPT -A RH-Firewall-1-INPUT -s 10.20.20.10 -p tcp -m state --state NEW -m tcp -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Sun Jul 22 18:22:41 2012 _iptables #start iptables /etc/init.d/iptables start #add route /sbin/route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1 echo route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1 /etc/rc.local #set DNS /bin/cat /etc/resolv.conf _resolv nameserver 114.114.115.115 nameserver 114.114.114.114 nameserver 8.8.4.4 nameserver 8.8.8.8 _resolv #set ntp ntpdate 1.cn.pool.ntp.org /sbin/hwclock --systohc /bin/cat /etc/cron.daily/ntpdate _ntpdate #!/bin/bash /sbin/ntpdate 1.cn.pool.ntp.org /sbin/hwclock --systohc _ntpdate #set /etc/sysctl.conf /bin/cat /etc/sysctl.conf _sysctl fs.file-max = 1000000 kernel.core_uses_pid = 1 kernel.msgmax = 65536 kernel.msgmnb = 65536 kernel.shmall = 4294967296 kernel.shmmax = 68719476736 kernel.sysrq = 0 net.core.netdev_max_backlog = 262144 net.core.rmem_default = 2097152 net.core.rmem_max = 16777216 net.core.somaxconn = 262144 net.core.wmem_default = 2097152 net.core.wmem_max = 16777216 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.ip_conntrack_max = 819200 net.ipv4.ip_forward = 0 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.neigh.default.gc_thresh1 = 10240 net.ipv4.neigh.default.gc_thresh2 = 40960 net.ipv4.neigh.default.gc_thresh3 = 81920 net.ipv4.netfilter.ip_conntrack_max = 819200 net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60 net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120 net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 5 net.ipv4.tcp_keepalive_time = 30 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_max_tw_buckets = 51200 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_reordering = 5 net.ipv4.tcp_retrans_collapse = 0 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_sack = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv6.conf.all.disable_ipv6 = 1 _sysctl source /etc/profile sysctl -e -p /etc/init.d/avahi-daemon stop /etc/init.d/yum-updatesd stop chkconfig avahi-daemon off chkconfig yum-updatesd off 7、生成comps.xml文件 [root@localhost ~]# cd /data/OS [root@localhost ~]# createrepo -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/ 8、让系统启动读开始，一切自动完成， 一、之前有写过一篇管理定制CentOS5.6的文章，手动安装是在是太麻烦，所以就又研究了一些6系列的封装，现在你就可以把这个镜像文件刻录成安装安装系统了，只要你设置服务器从光驱启动就好了，ks.cfg的内容 修改lable linux [root@localhost ~]# vi /data/OS/isolinux/isolinux.cfg label linux menu label ^Install or upgrade an existing system menu default kernel vmlinuz append ks=cdrom:/isolinux/ks.cfg initrd=initrd.img 9、生成ISO镜像文件 [root@localhost ~]# declare -x discinfo=`head -1 .discinfo` [root@localhost ~]# createrepo -u media://$discinfo -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/ [root@localhost ~]# mkisofs -R -J -T -r -l -d -joliet-long -allow-multidot -allow-leading-dots -no-bak -o /data/kingsoft_centos6.3_1.0.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table /data/OS 10、生成MD5校验码 [root@localhost ~]# /usr/bin/md5sum /data/kingsoft_centos6.3_1.0.iso 2de68609b36db23cca4956b2779465ed /data/kingsoft_centos6.3_1.0.iso 三、到此已经完成了，就是有几个文件不一样， 二、开始定制 1、安装需要的用到的软件包 [root@localhost ~]# yum -y install createrepo mkisofs 2、生成安装系统所需要的rpm文件列表 [root@localhost ~]# awk /Installing/{print $2} install.log |sed s/^[0-9]*://g /root/packages.list 3、创建工作目录 [root@localhost ~]# mkdir -p /mnt/cdrom [root@localhost ~]# mkdir -p /data/OS [root@localhost ~]# mount /dev/cdrom /mnt/cdrom 4、复制文件 [root@localhost ~]# rsync -a --exclude=Packages /mnt/cdrom/* /data/OS/ [root@localhost ~]# cp /mnt/cdrom/.discinfo /data/OS/ 5、复制精简后的rpm包 a、撰写脚本 [root@localhost ~]# vi /data/cprmps.sh #!/bin/bash DEBUG=0 CentOS_DVD=/mnt/cdrom ALL_RPMS_DIR=/mnt/cdrom/Packages KOS_RPMS_DIR=/data/OS/Packages packages_list=/root/packages.list number_of_packages=`cat $packages_list | wc -l` i=1 while [ $i -le $number_of_packages ] ; do line=`head -n $i $packages_list | tail -n -1` name=`echo $line | awk {print $1}` version=`echo $line | awk {print $3} | cut -f 2 -d :` if [ $DEBUG -eq 1 ] ; then echo $i: $line echo $name echo $version fi if [ $DEBUG -eq 1 ] ; then ls $ALL_RPMS_DIR/$name-$version* if [ $? -ne 0 ] ; then echo cp $ALL_RPMS_DIR/$name-$version* fi else echo cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/ cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/ # in case the copy failed if [ $? -ne 0 ] ; then echo cp $ALL_RPMS_DIR/$name-$version* cp $ALL_RPMS_DIR/$name* $KOS_RPMS_DIR/ fi b、复制 [root@localhost ~]# chmod +x /data/cprmps.sh [root@localhost ~]# sh /data/cprmps.sh 6、撰写ks.cfg文件 [root@localhost ~]# vi /data/OS/isolinux/ks.cfg # Kickstart file automatically generated by anaconda. #Install OS instead of upgrade install #Use text mode install text #Use CDROM installation media cdrom lang en_US.UTF-8 keyboard us #Skip the X Configuration skipx #Network information network --bootproto=static --ip=172.28.26.100 --netmask=255.255.255.0 --gateway=172.28.28.1 --nameserver 8.8.8.8 --hostname=kingsoft-navy --noipv6 --onboot=yes #root -- 1q2w3e rootpw --iscrypted $1$UJlaGQFP$.Wf93SJYnar9yDIzS8YDr1 firewall --disabled #System authorization information authconfig --enableshadow --enablemd5 selinux --disabled timezone --utc Asia/Shanghai #System bootloader configuration bootloader --location=mbr #Clear the Master Boot Record zerombr yes #Partition clearing information bootloader --location=mbr clearpart --linux part /boot --fstype ext3 --size=200 --asprimary part pv.4 --size=30000 part swap --size=32000 part pv.7 --size=100 --grow volgroup VolGroupRoot --pesize=32768 pv.4 volgroup VolGroupData --pesize=32768 pv.7 logvol /data/logs --fstype ext3 --name=LogVolLogs --vgname=VolGroupData --size=10240 logvol /data --fstype ext3 --name=LogVolData --vgname=VolGroupData --size=59904 logvol / --fstype ext3 --name=LogVolRoot --vgname=VolGroupRoot --size=29984 #--- Reboot the host after installation is done reboot %packages @additional-devel @base @core @development @emacs @server-policy @system-management libXinerama-devel xorg-x11-proto-devel startup-notification-devel libgnomeui-devel libbonobo-devel cmake rpmdevtools jpackage-utils rpmlint %post # file descriptors ulimit -HSn 655350 echo * soft nofile 655350 /etc/security/limits.conf echo * hard nofile 655350 /etc/security/limits.conf #set iptables /bin/cat /etc/sysconfig/iptables _iptables # Generated by iptables-save v1.3.5 on Sun Jul 22 18:22:41 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [458589544:2196099698813] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED，最近公司外网生产环境准备用CentOS6系列的。

。

其实和5系列的差不多，还有就是ks.cfg这个文件我又更新了新内容，。