服务器日常运行状态报告脚本
此脚本是在使用的 鸟哥 Linux 私房菜的
CentOs 7
的状态报告脚本
下载地址
- 共享地址: https://index.php?share/file&user=102&sid=HQwNy8mR
- 提取密码:
2zPf1
- 提取密码:
使用方法
$ sudo tar -zxvf logfile_centos7.tar.gz -C / # 没错就是解压到根目录
# 此脚本会在 `/etc/cron.d/` 新建 `vbirdlogfile` 文件 此文件的作用是添加定时任务
# 新建 `/root/bin/logfile` 目录 此目录是脚本执行环境
主脚本介绍
脚本的一些繁体字我翻译成简体中文了、具体每个步骤的作用你可以参考一下
#!/bin/bash
#
##########################################################################################
# YOU MUST KEYIN SOME PARAMETERS HERE!!
# 底下的资料是您必須要填写的!
email="youremail@example.com" # 这是你想将 logfile 邮寄的 email 地址
# 你也可以将这些资料寄给许多邮件地址,可以使用底下的格式:
# email="root@localhost,yourID@hostname"
# 每个 email 用逗号隔开,不要加空白鍵!
basedir="/dev/shm/logfile/" # 这个是 logfile.sh 生成的 logfile_mail.txt 存放目录
funcdir="/root/bin/logfile" # 这个是 logfile.sh 这个脚本的存放目录
outputall="no" # 这个是『是否要將所有的登录档內容都印出來?
# 对于一般新手來說,只要看汇整的资讯即可,
# 所以这里选择 "no" ,如果想要知道所有的登陆讯息,则可以设定为 "yes"
##########################################################################################
# 底下的资料看看就好,因为不需要更动,程式已经设计好了!
# 如果您有其他的额外发现,可以进行进一步的修改喔! ^_^
export email basedir outputall funcdir
[ ! -d $basedir ] && mkdir $basedir
##########################################################################################
# 0. 设定一些基本的变数內容与检验 basedir 是否存在
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
#LANG=zh_TW.utf8
LANG=C
export PATH LANG LANGUAGE LC_TIME
localhostname=$(hostname)
# 修改使用者邮件位址!
temp=$(echo $email | cut -d '@' -f2)
if [ "$temp" == "localhost" ]; then
email=$(echo $email | cut -d '@' -f1)\@"$localhostname"
fi
# 检测 awk 与 sed 与 egrep 等会使用到的程式 是否存在
errormesg=""
programs="awk sed egrep ps cat cut tee netstat df uptime journalctl"
for profile in $programs
do
which $profile > /dev/null 2>&1
if [ "$?" != "0" ]; then
echo -e "您的系统并沒有包含 $profile 程式;(Your system do not have $profile )"
errormesg="yes"
fi
done
if [ "$errormesg" == "yes" ]; then
echo "您的系统缺乏本程式执行所需要的系统执行档, $0 将停止作业"
exit 1
fi
# 测验暂存目录是否存在!
temp=$(ps -aux 2> /dev/null | grep systemd-journal | grep -v grep)
if [ "$temp" == "" ]; then
echo -e "您的系统沒有启动 systemd-journald 这个 daemon ,"
echo -e "本程式主要针对 systemd-journald 产生的 logfile 來分析,"
echo -e "因此,沒有 systemd-journald 则本程式沒有执行之必要。"
exit 0
fi
# 測驗暫存目錄是否存在!
if [ ! -d "$basedir" ]; then
echo -e "$basedir 此目录并不存在,本程式 $0 无法进行工作!"
exit 1
fi
##########################################################################################
# 0.1 设定版本咨询,以及相关的 log files 內容表格!
lastdate="2015-08-20"
versions="Version 0.3"
hosthome=$(hostname)
logfile="$basedir/logfile_mail.txt"
declare -i datenu=$(date +%k)
if [ "$datenu" -le "6" ]; then
date --date='1 day ago' +%b' '%e > "$basedir/dattime"
date --date='1 day ago' +%Y-%m-%d > "$basedir/dattime2"
else
date +%b' '%e > "$basedir/dattime"
date +%Y-%m-%d > "$basedir/dattime2"
fi
y="`cat $basedir/dattime`"
y2="`cat $basedir/dattime2`"
export lastdate hosthome logfile y
# 0.1.1 secure file
log=$(journalctl SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 --since yesterday --until today | grep -v "^\-\-")
if [ "$log" != "" ]; then
journalctl SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 --since yesterday --until today | grep -v "^\-\-" > "$basedir/securelog"
fi
# 0.1.2 maillog file
log=$(journalctl SYSLOG_FACILITY=2 --since yesterday --until today | grep -v "^\-\-")
if [ "$log" != "" ]; then
journalctl SYSLOG_FACILITY=2 --since yesterday --until today | grep -v "^\-\-" > "$basedir/maillog"
fi
# 0.1.3 messages file
journalctl SYSLOG_FACILITY=0 SYSLOG_FACILITY=1 SYSLOG_FACILITY=3 SYSLOG_FACILITY=5 \
SYSLOG_FACILITY=6 SYSLOG_FACILITY=7 SYSLOG_FACILITY=8 SYSLOG_FACILITY=11 SYSLOG_FACILITY=16 \
SYSLOG_FACILITY=17 SYSLOG_FACILITY=18 SYSLOG_FACILITY=19 SYSLOG_FACILITY=20 SYSLOG_FACILITY=21 \
SYSLOG_FACILITY=22 SYSLOG_FACILITY=23 --since yesterday --until today | grep -v "^\-\-" > "$basedir/messageslog"
touch "$basedir/securelog"
touch "$basedir/maillog"
touch "$basedir/messageslog"
# The following lines are detecting your PC live?
timeset1=`uptime | grep day`
timeset2=`uptime | grep min`
if [ "$timeset1" == "" ]; then
if [ "$timeset2" == "" ]; then
UPtime=`uptime | awk '{print $3}'`
else
UPtime=`uptime | awk '{print $3 " " $4}'`
fi
else
if [ "$timeset2" == "" ]; then
UPtime=`uptime | awk '{print $3 " " $4 " " $5}'`
else
UPtime=`uptime | awk '{print $3 " " $4 " " $5 " " $6}'`
fi
fi
# 显示出本主机的 IP !
IPs=$(echo $(ifconfig | grep 'inet '| awk '{print $2}' | grep -v '127.0.0.'))
##########################################################################################
# 1. 建立欢迎页面通知,以及系統的资料整理!
echo "" > $logfile
/sbin/restorecon -Rv $logfile
echo "=============== system summary =================================" >> $logfile
echo "Linux kernel : $(cat /proc/version | \
awk '{print $1 " " $2 " " $3 " " $4}')" >> $logfile
echo "CPU informatin: $(cat /proc/cpuinfo |grep 'model name' | sed 's/model name.*://' | \
uniq -c | sed 's/[[:space:]][[:space:]]*/ /g')" >> $logfile
echo "CPU speed : $( cat /proc/cpuinfo | grep "cpu MHz" | \
sort | tail -n 1 | cut -d ':' -f2-) MHz" >> $logfile
echo "hostname is : $(hostname)" >> $logfile
echo "Network IP : ${IPs}" >> $logfile
echo "Check time : $(date +%Y/%B/%d' '%H:%M:%S' '\(' '%A' '\))" >> $logfile
echo "Summary date : $(cat $basedir/dattime)" >> $logfile
echo "Up times : $(echo $UPtime)" >> $logfile
echo "Filesystem summary: " >> $logfile
df -Th | sed 's/^/ /' >> $logfile
if [ -x /opt/MegaRAID/MegaCli/MegaCli64 ]; then
cd /root
echo >> $logfile
echo "Test the RAID card Volumes informations:" >> $logfile
/opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -LALL -aAll | \
grep -E '^Name|^Size|^State' >> $logfile
echo >> $logfile
echo "Test RAID devices" >> $logfile
/opt/MegaRAID/MegaCli/MegaCli64 -PDList -aAll | \
grep -E '^Firmware|^Slot|^Media Error|^Other Error' >> $logfile
cd -
fi
echo " " >> $logfile
echo " " >> $logfile
# 1.1 Port 分析
if [ -f $funcdir/function/ports ]; then
source $funcdir/function/ports
fi
##########################################################################################
# 2 开始测试需要进行的模组!
# 2.1 测试 ssh 是否存在?
input=`cat $basedir/netstat.tcp.output |egrep '(22|sshd)'`
if [ "$input" != "" ]; then
source $funcdir/function/ssh
funcssh
echo " " >> $logfile
fi
# 2.2 测试 FTP 的玩意儿~
input=`cat $basedir/netstat.tcp.output |egrep '(21|ftp)'`
if [ "$input" != "" ]; then
if [ -f /etc/ftpaccess ]; then
source $funcdir/function/wuftp
funcwuftp
fi
proftppro=`which proftpd 2> /dev/null`
if [ "$proftppro" != "" ]; then
source $funcdir/function/proftp
funcproftp
fi
fi
# 2.3 pop3 测试
input=`cat $basedir/netstat.tcp.output | grep 110`
if [ "$input" != "" ]; then
dovecot=`cat $basedir/netstat.tcp.output | grep dovecot`
if [ "$dovecot" != "" ]; then
source $funcdir/function/dovecot
funcdovecot
echo " " >> $logfile
else
source $funcdir/function/pop3
funcpop3
echo " " >> $logfile
fi
fi
# 2.4 Mail 测试
input=`cat $basedir/netstat.tcp.output $basedir/netstat.tcp.local 2> /dev/null |grep 25`
if [ "$input" != "" ]; then
postfixtest=`netstat -tlnp 2> /dev/null |grep ':25'|grep master`
#sendmailtest=`ps -aux 2> /dev/null |grep sendmail| grep -v 'grep'`
if [ "$postfixtest" != "" ] ; then
source $funcdir/function/postfix
funcpost
else
source $funcdir/function/sendmail
funcsendmail
fi
procmail=`/bin/ls /var/log| grep procmail| head -n 1`
if [ "$procmail" != "" ] ; then
source $funcdir/function/procmail
funcprocmail
fi
openwebmail=`ls /var/log | grep openwebmail | head -n 1`
if [ "$openwebmail" != "" ]; then
source $funcdir/function/openwebmail
funcopenwebmail
fi
fi
# 2.5 samba 测试
input=`cat $basedir/netstat.tcp.output 2> /dev/null |grep 139|grep smbd`
if [ "$input" != "" ]; then
source $funcdir/function/samba
funcsamba
fi
#####################################################################
# 10. 全部的资讯列出給人瞧一瞧!
if [ "$outputall" == "yes" ] || [ "$outputall" == "YES" ] ; then
echo " " >> $logfile
echo "================= 全部的登录日志归档 =======================" >> $logfile
echo "1. 重要的登录记录档 ( Secure file )" >> $logfile
echo " 说明:已经取消了 pop3 的资讯!" >> $logfile
grep -v 'pop3' $basedir/securelog >> $logfile
echo " " >> $logfile
echo "2. 使用 last 这个指令输出的结果" >> $logfile
last -20 >> $logfile
echo " " >> $logfile
echo "3. 将特重要的 /var/log/messages 列出來瞧一瞧!" >> $logfile
cat $basedir/messageslog >> $logfile
echo " " >> $logfile
if [ -f /var/log/knockd.log ]; then
echo "4. 开始分析 knockd 这个服务的相关资料" >> $logfile
echo "4.1 正常登入主机的指令运作" >> $logfile
grep "$y2" /var/log/knockd.log | grep 'iptables' >> $logfile
echo ""
echo "4.2 因为某些原因,导致无法登入的 IP 与状态!" >> $logfile
grep "$y2" /var/log/knockd.log | grep 'sequence timeout' >> $logfile
fi
fi
# At last! we send this mail to you!
export LANG=zh_TW.utf8
export LC_ALL=zh_TW.utf8
if [ -x /usr/bin/uuencode ]; then
uuencode $logfile logfile.html | mail -s "$hosthome logfile analysis results" $email
else
mail -s "$hosthome logfile analysis results" $email < $logfile
fi