linux版本
# -*- coding:utf-8 -*- -
import os
import re
banner = """\033[1;34m
__ __ _____ _ _ __ __ _____
\ \ / / |_ _| | \ | | \ \ / / |_ _|
\ V / | | | \| | \ \_/ / | |
> < | | | . ` | \ / | |
/ . \ _| |_ | |\ | | | _| |_
/_/ \_\ |_____| |_| \_| |_| |_____|
linux自动化巡检工具 Version:1.0
Company:xxx有限公司 Author:dqq\033[0m
"""
print(banner)
def get_cpu(): # 检查cpu
global last_worktime, last_idletime
f = open("/proc/stat", "r")
line = ""
while not "cpu " in line: line = f.readline()
f.close()
spl = line.split(" ")
worktime = int(spl[2]) + int(spl[3]) + int(spl[4])
idletime = int(spl[5])
dworktime = (worktime - last_worktime)
didletime = (idletime - last_idletime)
rate = float(dworktime) / (didletime + dworktime)
last_worktime = worktime
last_idletime = idletime
if (last_worktime == 0): return 0
return rate
def get_mem_usage_percent(): # 检查内存
try:
f = open('/proc/meminfo', 'r')
for line in f:
if line.startswith('MemTotal:'):
mem_total = int(line.split()[1])
elif line.startswith('MemFree:'):
mem_free = int(line.split()[1])
elif line.startswith('Buffers:'):
mem_buffer = int(line.split()[1])
elif line.startswith('Cached:'):
mem_cache = int(line.split()[1])
elif line.startswith('SwapTotal:'):
vmem_total = int(line.split()[1])
elif line.startswith('SwapFree:'):
vmem_free = int(line.split()[1])
else:
continue
f.close()
except:
return None
physical_percent = usage_percent(mem_total - (mem_free + mem_buffer + mem_cache), mem_total)
virtual_percent = 0
if vmem_total > 0:
virtual_percent = usage_percent((vmem_total - vmem_free), vmem_total)
return physical_percent, virtual_percent
def usage_percent(use, total): # 百分比
try:
ret = (float(use) / total) * 100
except ZeroDivisionError:
raise Exception("ERROR - zero division error")
return ret
def ostype():#判断系统类型和版本
a=os.popen("lsb_release -a").read()
b=os.popen("cat /etc/redhat-release").read()
os_info=a+b
sysnum = int(re.findall(r' (\d+?)\.', os_info, re.S)[0])#取出版本号
system=''
try:
system=re.search('CentOS', os_info).group()
except:
pass
try:
system=re.search('Ubuntu', os_info).group()
except:
pass
try:
system=re.search('openSUSE', os_info).group()
except:
pass
try:
system=re.search('Red Hat', os_info).group()
except:
pass
try:
system=re.search('Debian', os_info).group()
except:
pass
return system,sysnum
def account_check():#检查账户情况
account_list = []
cmd = os.popen("cat /etc/shadow").read()
user_list = re.split(r'\n', cmd)
for i in user_list:
try:
c = re.search(r'\*|!', i).group()
except:
try:
ok_user = re.findall(r'(.+?):', i)[0]
account_list.append(ok_user)
except:
pass
anonymous_account = os.popen("awk -F: 'length($2)==0 {print $1}' /etc/shadow").read()
account = '存在的账户:\n{0}\n空口令用户:\n{1}\n'.format(account_list, anonymous_account)
return account
def process():#列出在当前环境中运行的进程,不包含环境信息
process =os.popen("ps -ef").read()
return process
def service(system,sysnum):#列出开启的服务
service=''
if system=='Ubuntu' or system=='Debian':
service=os.popen("service --status-all | grep +").read()
elif system=='openSUSE':
service = os.popen("service --status-all | grep running").read()
elif system=='CentOS' or system=='Red Hat':
if sysnum<7:
service1 = os.popen("chkconfig --list |grep 2:启用").read()
service2 = os.popen("chkconfig --list |grep 2:on").read()
service=service1+'\n'+service2
else:
service = os.popen("systemctl list-units --type=service --all |grep running").read()
return service
def startup(system,sysnum):#列出启动项
startup=''
if system=='CentOS' or system=='Red Hat':
if sysnum<7:
startup=os.popen("cat /etc/rc.d/rc.local").read()
else:
startup = os.popen("systemctl list-unit-files | grep enabled").read()
elif system=='Ubuntu' or system=='Debian':
if sysnum < 14:
startup1 = os.popen("chkconfig |grep on").read()
startup2 = os.popen("chkconfig |grep 启用").read()
startup = startup1+startup2
else:
startup = os.popen("systemctl list-unit-files | grep enabled").read()
elif system == 'openSUSE':
startup1 = os.popen("chkconfig |grep on").read()
startup2 = os.popen("chkconfig |grep 启用").read()
startup = startup1 + startup2
return startup
def timingtask():#列出定时任务
timingtask = []
cmd = os.popen("cat /etc/shadow").read()
user_list = re.split(r'\n', cmd)
for i in user_list:
try:
c = re.search(r'\*|!', i).group()
except:
try:
ok_user = re.findall(r'(.+?):', i)[0]
task = os.popen("crontab -l -u " + ok_user).read()
timingtask.append(task)
except:
pass
return timingtask
def seclog_time():#登录日志存留时间
cmd = os.popen("cat /etc/logrotate.conf").read()
try:
seclog=''
cycle = re.findall(r'# rotate log files weekly\n(.+?)\n', cmd, re.S)[0] # 周期
num = re.findall(r'\d+', str(re.findall(r'# keep 4 weeks worth of backlogs\n(.+?)\n', cmd, re.S)))[0] # 次数
print('轮转周期:{0}\n轮转次数:{1}'.format(cycle,num))
if cycle == 'weekly':
if int(num) < 26:
seclog = '日志存留不足180天'
else:
seclog = '日志存留时间符合要求'
elif cycle == 'monthly':
if int(num) < 6:
seclog = '日志存留不足180天'
else:
seclog = '日志存留时间符合要求'
elif cycle == 'quarterly':
if int(num) < 2:
seclog = '日志存留不足180天'
else:
seclog = '日志存留时间符合要求'
return seclog
except:
seclog = '日志轮转配置读取出错'
return seclog
def seclog_login(system):#登录ip记录
succeed=failed=''
if system=='CentOS' or system=='Red Hat':
succeed='\n成功登录:\n'+os.popen("cat /var/log/secure*|awk '/Accepted/{print $(NF-3)}'|sort|uniq -c|awk '{print $2\"|次数=\"$1;}'").read()
failed='\n失败登录:\n'+os.popen("cat /var/log/secure*|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2\"|次数=\"$1;}'").read()
elif system=='Ubuntu' or system=='Debian':
succeed = os.popen(
"cat /var/log/auth.log|awk '/Accepted/{print $(NF-3)}'|sort|uniq -c|awk '{print $2\"|次数=\"$1;}'").read()
failed = os.popen(
"cat /var/log/auth.log|awk '/authentication failure/{print $(NF-1)}'|sort|uniq -c|awk '{print $2\"|次数=\"$1;}'").read()
succeed='\n成功登录:\n'+re.sub("rhost=\|次数=\d|ruser=\|次数=\d|rhost=","",succeed)
failed = '\n失败登录:\n'+re.sub("rhost=\|次数=\d|ruser=\|次数=\d|rhost=", "", failed)
elif system == 'openSUSE':
succeed = '\n成功登录:\n'+os.popen(
"cat /var/log/messages|awk '/Accepted/{print $(NF-3)}'|sort|uniq -c|awk '{print $2\"|次数=\"$1;}'").read()
failed = '\n失败登录:\n'+os.popen(
"cat /var/log/messages|awk '/failure/{print $(NF)}'|sort|uniq -c|awk '{print $2\"|次数=\"$1;}'").read()
return succeed,failed
def firewall(system,sysnum):#查看防火墙状态
firewall=''
if system=='CentOS' or system=='Red Hat':
if sysnum<7:
firewall=os.popen("service iptables status").read()
else:
firewall = os.popen("systemctl status firewalld").read()
elif system == 'Ubuntu' or system == 'Debian':
firewall = os.popen("ufw status").read()
elif system == 'openSUSE':
firewall = os.popen("chkconfig -list | grep fire").read()
return firewall
######以上为函数部分#####
if os.popen("whoami").read()!='root\n':
print('请在root用户权限下运行...')
exit()
last_worktime=0
last_idletime=0
statvfs = os.statvfs('/')
total_disk_space = statvfs.f_frsize * statvfs.f_blocks
free_disk_space = statvfs.f_frsize * statvfs.f_bfree
disk_usage = (total_disk_space - free_disk_space) * 100.0 / total_disk_space
disk_usage = int(disk_usage)
disk_tip = "硬盘空间使用率:"+str(disk_usage)+"%"
mem_usage = get_mem_usage_percent()
mem_usage = int(mem_usage[0])
mem_tip = "物理内存使用率:"+str(mem_usage)+"%"
cpu_usage = int(get_cpu()*100)
cpu_tip = "CPU使用率:"+str(cpu_usage)+"%"
load_average = os.getloadavg()
load_tip = "系统负载:"+str(load_average)+'\n判断:系统负载中三个数值中有一个超过3就是高'
system=ostype()[0]
sysnum=ostype()[1]
print('【系统状态】')
print(disk_tip)
print(mem_tip)
print(cpu_tip)
print(load_tip)
print('\n【账户情况】')
print(account_check())
print('【运行的进程】\n')
print(process())
print('\n【开启的服务】\n')
print(service(system,sysnum))
print('\n【启动项】\n')
print(startup(system,sysnum))
print('\n【定时任务】\n')
for timingtask in timingtask():
print(timingtask)
print('\n【登录日志】\n')
print('日志存留时间:')
print(seclog_time())
print(seclog_login(system)[0])
print(seclog_login(system)[1])
print('\n【防火墙状态】:\n')
print(firewall(system,sysnum))
window版本
# company:宁波壹安科技
# author:说书人
import os
import re
import psutil
banner = """\033
__ __ _____ _ _ __ __ _____
\ \ / / |_ _| | \ | | \ \ / / |_ _|
\ V / | | | \| | \ \_/ / | |
> < | | | . ` | \ / | |
/ . \ _| |_ | |\ | | | _| |_
/_/ \_\ |_____| |_| \_| |_| |_____|
windows自动化巡检工具 Version:1.0
Company:xx科技有限公司 Author:dqq\033
"""
print(banner)
def cpu(): # cpu使用率
print('获取CPU信息...')
cpu = 'CPU使用率:{}{}\n'.format(str(psutil.cpu_percent(1)), '%')
return cpu
def mem(): # 内存使用率
print('获取内存信息...')
mem = '内存使用率:{}{}\n'.format(str(psutil.virtual_memory()[2]), '%')
return mem
def disk(): # 磁盘使用率
print('获取磁盘信息...')
disk = '磁盘使用率:{}{}'.format(psutil.disk_usage('/')[3], '%')
return disk
def account(): # 本地账户检查
print('检查本地账户情况...')
try:
admin_info = os.popen('net localgroup administrators').read()
administrators = re.findall(r'-\n(.+?)命令成功完成', admin_info, re.S)[0] # 管理组
users_info = os.popen('net localgroup users').read()
users = re.findall(r'-\n(.+?)命令成功完成', users_info, re.S)[0] # 用户组
guest_info = os.popen('net user guest').read()
guest = re.findall(r'帐户启用(.+?)帐户到期', guest_info, re.S)[0].replace(' ', '').replace('\n', '') # guest账户是否禁止
if guest == 'No':
guest_able = 'guest账户已禁用'
elif guest == 'Yes':
guest_able = '注意,guest账户未禁用!'
account = '管理组:\n{}\n用户组:\n{}\n{}'.format(administrators, users, guest_able)
return account
except:
print('无法获取本地账户信息')
def tasklist(): # 获取进程列表
print('获取进程列表...')
try:
tasklist = os.popen('tasklist').read()
return tasklist
except:
print('无法获取进程列表信息')
def service(): # 获取已启用的服务
print('获取服务列表...')
try:
service = os.popen('net start').read()
return service
except:
print('无法获取服务列表信息')
def schtasks(): # 获取计划任务
print('获取计划任务...')
try:
schtasks_info = os.popen('schtasks.exe').read()
schtasks = re.findall(r'\n(.+?)文件夹:', schtasks_info, re.S)[0]
return schtasks
except:
print('无法获取计划任务信息')
def firewall(): # 获取防火墙信息
print('获取防火墙信息...')
try:
firewall_info = os.popen('netsh firewall show state').read()
firewall = re.findall(r'\n(.+?)重要信息', firewall_info, re.S)[0]
return firewall
except:
print('无法获取防火墙信息')
def CVEcheck(): # 检查补丁情况
print('检查补丁情况...')
try:
systeminfo = os.popen('systeminfo').read()
if re.search('Server 2003', systeminfo) != None:
system = 'win2k3'
elif re.search('XP', systeminfo) != None:
system = 'winxp'
elif re.search('Server 2008 R2', systeminfo) != None:
system = 'win2k8r2'
elif re.search('Server 2008', systeminfo) != None:
system = 'win2k8'
elif re.search('Server 2012 R2', systeminfo) != None:
system = 'win2k12r2'
elif re.search('Server 2012', systeminfo) != None:
system = 'win2k12'
elif re.search('Server 2019', systeminfo) != None:
system = 'win2k19'
else:
print('识别错误或是其他OS')
return '识别错误或是其他OS'
patch_num = os.popen(
'systeminfo | findstr "KB4012598 KB4012212 KB4012213 KB4500331 KB4499180 KB4499175 KB4512486 KB4512482 KB4512489 KB4511553"').read()
# 开始检查MS17-010补丁情况
MS17010 = 'ok'
if system == 'win2k3' or system == 'winxp' or system == 'win2k8':
if re.search('KB4012598', patch_num) == None:
MS17010 = 'MS17-010'
if system == 'win2k8r2':
if re.search('kb4012212', patch_num) == None:
MS17010 = 'MS17-010'
if system == 'win2k12r2':
if re.search('kb4012213', patch_num) == None:
MS17010 = 'MS17-010'
# 开始检查CVE-2019-0708补丁情况
CVE20190708 = 'ok'
if system == 'win2k3' or system == 'winxp':
if re.search('kb4500331', patch_num) == None:
CVE20190708 = 'CVE-2019-0708'
if system == 'win2k8':
if re.search('kb4499180', patch_num) == None:
CVE20190708 = 'CVE-2019-0708'
if system == 'win2k8r2':
if re.search('kb4499175', patch_num) == None:
CVE20190708 = 'CVE-2019-0708'
# 开始检查CVE-2019-1181补丁情况
CVE20191181 = 'ok'
if system == 'win2k8r2':
if re.search('kb4512486', patch_num) == None:
CVE20191181 = 'CVE-2019-1181'
if system == 'win2k12':
if re.search('kb4512482', patch_num) == None:
CVE20191181 = 'CVE-2019-1181'
if system == 'win2k12r2':
if re.search('kb4512489', patch_num) == None:
CVE20191181 = 'CVE-2019-1181'
if system == 'win2k19':
if re.search('kb4511553', patch_num) == None:
CVE20191181 = 'CVE-2019-1181'
ispatch =[]
if MS17010 == CVE20190708 == CVE20191181 == 'ok':
ispatch.append('检测补丁均存在!')
if MS17010 == 'MS17-010':
ispatch.append('MS17-010、')
if CVE20190708 == 'CVE-2019-0708':
ispatch.append('CVE-2019-0708、')
if CVE20191181 == 'CVE-2019-1181':
ispatch.append('CVE-2019-1181、')
return ispatch
except:
print('无法获取补丁信息')
def eventANDstartup(): # 打开系统日志页面和启动项页面,然后手动查看
print('为您打开系统日志页面和启动项页面,请手动查看')
try:
os.popen('eventvwr') # 打开日志页面
os.popen('msconfig') # 打开启动项页面
except:
print('这种情况可能是被杀毒软件啥的拦截了')
cpu = cpu()
mem = mem()
disk = disk()
account = account()
tasklist = tasklist()
service = service()
schtasks = schtasks()
firewall = firewall()
CVEcheck = CVEcheck()
try:
report = '----------------\n【基础信息】:\n{}{}{}\n----------------\n【账号信息】:\n{}\n----------------\n【防火墙信息】:\n{}\n----------------\n【补丁情况】:\n{}\n----------------\n【进程列表】:\n{}\n----------------\n【服务列表】:\n{}\n----------------\n【计划任务】:\n{}'.format(cpu,mem,disk,account,firewall,CVEcheck,tasklist,service,schtasks)
with open("主机巡查报告.txt", "a") as f:
f.write(report)
print('报告已生成完毕!')
except:
print('注意查看waf杀软等是否拦截本程序')
eventANDstartup()
参考链接:https://github.com/heikanet/linux_auto_xunjian