记录一些shell脚本
文章目录
1、每周 5 使用 tar 命令备份/var/log 下的所有日志文件
vim /root/log.sh
#编写备份脚本,备份后的文件名包含日期标签,防止后面的备份将前面的备份数据覆盖
tar -czf log-`date +%Y%m%d`.tar.gz /var/log
[root@localhost ~]# crontab ‐e #编写计划任务,执行备份脚本
50 23 * * 7 /root/log.sh #每周星期天23点50执行log.sh
[root@localhost ~]# chmod +x /root/log.sh #添加执行权限
2、查看是否有远程的 IP 在连接本机
#!/bin/bash
# 使用 netstat ‐atn 可以查看本机所有连接的状态,‐a 查看所有,
# -t仅显示 tcp 连接的信息,‐n 数字格式显示
# Local Address(第四列是本机的 IP 和端口信息)
# Foreign Address(第五列是远程主机的 IP 和端口信息)
# 使用 awk 命令仅显示第 5 列数据,再显示第 1 列 IP 地址的信息
# sort 可以按数字大小排序,最后使用 uniq 将多余重复的删除,并统计重复的次数
netstat -atn | awk '{print $5}' | awk '{print $1}' | sort -nr | uniq -c
3、测试 192.168.1.0/24 整个网段中哪些主机处于开机状态,哪些主机处于关机
#!/bin/bash
# 编写脚本测试 192.168.1.0/24 整个网段中哪些主机处于开机状态,哪些主机处于关机
# 状态(for 版本)
for i in {1..254}
do
# 每隔0.1秒ping一次,一共ping2次,并以1毫秒为单位设置ping的超时时间
ping -c 2 -i 0.1 -W 1 192.168.1.$i &>/dev/null
if [ $? -eq 0 ];then
echo "192.168.1.$i is up"
else
echo "192.168.1.$i is down"
fi
done
4、linux服务器日常巡检
#!/bin/bash
# @Author: test
# @Date: 2022-11-1
# @Last Modified by: test
# @E-mail: 147258369@qq.com.com
#主机信息每日巡检
IPADDR=$(ifconfig eth33|grep 'inet addr'|awk -F '[ :]' '{print $13}')
#环境变量PATH没设好,在cron里执行时有很多命令会找不到
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
source /etc/profile
[ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本!" && exit 1
centosVersion=$(awk '{print $(NF-1)}' /etc/redhat-release)
VERSION="2022-11-1"
#日志相关
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
[ -f $PROGPATH ] && PROGPATH="."
LOGPATH="$PROGPATH/log"
[ -e $LOGPATH ] || mkdir $LOGPATH
RESULTFILE="$LOGPATH/xunjian-$IPADDR-`date +%Y%m%d`.txt"
#定义报表的全局变量
report_DateTime="" #日期 ok
report_Hostname="" #主机名 ok
report_OSRelease="" #发行版本 ok
report_Kernel="" #内核 ok
report_Language="" #语言/编码 ok
report_LastReboot="" #最近启动时间 ok
report_Uptime="" #运行时间(天) ok
report_CPUs="" #CPU数量 ok
report_CPUType="" #CPU类型 ok
report_Arch="" #CPU架构 ok
report_MemTotal="" #内存总容量(MB) ok
report_MemFree="" #内存剩余(MB) ok
report_MemUsedPercent="" #内存使用率% ok
report_DiskTotal="" #硬盘总容量(GB) ok
report_DiskFree="" #硬盘剩余(GB) ok
report_DiskUsedPercent="" #硬盘使用率% ok
report_InodeTotal="" #Inode总量 ok
report_InodeFree="" #Inode剩余 ok
report_InodeUsedPercent="" #Inode使用率 ok
report_IP="" #IP地址 ok
report_MAC="" #MAC地址 ok
report_Gateway="" #默认网关 ok
report_DNS="" #DNS ok
report_Listen="" #监听 ok
report_Selinux="" #Selinux ok
report_Firewall="" #防火墙 ok
report_USERs="" #用户 ok
report_USEREmptyPassword="" #空密码用户 ok
report_USERTheSameUID="" #相同ID的用户 ok
report_PasswordExpiry="" #密码过期(天) ok
report_RootUser="" #root用户 ok
report_Sudoers="" #sudo授权 ok
report_SSHAuthorized="" #SSH信任主机 ok
report_SSHDProtocolVersion="" #SSH协议版本 ok
report_SSHDPermitRootLogin="" #允许root远程登录 ok
report_DefunctProsess="" #僵尸进程数量 ok
report_SelfInitiatedService="" #自启动服务数量 ok
report_SelfInitiatedProgram="" #自启动程序数量 ok
report_RuningService="" #运行中服务数 ok
report_Crontab="" #计划任务数 ok
report_Syslog="" #日志服务 ok
report_SNMP="" #SNMP OK
report_NTP="" #NTP ok
report_JDK="" #JDK版本 ok
function version(){
echo ""
echo ""
echo "系统巡检脚本:Version $VERSION"
}
function getCpuStatus(){
echo ""
echo ""
echo "############################ CPU检查 #############################"
Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l)
Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l)
CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}')
CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq)
CPU_Arch=$(uname -m)
echo "物理CPU个数:$Physical_CPUs"
echo "逻辑CPU个数:$Virt_CPUs"
echo "每CPU核心数:$CPU_Kernels"
echo " CPU型号:$CPU_Type"
echo " CPU架构:$CPU_Arch"
#报表信息
report_CPUs=$Virt_CPUs #CPU数量
report_CPUType=$CPU_Type #CPU类型
report_Arch=$CPU_Arch #CPU架构
}
function getMemStatus(){
echo ""
echo ""
echo "############################ 内存检查 ############################"
if [[ $centosVersion < 7 ]];then
free -mo
else
free -h
fi
#报表信息
MemTotal=$(grep MemTotal /proc/meminfo| awk '{print $2}') #KB
MemFree=$(grep MemFree /proc/meminfo| awk '{print $2}') #KB
let MemUsed=MemTotal-MemFree
MemPercent=$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf \"%.2f\",$MemUsed*100/$MemTotal}}")
report_MemTotal="$((MemTotal/1024))""MB" #内存总容量(MB)
report_MemFree="$((MemFree/1024))""MB" #内存剩余(MB)
report_MemUsedPercent="$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf \"%.2f\",$MemUsed*100/$MemTotal}}")""%" #内存使用率%
}
function getDiskStatus(){
echo ""
echo ""
echo "############################ 磁盘检查 ############################"
df -hiP | sed 's/Mounted on/Mounted/'> /tmp/inode
df -hTP | sed 's/Mounted on/Mounted/'> /tmp/disk
join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t
#报表信息
diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB
disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB
diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB
diskfree=$((disktotal-diskused)) #KB
diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}')
inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}')
inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}')
inodefree=$((inodetotal-inodeused))
inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
report_DiskTotal=$((disktotal/1024/1024))"GB" #硬盘总容量(GB)
report_DiskFree=$((diskfree/1024/1024))"GB" #硬盘剩余(GB)
report_DiskUsedPercent="$diskusedpercent""%" #硬盘使用率%
report_InodeTotal=$((inodetotal/1000))"K" #Inode总量
report_InodeFree=$((inodefree/1000))"K" #Inode剩余
report_InodeUsedPercent="$inodeusedpercent""%" #Inode使用率%
}
function getSystemStatus(){
echo ""
echo ""
echo "############################ 系统检查 ############################"
if [ -e /etc/sysconfig/i18n ];then
default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')"
else
default_LANG=$LANG
fi
export LANG="en_US.UTF-8"
Release=$(cat /etc/redhat-release 2>/dev/null)
Kernel=$(uname -r)
OS=$(uname -o)
Hostname=$(uname -n)
SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}')
LastReboot=$(who -b | awk '{print $3,$4}')
uptime=$(uptime | sed 's/.*up \([^,]*\), .*/\1/')
echo " 系统:$OS"
echo " 发行版本:$Release"
echo " 内核:$Kernel"
echo " 主机名:$Hostname"
echo " SELinux:$SELinux"
echo "语言/编码:$default_LANG"
echo " 当前时间:$(date +'%F %T')"
echo " 最后启动:$LastReboot"
echo " 运行时间:$uptime"
#报表信息
report_DateTime=$(date +"%F %T") #日期
report_Hostname="$Hostname" #主机名
report_OSRelease="$Release" #发行版本
report_Kernel="$Kernel" #内核
report_Language="$default_LANG" #语言/编码
report_LastReboot="$LastReboot" #最近启动时间
report_Uptime="$uptime" #运行时间(天)
report_Selinux="$SELinux"
export LANG="$default_LANG"
}
function getServiceStatus(){
echo ""
echo ""
echo "############################ 服务检查 ############################"
echo ""
if [[ $centosVersion > 7 ]];then
conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled")
process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service")
#报表信息
report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量
report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量
else
conf=$(/sbin/chkconfig | grep -E ":on|:启用")
process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行")
#报表信息
report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量
report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量
fi
echo "服务配置"
echo "--------"
echo "$conf" | column -t
echo ""
echo "正在运行的服务"
echo "--------------"
echo "$process"
}
function getAutoStartStatus(){
echo ""
echo ""
echo "############################ 自启动检查 ##########################"
conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d')
echo "$conf"
#报表信息
report_SelfInitiatedProgram="$(echo $conf | wc -l)" #自启动程序数量
}
function getLoginStatus(){
echo ""
echo ""
echo "############################ 登录检查 ############################"
last | head
}
function getNetworkStatus(){
echo ""
echo ""
echo "############################ 网络检查 ############################"
if [[ $centosVersion < 7 ]];then
/sbin/ifconfig -a | grep -v packets | grep -v collisions | grep -v inet6
else
#ip a
for i in $(ip link | grep BROADCAST | awk -F: '{print $2}');do ip add show $i | grep -E "BROADCAST|global"| awk '{print $2}' | tr '\n' ' ' ;echo "" ;done
fi
GATEWAY=$(ip route | grep default | awk '{print $3}')
DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr '\n' ',' | sed 's/,$//')
echo ""
echo "网关:$GATEWAY "
echo " DNS:$DNS"
#报表信息
IP=$(ip -f inet addr | grep -v 127.0.0.1 | grep inet | awk '{print $NF,$2}' | tr '\n' ',' | sed 's/,$//')
MAC=$(ip link | grep -v "LOOPBACK\|loopback" | awk '{print $2}' | sed 'N;s/\n//' | tr '\n' ',' | sed 's/,$//')
report_IP="$IP" #IP地址
report_MAC=$MAC #MAC地址
report_Gateway="$GATEWAY" #默认网关
report_DNS="$DNS" #DNS
}
function getListenStatus(){
echo ""
echo ""
echo "############################ 监听检查 ############################"
TCPListen=$(ss -ntul | column -t)
echo "$TCPListen"
#报表信息
report_Listen="$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)"
}
function getCronStatus(){
echo ""
echo ""
echo "############################ 计划任务检查 ########################"
Crontab=0
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do
crontab -l -u $user >/dev/null 2>&1
status=$?
if [ $status -eq 0 ];then
echo "$user"
echo "--------"
crontab -l -u $user
let Crontab=Crontab+$(crontab -l -u $user | wc -l)
echo ""
fi
done
done
#计划任务
find /etc/cron* -type f | xargs -i ls -l {} | column -t
let Crontab=Crontab+$(find /etc/cron* -type f | wc -l)
#报表信息
report_Crontab="$Crontab" #计划任务数
}
function getHowLongAgo(){
# 计算一个时间戳离现在有多久了
datetime="$*"
[ -z "$datetime" ] && echo "错误的参数:getHowLongAgo() $*"
Timestamp=$(date +%s -d "$datetime") #转化为时间戳
Now_Timestamp=$(date +%s)
Difference_Timestamp=$(($Now_Timestamp-$Timestamp))
days=0;hours=0;minutes=0;
sec_in_day=$((60*60*24));
sec_in_hour=$((60*60));
sec_in_minute=60
while (( $(($Difference_Timestamp-$sec_in_day)) > 1 ))
do
let Difference_Timestamp=Difference_Timestamp-sec_in_day
let days++
done
while (( $(($Difference_Timestamp-$sec_in_hour)) > 1 ))
do
let Difference_Timestamp=Difference_Timestamp-sec_in_hour
let hours++
done
echo "$days 天 $hours 小时前"
}
function getUserLastLogin(){
# 获取用户最近一次登录的时间,含年份
# 很遗憾last命令不支持显示年份,只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录,我
# 们只能用最笨的方法了,对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户
# 登录次数,如果登录统计次数有变化,则说明最近一次登录是今年。
username=$1
: ${username:="`whoami`"}
thisYear=$(date +%Y)
oldesYear=$(last | tail -n1 | awk '{print $NF}')
while(( $thisYear >= $oldesYear));do
loginBeforeToday=$(last $username | grep $username | wc -l)
loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)
if [ $loginBeforeToday -eq 0 ];then
echo "从未登录过"
break
elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then
lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"%s ",$i}')" $thisYear" #格式如: Sat Nov 2 20:33 2015
lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime")
echo "$lastDateTime"
break
else
thisYear=$((thisYear-1))
fi
done
}
function getUserStatus(){
echo ""
echo ""
echo "############################ 用户检查 ############################"
#/etc/passwd 最后修改时间
pwdfile="$(cat /etc/passwd)"
Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}')
echo "/etc/passwd 最后修改时间:$Modify ($(getHowLongAgo $Modify))"
echo ""
echo "特权用户"
echo "--------"
RootUser=""
for user in $(echo "$pwdfile" | awk -F: '{print $1}');do
if [ $(id -u $user) -eq 0 ];then
echo "$user"
RootUser="$RootUser,$user"
fi
done
echo ""
echo "用户列表"
echo "--------"
USERs=0
echo "$(
echo "用户名 UID GID HOME SHELL 最后一次登录"
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do
userLastLogin="$(getUserLastLogin $username)"
echo "$pwdfile" | grep -w "$username" |grep -w "$shell"| awk -F: -v lastlogin="$(echo "$userLastLogin" | tr ' ' '_')" '{print $1,$3,$4,$6,$7,lastlogin}'
done
let USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l)
done
)" | column -t
echo ""
echo "空密码用户"
echo "----------"
USEREmptyPassword=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
r=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user)
if [ ! -z $r ];then
echo $r
USEREmptyPassword="$USEREmptyPassword,"$r
fi
done
done
echo ""
echo "相同ID的用户"
echo "------------"
USERTheSameUID=""
UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}')
for uid in $UIDs;do
echo -n "$uid";
USERTheSameUID="$uid"
r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)
echo "$r"
echo ""
USERTheSameUID="$USERTheSameUID $r,"
done
#报表信息
report_USERs="$USERs" #用户
report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//')
report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//')
report_RootUser=$(echo $RootUser | sed 's/^,//') #特权用户
}
function getPasswordStatus {
echo ""
echo ""
echo "############################ 密码检查 ############################"
pwdfile="$(cat /etc/passwd)"
echo ""
echo "密码过期检查"
echo "------------"
result=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2)
if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then
printf "%-15s 永不过期\n" $user
result="$result,$user:never"
else
password_expiry_date=$(date -d "$get_expiry_date" "+%s")
current_date=$(date "+%s")
diff=$(($password_expiry_date-$current_date))
let DAYS=$(($diff/(60*60*24)))
printf "%-15s %s天后过期\n" $user $DAYS
result="$result,$user:$DAYS days"
fi
done
done
report_PasswordExpiry=$(echo $result | sed 's/^,//')
echo ""
echo "密码策略检查"
echo "------------"
grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"
}
function getSudoersStatus(){
echo ""
echo ""
echo "############################ Sudoers检查 #########################"
conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')
echo "$conf"
echo ""
#报表信息
report_Sudoers="$(echo $conf | wc -l)"
}
function getInstalledStatus(){
echo ""
echo ""
echo "############################ 软件检查 ############################"
rpm -qa --last | head | column -t
}
function getProcessStatus(){
echo ""
echo ""
echo "############################ 进程检查 ############################"
if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
echo ""
echo "僵尸进程";
echo "--------"
ps -ef | head -n1
ps -ef | grep defunct | grep -v grep
fi
echo ""
echo "内存占用TOP10"
echo "-------------"
echo -e "PID %MEM RSS COMMAND
$(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t
echo ""
echo "CPU占用TOP10"
echo "------------"
top b -n1 | head -17 | tail -11
#报表信息
report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"
}
function getJDKStatus(){
echo ""
echo ""
echo "############################ JDK检查 #############################"
java -version 2>/dev/null
if [ $? -eq 0 ];then
java -version 2>&1
fi
echo "JAVA_HOME=\"$JAVA_HOME\""
#报表信息
report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"
}
function getSyslogStatus(){
echo ""
echo ""
echo "############################ syslog检查 ##########################"
echo "服务状态:$(getState rsyslog)"
echo ""
echo "/etc/rsyslog.conf"
echo "-----------------"
cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\\$" | sed '/^$/d' | column -t
#报表信息
report_Syslog="$(getState rsyslog)"
}
function getFirewallStatus(){
echo ""
echo ""
echo "############################ 防火墙检查 ##########################"
#防火墙状态,策略等
if [[ $centosVersion < 7 ]];then
/etc/init.d/iptables status >/dev/null 2>&1
status=$?
if [ $status -eq 0 ];then
s="active"
elif [ $status -eq 3 ];then
s="inactive"
elif [ $status -eq 4 ];then
s="permission denied"
else
s="unknown"
fi
else
s="$(getState iptables)"
fi
echo "iptables: $s"
echo ""
echo "/etc/sysconfig/iptables"
echo "-----------------------"
cat /etc/sysconfig/iptables 2>/dev/null
#报表信息
report_Firewall="$s"
}
function getSNMPStatus(){
#SNMP服务状态,配置等
echo ""
echo ""
echo "############################ SNMP检查 ############################"
status="$(getState snmpd)"
echo "服务状态:$status"
echo ""
if [ -e /etc/snmp/snmpd.conf ];then
echo "/etc/snmp/snmpd.conf"
echo "--------------------"
cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
#报表信息
report_SNMP="$(getState snmpd)"
}
function getState(){
if [[ $centosVersion < 7 ]];then
if [ -e "/etc/init.d/$1" ];then
if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在运行" | wc -l` -ge 1 ];then
r="active"
else
r="inactive"
fi
else
r="unknown"
fi
else
#CentOS 7+
r="$(systemctl is-active $1 2>&1)"
fi
echo "$r"
}
function getSSHStatus(){
#SSHD服务状态,配置,受信任主机等
echo ""
echo ""
echo "############################ SSH检查 #############################"
#检查受信任主机
pwdfile="$(cat /etc/passwd)"
echo "服务状态:$(getState sshd)"
Protocol_Version=$(cat /etc/ssh/sshd_config | grep Protocol | awk '{print $2}')
echo "SSH协议版本:$Protocol_Version"
echo ""
echo "信任主机"
echo "--------"
authorized=0
for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do
authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}')
authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr '\n' ',' | sed 's/,$//')
if [ ! -z $authorized_host ];then
echo "$user 授权 \"$authorized_host\" 无密码访问"
fi
let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l)
done
echo ""
echo "是否允许ROOT远程登录"
echo "--------------------"
config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin)
firstChar=${config:0:1}
if [ $firstChar == "#" ];then
PermitRootLogin="yes" #默认是允许ROOT远程登录的
else
PermitRootLogin=$(echo $config | awk '{print $2}')
fi
echo "PermitRootLogin $PermitRootLogin"
echo ""
echo "/etc/ssh/sshd_config"
echo "--------------------"
cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d'
#报表信息
report_SSHAuthorized="$authorized" #SSH信任主机
report_SSHDProtocolVersion="$Protocol_Version" #SSH协议版本
report_SSHDPermitRootLogin="$PermitRootLogin" #允许root远程登录
}
function getNTPStatus(){
#NTP服务状态,当前时间,配置等
echo ""
echo ""
echo "############################ NTP检查 #############################"
if [ -e /etc/ntp.conf ];then
echo "服务状态:$(getState ntpd)"
echo ""
echo "/etc/ntp.conf"
echo "-------------"
cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
#报表信息
report_NTP="$(getState ntpd)"
}
function getchage_file_24h()
{
echo "############################ 文件检查 #############################"
check2=$(find / -name '*.sh' -mtime -1)
check21=$(find / -name '*.asp' -mtime -1)
check22=$(find / -name '*.php' -mtime -1)
check23=$(find / -name '*.aspx' -mtime -1)
check24=$(find / -name '*.jsp' -mtime -1)
check25=$(find / -name '*.html' -mtime -1)
check26=$(find / -name '*.htm' -mtime -1)
check9=$(find / -name core -exec ls -l {} \;)
check10=$(cat /etc/crontab)
check12=$(ls -alt /usr/bin | head -10)
cat <<EOF
############################查看所有被修改过的文件返回最近24小时内的############################
${check2}
${check21}
${check22}
${check23}
${check24}
${check25}
${check26}
${line}
############################检查定时文件的完整性############################
${check10}
${line}
############################查看系统命令是否被替换############################
${check12}
${line}
EOF
}
function check(){
version
getSystemStatus
getCpuStatus
getMemStatus
getDiskStatus
getNetworkStatus
getListenStatus
getProcessStatus
getServiceStatus
getAutoStartStatus
getLoginStatus
getCronStatus
getUserStatus
getPasswordStatus
getSudoersStatus
getJDKStatus
getFirewallStatus
getSSHStatus
getSyslogStatus
getSNMPStatus
getNTPStatus
getInstalledStatus
getchage_file_24h
}
#执行检查并保存检查结果
check > $RESULTFILE
echo "检查结果:$RESULTFILE"
echo -e "`date "+%Y-%m-%d %H:%M:%S"` 巡检报告" | mail -a $RESULTFILE -s "平台巡检报告" 147258369@qq.com
部分巡检结果
巡检完后发邮件
[root@localhost ~]# yum install mailx -y
[root@localhost ~]# vim /etc/mail.rc
set from=147258369@qq.com #发件人指定邮箱
set smtp=smtp.qq.com #QQ邮箱服务器
set smtp-auth-user=147258369@qq.com #邮箱账号
set smtp-auth-password= #发件邮箱的授权码,QQ邮箱在设置smtp中查看
set smtp-auth=login #登陆方式
5、DNS服务启动停止重启
#!/bin/bash
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: - 13 87
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
### BEGIN INIT INFO
# Provides: $named
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $network $syslog
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start|stop|status|restart|try-restart|reload|force-reload DNS server
# Description: control ISC BIND implementation of DNS server
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
RETVAL=0
export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab}
named='named'
if [ -x /usr/sbin/named-sdb ]; then
named='named-sdb'
fi
# Don't kill named during clean-up
NAMED_SHUTDOWN_TIMEOUT=${NAMED_SHUTDOWN_TIMEOUT:-25}
if [ -n "$ROOTDIR" ]; then
ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`;
rdl=`/usr/bin/readlink $ROOTDIR`;
if [ -n "$rdl" ]; then
ROOTDIR="$rdl";
fi;
fi
PIDFILE="/var/run/named/named.pid"
ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key
/etc/services /etc/protocols'
for LIB in /lib /lib64
do
if [ -d "$ROOTDIR$LIB" ]; then
for NSSLIB in "$LIB"/libnss_files.so.[1-9]
do
ROOTDIR_MOUNT+=" $NSSLIB"
done
fi
done
mount_chroot_conf()
{
if [ -n "$ROOTDIR" ]; then
for all in $ROOTDIR_MOUNT; do
# Skip nonexistant files
[ -e "$all" ] || continue
# If mount source is a file
if ! [ -d "$all" ]; then
# mount it only if it is not present in chroot or it is empty
if ! [ -e "$ROOTDIR$all" ] || [ "`stat -c'%s' "$ROOTDIR$all"`" -eq 0 ]; then
touch "$ROOTDIR$all"
mount --bind "$all" "$ROOTDIR$all"
fi
else
# Mount source is a directory. Mount it only if directory in chroot is
# empty.
if [ -e "$all" ] && [ "`ls -1A "$ROOTDIR$all" | wc -l`" -eq 0 ]; then
mount --bind "$all" "$ROOTDIR$all"
fi
fi
done
fi
}
umount_chroot_conf()
{
if [ -n "$ROOTDIR" ]; then
for all in $ROOTDIR_MOUNT; do
# Check if file is mount target. Do not use /proc/mounts because detecting
# of modified mounted files can fail.
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
umount "$ROOTDIR$all"
# Remove temporary created files
[ -f "$all" ] && rm -f "$ROOTDIR$all"
fi
done
fi
}
check_pidfile() {
PID="`pidofproc -p "$ROOTDIR$PIDFILE" "$named"`"
if [ -n "$PID" ] && [ "`ps -p "$PID" --no-headers -o comm`" != "$named" ]; then
rm -f $ROOTDIR$PIDFILE &> /dev/null
fi
}
pidofnamed() {
pidofproc -p "$ROOTDIR$PIDFILE" "$named";
}
# Check if all what named needs running
start()
{
[ "$EUID" != "0" ] && exit 4
# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
# Check that networking is up
[ "${NETWORKING}" = "no" ] && exit 1
[ -x /usr/sbin/"$named" ] || exit 5
if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
# Generate rndc.key if doesn't exist AND there is no rndc.conf
echo -n $"Generating /etc/rndc.key:"
if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then
chmod 640 /etc/rndc.key
chown root.named /etc/rndc.key
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
success $"/etc/rndc.key generation"
echo
else
failure $"/etc/rndc.key generation"
echo
fi
fi
# Handle -c option
previous_option='unspecified';
for a in $OPTIONS; do
if [ $previous_option = '-c' ]; then
named_conf=$a;
fi;
previous_option=$a;
done;
named_conf=${named_conf:-/etc/named.conf};
# check if named is running before mounting files/dirs
echo -n $"Starting named: "
check_pidfile
if [ -n "`pidofnamed`" ]; then
echo -n $"named: already running"
success
echo
exit 0;
fi;
mount_chroot_conf
if [ ! -r $ROOTDIR$named_conf ]; then
echo 'Cannot find configuration file. You could create it by system-config-bind'
exit 6;
fi;
[ -x /sbin/portrelease ] && /sbin/portrelease named &>/dev/null || :
if ! [ "$DISABLE_ZONE_CHECKING" = yes ]; then
ckcf_options='-z'; # enable named-checkzone for each zone (9.3.1+) !
fi;
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
ckcf_options="$ckcf_options -t ${ROOTDIR}";
[ -s /etc/localtime ] && cp -fp /etc/localtime ${ROOTDIR}/etc/localtime;
fi
RETVAL=0
# check if configuration is correct
if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then
daemon --pidfile "$ROOTDIR$PIDFILE" /usr/sbin/"$named" -u named ${OPTIONS};
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/run/{named,named-sdb}.pid;
ln -s "$ROOTDIR$PIDFILE" /var/run/"$named".pid;
fi;
else
named_err="`/usr/sbin/named-checkconf $ckcf_options $named_conf 2>&1`";
echo
echo "Error in named configuration:";
echo "$named_err";
failure
echo
[ -x /usr/bin/logger ] && echo "$named_err" | /usr/bin/logger -pdaemon.error -tnamed;
umount_chroot_conf
exit 2;
fi;
echo
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/named;
else
umount_chroot_conf
exit 7;
fi
return 0;
}
stop() {
[ "$EUID" != "0" ] && exit 4
# Stop daemons.
echo -n $"Stopping named: "
check_pidfile
[ -x /usr/sbin/rndc ] && /usr/sbin/rndc stop >/dev/null 2>&1;
RETVAL=$?
# was rndc successful?
[ "$RETVAL" -eq 0 ] || \
killproc -p "$ROOTDIR$PIDFILE" "$named" -TERM >/dev/null 2>&1
timeout=0
RETVAL=0
while pidofnamed &>/dev/null; do
if [ $timeout -ge $NAMED_SHUTDOWN_TIMEOUT ]; then
RETVAL=1
break
else
sleep 2 && echo -n "."
timeout=$((timeout+2))
fi;
done
umount_chroot_conf
# remove pid files
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/named
rm -f /var/run/{named,named-sdb}.pid
fi;
if [ $RETVAL -eq 0 ]; then
success
else
failure
RETVAL=1
fi;
echo
return $RETVAL
}
rhstatus() {
[ -x /usr/sbin/rndc ] && /usr/sbin/rndc status;
check_pidfile
status -p "$ROOTDIR$PIDFILE" -l named /usr/sbin/"$named";
return $?
}
restart() {
stop
start
}
reload() {
[ "$EUID" != "0" ] && exit
echo -n $"Reloading "$named": "
check_pidfile
p=`pidofnamed`
RETVAL=$?
if [ "$RETVAL" -eq 0 ]; then
/usr/sbin/rndc reload >/dev/null 2>&1 || /bin/kill -HUP $p;
RETVAL=$?
fi
[ "$RETVAL" -eq 0 ] && success $"$named reload" || failure $"$named reload"
echo
return $RETVAL
}
checkconfig() {
ckcf_options='-z';
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
ckcf_options="$ckcf_options -t ${ROOTDIR}";
if ! [ -e "$ROOTDIR/$PIDFILE" ]; then
mount_chroot_conf
fi
fi;
if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} ; then
RETVAL=0
else
RETVAL=1
fi
if ! [ -e "$ROOTDIR/$PIDFILE" ]; then
umount_chroot_conf
fi
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus;
RETVAL=$?
;;
restart)
restart
;;
condrestart|try-restart)
if [ -e /var/lock/subsys/named ]; then restart; fi
;;
reload)
reload
;;
force-reload)
if ! reload; then restart; fi
;;
checkconfig|configtest|check|test)
checkconfig
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
[ "x$1" = "x" ] && exit 0
exit 2
esac
exit $RETVAL
6、检测网站ssl证书还有多少天到期
#!/bin/bash
# 设置目标网站
website="csdn.net"
# 获取证书信息
cert_info=$(echo | openssl s_client -servername $domain -connect $domain:443 2>/dev/null | openssl x509 -noout -dates)
# 提取到期日期
expiry_date=$(echo "$cert_info" | grep "notAfter" | awk -F= '{print $2}')
# 将到期日期转换为时间戳
expiry_timestamp=$(date -d "$expiry_date" +%s)
# 获取当前时间戳
current_timestamp=$(date +%s)
# 计算剩余天数
remaining_days=$(( ($expiry_timestamp - $current_timestamp) / (60*60*24) ))
# 输出剩余天数
echo "证书到期剩余天数:$remaining_days"
注:
- 请确保在运行脚本之前已经安装了OpenSSL工具
156
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
