新增功能:
6. 检查并安装 vsftpd***"
7. 检查并启动 HTTP 服务***"
8. 监控系统资源告警 (这里邮件发送需要有mail服务 可看我上一篇帖子进行配置)
#!/bin/bash
# 检查是否以root用户运行脚本
check_root() {
if [[ $EUID -ne 0 ]]; then
echo "此脚本需要以root权限运行"
exit 1
fi
}
# 初始化安全策略
init_security_policy() {
while true; do
echo "***选择你需要进行的操作***"
echo "***1. 关闭防火墙***"
echo "***2. 设置防火墙开机不自启动***"
echo "***3. 启动防火墙***"
echo "***4. 设置防火墙开机自启动***"
echo "***5. 清空iptables规则组***"
echo "***6. 查看iptables规则组***"
echo "***7. 查看防火墙状态***"
echo "***quit. 退出***"
read -p "请输入数字选择对应安全策略: " answer
case $answer in
1)
systemctl stop firewalld && echo "防火墙已关闭" || echo "关闭防火墙失败"
;;
2)
systemctl disable firewalld && echo "防火墙设置为开机不自启动。" || echo "设置开机不自启动失败"
;;
3)
systemctl start firewalld && echo "防火墙已启动。" || echo "启动防火墙失败"
;;
4)
systemctl enable firewalld && echo "防火墙设置为开机自启动。" || echo "设置开机自启动失败"
;;
5)
iptables -F && echo "规则组已清空。" || echo "清空规则组失败"
;;
6)
iptables -L && echo "规则组已显示。" || echo "显示规则组失败"
;;
7)
systemctl status firewalld && echo "正在查看防火墙状态。" || echo "查看防火墙状态失败"
;;
quit)
echo "退出安全策略配置。"
break
;;
*)
echo "无效的输入,请重新输入。"
;;
esac
done
}
# 配置YUM源
config_yum_source() {
yum_status=$(yum repolist | grep "CentOS-7 - Base" | awk '{print $7}' | sed 's/,//')
if [ $yum_status -le 0 ]; then
ALIYUN_REPO_URL="https://mirrors.aliyun.com/repo/Centos-7.repo"
read -p "是否配置ali YUM 源[y/n]: " ali
case $ali in
[Yy]* )
echo "开始配置阿里yum源"
if [ -f /etc/yum.repos.d/CentOS-Base.repo ]; then
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup && echo "开始备份原有CentOS源到CentOS-Base.repo.backup"
fi
curl -o /etc/yum.repos.d/CentOS-Base.repo $ALIYUN_REPO_URL && echo "阿里云YUM源已安装。" || echo "配置阿里云YUM源失败"
yum clean all && yum makecache
;;
[Nn]* )
echo "用户取消配置"
;;
* )
echo "无效的操作"
;;
esac
else
echo "YUM源配置正常"
fi
}
# 查看远程IP连接
view_remote_ip() {
netstat -atn | awk '{print $5}' | awk '{print $1}' | sort -nr | uniq -c
}
# 查看可登录账户
view_login_accounts() {
grep "bash$" /etc/passwd
}
# 检查并安装 vsftpd
install_vsftpd() {
# 检查 vsftpd 是否已安装
rpm -q vsftpd &>/dev/null
if [ $? -ne 0 ]; then
read -p "vsftpd 软件包未安装,是否开始安装[y/n]: " vsftpd
case $vsftpd in
[Yy]* )
echo "开始安装 vsftpd 软件包..."
yum install -y vsftpd
# 设置 vsftpd 开机启动
systemctl enable vsftpd.service
# 启动 vsftpd 服务
systemctl start vsftpd.service
;;
[Nn]* )
echo "用户取消安装"
;;
* )
echo "无效的输入"
;;
esac
else
echo "vsftpd 已安装."
fi
}
# 检查并启动 HTTP 服务
check_and_start_http_service() {
# 定义服务名称,根据你的 HTTP 服务器修改
service_name="httpd" # 对于 Apache
# service_name="nginx" # 对于 Nginx
status=$(systemctl status httpd | grep -oP 'active \(running\)')
# 检查服务是否正在运行
if [ "$status" == "active (running)" ]; then
echo "$service_name 服务正在运行."
else
read -p "$service_name 服务未运行,是否启动尝试启动...[y/n]: " http
case $http in
[Yy]* )
echo "尝试启动 $service_name 服务..."
systemctl start "$service_name"
new_status=$(systemctl status httpd | grep -oP 'active \(running\)')
if [ "$new_status" == "active (running)" ]; then
echo "$service_name 服务已启动."
else
echo "$service_name 服务启动失败."
fi
;;
[Nn]* )
echo "用户取消启动"
;;
* )
echo "无效的输入"
;;
esac
fi
}
# 查看系统信息
view_system_info() {
KERNEL_DIR="/etc/redhat-release"
CPU_DIR="/proc/cpuinfo"
SYSTEM_DATE=$(/usr/bin/date)
SYSTEM_VERSION=$(cat ${KERNEL_DIR})
SYSTEM_CPU=$(cat ${CPU_DIR} | grep 'model name' | head -1 | awk -F: '{print $2}' | sed 's#^[ \t]*##g')
SYSTEM_CPU_NUMS=$(cat ${CPU_DIR} | grep 'model name' -c)
SYSTEM_KERNEL=$(uname -a | awk '{print $3}')
SYSTEM_IPADDR=$(hostname -I | awk '{print $1}')
SYSTEM_HOSTNANE=$(hostname)
echo "操作系统名称: ${SYSTEM_HOSTNANE}"
echo "服务器IP地址: ${SYSTEM_IPADDR}"
echo "操作系统版本: ${SYSTEM_VERSION}"
echo "系统内核版本: ${SYSTEM_KERNEL}"
echo "处理器的型号: ${SYSTEM_CPU}"
echo "处理器的核数: ${SYSTEM_CPU_NUMS}"
echo "系统当前时间: ${SYSTEM_DATE}"
}
# 监控系统资源
monitor_system_resources() {
# 获取根分区的使用率
usage_partition=$(df / | awk 'NR==2 {print $5}' | cut -d'%' -f1)
# 获取系统负载
load_average=$(uptime | awk -F"load average:" '{print $2}')
# 获取内存使用率
usage_free=$(free | awk 'NR==2 {print $3/$2*100.0}' | cut -d'.' -f1)
# 编写判断语句
if [ "$usage_partition" -ge 90 ] || [ "$usage_free" -ge 70 ]; then
# 邮件收件人
recipient="343*******@qq.com"
# 邮件主题
subject="告警:系统资源告警 - System Resource Alert"
# 邮件正文
body=$( cat <<EOF
告警:系统资源告警:
根分区使用率: $usage_partition%
系统负载: $load_average
内存使用率: $usage_free%
请及时处理!
EOF
)
# 发送邮件
echo "$body" | mail -s "$subject" "$recipient"
fi
echo "系统资源监控完成"
echo "根分区使用率: $usage_partition%"
echo "系统负载: $load_average"
echo "内存使用率: $usage_free%"
}
# 主菜单
main_menu() {
while true; do
echo "-------------输入你想进行的操作-------------"
echo "***1. 安全策略防火墙相关***"
echo "***2. yum源相关配置***"
echo "***3. 查看远程IP连接***"
echo "***4. 查看可登录账户***"
echo "***5. 查看系统信息***"
echo "***6. 检查并安装 vsftpd***"
echo "***7. 检查并启动 HTTP 服务***"
echo "***8. 监控系统资源*"
echo "***quit. 退出***"
read -p "请输入数字选择对应操作: " aa
case $aa in
1)
init_security_policy
;;
2)
config_yum_source
;;
3)
view_remote_ip
;;
4)
view_login_accounts
;;
5)
view_system_info
;;
6)
install_vsftpd
;;
7)
check_and_start_http_service
;;
8)
monitor_system_resources
;;
quit)
echo "退出脚本。"
break
;;
*)
echo "无效的输入,请重新输入。"
;;
esac
done
}
# 执行
check_root
main_menu