1. LVS客户端自动配置
#/ bin/ bash
VIP= ( 202.106 .195 .111 202.106 .195 .222 )
[ - e / etc/ sysctl. conf ] && rm - f / etc/ sysctl. conf
[ - e / etc/ sysconfig/ network- scripts/ ifcfg- lo: 0 ] && rm - f / etc/ sysconfig/ network- scripts/ ifcfg- lo: 0
[ - e / etc/ sysconfig/ network- scripts/ ifcfg- lo: 1 ] && rm - f / etc/ sysconfig/ network- scripts/ ifcfg- lo: 1
echo "net.ipv4.conf.all.arp_ignore = 1" > / etc/ sysctl. conf
echo "net.ipv4.conf.all.arp_announce = 2" >> / etc/ sysctl. conf
echo "net.ipv4.conf.default.arp_ignore = 1" >> / etc/ sysctl. conf
echo "net.ipv4.conf.default.arp_announce = 2" >> / etc/ sysctl. conf
echo "net.ipv4.conf.lo.arp_ignore = 1" >> / etc/ sysctl. conf
echo "net.ipv4.conf.lo.arp_announce = 2" >> / etc/ sysctl. conf
sysctl - p & > / dev/ null
cd / etc/ sysconfig/ network- scripts
for ( ( i= 0 ; i< `echo ${ #VIP[ * ] } `; i++ ) )
do
cp ifcfg- lo ifcfg- lo: $i
echo "DEVICE=lo:$i" > ifcfg- lo: $i
echo "IPADDR=${VIP[$i]}" >> ifcfg- lo: $i
echo "NETMASK=255.255.255.255" >> ifcfg- lo: $i
echo "ONBOOT=yes" >> ifcfg- lo: $i
ifup ifcfg- lo: $i
/ usr/ sbin/ route add - host ${ VIP[ $i] } dev lo: $i & > / dev/ null
done
2、企业日常巡检
#! / bin/ bash
function system ( ) {
echo "#########################系统信息#########################"
OS_TYPE= `uname`
OS_VER= `cat / etc/ redhat- release`
OS_KER= `uname - a| awk '{print $3}' `
OS_TIME= `date + % F_% T`
OS_RUN_TIME= `uptime | awk '{print $3}' | awk - F, '{print $1}' `
OS_LAST_REBOOT_TIME= `who - b| awk '{print $2,$3}' `
OS_HOSTNAME= `hostname`
echo " 系统类型:$OS_TYPE"
echo " 系统版本:$OS_VER"
echo " 系统内核:$OS_KER"
echo " 当前时间:$OS_TIME"
echo " 运行时间:$OS_RUN_TIME"
echo "最后重启时间:$OS_LAST_REBOOT_TIME"
echo " 本机名称:$OS_HOSTNAME"
}
function network ( ) {
echo "#########################网络信息#########################"
INTERNET= ( `ifconfig| grep ens| awk - F: '{print $1}' `)
for ( ( i= 0 ; i< `echo ${ #INTERNET[ * ] } `; i++ ) )
do
OS_IP= `ifconfig ${ INTERNET[ $i] } | head - 2 | grep inet| awk '{print $2}' `
echo " 本机IP:${INTERNET[$i]}:$OS_IP"
done
curl - I http: / / www. baidu. com & > / dev/ null
if [ $? - eq 0 ]
then echo " 访问外网:成功"
else echo " 访问外网:失败"
fi
}
function hardware ( ) {
echo "#########################硬件信息#########################"
CPUID= `grep "physical id" / proc/ cpuinfo | sort| uniq| wc - l`
CPUCORES= `grep "cores" / proc/ cpuinfo| sort| uniq| awk - F: '{print $2}' `
CPUMODE= `grep "model name" / proc/ cpuinfo| sort| uniq| awk - F: '{print $2}' `
echo " CPU数量: $CPUID"
echo " CPU核心:$CPUCORES"
echo " CPU型号:$CPUMODE"
MEMTOTAL= `free - m| grep Mem| awk '{print $2}' `
MEMFREE= `free - m| grep Mem| awk '{print $7}' `
echo " 内存总容量: ${MEMTOTAL}MB"
echo "剩余内存容量: ${MEMFREE}MB"
disksize= 0
swapsize= `free| grep Swap| awk { 'print $2' } `
partitionsize= ( `df - T| sed 1 d| egrep - v "tmpfs|sr0" | awk { 'print $3' } `)
for ( ( i= 0 ; i< `echo ${ #partitionsize[ * ] } `; i++ ) )
do
disksize= `expr $disksize + ${ partitionsize[ $i] } `
done
( ( disktotal= \( $disksize+ $swapsize\) / 1024 / 1024 ) )
echo " 磁盘总容量: ${disktotal}GB"
diskfree= 0
swapfree= `free| grep Swap| awk '{print $4}' `
partitionfree= ( `df - T| sed 1 d| egrep - v "tmpfs|sr0" | awk '{print $5}' `)
for ( ( i= 0 ; i< `echo ${ #partitionfree[ * ] } `; i++ ) )
do
diskfree= `expr $diskfree + ${ partitionfree[ $i] } `
done
( ( freetotal= \( $diskfree+ $swapfree\) / 1024 / 1024 ) )
echo "剩余磁盘容量:${freetotal}GB"
}
function secure ( ) {
echo "#########################安全信息#########################"
countuser= ( `last| grep "still logged in" | awk '{print $1}' | sort| uniq`)
for ( ( i= 0 ; i< `echo ${ #countuser[ * ] } `; i++ ) )
do echo "当前登录用户:${countuser[$i]}"
done
md5sum - c -- quiet / opt/ passwd. db & > / dev/ null
if [ $? - eq 0 ]
then echo " 用户异常:否"
else echo " 用户异常:是"
fi
}
function chksys ( ) {
system
network
hardware
secure
}
3、检测网站地址是否存活
#! / bin/ bash
. / etc/ init. d/ functions
url_list= ( www. tec. com www. stu. com)
function chkurl ( ) {
i= 0
while [ $i - lt 2 ]
do
curl http: / / ${ url_list[ $i] } & > / dev/ null
if [ $? - eq 0 ]
then
action "${url_list[$i]}" / bin/ true
else
action "${url_list[$i]}" / bin/ false
fi
let i++
done
}
function main ( ) {
while true
do chkurl
sleep 3
done
}
main
4、LVS节点健康检查
#! / bin/ bash
VIP= 202.106 .195 .1
PORT= 80
RIP= ( 192.168 .100 .10 192.168 .100 .20 )
while true
do
for ( ( i= 0 ; i< `echo ${ #RIP[ * ] } `; i++ ) )
do
code= `curl - I - m 10 - o / dev/ null - s - w % { http_code} http: / / ${ RIP[ $i] } `
if [ $code - ne 200 - a $( ipvsadm - Ln| grep ${ RIP[ $i] } | wc - l) - eq 1 ]
then ipvsadm - d - t $VIP: $PORT - r ${ RIP[ $i] } : $PORT
elif [ $code - eq 200 - a $( ipvsadm - Ln| grep ${ RIP[ $i] } | wc - l) - lt 1 ]
then ipvsadm - a - t $VIP: $PORT - r ${ RIP[ $i] } : $PORT
fi
done
sleep 5
done
5、Keepalived监控服务
#! / bin/ bash
while true
do
if [ $( pidof httpd| wc - l) - eq 1 - a $( pidof keepalived| wc - l) - eq 0 ]
then systemctl start keepalived
fi
pidof httpd & > / dev/ null
if [ $? - ne 0 ]
then systemctl start httpd & > / dev/ null
fi
sleep 3
pidof httpd & > / dev/ null
if [ $? - ne 0 ]
then systemctl stop keepalived
fi
sleep 3
done
6、mysql建库建表插入数据
#! / bin/ bash
user= "root"
password= "123456"
mycmd= "mysql -u$user -p$password"
for dbname in tec stu
do
$mycmd - e "create database $dbname;"
$mycmd - e "use $dbname;create table test(id int,name varchar(18));insert into test values(1,'rainman');"
done
7、mysql分库分表备份
#! / bin/ bash
user= "root"
password= "123456"
mycmd= "mysql -u$user -p$password -h 192.168.100.1"
mydump= "mysqldump -u$user -p$password -h 192.168.100.1 --lock-tables=0"
for dbname in `$mycmd - e "show databases;" | egrep - v "Database|schema" `
do
[ - d / opt/ $dbname ] || mkdir - p / opt/ $dbname
for tabname in `$mycmd - e "show tables from $dbname" | sed 1 d`
do $mydump $dbname $tabname > / opt/ $dbname/ ${ tabname} _$( date + % F) . sql
done
done
8、检测MySQL主从复制是否异常
#! / bin/ bash
user= "root"
password= "123456"
mycmd= "mysql -u$user -p$password -h 192.168.100.20"
function chkdb ( ) {
list= ( $( $mycmd - e "show slave status \G" | egrep "Running|Behind" | awk - F: '{print $2}' ) )
if [ ${ list[ 0 ] } = "Yes" - a ${ list[ 1 ] } = "Yes" - a ${ list[ 2 ] } - lt 120 ]
then echo "Mysql slave is ok"
else echo "Mysql slave replation is filed"
fi
}
function main ( ) {
while true
do chkdb
sleep 3
done
}
main
9、mysql日志切割
#! / bin/ bash
logfile= / var/ log/ httpd/ access_log
pid= / run/ httpd/ httpd. pid
mv $logfile / opt/ access_$( date - d "yesterday" + "%Y-%m-%d" ) . log
kill - USR1 $( cat $pid)
size= `du - sh / opt| awk '{print $1}' | awk - F "M" '{print $1}' `
if [ $size - gt 1000 ]
then find / opt - type f - name access* - mtime + 30 - exec rm - f { } \;
fi
10、防DOS攻击-网络连接法
#! / bin/ bash
netstat - antup| grep SYN_RECV| awk '{print $5}' | awk - F: '{print $1}' | sort| uniq - c> / opt/ tmp
exec< / opt/ tmp
while read line
do
count= `echo $line| awk '{print $1}' `
ip= `echo $line | awk '{print $2}' `
if [ $count - gt 128 ]
then iptables - I INPUT - s $ip - j DROP
fi
done
11、入侵检测与邮件报警
#! / bin/ bash
webdir= / var/ www/ html
cd $webdir
md5sum - c -- quiet / opt/ sumfile. db & > / opt/ sum_err. log
if [ $? - ne 0 ]
then
echo "the file_sum is changed"
mail - s "sum_error" wcg@bw. com < / opt/ sum_err. log
else
echo "check file_sum is ok"
fi
find / var/ www/ html/ - type f > / opt/ countfile. db_sec
diff / opt/ countfile. db_* & > / opt/ count_err. log
if [ $( diff / opt/ countfile. db_* | wc - l) - gt 0 ]
then
echo "the file_count is changed"
mail - s "count_err" wcg@bw. com < / opt/ count_err. log
else
echo "check file_count is ok"
fi
12、企业微信报警
function sendmsg ( ) {
CorpID= "ww3c6298264d839e2f"
Secret= "YvyMQpMRIoXtdQRWo0RNkMBTZnHWKvBwC3ILkyuCsKQ"
agentid= 1000002
GURL= "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$CorpID&corpsecret=$Secret"
Gtoken= $( / usr/ bin/ curl - s - G $GURL| awk - F\" '{print $10}' )
#echo $Gtoken
PURL= "https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=$Gtoken"
Ip= $( ip a | grep ens33 | grep inet| awk - F "/" '{ print $1 }' | awk - F " " '{ print $2 }' )
/ usr/ bin/ curl -- data- ascii '{
"touser" : "@all" ,
"toparty" : "2" ,
"msgtype" : "text" ,
"agentid" : "1000002" ,
"text" : { "content" : "'" 警告: [ $msg] \n主机: [ `uname - n`] \n日期: [ $( date + % F- % T) ] \n地址: [ $Ip] "'" } ,
"safe" : "0"
} ' $PURL > / dev/ null 2 > & 1
}