#!/bin/bash
Extdir=`dirname $0`
cd $Extdir
cd ../..
Extdir=`pwd`
if [[ -n $RUN_ID ]]
then
RUN_ID=`echo $RUN_ID`
else
RUN_ID=Run_`date '+%Y%m%d%H%M%S'`
fi
function GeneratResult()
{
COMPARE_TYPE=$1
EXPECT_VALUE=$2
EXPECT_VALUE_MESSAGE=$3
ACTUAL_VALUE=$4
ACTUAL_VALUE_MESSAGE=$5
COMPARE_SYMBO=""
SCENARIO_RESULT=""
# 如果无标准,打印信息即可
if [[ -z `eval echo "$"${EXPECT_PARAMETER}` ]]
then
return;
fi
if [ "${COMPARE_TYPE}" = "great than" ]
then
COMPARE_SYMBO=-gt
elif [ "${COMPARE_TYPE}" = "equal" ]
then
COMPARE_SYMBO=" = "
elif [ "${COMPARE_TYPE}" = "less than" ]
then
COMPARE_SYMBO=-lt
elif [ "${COMPARE_TYPE}" = "great or equal" ]
then
COMPARE_SYMBO=-ge
elif [ "${COMPARE_TYPE}" = "less or equal" ]
then
COMPARE_SYMBO=-le
elif [ "${COMPARE_TYPE}" = "contain" ]
then
if [[ -z "$ACTUAL_VALUE" ]]
then
ACTUAL_VALUE=" "
else
ACTUAL_VALUE=`echo "${EXPECT_VALUE}"|grep "$ACTUAL_VALUE"|wc -l`
fi
COMPARE_SYMBO="="
EXPECT_VALUE=1
fi
if [ -z "$ACTUAL_VALUE" ]
then
echo $ACTUAL_VALUE
return;
fi
if [ -z "$EXPECT_VALUE" ]
then
echo $EXPECT_VALUE
return;
fi
if [ ${ACTUAL_VALUE} ${COMPARE_SYMBO} ${EXPECT_VALUE} ]
then
SCENARIO_RESULT="pass"
else
SCENARIO_RESULT="failed"
fi
if [ ! -d /export/home/sysm ]
then
mkdir -p /export/home/sysm
chmod -R 777 /export
fi
if [ ${SCENARIO_RESULT} = "failed" ]
then
printf '\033[40;31m'
else
printf '\033[40;32m'
fi
mkdir -p $Extdir/LogsInfo/results/${RUN_ID}
printf '%-8s|%-22s|%-54.31s|%-40.40s|%-40.40s| \n' "$PRIORITY_VALUE" "$SCENARIO_RESULT" "$SCENARIO_NAME" "${COMPARE_TYPE} ${EXPECT_VALUE_MESSAGE}" "${ACTUAL_VALUE_MESSAGE}" |tee -a $Extdir/LogsInfo/results/${RUN_ID}/Report_${RUN_ID}.result
#白色字体显示
printf '\033[0m'
}
function generatedetail()
{
log_pa=$Extdir/LogsInfo/results/${RUN_ID}/Report_${RUN_ID}.details
null_str=${2}
if [[ ! -z $null_str ]]
then
echo "============================================================================${2}===========================================================">> ${log_pa}
fi
echo "["`date`"]" ${1} >> ${log_pa}
}
###########################################################################################################################################################################
function port_info_look()
{
rm -rf $ExtDir/tmp/ExternalLog;rm -rf $ExtDir/tmp/MultLogs
netstat -tulpn >$ExtDir/tmp/ExternalLog
lsof -Pnl +M -i4 >$ExtDir/tmp/MultLogs
generatedetail "netstat -tulpn " "Command netstat -tulpn"
cat $ExtDir/tmp/ExternalLog|tee -a $log_pa >/dev/null 2>&1
generatedetail "lsof -Pnl +M -i4" "Command lsof -Pnl +M -i4"
cat $ExtDir/tmp/MultLogs|tee -a $log_pa >/dev/null 2>&1
rm -rf $ExtDir/tmp/ExternalLog;rm -rf $ExtDir/tmp/MultLogs
}
function ftp_check_login()
{
rm -rf $ExtDir/tmp/Check_ftp_user.log
ip=`ifconfig|grep 'inet addr:'|sed -n '1p'|cut -d: -f2|cut -d' ' -f1`
expect -c '
spawn ftp '$ip'
expect {
"*root):"
{
send "ftpuser\n"
expect "assword:" {send "'$decryptstr'\n"}
}
}
expect eof' >$ExtDir/tmp/Check_ftp_user.log
EXPECT_VALUE_value=`cat ${ExtDir}/tmp/Check_ftp_user.log|grep "230 Login successful"|cut -d"." -f1`
if [[ -z ${EXPECT_VALUE_value} ]]
then
EXPECT_VALUE_value="530 Login incorrect"
fi
ACTUAL_VALUE_value="230 Login successful"
PRIORITY_VALUE=low
SCENARIO_NAME="Check ftp login"
GeneratResult "contain" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}" "${EXPECT_VALUE_value}";
rm -rf $ExtDir/tmp/Check_ftp_user.log
}
function password_consistent_check()
{
if [ -f /opt/nastar/etc/conf/sysconfigure.xml ]
then
ACTUAL_VALUE_value=`cat /opt/nastar/etc/conf/sysconfigure.xml|grep "<param name=\"ftpPassword\" type=\"encrypt\">"|cut -d">" -f2|cut -d"<" -f1`
else
echo "/opt/nastar/etc/conf/sysconfigure.xml nonentity!"
fi
EXPECT_VALUE_value=`cat $Extdir/tmp/check_secret_ftppassword.log 2>&1|grep ftpPassword|cut -d"=" -f2`
PRIORITY_VALUE=low
SCENARIO_NAME="Passwd consistent check"
if [[ "${ACTUAL_VALUE_value}" == "${EXPECT_VALUE_value}" && "$decryptstr_str" == "${ACTUAL_VALUE_value}" ]]
then
EXPECT_VALUE_value="password correct parity"
ACTUAL_VALUE_value="password correct parity"
else
EXPECT_VALUE_value="password correct parity"
ACTUAL_VALUE_value="password Checksum is incorrect"
fi
rm -rf $Extdir/tmp/check_secret_ftppassword.log
GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
}
function Ftp_path_check_R10()
{
if [ -d /opt/nastar ]
then
EXPECT_VALUE_value=`cat /opt/nastar/uninstall/engineering/conf/config/ConfigExport.xml|grep "<param name=\"ftpFileDir\">"|cut -d">" -f2|cut -d"<" -f1`
ACTUAL_VALUE_value=`cat /opt/nastar/etc/conf/sysconfigure.xml|grep "<param name=\"ftpFileDir\">"|cut -d">" -f2|cut -d"<" -f1`
else
echo "please install nastar!"
fi
PRIORITY_VALUE=low
SCENARIO_NAME="Ftp path check"
GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
}
function Ftp_path_check_R9()
{
if [ -d /opt/Nastar ]
then
EXPECT_VALUE_value=`cat /opt/Nastar/uninstall/engineering/conf/config/ConfigExport.xml|grep "<param name=\"ftpFileDir\">"|cut -d">" -f2|cut -d"<" -f1`
ACTUAL_VALUE_value=`cat /opt/Nastar/etc/conf/sysconfigure.xml|grep "<param name=\"ftpFileDir\">"|cut -d">" -f2|cut -d"<" -f1`
else
echo "please install nastar!"
fi
PRIORITY_VALUE=low
SCENARIO_NAME="Ftp path check"
GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
}
function oracle_naspa_table_count()
{
PRIORITY_VALUE=high
SCENARIO_NAME="Check database table count"
EXPECT_VALUE_value=5000
rm -rf $ExtDir/tmp/NASPA_table_count.log
su - oracle -c "sqlplus -s / as sysdba << EOF
select count(*) from ALL_TABLES where owner='NASPA';
select count(*) from user_tables;
exit;
EOF" >$ExtDir/tmp/NASPA_table_count.log
ACTUAL_VALUE_value0=`cat $ExtDir/tmp/NASPA_table_count.log|sed -n '4'p`
ACTUAL_VALUE_value1=`cat $ExtDir/tmp/NASPA_table_count.log|sed -n '9'p`
ACTUAL_VALUE_value=`echo $(($ACTUAL_VALUE_value0+$ACTUAL_VALUE_value1))`
rm -rf $ExtDir/tmp/NASPA_table_count.log
GeneratResult "less or equal" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
}
function operation_system_reinforce()
{
PRIORITY_VALUE=low
SCENARIO_NAME="Security Hardening"
rm -rf $ExtDir/tmp/sek_log_test.log
sek -v >$ExtDir/tmp/sek_log_test.log 2>&1
ACTUAL_VALUE_value=`cat $ExtDir/tmp/sek_log_test.log`
ACTUAL_VALUE_value=`echo $ACTUAL_VALUE_value|cut -d":" -f4`
EXPECT_VALUE_value=SetSuSE
rm -rf $ExtDir/tmp/sek_log_test.log
GeneratResult "contain" "${ACTUAL_VALUE_value}" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}";
}
function data_audit()
{
rm -rf $ExtDir/tmp/AUD_logs.log
su - oracle -c "sqlplus -L -S / as sysdba <<EOF
--select * From sys.aud$;
--select di.table_name, di.index_name from dba_indexes di where di.table_name='AUD$';
select OWNER,SEGMENT_NAME,SEGMENT_TYPE,TABLESPACE_NAME,BYTES/1024/1024 MB from dba_segments where SEGMENT_TYPE='TABLE' and SEGMENT_NAME='AUD$';
select count(*) from sys.AUD$ ;
--noaudit connect;
--truncate table sys.AUD$;
quit;
EOF" >$ExtDir/tmp/AUD_logs.log
PRIORITY_VALUE=low
SCENARIO_NAME="Data audit AUD$ table"
audit_value=`cat $ExtDir/tmp/AUD_logs.log|sed -n '13'p|awk -F" " '{print $2}'|cut -d"." -f1`
if [[ -z $audit_value ]]
then
ACTUAL_VALUE_value=1
elif [[ $audit_value -eq 0 ]]
then
ACTUAL_VALUE_value=1
elif [[ $audit_value -gt 0 ]]
then
ACTUAL_VALUE_value=$audit_value
else
ACTUAL_VALUE_value=`cat $ExtDir/tmp/AUD_logs.log|sed -n '13'p|awk -F" " '{print $2}'`
fi
EXPECT_VALUE_value=1024
GeneratResult "less or equal" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
PRIORITY_VALUE=low
SCENARIO_NAME="Data audit dba_segments table"
ACTUAL_VALUE_value=`cat $ExtDir/tmp/AUD_logs.log|sed -n '19'p|awk -F" " '{print $1}'`
EXPECT_VALUE_value=1000000
GeneratResult "less or equal" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
PRIORITY_VALUE=low
SCENARIO_NAME="Noaudit succeeded"
ACTUAL_VALUE_value=`cat $ExtDir/tmp/AUD_logs.log|sed -n '22'p`
EXPECT_VALUE_value="Noaudit succeeded."
#GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
rm -rf $ExtDir/tmp/AUD_logs.log
}
function logrotate_conf()
{
PRIORITY_VALUE=low
SCENARIO_NAME="Rotate"
ACTUAL_VALUE_value=`cat /etc/logrotate.conf | grep rotate|sed -n '3'p|cut -d" " -f2`
EXPECT_VALUE_value=4
GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
PRIORITY_VALUE=low
SCENARIO_NAME="Weekly"
ACTUAL_VALUE_value=`cat /etc/logrotate.conf |grep weekly|sed -n '2'p`
if [ -z $ACTUAL_VALUE_value ]
then
ACTUAL_VALUE_value=null
fi
EXPECT_VALUE_value="weekly"
GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
PRIORITY_VALUE=low
SCENARIO_NAME="Vsftpd rotate"
ACTUAL_VALUE_value=`cat /etc/logrotate.d/vsftpd|sed -n '5'p|cut -d" " -f2`
EXPECT_VALUE_value="4"
GeneratResult "contain" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
}
function R11_MEM_check()
{
ACTUAL_VALUE_value=`free |sed -n '2'p|awk '{print $2}'`
EXPECT_VALUE_value=60000000
PRIORITY_VALUE=low
SCENARIO_NAME="Mem total check"
GeneratResult "great or equal" "${EXPECT_VALUE_value}" "${EXPECT_VALUE_value}" "${ACTUAL_VALUE_value}" "${ACTUAL_VALUE_value}";
}
######################################################main##############################################################################
if [[ ${TARGET_VERSION} = "NastarV600R010" || ${TARGET_VERSION} = "NastarV600R011" ]]
then
oracle_naspa_table_count
operation_system_reinforce
password_consistent_check
data_audit
logrotate_conf
Ftp_path_check_R10
fi
if [[ ${TARGET_VERSION} = "NastarV600R009" ]]
then
Ftp_path_check_R9
fi
ftp_check_login
port_info_look
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
