熟能生巧是老话,学习本身就是一种将别人东西拿过来自己能用的过程。能力有限,今天花费大概7个小时将此系统巡检脚本一一测试修正,内容注解均为自身学识认知之文,不敢苟才,希望能给有兴趣者一丁点帮助启发即可。
#监测内容介绍
# 1、 获取脚本最后更新时间
# 2、 检查系统整体信息
# 3、 检查CPU状态信息
# 4、 检查内存信息
# 5、 检查磁盘状态
# 6、 检查网络状态
# 7、 检查端口监听状态
# 8、 检查进程使用状态
# 9、 检查服务启动状态(自启动、运行中)
# 10、检查自定义开机启动程序
# 11、检查用户或终端登录情况
# 12、检查cronab定时任务
# 13、检查用户状态
# 14、检查密码状态
# 15、检查Sudo权限管理
# 16、检查JDK版本
# 17、检查firewalld服务状态
# 18、检查SSH服务状态
# 19、检查syslog服务状态
# 20、检查snmp服务状态
# 21、检查已安装软件包和安装时间
# 22、检查NTP服务状态
# 23、检查zabbix服务状态
# 24、巡检结果上传FTP
# 25、编排json格式输出日志
#!/bin/bash
###################################################################
# Description: Polling system status by script
# Arch: CentOS/RHEL 6/7
# user: Rui
# Last Update: 2020.04.04
# Version: 1.2
# Comment:Perform script testing, corrections and comments on the latest centos7 system for everyone to learn and communicate
# thanks for Ljohn's template!
###################################################################
###################################################################
#监测内容介绍
# 1、 获取脚本最后更新时间
# 2、 检查系统整体信息
# 3、 检查CPU状态信息
# 4、 检查内存信息
# 5、 检查磁盘状态
# 6、 检查网络状态
# 7、 检查端口监听状态
# 8、 检查进程使用状态
# 9、 检查服务启动状态(自启动、运行中)
# 10、检查自定义开机启动程序
# 11、检查用户或终端登录情况
# 12、检查cronab定时任务
# 13、检查用户状态
# 14、检查密码状态
# 15、检查Sudo权限管理
# 16、检查JDK版本
# 17、检查firewalld服务状态
# 18、检查SSH服务状态
# 19、检查syslog服务状态
# 20、检查snmp服务状态
# 21、检查已安装软件包和安装时间
# 22、检查NTP服务状态
# 23、检查zabbix服务状态
# 24、巡检结果上传FTP
# 25、编排json格式输出日志
###################################################################
# set path env,if not set will some command not found in crontab
# 设置环境变量,防止crontab执行报错
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
source /etc/profile
# run this script use root
# 获取uid大于0说明为非root用户,exit 1非正常运行导致退出程序;
[ $(id -u) -gt 0 ] && echo "please use root run the script! " && exit 1
# check system version
# NF相当于最后一词number of field,
OS_Version=$(awk '{print $(NF-4)"-"$(NF-1)}' /etc/redhat-release)
# declare script version date
# 记录脚本更新时间
Script_Version="2020.04.04"
# declare now date
# 记录系统时间
Date_Version=$date
# define polling log path
# 设置巡检结果存放位置及命名
# card获取网口,ipaddr利用sed去除行首空格cut根据空格选择第二词获取ip地址
LOGPATH=/var/log/polling
card=$(ip addr |grep inet |egrep -v "inet6|127.0.0.1" | awk '{print $NF}'| sed -n 1p)
ipaddr=$(ifconfig $card | head -2 | tail -1 |sed -e 's/^[ ]*//g' | cut -d' ' -f2)
[ -d $LOGPATH ] || mkdir -p $LOGPATH
RESULTFILE="$LOGPATH/HostDailyCheck-$ipaddr-`hostname`-`date +%Y%m%d`.txt"
# define globle variable
# 定义全局变量
# 通过report information模块将变量赋值,以供二次调用,体现复用精神
report_DateTime="" #日期 ok
report_Hostname="" #主机名 ok
report_OSRelease="" #发行版本 ok
report_Kernel="" #内核 ok
report_Language="" #语言/编码 ok
report_LastReboot="" #最近启动时间 ok
report_Uptime="" #运行时间(天) ok
report_CPUs="" #CPU数量 ok
report_CPUType="" #CPU类型 ok
report_Arch="" #CPU架构 ok
report_MemTotal="" #内存总容量(MB) ok
report_MemFree="" #内存剩余(MB) ok
report_MemUsedPercent="" #内存使用率% ok
report_DiskTotal="" #硬盘总容量(GB) ok
report_DiskFree="" #硬盘剩余(GB) ok
report_DiskUsedPercent="" #硬盘使用率% ok
report_DefunctProsess="" #僵尸进程
report_InodeTotal="" #Inode总量 ok
report_InodeFree="" #Inode剩余 ok
report_InodeUsedPercent="" #Inode使用率 ok
report_IP="" #IP地址 ok
report_NESTMASK="" #子网掩码 ok
report_MAC="" #MAC地址 ok
report_Gateway="" #默认网关 ok
report_DNS="" #DNS ok
report_Listen="" #监听 ok
report_Selinux="" #Selinux ok
report_Firewall="" #防火墙 ok
report_USERs="" #用户 ok
report_USEREmptyPassword="" #空密码用户 ok
report_USERTheSameUID="" #相同ID的用户 ok
report_PasswordExpiry="" #密码过期(天) ok
report_RootUser="" #root用户 ok
report_Sudoers="" #sudo授权 ok
report_SSHAuthorized="" #SSH信任主机 ok
report_SSHDProtocolVersion="" #SSH协议版本 ok
report_SSHDPermitRootLogin="" #允许root远程登录 ok
report_DefunctProsess="" #僵尸进程数量 ok
report_SelfInitiatedService="" #自启动服务数量 ok
report_SelfInitiatedProgram="" #自启动程序数量 ok
report_RuningService="" #运行中服务数 ok
report_Crontab="" #计划任务数 ok
report_Syslog="" #日志服务 ok
report_SNMP="" #SNMP OK
report_NTP="" #NTP ok
report_JDK="" #JDK版本 ok
# 编写获取服务状态工具类方法
# 供之后方法直接调用
function getState(){
if [[ $OS_Version < 7 ]];then
if [ -e "/etc/init.d/$1" ];then
if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在运行" | wc -l` -ge 1 ];then
r="active"
else
r="inactive"
fi
else
r="unknown"
fi
else
#CentOS 7+
r="$(systemctl is-active $1 2>&1)"
fi
echo "$r"
}
# 1、获取脚本最后更新时间
function version(){
echo ""
echo "System Polling:Version $Script_Version "
echo ""
}
# 2、检查系统整体信息
# centos7不存在/etc/sysconfig/i18n文件,变更为/etc/locale.conf
function getSystemStatus(){
echo ""
echo "############################ Check System Status ############################"
if [ -e /etc/sysconfig/i18n ];then
default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')"
else
default_LANG="$(sudo cat /etc/locale.conf | awk -F '"' '{print $2}')"
fi
export LANG="en_US.UTF-8"
Release=$(cat /etc/redhat-release 2>/dev/null)
Kernel=$(uname -r)
OS=$(uname -o)
Hostname=$(uname -n)
SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}')
LastReboot=$(who -b | awk '{print $3,$4}')
# uptime=$(uptime | sed 's/.*up [,]*, .*/\1/')
uptime=$(awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60} {printf("%d days, %d hour %d min\n",a,b,c)}' /proc/uptime)
echo " 系统:$OS"
echo " 发行版本:$Release"
echo " 内核:$Kernel"
echo " 主机名:$Hostname"
echo " SELinux:$SELinux"
echo "语言/编码:$default_LANG"
echo " 当前时间:$(date +'%F %T')"
echo " 最后启动:$LastReboot"
echo " 运行时间:$uptime"
# report information
report_DateTime=$(date +"%F %T") #日期
report_Hostname="$Hostname" #主机名
report_OSRelease="$Release" #发行版本
report_Kernel="$Kernel" #内核
report_Language="$default_LANG" #语言/编码
report_LastReboot="$LastReboot" #最近启动时间
report_Uptime="$uptime" #运行时间(天)
report_Selinux="$SELinux"
export LANG="$default_LANG"
echo ""
}
# 3、检查CPU状态信息
# sort默认升序排序,uniq忽略大小写,wc -l仅列出行
function getCpuStatus(){
echo ""
echo "############################ Check CPU Status#############################"
Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l)
Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l)
CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}')
CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq)
CPU_Arch=$(uname -m)
echo "物理CPU个数:$Physical_CPUs"
echo "逻辑CPU个数:$Virt_CPUs"
echo "每CPU核心数:$CPU_Kernels"
echo " CPU型号:$CPU_Type"
echo " CPU架构:$CPU_Arch"
# report information
report_CPUs=$Virt_CPUs # CPU数量
report_CPUType=$CPU_Type # CPU类型
report_Arch=$CPU_Arch # CPU架构
}
# 4、检查内存信息
# http://linuxperf.com/?p=142
function getMemStatus(){
echo ""
echo "############################ Check Memmory Usage ###########################"
MemTotal=$(awk '/MemTotal/ {print $2}' /proc/meminfo) # 基本理解为总内存(除bios、kernel)
MemFree=$(awk '/MemFree/ {print $2}' /proc/meminfo) # 系统尚未使用的内存
Buffers=$(awk '/^Buffers:/ {print $2}' /proc/meminfo) # 块设备占用缓存页
Cached=$(awk '/^Cached:/ {print $2}' /proc/meminfo) # 普通文件所占用的缓存页
FreeMem=$(($MemFree/1024+$Buffers/1024+$Cached/1024))
UsedMem=$(($MemTotal/1024-$FreeMem))
if [[ "$OS_Version | awk -F "-" '{print$2}'" < 7 ]];then
free -mo
echo "Total memory is $(($MemTotal/1024)) MB"
echo "Free memory is ${FreeMem} MB"
echo "Used memory is ${UsedMem} MB"
else
free -h
echo "Total memory is $(($MemTotal/1024)) MB"
echo "Free memory is ${FreeMem} MB"
echo "Used memory is ${UsedMem} MB"
fi
# report information
let MemUsed=MemTotal-MemFree
MemPercent=$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf \"%.2f\",$MemUsed*100/$MemTotal}}")
report_MemTotal="$((MemTotal/1024))""MB" #内存总容量(MB)
report_MemFree="$((MemFree/1024))""MB" #内存剩余(MB)
report_MemUsedPercent="$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf \"%.2f\",$MemUsed*100/$MemTotal}}")""%" #内存使用率%
}
# 5、检查磁盘状态
# df -h是查看磁盘容量的使用情况。
# df -i是inode包含的信息:文件的字节数,拥有者id,组id,权限,改动时间,链接数,数据block的位置。相反是不表示文件大小。
# df -h清理删除比较大无用的文件-----------大文件占用大量的磁盘容量。
# df -i清理删除数量过多的小文件-----------过多的文件占用了大量的inode号。
function getDiskStatus(){
echo ""
echo "############################ Check Disk Status ############################"
df -hiP | sed 's/Mounted on/Mounted/' > /tmp/inode
df -hTP | sed 's/Mounted on/Mounted/' > /tmp/disk
join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t
# report information
diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB
disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB
diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB
diskfree=$((disktotal-diskused)) #KB
diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}')
inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}')
inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}')
inodefree=$((inodetotal-inodeused))
inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
report_DiskTotal=$((disktotal/1024/1024))"GB" #硬盘总容量(GB)
report_DiskFree=$((diskfree/1024/1024))"GB" #硬盘剩余(GB)
report_DiskUsedPercent="$diskusedpercent""%" #硬盘使用率%
report_InodeTotal=$((inodetotal/1000))"K" #Inode总量
report_InodeFree=$((inodefree/1000))"K" #Inode剩余
report_InodeUsedPercent="$inodeusedpercent""%" #Inode使用率%
echo ""
}
# 6、检查网络状态
function getNetworkStatus(){
echo ""
echo "############################ Check Network ############################"
DEVICE=$(ip addr |grep inet |egrep -v "inet6|127.0.0.1" | awk '{print $NF}')
IP=$(ip addr |grep inet |egrep -v "inet6|127.0.0.1" |awk '{print $2}' |awk -F "/" '{print $1}'|tr '\n' ',' | sed 's/,$//')
# 这个是判断多网卡情况,如果不知一列,for循环依次列出
if [[ `ip addr |grep inet |egrep -v "inet6|127.0.0.1" |awk '{print $2}' |awk -F "/" '{print $1}'|wc -l` < 2 ]];then
MAC=$(cat /sys/class/net/$DEVICE/address)
echo " MAC: $MAC"
else
for ips in $DEVICE;
do
MAC=$(cat /sys/class/net/$ips/address)
echo " MAC: $MAC";
done
fi
NETMASK=$(ifconfig | grep $IP | awk -F "netmask" '{print$2}'| awk -F " " '{print$1}')
GATEWAY=$(ip route | grep default | awk '{print $3}')
DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr '\n' ',' | sed 's/,$//')
echo " IP: $IP"
echo "NETMASK: $NETMASK"
echo "Gateway: $GATEWAY"
echo " DNS: $DNS"
# report information
report_IP="$IP" #IP地址
report_NETMASK="$NETMASK" #子网掩码
report_MAC=$MAC #MAC地址
report_Gateway="$GATEWAY" #默认网关
report_DNS="$DNS" #DNS
}
# 7、检查端口监听状态
# column以表格形式展示更加规范清晰
# local address表示本地IP地址,foreign address表示远程IP地址。
# LISTEN为侦听状态,等待远程机器的连接请求。
# ESTABLISHED为完成TCP三次握手后,主动连接端进入ESTABLISHED状态。此时,TCP连接已经建立,可以进行通信。
function getListenStatus(){
echo ""
echo "############################ Check Connect Status ############################"
TCPListen=$(netstat -ntulp | column -t)
AllConnect=$(netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}')
echo "$TCPListen"
echo "$AllConnect"
# report information
# sed '1d'删除第一行,获取远程ip访问端口的数量
report_Listen="$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)"
}
# 8、检查进程使用状态
# 先判断僵尸进程,利用ps排行内存占用,利用top排行资源占用
function getProcessStatus(){
echo ""
echo "############################ Process Check ############################"
#判断是否存在僵尸进程,也可以用ps -A | grep defunct
if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
echo ""
echo "zombie process";
echo "--------"
ps -ef | head -n1
ps -ef | grep defunct | grep -v grep
fi
echo ""
echo "Merory Usage TOP10"
echo "-------------"
# 列出相关信息,sort按照第三列数值排序,head提取占用内存前十
echo -e "PID %MEM RSS COMMAND
$(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t
echo ""
echo "CPU Usage TOP10"
echo "------------"
top b -n1 | head -17 | tail -11
# report information
report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"
}
# 9、检查系统服务启动状态(自启动、运行中)
function getServiceStatus(){
echo ""
echo "############################ Check Service Status ############################"
# 根据系统版本不同进行判断,对应命令有所区别
# list-unit-files列出所有启动文件,--no-pager直接输出所有结果,不分页
if [[ "$OS_Version | awk -F "-" '{print$2}'" > 7 ]];then
conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled")
process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service")
# report information
report_SelfInitiatedService="$(echo "$conf" | wc -l)" #系统自启动服务数量
report_RuningService="$(echo "$process" | wc -l)" #系统运行中服务数量
else
conf=$(/sbin/chkconfig --list| grep -E ":on|:启用")
process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行")
# report information
report_SelfInitiatedService="$(echo "$conf" | wc -l)" #系统自启动服务数量
report_RuningService="$(echo "$process" | wc -l)" #系统运行中服务数量
fi
echo "Service Configure"
echo "--------------------------------"
echo "$conf" | column -t
echo ""
echo "The Running Services"
echo "--------------------------------"
echo "$process"
}
# 10、检查自定义开机启动程序
# rc.local 是在操作系统启动的时候就有效的。
function getAutoStartStatus(){
echo ""
echo "############################ Check Self-starting Services ##########################"
conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d')
echo "$conf"
# report information
report_SelfInitiatedProgram="$(echo $conf | wc -l)" #自定义开机启动程序数量
}
# 11、检查用户或终端登录情况
# last作用是显示近期用户或终端的登录情况,pts表示伪终端
function getLoginStatus(){
echo ""
echo "############################ Check Login In ############################"
last | head
}
# 12、检查cronab定时任务
# /etc/cron*下面几个定时任务是创建用户时系统自动创建的
function getCronStatus(){
echo ""
echo "############################ Check Crontab ########################"
Crontab=0
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(grep "$shell" /etc/passwd | awk -F: '{print $1}');do
crontab -l -u $user >/dev/null 2>&1
status=$?
if [ $status -eq 0 ];then
echo "$user"
echo "-------------"
crontab -l -u $user
let Crontab=Crontab+$(crontab -l -u $user | wc -l)
echo ""
fi
done
done
# scheduled task
find /etc/cron* -type f | xargs -i ls -l {} | column -t
let Crontab=Crontab+$(find /etc/cron* -type f | wc -l)
# report information
report_Crontab="$Crontab" #计划任务数
}
# 13、检查用户状态
# 获取用户最近一次登录的时间,含年份
function getUserLastLogin(){
# 获取用户最近一次登录的时间,含年份
# 很遗憾last命令不支持显示年份,只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录,我
# 们只能用最笨的方法了,对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户
# 登录次数,如果登录统计次数有变化,则说明最近一次登录是今年。
username=$1
: ${username:="`whoami`"}
thisYear=$(date +%Y)
oldesYear=$(last | tail -n1 | awk '{print $NF}')
while(( $thisYear >= $oldesYear));do
loginBeforeToday=$(last $username | grep $username | wc -l)
loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)
if [ $loginBeforeToday -eq 0 ];then
echo "Never Login"
break
elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then
lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"%s ",$i}')" $thisYear" #格式如: Sat Nov 2 20:33 2015
lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime")
echo "$lastDateTime"
break
else
thisYear=$((thisYear-1))
fi
done
}
# 显示用户状态方法
function getUserStatus(){
echo ""
echo "############################ Check User ############################"
pwdfile="$(cat /etc/passwd)"
Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}')
echo ""
echo "A privileged user"
echo "-----------------"
RootUser="超级用户:"
# 截取passwd文件用户名一列,判断uid是否为0,为0为root特权用户(privileged user)
for user in $(echo "$pwdfile" | awk -F: '{print $1}');do
if [ $(id -u $user) -eq 0 ];then
echo "$user"
RootUser="$RootUser,$user"
fi
done
echo ""
echo "User List"
echo "--------"
USERs=0
echo "$(
echo "UserName UID GID HOME SHELL LasttimeLogin"
for shell in $(grep -v "/sbin/nologin" /etc/shells);do # 首先获取系统上合法的shell
for username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do # 获取哪些用户合法使用shell
userLastLogin="$(getUserLastLogin $username)" # 利用getUserLastLogin方法获取用户最后登陆shell时间
done
let USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l)
done
)" | column -t
echo ""
echo "Null Password User"
echo "------------------"
USEREmptyPassword=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
r=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user)
if [ ! -z $r ];then
echo $r
USEREmptyPassword="$USEREmptyPassword,"$r
fi
done
done
echo ""
echo "The Same UID User"
echo "----------------"
USERTheSameUID=""
UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}')
for uid in $UIDs;do
echo -n "$uid";
USERTheSameUID="$uid"
r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)
echo "$r"
echo ""
USERTheSameUID="$USERTheSameUID $r,"
done
# report information
report_USERs="$USERs" #用户
report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//')
report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//')
report_RootUser=$(echo $RootUser | sed 's/^,//') #特权用户
}
# 14、检查密码状态
# 通过执行/usr/bin/chage截取密码过期,/etc/login.defs配置密码策略
function getPasswordStatus {
echo ""
echo "############################ Check Password Status ############################"
pwdfile="$(cat /etc/passwd)"
echo ""
# 密码过期检查
echo "Password Expiration Check"
echo "-------------------------"
result=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do # 获取系统合规shell
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do # 获取登陆用户
get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2) # 可执行文件
if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then
printf "%-15s never expiration\n" $user
result="$result,$user:never"
else
password_expiry_date=$(date -d "$get_expiry_date" "+%s")
current_date=$(date "+%s")
diff=$(($password_expiry_date-$current_date))
let DAYS=$(($diff/(60*60*24)))
printf "%-15s %s expiration after days\n" $user $DAYS
result="$result,$user:$DAYS days"
fi
done
done
report_PasswordExpiry=$(echo $result | sed 's/^,//')
echo ""
# 密码策略检查
echo "Check The Password Policy"
echo "------------"
grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"
echo ""
}
# 15、检查Sudo权限管理
# root ALL=(ALL) ALL允许root用户执行任意路径下的任意命令
# %wheel ALL=(ALL) ALL允许wheel用户组中的用户执行所有命令
# wheel用户组相当于一个管理员组,开启后组外用户无法通过su切换root执行操作,默认该选项关闭,
# 所以我们感觉不到此权限限制,建议开启sudo权限管理。
function getSudoersStatus(){
echo ""
echo "############################ Sudoers Check #########################"
conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')
echo "$conf"
echo ""
# report information
report_Sudoers="$(echo $conf | wc -l)"
}
# 16、检查JDK版本
function getJDKStatus(){
echo ""
echo "############################ JDK Check #############################"
java -version 2>/dev/null
if [ $? -eq 0 ];then
java -version 2>&1
fi
echo "JAVA_HOME=\"$JAVA_HOME\"" # 没有则显示JAVA_HOME=""
# report information
report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"
}
# 17、检查firewalld服务状态
# 系统版本不同命令有所区别
function getFirewallStatus(){
echo ""
echo "############################ Firewall Check ##########################"
# Firewall Status/Poilcy
if [[ $OS_Version < 7 ]];then
/etc/init.d/iptables status >/dev/null 2>&1
status=$?
if [ $status -eq 0 ];then
s="active"
elif [ $status -eq 3 ];then
s="inactive"
elif [ $status -eq 4 ];then
s="permission denied"
else
s="unknown"
fi
else
s="$(systemctl status firewalld | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
fi
ss="$(systemctl status firewalld)"
echo "iptables: $s"
echo ""
echo "-----------------------"
echo "show firewalld status"
echo $ss
# report information
report_Firewall="$s"
}
# 18、检查SSH服务状态
function getSSHStatus(){
#SSHD Service Status,Configure
echo ""
echo "############################ SSH Check #############################"
# Check the trusted host
pwdfile="$(cat /etc/passwd)"
# getState命令没用过,不太清楚
# getState原来是直接下面定义的方法,由于每个方法单独验证导致认识不全面
# echo "Service Status:$(getState sshd)"
echo "Service Status:$(systemctl status sshd | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
#echo "SSH Protocol Version:$(ssh -V)"
#Protocol_Version=$(ssh -V)
echo ""
echo "Trusted Host"
echo "------------"
authorized=0
for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do
authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}')
authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr '\n' ',' | sed 's/,$//')
if [ ! -z $authorized_host ];then
echo "$user authorization \"$authorized_host\" Password-less access"
fi
let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l)
done
echo ""
echo "Whether to allow ROOT remote login"
echo "----------------------------------"
config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin) # 限定root用户通过ssh的登录方式
firstChar=${config:0:1} # 切割结果用来判断是否为#注释开头,yes或者注释都默认允许
if [ $firstChar == "#" ];then
PermitRootLogin="yes" #The default is to allow ROOT remote login
else
PermitRootLogin=$(echo $config | awk '{print $2}')
fi
echo "PermitRootLogin $PermitRootLogin"
echo ""
echo "/etc/ssh/sshd_config"
echo "--------------------"
cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d'
# report information
report_SSHAuthorized="$authorized" #SSH信任主机
report_SSHDProtocolVersion="$Protocol_Version" #SSH协议版本
report_SSHDPermitRootLogin="$PermitRootLogin" #允许root远程登录
}
# 19、检查syslog服务状态
function getSyslogStatus(){
echo ""
echo "############################ Syslog Check ##########################"
# echo "Service Status:$(getState rsyslog)"
echo "Service Status:$(systemctl status rsyslog | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
echo ""
echo "/etc/rsyslog.conf"
echo "-----------------"
cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\\$" | sed '/^$/d' | column -t
# report information
report_Syslog="$(getState rsyslog)"
# report_Syslog="$(systemctl status rsyslog | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
}
# 20、检查snmp服务状态
# 老套路了,先通过getState方法或者systemctl获取运行状态,然后获取配置文件
function getSNMPStatus(){
#SNMP Service Status,Configure
echo ""
echo "############################ SNMP Check ############################"
status="$(getState snmpd)"
echo "Service Status:$status"
echo ""
if [ -e /etc/snmp/snmpd.conf ];then
echo "/etc/snmp/snmpd.conf"
echo "--------------------"
cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
# report information
report_SNMP="$(getState snmpd)"
}
# 21、检查已安装软件包和安装时间
function getInstalledStatus(){
echo ""
echo "############################ Software Check ############################"
rpm -qa --last | head | column -t
}
# 22、检查NTP服务状态
function getNTPStatus(){
# The NTP service status, the current time, configuration, etc
echo ""
echo "############################ NTP Check #############################"
if [ -e /etc/ntp.conf ];then
echo "Service Status:$(getState ntpd)"
echo ""
echo "/etc/ntp.conf"
echo "-------------"
cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
# report information
report_NTP="$(getState ntpd)"
}
# 23、检查zabbix服务状态
function getZabbixStatus(){
# Check Zabbix Serivce Status
echo ""
echo "######################### Zabbix Check ##############################"
netstat -nltp | grep -v grep | grep zabbix > /dev/null 2>&1
if [ $? -eq 0 ];then
echo "Service Status": Zabbix is running!
else
echo "Service Status": Zabbix not running!
fi
# report information
}
# 24、巡检结果上传FTP
# Upload the result file #上传检查结果的文件,更改ftp相关信息即可
#function upload_result(){
# echo ""
# echo "############################ FTP Upload #############################"
#
# updir=/var/log/polling
# upfile=HostDailyCheck-$ipaddr-`hostname`-`date +%Y%m%d`.txt
# todir=/jishu/liujian/polling
#ip=192.168.1.99
# user=ljohn1
# password=ljohn
# ftp -nv $ip <<EOF
# user $user $password
# type binary
# passive
# cd $todir
# lcd $updir
# prompt
# put $upfile
# quit
#EOF
#}
# 25、编排json格式上传系统每日巡检
# 根据实际情况判断
function uploadHostDailyCheckReport(){
json="{
\"DateTime\":\"$report_DateTime\",
\"Hostname\":\"$report_Hostname\",
\"OSRelease\":\"$report_OSRelease\",
\"Kernel\":\"$report_Kernel\",
\"Language\":\"$report_Language\",
\"LastReboot\":\"$report_LastReboot\",
\"Uptime\":\"$report_Uptime\",
\"CPUs\":\"$report_CPUs\",
\"CPUType\":\"$report_CPUType\",
\"Arch\":\"$report_Arch\",
\"MemTotal\":\"$report_MemTotal\",
\"MemFree\":\"$report_MemFree\",
\"MemUsedPercent\":\"$report_MemUsedPercent\",
\"DiskTotal\":\"$report_DiskTotal\",
\"DiskFree\":\"$report_DiskFree\",
\"DiskUsedPercent\":\"$report_DiskUsedPercent\",
\"InodeTotal\":\"$report_InodeTotal\",
\"InodeFree\":\"$report_InodeFree\",
\"InodeUsedPercent\":\"$report_InodeUsedPercent\",
\"IP\":\"$report_IP\",
\"MAC\":\"$report_MAC\",
\"Gateway\":\"$report_Gateway\",
\"DNS\":\"$report_DNS\",
\"Listen\":\"$report_Listen\",
\"Selinux\":\"$report_Selinux\",
\"Firewall\":\"$report_Firewall\",
\"USERs\":\"$report_USERs\",
\"USEREmptyPassword\":\"$report_USEREmptyPassword\",
\"USERTheSameUID\":\"$report_USERTheSameUID\",
\"PasswordExpiry\":\"$report_PasswordExpiry\",
\"RootUser\":\"$report_RootUser\",
\"Sudoers\":\"$report_Sudoers\",
\"SSHAuthorized\":\"$report_SSHAuthorized\",
\"SSHDProtocolVersion\":\"$report_SSHDProtocolVersion\",
\"SSHDPermitRootLogin\":\"$report_SSHDPermitRootLogin\",
\"DefunctProsess\":\"$report_DefunctProsess\",
\"SelfInitiatedService\":\"$report_SelfInitiatedService\",
\"SelfInitiatedProgram\":\"$report_SelfInitiatedProgram\",
\"RuningService\":\"$report_RuningService\",
\"Crontab\":\"$report_Crontab\",
\"Syslog\":\"$report_Syslog\",
\"SNMP\":\"$report_SNMP\",
\"NTP\":\"$report_NTP\",
\"JDK\":\"$report_JDK\"
}"
#echo "$json"
curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null
}
# 将所有方法模块统一编排
# 自定义执行顺序
function check(){
version
getSystemStatus
getCpuStatus
getMemStatus
getDiskStatus
getNetworkStatus
getListenStatus
getProcessStatus
getServiceStatus
getAutoStartStatus
getLoginStatus
getCronStatus
getUserStatus
getPasswordStatus
getSudoersStatus
getJDKStatus
getFirewallStatus
getSSHStatus
getSyslogStatus
getSNMPStatus
getNTPStatus
getZabbixStatus
getInstalledStatus
#upload_result
#uploadHostDailyCheckReport
}
# 执行巡检脚本并保存检查结果
# RESULTFILE为脚本一开始定义的保存位置
# Perform inspections and save the inspection results
check > $RESULTFILE
echo "Check the result:$RESULTFILE"
# 编写定时清理巡检日志方法
# Clearlog in /var/log/polling
# 可根据日志命名时间判断
# 暂时没必要写