此工具具有如下功能:
(一)用户管理
1、修改root密码
2、删除用户帐号
3、添加用户帐号
(二)服务管理
1、开启服务
2、关闭服务
(三)防火墙/ssh认证管理
1、关闭默认防火墙,开启自定防火墙脚本(自定义脚本分为:公司环境下,以及互联网环境下)
2、修改ssh认证配置文件(采用publickey认证登录)
(四)自动设置
1、自动添加"互联网环境下"的防火墙
2、采用publickey认证登录
(五)重启功能
所有这些功能都是以函数块做的,大家可以根据自己的需求做出相应的调整以适应自己公司的需求.
开发os:centos5.2
脚本:shell
功能已经基本测试OK,不过。还需要其他朋友挖Bug...
贴些图让大家更直观点:
AutoSetSystem.sh
#!/bin/bash
#########################################################################
#
# File: autosetsystem.sh
# Description:
# Language: GNU Bourne-Again SHell
# Version: 1.1
# Date: 2010-9-6
# WWW: http://5ydycm.blog.51cto.com/
###############################################################################
zzj_key='zzjkey'
general_iptable_content="/sbin/iptables -F\n/sbin/depmod -a\n/sbin/modprobe ip_tables\n/sbin/modprobe ip_conntrack\n/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n/sbin/iptables -A INPUT -i lo -j ACCEPT\n/sbin/iptables -P INPUT DROP"
public_ip="ip1 ip2 ip3"
private_ip="ip1 ip2 ip3 ip4"
MainMenu()
{
clear
echo
echo "-------------------------------------------------------------------------"
tput cup 2
time=`date +"%Y-%m-%d"`
echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
echo
tput cup 3
echo "-------------------------------------------------------------------------"
tput cup 4 20
echo -e "1:Manage User;"
tput cup 5 20
echo -e "2:Manage Services;"
tput cup 6 20
echo -e "3:Manage Firewall/SSH;"
tput cup 7 20
tput bold
echo -e "4:AutoSet;"
tput sgr0
tput cup 8 20
echo -e "5:Reboot;"
tput cup 9 20
echo -e "6:Quit;"
tput cup 10
echo "--------------------------------------------------------------------------"
echo -n "You choice [1,2,3,4,5,6]:"
read AA
case $AA in
1)
ManageUser
;;
2)
ManageServices
;;
3)
ManageFirewall
;;
4)
AutoSet
;;
5)
echo -n "Are you sure reboot system[y|n]?"
read answer
if [ $answer == "y" ];then
shutdown -r now
exit 0
else
echo -n "You forego reboot system!"
sleep 2
fi
;;
*)
Quit
;;
esac
}
AutoSet(){
EnableOutFirewall
echo -e "\n"
PublickeyAuthenticate
}
AddUser(){
echo -n "Please input add user name:"
read username
(awk -F':' '{print $1}' /etc/passwd|grep ^$username$) && (echo "Add user faild because user exists!"&&sleep 2)||(useradd $username&&passwd $username&&sleep 2)}
DeleteUser(){
echo -n "Please input delete user name:"
read username
echo -n "Are you sure delete $username[y|n]?"
read answer
if [ $answer == "y" ];then
(awk -F':' '{print $1}' /etc/passwd|grep ^$username$)&&(userdel $username&&echo "user delete sucessfull!"&&sleep 2)||(echo "Delete user faild because user account not exists!"&&sleep 2)
else
echo -n "You forego delete $username account!"
sleep 2
fi
}
ModifyRootpwd(){
echo -n "Are you sure modify root password[y|n]?"
read answer
if [ $answer == "y" ];then
passwd root
sleep 2
else
echo -n "You forego modify root password!"
sleep 2
fi
}
ViewUser(){
more /etc/passwd
tput bold
echo "Wait 8 sec!"
sleep 8
tput sgr0
}
ManageUserMenu(){
clear
echo
echo "-------------------------------------------------------------------------"
tput cup 2
time=`date +"%Y-%m-%d"`
echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
echo
tput cup 3
echo "-------------------------------------------------------------------------"
tput cup 4 20
echo -e "1:Add User;"
tput cup 5 20
echo -e "2:Delete User;"
tput cup 6 20
echo -e "3:Modify root password;"
tput cup 7 20
echo -e "4:View User;"
tput cup 8 20
echo -e "5:Quit;"
tput cup 9
echo "--------------------------------------------------------------------------"
echo -n "You choice [1,2,3,4,5]:"
read BB
case $BB in
1)
AddUser
;;
2)
DeleteUser
;;
3)
ModifyRootpwd
;;
4)
ViewUser
;;
*)
echo "Quit"
break
;;
esac
}
EnableServices(){
echo -n "Please input enable service name:"
read servicename
echo -n "Are you sure enable $servicename[y|n]?"
read answer
if [ $answer == "y" ];then
(chkconfig --list|awk '{print $1}'|grep ^$servicename$)&&(chkconfig --level 345 $servicename on&&echo "service enable sucessfull!"&&sleep 2)||(echo "service enable faild because service not exists!"&&sleep 2)
else
echo -n "You forego enable $servicename!"
sleep 2
fi
}
DisableServices(){
echo -n "Please input disable service name:"
read servicename
echo -n "Are you sure disable $servicename[y|n]?"
read answer
if [ $answer == "y" ];then
(chkconfig --list|awk '{print $1}'|grep ^$servicename$)&&(chkconfig --level 345 $servicename off&&echo "service diable sucessfull!"&&sleep 2)||(echo "service disable faild because service not exists!"&&sleep 2)
else
echo -n "You forego disable $servicename!"
sleep 2
fi
}
ViewServices(){
chkconfig --list
tput bold
echo "Wait 8 sec!"
sleep 8
tput sgr0
}
ManageServicesMenu(){
clear
echo
echo "-------------------------------------------------------------------------"
tput cup 2
time=`date +"%Y-%m-%d"`
echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
echo
tput cup 3
echo "-------------------------------------------------------------------------"
tput cup 4 20
echo -e "1:Enable Services;"
tput cup 5 20
echo -e "2:Disable Services;"
tput cup 6 20
echo -e "3:View Services;"
tput cup 7 20
echo -e "4:Quit;"
tput cup 8
echo "--------------------------------------------------------------------------"
echo -n "You choice [1,2,3,4]:"
read CC
case $CC in
1)
EnableServices
;;
2)
DisableServices
;;
3)
ViewServices
;;
*)
echo "Quit"
break
;;
esac
}
EnableCompanyFirewall(){
echo -n "Are you sure enable firewall[y|n]?"
read answer
if [ $answer == "y" ];then
if [ ! -d /scripts ];then
mkdir /scripts
fi
echo -e $general_iptable_content >/scripts/start_firewall.sh
for ip in $private_ip
do
echo "/sbin/iptables -A INPUT -s $ip -p tcp --dport 22 -j ACCEPT" >>/scripts/start_firewall.sh
done
echo "sh /scripts/start_firewall.sh" >>/etc/rc.local
chmod +x /scripts/start_firewall.sh
sh /scripts/start_firewall.sh
echo "Enable Firewall sucessful!"
sleep 3
else
echo -n "You forego enable firewall!"
sleep 2
fi
}
EnableOutFirewall(){
echo -n "Are you sure enable firewall[y|n]?"
read answer
if [ $answer == "y" ];then
if [ ! -d /scripts ];then
mkdir /scripts
fi
echo -e $general_iptable_content >/scripts/start_firewall.sh
for ip in $public_ip
do
echo "/sbin/iptables -A INPUT -s $ip -p tcp --dport 22 -j ACCEPT" >>/scripts/start_firewall.sh
done
echo "sh /scripts/start_firewall.sh" >>/etc/rc.local
chmod +x /scripts/start_firewall.sh
sh /scripts/start_firewall.sh
echo "Enable Firewall sucessful!"
sleep 3
else
echo -n "You forego enable firewall!"
sleep 2
fi
}
FirewallEnvMenu(){
clear
echo
echo "-------------------------------------------------------------------------"
tput cup 2
time=`date +"%Y-%m-%d"`
echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
echo
tput cup 3
echo "-------------------------------------------------------------------------"
tput cup 4 20
echo -e "1:Enable Company Env Firewall;"
tput cup 5 20
echo -e "2:Enable Out Env Firewall;"
tput cup 6 20
echo -e "3:Quit;"
tput cup 7
echo "--------------------------------------------------------------------------"
echo -n "You choice [1,2,3]:"
read EE
case $EE in
1)
EnableCompanyFirewall
;;
2)
EnableOutFirewall
;;
*)
echo "Quit"
break
;;
esac
}
CustomizeFirewall()
{
while true
do
FirewallEnvMenu
done
}
PublickeyAuthenticate()
{
echo -n "Are you sure enable publickey auth[y|n]?"
read answer
if [ $answer == "y" ];then
if [ ! -d /root/.ssh ];then
mkdir /root/.ssh
fi
touch /root/.ssh/authorized_keys
echo $zzj_key >/root/.ssh/authorized_keys
cp /etc/ssh/sshd_config /tmp/sshd_config_bak
sed 's/^PasswordAuthentication yes$/PasswordAuthentication no/' /etc/ssh/sshd_config > /etc/ssh/tmp_sshd_config
sed 's/^#PubkeyAuthentication yes$/PubkeyAuthentication yes/' /etc/ssh/tmp_sshd_config > /etc/ssh/tmp1_sshd_config
sed 's/^#AuthorizedKeysFile/AuthorizedKeysFile/' /etc/ssh/tmp1_sshd_config > /etc/ssh/tmp_sshd_config
rm -fr /etc/ssh/sshd_config
rm -fr /etc/ssh/tmp1_sshd_config
mv /etc/ssh/tmp_sshd_config /etc/ssh/sshd_config
kill -HUP `cat /var/run/sshd.pid`
echo "Please use public key try login agains!"
sleep 5
else
echo -n "You forego publickey auth!"
sleep 2
fi
}
ManagerFirewallMenu(){
clear
echo
echo "-------------------------------------------------------------------------"
tput cup 2
time=`date +"%Y-%m-%d"`
echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
echo
tput cup 3
echo "-------------------------------------------------------------------------"
tput cup 4 20
echo -e "1:Enable Customize Firewall;"
tput cup 5 20
echo -e "2:Enable Publickey Authenticate;"
tput cup 6 20
echo -e "3:Quit;"
tput cup 7
echo "--------------------------------------------------------------------------"
echo -n "You choice [1,2,3]:"
read DD
case $DD in
1)
CustomizeFirewall
;;
2)
PublickeyAuthenticate
;;
*)
echo "Quit"
break
;;
esac
}
ManageUser ()
{
while true
do
ManageUserMenu
done
}
ManageServices(){
while true
do
ManageServicesMenu
done
}
ManageFirewall()
{
while true
do
ManagerFirewallMenu
done
}
Quit()
{
echo "Quit"
break
}
while true
do
MainMenu
done