设为首页收藏本站
开启辅助访问

11个日常实用 Shell 脚本,运维人员先收藏起来~

 您所在的位置:网站首页 常用的客户端脚本语言有哪些 11个日常实用 Shell 脚本,运维人员先收藏起来~

11个日常实用 Shell 脚本,运维人员先收藏起来~

2024-07-13 23:18| 来源: 网络整理| 查看: 265

文章目录 说明1、Dos 攻击防范(自动屏蔽攻击 IP)2、Linux 系统发送告警脚本3、MySQL 数据库备份单循环4、MySQL 数据库备份多循环5、Nginx 访问访问日志按天切割6、Nginx 访问日志分析脚本7、查看网卡实时流量脚本8、服务器系统配置初始化脚本9、监控 100 台服务器磁盘利用率脚本10、linux的CPU占用脚本、内存占用脚本11、Linux 系统日常巡检脚本

说明

这些呢,是我在网上看到的一部分比较好的现成脚本,某些需要做修改,没有一定shell基础的话可能看不懂,没关系呀,我shell分类中还有很多比较细的脚本示例和shell知识,基本涉及常用运维所需要用到的脚本了,包括交互式脚本,想学shell的赶紧去我shell分类中实验学起来啊,遇到问题可以留言,一起交流学习~

1、Dos 攻击防范(自动屏蔽攻击 IP) #!/bin/bash DATE=$(date +%d/%b/%Y:%H:%M) LOG_FILE=/usr/local/nginx/logs/demo2.access.log ABNORMAL_IP=$(tail -n5000 $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>10)print i}') for IP in $ABNORMAL_IP; do if [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; then iptables -I INPUT -s $IP -j DROP echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log fi done 2、Linux 系统发送告警脚本 # yum install mailx # vi /etc/mail.rc set [email protected] smtp=smtp.163.com set [email protected] smtp-auth-password=123456 set smtp-auth=login 3、MySQL 数据库备份单循环 #!/bin/bash DATE=$(date +%F_%H-%M-%S) HOST=localhost USER=backup PASS=123.com BACKUP_DIR=/data/db_backup DB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;" 2>/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys") for DB in $DB_LIST; do BACKUP_NAME=$BACKUP_DIR/${DB}_${DATE}.sql if ! mysqldump -h$HOST -u$USER -p$PASS -B $DB > $BACKUP_NAME 2>/dev/null; then echo "$BACKUP_NAME 备份失败!" fi done 4、MySQL 数据库备份多循环 #!/bin/bash DATE=$(date +%F_%H-%M-%S) HOST=localhost USER=backup PASS=123.com BACKUP_DIR=/data/db_backup DB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;" 2>/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys") for DB in $DB_LIST; do BACKUP_DB_DIR=$BACKUP_DIR/${DB}_${DATE} [ ! -d $BACKUP_DB_DIR ] && mkdir -p $BACKUP_DB_DIR &>/dev/null TABLE_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "use $DB;show tables;" 2>/dev/null) for TABLE in $TABLE_LIST; do BACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.sql if ! mysqldump -h$HOST -u$USER -p$PASS $DB $TABLE > $BACKUP_NAME 2>/dev/null; then echo "$BACKUP_NAME 备份失败!" fi done done 5、Nginx 访问访问日志按天切割 #!/bin/bash LOG_DIR=/usr/local/nginx/logs YESTERDAY_TIME=$(date -d "yesterday" +%F) LOG_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m") LOG_FILE_LIST="default.access.log" for LOG_FILE in $LOG_FILE_LIST; do [ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR mv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME} done kill -USR1 $(cat /var/run/nginx.pid) 6、Nginx 访问日志分析脚本 #!/bin/bash # 日志格式: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" LOG_FILE=$1 echo "统计访问最多的10个IP" awk '{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr |head -10 echo "----------------------" echo "统计时间段访问最多的IP" awk '$4>="[01/Dec/2018:13:20:25" && $410)print v,a[v]}}' $LOG_FILE |sort -k2 -nr echo "----------------------" echo "统计访问页面状态码数量" awk '{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}' 7、查看网卡实时流量脚本 #!/bin/bash NIC=$1 echo -e " In ------ Out" while true; do OLD_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev) OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev) sleep 1 NEW_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev) NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev) IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s") OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s") echo "$IN $OUT" sleep 1 done 8、服务器系统配置初始化脚本 #/bin/bash # 设置时区并同步时间 ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime if ! crontab -l |grep ntpdate &>/dev/null ; then (echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontab fi # 禁用selinux sed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config # 关闭防火墙 if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then systemctl stop firewalld systemctl disable firewalld elif egrep "6.[0-9]" /etc/redhat-release &>/dev/null; then service iptables stop chkconfig iptables off fi # 历史命令显示操作时间 if ! grep HISTTIMEFORMAT /etc/bashrc; then echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrc fi # SSH超时时间 if ! grep "TMOUT=600" /etc/profile &>/dev/null; then echo "export TMOUT=600" >> /etc/profile fi # 禁止root远程登录 sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config # 禁止定时任务向发送邮件 sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab # 设置最大打开文件数 if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then cat >> /etc/security/limits.conf /etc/sysctl.conf $TMP_FILE USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^\/dev/{print $NF,int($5)}' $TMP_FILE) for USE_RATE in $USE_RATE_LIST; do PART_NAME=${USE_RATE%=*} USE_RATE=${USE_RATE#*=} if [ $USE_RATE -ge 80 ]; then echo "Warning: $PART_NAME Partition usage $USE_RATE%!" fi done done 10、linux的CPU占用脚本、内存占用脚本

直接去这篇博客啦 linux的CPU占用脚本、内存占用脚本和硬盘IO测试代码

11、Linux 系统日常巡检脚本 这是一个比较正式的脚本,内容有点多,感兴趣的可以研究研究【代码多是因为功能多,别被代码数量吓着了,拆开看其实都不算难】,益处多多。 这个脚本估计也是转发好多次了,全都没有缩进的,直接用是不现实的,需要了解其中代码加上缩进按需使用的话,这个脚本是真不错,而且其中写脚本的思路,也可以多借鉴借鉴,很标准很强大。脚本说明

Linux 系统日常巡检脚本,巡检内容包含了,磁盘,内存 cpu 进程 文件更改 用户登录等一系列的操作 直接用就行了。

报告以邮件发送到邮箱 在log下生成巡检报告。

#!/bin/bash # @Author: HanWei # @Date: 2020-03-16 09:56:57 # @Last Modified by: HanWei # @Last Modified time: 2020-03-16 11:06:31 # @E-mail: [email protected] #!/bin/bash #主机信息每日巡检 IPADDR=$(ifconfig eth0|grep 'inet addr'|awk -F '[ :]' '{print $13}') #环境变量PATH没设好,在cron里执行时有很多命令会找不到 export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin source /etc/profile [ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本!" && exit 1 centosVersion=$(awk '{print $(NF-1)}' /etc/redhat-release) VERSION="2020-03-16" #日志相关 PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` [ -f $PROGPATH ] && PROGPATH="." LOGPATH="$PROGPATH/log" [ -e $LOGPATH ] || mkdir $LOGPATH RESULTFILE="$LOGPATH/HostDailyCheck-$IPADDR-`date +%Y%m%d`.txt" #定义报表的全局变量 report_DateTime="" #日期 ok report_Hostname="" #主机名 ok report_OSRelease="" #发行版本 ok report_Kernel="" #内核 ok report_Language="" #语言/编码 ok report_LastReboot="" #最近启动时间 ok report_Uptime="" #运行时间(天) ok report_CPUs="" #CPU数量 ok report_CPUType="" #CPU类型 ok report_Arch="" #CPU架构 ok report_MemTotal="" #内存总容量(MB) ok report_MemFree="" #内存剩余(MB) ok report_MemUsedPercent="" #内存使用率% ok report_DiskTotal="" #硬盘总容量(GB) ok report_DiskFree="" #硬盘剩余(GB) ok report_DiskUsedPercent="" #硬盘使用率% ok report_InodeTotal="" #Inode总量 ok report_InodeFree="" #Inode剩余 ok report_InodeUsedPercent="" #Inode使用率 ok report_IP="" #IP地址 ok report_MAC="" #MAC地址 ok report_Gateway="" #默认网关 ok report_DNS="" #DNS ok report_Listen="" #监听 ok report_Selinux="" #Selinux ok report_Firewall="" #防火墙 ok report_USERs="" #用户 ok report_USEREmptyPassword="" #空密码用户 ok report_USERTheSameUID="" #相同ID的用户 ok report_PasswordExpiry="" #密码过期(天) ok report_RootUser="" #root用户 ok report_Sudoers="" #sudo授权 ok report_SSHAuthorized="" #SSH信任主机 ok report_SSHDProtocolVersion="" #SSH协议版本 ok report_SSHDPermitRootLogin="" #允许root远程登录 ok report_DefunctProsess="" #僵尸进程数量 ok report_SelfInitiatedService="" #自启动服务数量 ok report_SelfInitiatedProgram="" #自启动程序数量 ok report_RuningService="" #运行中服务数 ok report_Crontab="" #计划任务数 ok report_Syslog="" #日志服务 ok report_SNMP="" #SNMP OK report_NTP="" #NTP ok report_JDK="" #JDK版本 ok function version(){ echo "" echo "" echo "系统巡检脚本:Version $VERSION" } function getCpuStatus(){ echo "" echo "" echo "############################ CPU检查 #############################" Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l) Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l) CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}') CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq) CPU_Arch=$(uname -m) echo "物理CPU个数:$Physical_CPUs" echo "逻辑CPU个数:$Virt_CPUs" echo "每CPU核心数:$CPU_Kernels" echo " CPU型号:$CPU_Type" echo " CPU架构:$CPU_Arch" #报表信息 report_CPUs=$Virt_CPUs #CPU数量 report_CPUType=$CPU_Type #CPU类型 report_Arch=$CPU_Arch #CPU架构 } function getMemStatus(){ echo "" echo "" echo "############################ 内存检查 ############################" if [[ $centosVersion /tmp/inode df -hTP | sed 's/Mounted on/Mounted/'> /tmp/disk join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t #报表信息 diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB diskfree=$((disktotal-diskused)) #KB diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}') inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}') inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}') inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}') inodefree=$((inodetotal-inodeused)) inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}') report_DiskTotal=$((disktotal/1024/1024))"GB" #硬盘总容量(GB) report_DiskFree=$((diskfree/1024/1024))"GB" #硬盘剩余(GB) report_DiskUsedPercent="$diskusedpercent""%" #硬盘使用率% report_InodeTotal=$((inodetotal/1000))"K" #Inode总量 report_InodeFree=$((inodefree/1000))"K" #Inode剩余 report_InodeUsedPercent="$inodeusedpercent""%" #Inode使用率% } function getSystemStatus(){ echo "" echo "" echo "############################ 系统检查 ############################" if [ -e /etc/sysconfig/i18n ];then default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')" else default_LANG=$LANG fi export LANG="en_US.UTF-8" Release=$(cat /etc/redhat-release 2>/dev/null) Kernel=$(uname -r) OS=$(uname -o) Hostname=$(uname -n) SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}') LastReboot=$(who -b | awk '{print $3,$4}') uptime=$(uptime | sed 's/.*up \([^,]*\), .*/\1/') echo " 系统:$OS" echo " 发行版本:$Release" echo " 内核:$Kernel" echo " 主机名:$Hostname" echo " SELinux:$SELinux" echo "语言/编码:$default_LANG" echo " 当前时间:$(date +'%F %T')" echo " 最后启动:$LastReboot" echo " 运行时间:$uptime" #报表信息 report_DateTime=$(date +"%F %T") #日期 report_Hostname="$Hostname" #主机名 report_OSRelease="$Release" #发行版本 report_Kernel="$Kernel" #内核 report_Language="$default_LANG" #语言/编码 report_LastReboot="$LastReboot" #最近启动时间 report_Uptime="$uptime" #运行时间(天) report_Selinux="$SELinux" export LANG="$default_LANG" } function getServiceStatus(){ echo "" echo "" echo "############################ 服务检查 ############################" echo "" if [[ $centosVersion > 7 ]];then conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled") process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service") #报表信息 report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量 report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量 else conf=$(/sbin/chkconfig | grep -E ":on|:启用") process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行") #报表信息 report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量 report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量 fi echo "服务配置" echo "--------" echo "$conf" | column -t echo "" echo "正在运行的服务" echo "--------------" echo "$process" } function getAutoStartStatus(){ echo "" echo "" echo "############################ 自启动检查 ##########################" conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d') echo "$conf" #报表信息 report_SelfInitiatedProgram="$(echo $conf | wc -l)" #自启动程序数量 } function getLoginStatus(){ echo "" echo "" echo "############################ 登录检查 ############################" last | head } function getNetworkStatus(){ echo "" echo "" echo "############################ 网络检查 ############################" if [[ $centosVersion /dev/null 2>&1 status=$? if [ $status -eq 0 ];then echo "$user" echo "--------" crontab -l -u $user let Crontab=Crontab+$(crontab -l -u $user | wc -l) echo "" fi done done #计划任务 find /etc/cron* -type f | xargs -i ls -l {} | column -t let Crontab=Crontab+$(find /etc/cron* -type f | wc -l) #报表信息 report_Crontab="$Crontab" #计划任务数 } function getHowLongAgo(){ # 计算一个时间戳离现在有多久了 datetime="$*" [ -z "$datetime" ] && echo "错误的参数:getHowLongAgo() $*" Timestamp=$(date +%s -d "$datetime") #转化为时间戳 Now_Timestamp=$(date +%s) Difference_Timestamp=$(($Now_Timestamp-$Timestamp)) days=0;hours=0;minutes=0; sec_in_day=$((60*60*24)); sec_in_hour=$((60*60)); sec_in_minute=60 while (( $(($Difference_Timestamp-$sec_in_day)) > 1 )) do let Difference_Timestamp=Difference_Timestamp-sec_in_day let days++ done while (( $(($Difference_Timestamp-$sec_in_hour)) > 1 )) do let Difference_Timestamp=Difference_Timestamp-sec_in_hour let hours++ done echo "$days 天 $hours 小时前" } function getUserLastLogin(){ # 获取用户最近一次登录的时间,含年份 # 很遗憾last命令不支持显示年份,只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录,我 # 们只能用最笨的方法了,对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户 # 登录次数,如果登录统计次数有变化,则说明最近一次登录是今年。 username=$1 : ${username:="`whoami`"} thisYear=$(date +%Y) oldesYear=$(last | tail -n1 | awk '{print $NF}') while(( $thisYear >= $oldesYear));do loginBeforeToday=$(last $username | grep $username | wc -l) loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l) if [ $loginBeforeToday -eq 0 ];then echo "从未登录过" break elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i1{print $2}') for uid in $UIDs;do echo -n "$uid"; USERTheSameUID="$uid" r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd) echo "$r" echo "" USERTheSameUID="$USERTheSameUID $r," done #报表信息 report_USERs="$USERs" #用户 report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//') report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//') report_RootUser=$(echo $RootUser | sed 's/^,//') #特权用户 } function getPasswordStatus { echo "" echo "" echo "############################ 密码检查 ############################" pwdfile="$(cat /etc/passwd)" echo "" echo "密码过期检查" echo "------------" result="" for shell in $(grep -v "/sbin/nologin" /etc/shells);do for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2) if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then printf "%-15s 永不过期\n" $user result="$result,$user:never" else password_expiry_date=$(date -d "$get_expiry_date" "+%s") current_date=$(date "+%s") diff=$(($password_expiry_date-$current_date)) let DAYS=$(($diff/(60*60*24))) printf "%-15s %s天后过期\n" $user $DAYS result="$result,$user:$DAYS days" fi done done report_PasswordExpiry=$(echo $result | sed 's/^,//') echo "" echo "密码策略检查" echo "------------" grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE" } function getSudoersStatus(){ echo "" echo "" echo "############################ Sudoers检查 #########################" conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d') echo "$conf" echo "" #报表信息 report_Sudoers="$(echo $conf | wc -l)" } function getInstalledStatus(){ echo "" echo "" echo "############################ 软件检查 ############################" rpm -qa --last | head | column -t } function getProcessStatus(){ echo "" echo "" echo "############################ 进程检查 ############################" if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then echo "" echo "僵尸进程"; echo "--------" ps -ef | head -n1 ps -ef | grep defunct | grep -v grep fi echo "" echo "内存占用TOP10" echo "-------------" echo -e "PID %MEM RSS COMMAND $(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t echo "" echo "CPU占用TOP10" echo "------------" top b -n1 | head -17 | tail -11 #报表信息 report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)" } function getJDKStatus(){ echo "" echo "" echo "############################ JDK检查 #############################" java -version 2>/dev/null if [ $? -eq 0 ];then java -version 2>&1 fi echo "JAVA_HOME=\"$JAVA_HOME\"" #报表信息 report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')" } function getSyslogStatus(){ echo "" echo "" echo "############################ syslog检查 ##########################" echo "服务状态:$(getState rsyslog)" echo "" echo "/etc/rsyslog.conf" echo "-----------------" cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\\$" | sed '/^$/d' | column -t #报表信息 report_Syslog="$(getState rsyslog)" } function getFirewallStatus(){ echo "" echo "" echo "############################ 防火墙检查 ##########################" #防火墙状态,策略等 if [[ $centosVersion < 7 ]];then /etc/init.d/iptables status >/dev/null 2>&1 status=$? if [ $status -eq 0 ];then s="active" elif [ $status -eq 3 ];then s="inactive" elif [ $status -eq 4 ];then s="permission denied" else s="unknown" fi else s="$(getState iptables)" fi echo "iptables: $s" echo "" echo "/etc/sysconfig/iptables" echo "-----------------------" cat /etc/sysconfig/iptables 2>/dev/null #报表信息 report_Firewall="$s" } function getSNMPStatus(){ #SNMP服务状态,配置等 echo "" echo "" echo "############################ SNMP检查 ############################" status="$(getState snmpd)" echo "服务状态:$status" echo "" if [ -e /etc/snmp/snmpd.conf ];then echo "/etc/snmp/snmpd.conf" echo "--------------------" cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d' fi #报表信息 report_SNMP="$(getState snmpd)" } function getState(){ if [[ $centosVersion < 7 ]];then if [ -e "/etc/init.d/$1" ];then if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在运行" | wc -l` -ge 1 ];then r="active" else r="inactive" fi else r="unknown" fi else #CentOS 7+ r="$(systemctl is-active $1 2>&1)" fi echo "$r" } function getSSHStatus(){ #SSHD服务状态,配置,受信任主机等 echo "" echo "" echo "############################ SSH检查 #############################" #检查受信任主机 pwdfile="$(cat /etc/passwd)" echo "服务状态:$(getState sshd)" Protocol_Version=$(cat /etc/ssh/sshd_config | grep Protocol | awk '{print $2}') echo "SSH协议版本:$Protocol_Version" echo "" echo "信任主机" echo "--------" authorized=0 for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}') authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr '\n' ',' | sed 's/,$//') if [ ! -z $authorized_host ];then echo "$user 授权 \"$authorized_host\" 无密码访问" fi let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l) done echo "" echo "是否允许ROOT远程登录" echo "--------------------" config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin) firstChar=${config:0:1} if [ $firstChar == "#" ];then PermitRootLogin="yes" #默认是允许ROOT远程登录的 else PermitRootLogin=$(echo $config | awk '{print $2}') fi echo "PermitRootLogin $PermitRootLogin" echo "" echo "/etc/ssh/sshd_config" echo "--------------------" cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d' #报表信息 report_SSHAuthorized="$authorized" #SSH信任主机 report_SSHDProtocolVersion="$Protocol_Version" #SSH协议版本 report_SSHDPermitRootLogin="$PermitRootLogin" #允许root远程登录 } function getNTPStatus(){ #NTP服务状态,当前时间,配置等 echo "" echo "" echo "############################ NTP检查 #############################" if [ -e /etc/ntp.conf ];then echo "服务状态:$(getState ntpd)" echo "" echo "/etc/ntp.conf" echo "-------------" cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d' fi #报表信息 report_NTP="$(getState ntpd)" } function uploadHostDailyCheckReport(){ json="{ \"DateTime\":\"$report_DateTime\", \"Hostname\":\"$report_Hostname\", \"OSRelease\":\"$report_OSRelease\", \"Kernel\":\"$report_Kernel\", \"Language\":\"$report_Language\", \"LastReboot\":\"$report_LastReboot\", \"Uptime\":\"$report_Uptime\", \"CPUs\":\"$report_CPUs\", \"CPUType\":\"$report_CPUType\", \"Arch\":\"$report_Arch\", \"MemTotal\":\"$report_MemTotal\", \"MemFree\":\"$report_MemFree\", \"MemUsedPercent\":\"$report_MemUsedPercent\", \"DiskTotal\":\"$report_DiskTotal\", \"DiskFree\":\"$report_DiskFree\", \"DiskUsedPercent\":\"$report_DiskUsedPercent\", \"InodeTotal\":\"$report_InodeTotal\", \"InodeFree\":\"$report_InodeFree\", \"InodeUsedPercent\":\"$report_InodeUsedPercent\", \"IP\":\"$report_IP\", \"MAC\":\"$report_MAC\", \"Gateway\":\"$report_Gateway\", \"DNS\":\"$report_DNS\", \"Listen\":\"$report_Listen\", \"Selinux\":\"$report_Selinux\", \"Firewall\":\"$report_Firewall\", \"USERs\":\"$report_USERs\", \"USEREmptyPassword\":\"$report_USEREmptyPassword\", \"USERTheSameUID\":\"$report_USERTheSameUID\", \"PasswordExpiry\":\"$report_PasswordExpiry\", \"RootUser\":\"$report_RootUser\", \"Sudoers\":\"$report_Sudoers\", \"SSHAuthorized\":\"$report_SSHAuthorized\", \"SSHDProtocolVersion\":\"$report_SSHDProtocolVersion\", \"SSHDPermitRootLogin\":\"$report_SSHDPermitRootLogin\", \"DefunctProsess\":\"$report_DefunctProsess\", \"SelfInitiatedService\":\"$report_SelfInitiatedService\", \"SelfInitiatedProgram\":\"$report_SelfInitiatedProgram\", \"RuningService\":\"$report_RuningService\", \"Crontab\":\"$report_Crontab\", \"Syslog\":\"$report_Syslog\", \"SNMP\":\"$report_SNMP\", \"NTP\":\"$report_NTP\", \"JDK\":\"$report_JDK\" }" #echo "$json" curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null } function getchage_file_24h() { echo "############################ 文件检查 #############################" check2=$(find / -name '*.sh' -mtime -1) check21=$(find / -name '*.asp' -mtime -1) check22=$(find / -name '*.php' -mtime -1) check23=$(find / -name '*.aspx' -mtime -1) check24=$(find / -name '*.jsp' -mtime -1) check25=$(find / -name '*.html' -mtime -1) check26=$(find / -name '*.htm' -mtime -1) check9=$(find / -name core -exec ls -l {} \;) check10=$(cat /etc/crontab) check12=$(ls -alt /usr/bin | head -10) cat


【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3