Linux 服務(wù)器日常巡檢腳本分享
轉(zhuǎn)自:開源Linux 作者:A哥?
原文鏈接:https://www.pythondesign.cn/994.html
Linux 系統(tǒng)日常巡檢腳本,巡檢內(nèi)容包含了,磁盤,內(nèi)存?cpu?進(jìn)程?文件更改?用戶登錄等一系列的操作 直接用就行了。
報(bào)告以郵件發(fā)送到郵箱 在log下生成巡檢報(bào)告。
#!/bin/bash
#?@Author:?HanWei
#?@Date:???2020-03-16?09:56:57
#?@Last?Modified?by:???HanWei
#?@Last?Modified?time:?2020-03-16?11:06:31
#?@E-mail:?han_wei_95@163.com
#!/bin/bash
#主機(jī)信息每日巡檢
IPADDR=$(ifconfig?eth0|grep?'inet?addr'|awk?-F?'[?:]'?'{print?$13}')
#環(huán)境變量PATH沒設(shè)好,在cron里執(zhí)行時(shí)有很多命令會(huì)找不到
export?PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
source?/etc/profile
[?$(id?-u)?-gt?0?]?&&?echo?"請(qǐng)用root用戶執(zhí)行此腳本!"?&&?exit?1
centosVersion=$(awk?'{print?$(NF-1)}'?/etc/redhat-release)
VERSION="2020-03-16"
#日志相關(guān)
PROGPATH=`echo?$0?|?sed?-e?'s,[\\/][^\\/][^\\/]*$,,'`
[?-f?$PROGPATH?]?&&?PROGPATH="."
LOGPATH="$PROGPATH/log"
[?-e?$LOGPATH?]?||?mkdir?$LOGPATH
RESULTFILE="$LOGPATH/HostDailyCheck-$IPADDR-`date?+%Y%m%d`.txt"
#定義報(bào)表的全局變量
report_DateTime=""?#日期?ok
report_Hostname=""?#主機(jī)名?ok
report_OSRelease=""?#發(fā)行版本?ok
report_Kernel=""?#內(nèi)核?ok
report_Language=""?#語(yǔ)言/編碼?ok
report_LastReboot=""?#最近啟動(dòng)時(shí)間?ok
report_Uptime=""?#運(yùn)行時(shí)間(天)?ok
report_CPUs=""?#CPU數(shù)量?ok
report_CPUType=""?#CPU類型?ok
report_Arch=""?#CPU架構(gòu)?ok
report_MemTotal=""?#內(nèi)存總?cè)萘?MB)?ok
report_MemFree=""?#內(nèi)存剩余(MB)?ok
report_MemUsedPercent=""?#內(nèi)存使用率%?ok
report_DiskTotal=""?#硬盤總?cè)萘?GB)?ok
report_DiskFree=""?#硬盤剩余(GB)?ok
report_DiskUsedPercent=""?#硬盤使用率%?ok
report_InodeTotal=""?#Inode總量?ok
report_InodeFree=""?#Inode剩余?ok
report_InodeUsedPercent=""?#Inode使用率?ok
report_IP=""?#IP地址?ok
report_MAC=""?#MAC地址?ok
report_Gateway=""?#默認(rèn)網(wǎng)關(guān)?ok
report_DNS=""?#DNS?ok
report_Listen=""?#監(jiān)聽?ok
report_Selinux=""?#Selinux?ok
report_Firewall=""?#防火墻?ok
report_USERs=""?#用戶?ok
report_USEREmptyPassword=""?#空密碼用戶?ok
report_USERTheSameUID=""?#相同ID的用戶?ok?
report_PasswordExpiry=""?#密碼過期(天)?ok
report_RootUser=""?#root用戶?ok
report_Sudoers=""?#sudo授權(quán)?ok
report_SSHAuthorized=""?#SSH信任主機(jī)?ok
report_SSHDProtocolVersion=""?#SSH協(xié)議版本?ok
report_SSHDPermitRootLogin=""?#允許root遠(yuǎn)程登錄?ok
report_DefunctProsess=""?#僵尸進(jìn)程數(shù)量?ok
report_SelfInitiatedService=""?#自啟動(dòng)服務(wù)數(shù)量?ok
report_SelfInitiatedProgram=""?#自啟動(dòng)程序數(shù)量?ok
report_RuningService=""?#運(yùn)行中服務(wù)數(shù)?ok
report_Crontab=""?#計(jì)劃任務(wù)數(shù)?ok
report_Syslog=""?#日志服務(wù)?ok
report_SNMP=""?#SNMP?OK
report_NTP=""?#NTP?ok
report_JDK=""?#JDK版本?ok
function?version(){
echo?""
echo?""
echo?"系統(tǒng)巡檢腳本:Version?$VERSION"
}
function?getCpuStatus(){
echo?""
echo?""
echo?"############################?CPU檢查?#############################"
Physical_CPUs=$(grep?"physical?id"?/proc/cpuinfo|?sort?|?uniq?|?wc?-l)
Virt_CPUs=$(grep?"processor"?/proc/cpuinfo?|?wc?-l)
CPU_Kernels=$(grep?"cores"?/proc/cpuinfo|uniq|?awk?-F?':?'?'{print?$2}')
CPU_Type=$(grep?"model?name"?/proc/cpuinfo?|?awk?-F?':?'?'{print?$2}'?|?sort?|?uniq)
CPU_Arch=$(uname?-m)
echo?"物理CPU個(gè)數(shù):$Physical_CPUs"
echo?"邏輯CPU個(gè)數(shù):$Virt_CPUs"
echo?"每CPU核心數(shù):$CPU_Kernels"
echo?"?CPU型號(hào):$CPU_Type"
echo?"?CPU架構(gòu):$CPU_Arch"
#報(bào)表信息
report_CPUs=$Virt_CPUs?#CPU數(shù)量
report_CPUType=$CPU_Type?#CPU類型
report_Arch=$CPU_Arch?#CPU架構(gòu)
}
function?getMemStatus(){
echo?""
echo?""
echo?"############################?內(nèi)存檢查?############################"
if?[[?$centosVersion?7?]];then
free?-mo
else
free?-h
fi
#報(bào)表信息
MemTotal=$(grep?MemTotal?/proc/meminfo|?awk?'{print?$2}')?#KB
MemFree=$(grep?MemFree?/proc/meminfo|?awk?'{print?$2}')?#KB
let?MemUsed=MemTotal-MemFree
MemPercent=$(awk?"BEGIN?{if($MemTotal==0){printf?100}else{printf?\"%.2f\",$MemUsed*100/$MemTotal}}")
report_MemTotal="$((MemTotal/1024))""MB"?#內(nèi)存總?cè)萘?MB)
report_MemFree="$((MemFree/1024))""MB"?#內(nèi)存剩余(MB)
report_MemUsedPercent="$(awk?"BEGIN?{if($MemTotal==0){printf?100}else{printf?\"%.2f\",$MemUsed*100/$MemTotal}}")""%"?#內(nèi)存使用率%
}
function?getDiskStatus(){
echo?""
echo?""
echo?"############################?磁盤檢查?############################"
df?-hiP?|?sed?'s/Mounted?on/Mounted/'>?/tmp/inode
df?-hTP?|?sed?'s/Mounted?on/Mounted/'>?/tmp/disk?
join?/tmp/disk?/tmp/inode?|?awk?'{print?$1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'|?column?-t
#報(bào)表信息
diskdata=$(df?-TP?|?sed?'1d'?|?awk?'$2!="tmpfs"{print}')?#KB
disktotal=$(echo?"$diskdata"?|?awk?'{total+=$3}END{print?total}')?#KB
diskused=$(echo?"$diskdata"?|?awk?'{total+=$4}END{print?total}')?#KB
diskfree=$((disktotal-diskused))?#KB
diskusedpercent=$(echo?$disktotal?$diskused?|?awk?'{if($1==0){printf?100}else{printf?"%.2f",$2*100/$1}}')?
inodedata=$(df?-iTP?|?sed?'1d'?|?awk?'$2!="tmpfs"{print}')
inodetotal=$(echo?"$inodedata"?|?awk?'{total+=$3}END{print?total}')
inodeused=$(echo?"$inodedata"?|?awk?'{total+=$4}END{print?total}')
inodefree=$((inodetotal-inodeused))
inodeusedpercent=$(echo?$inodetotal?$inodeused?|?awk?'{if($1==0){printf?100}else{printf?"%.2f",$2*100/$1}}')
report_DiskTotal=$((disktotal/1024/1024))"GB"?#硬盤總?cè)萘?GB)
report_DiskFree=$((diskfree/1024/1024))"GB"?#硬盤剩余(GB)
report_DiskUsedPercent="$diskusedpercent""%"?#硬盤使用率%
report_InodeTotal=$((inodetotal/1000))"K"?#Inode總量
report_InodeFree=$((inodefree/1000))"K"?#Inode剩余
report_InodeUsedPercent="$inodeusedpercent""%"?#Inode使用率%
}
function?getSystemStatus(){
echo?""
echo?""
echo?"############################?系統(tǒng)檢查?############################"
if?[?-e?/etc/sysconfig/i18n?];then
default_LANG="$(grep?"LANG="?/etc/sysconfig/i18n?|?grep?-v?"^#"?|?awk?-F?'"'?'{print?$2}')"
else
default_LANG=$LANG
fi
export?LANG="en_US.UTF-8"
Release=$(cat?/etc/redhat-release?2>/dev/null)
Kernel=$(uname?-r)
OS=$(uname?-o)
Hostname=$(uname?-n)
SELinux=$(/usr/sbin/sestatus?|?grep?"SELinux?status:?"?|?awk?'{print?$3}')
LastReboot=$(who?-b?|?awk?'{print?$3,$4}')
uptime=$(uptime?|?sed?'s/.*up?\([^,]*\),?.*/\1/')
echo?"?系統(tǒng):$OS"
echo?"?發(fā)行版本:$Release"
echo?"?內(nèi)核:$Kernel"
echo?"?主機(jī)名:$Hostname"
echo?"?SELinux:$SELinux"
echo?"語(yǔ)言/編碼:$default_LANG"
echo?"?當(dāng)前時(shí)間:$(date?+'%F?%T')"
echo?"?最后啟動(dòng):$LastReboot"
echo?"?運(yùn)行時(shí)間:$uptime"
#報(bào)表信息
report_DateTime=$(date?+"%F?%T")?#日期
report_Hostname="$Hostname"?#主機(jī)名
report_OSRelease="$Release"?#發(fā)行版本
report_Kernel="$Kernel"?#內(nèi)核
report_Language="$default_LANG"?#語(yǔ)言/編碼
report_LastReboot="$LastReboot"?#最近啟動(dòng)時(shí)間
report_Uptime="$uptime"?#運(yùn)行時(shí)間(天)
report_Selinux="$SELinux"
export?LANG="$default_LANG"
}
function?getServiceStatus(){
echo?""
echo?""
echo?"############################?服務(wù)檢查?############################"
echo?""
if?[[?$centosVersion?>?7?]];then
conf=$(systemctl?list-unit-files?--type=service?--state=enabled?--no-pager?|?grep?"enabled")
process=$(systemctl?list-units?--type=service?--state=running?--no-pager?|?grep?".service")
#報(bào)表信息
report_SelfInitiatedService="$(echo?"$conf"?|?wc?-l)"?#自啟動(dòng)服務(wù)數(shù)量
report_RuningService="$(echo?"$process"?|?wc?-l)"?#運(yùn)行中服務(wù)數(shù)量
else
conf=$(/sbin/chkconfig?|?grep?-E?":on|:啟用")
process=$(/sbin/service?--status-all?2>/dev/null?|?grep?-E?"is?running|正在運(yùn)行")
#報(bào)表信息
report_SelfInitiatedService="$(echo?"$conf"?|?wc?-l)"?#自啟動(dòng)服務(wù)數(shù)量
report_RuningService="$(echo?"$process"?|?wc?-l)"?#運(yùn)行中服務(wù)數(shù)量
fi
echo?"服務(wù)配置"
echo?"--------"
echo?"$conf"?|?column?-t
echo?""
echo?"正在運(yùn)行的服務(wù)"
echo?"--------------"
echo?"$process"
}
function?getAutoStartStatus(){
echo?""
echo?""
echo?"############################?自啟動(dòng)檢查?##########################"
conf=$(grep?-v?"^#"?/etc/rc.d/rc.local|?sed?'/^$/d')
echo?"$conf"
#報(bào)表信息
report_SelfInitiatedProgram="$(echo?$conf?|?wc?-l)"?#自啟動(dòng)程序數(shù)量
}
function?getLoginStatus(){
echo?""
echo?""
echo?"############################?登錄檢查?############################"
last?|?head
}
function?getNetworkStatus(){
echo?""
echo?""
echo?"############################?網(wǎng)絡(luò)檢查?############################"
if?[[?$centosVersion?/sbin/ifconfig?-a?|?grep?-v?packets?|?grep?-v?collisions?|?grep?-v?inet6
else
#ip?a
for?i?in?$(ip?link?|?grep?BROADCAST?|?awk?-F:?'{print?$2}');do?ip?add?show?$i?|?grep?-E?"BROADCAST|global"|?awk?'{print?$2}'?|?tr?'\n'?'?'?;echo?""?;done
fi
GATEWAY=$(ip?route?|?grep?default?|?awk?'{print?$3}')
DNS=$(grep?nameserver?/etc/resolv.conf|?grep?-v?"#"?|?awk?'{print?$2}'?|?tr?'\n'?','?|?sed?'s/,$//')
echo?""
echo?"網(wǎng)關(guān):$GATEWAY?"
echo?"?DNS:$DNS"
#報(bào)表信息
IP=$(ip?-f?inet?addr?|?grep?-v?127.0.0.1?|?grep?inet?|?awk?'{print?$NF,$2}'?|?tr?'\n'?','?|?sed?'s/,$//')
MAC=$(ip?link?|?grep?-v?"LOOPBACK\|loopback"?|?awk?'{print?$2}'?|?sed?'N;s/\n//'?|?tr?'\n'?','?|?sed?'s/,$//')
report_IP="$IP"?#IP地址
report_MAC=$MAC?#MAC地址
report_Gateway="$GATEWAY"?#默認(rèn)網(wǎng)關(guān)
report_DNS="$DNS"?#DNS
}
function?getListenStatus(){
echo?""
echo?""
echo?"############################?監(jiān)聽檢查?############################"
TCPListen=$(ss?-ntul?|?column?-t)
echo?"$TCPListen"
#報(bào)表信息
report_Listen="$(echo?"$TCPListen"|?sed?'1d'?|?awk?'/tcp/?{print?$5}'?|?awk?-F:?'{print?$NF}'?|?sort?|?uniq?|?wc?-l)"
}
function?getCronStatus(){
echo?""
echo?""
echo?"############################?計(jì)劃任務(wù)檢查?########################"
Crontab=0
for?shell?in?$(grep?-v?"/sbin/nologin"?/etc/shells);do
for?user?in?$(grep?"$shell"?/etc/passwd|?awk?-F:?'{print?$1}');do
crontab?-l?-u?$user?>/dev/null?2>&1
status=$?
if?[?$status?-eq?0?];then
echo?"$user"
echo?"--------"
crontab?-l?-u?$user
let?Crontab=Crontab+$(crontab?-l?-u?$user?|?wc?-l)
echo?""
fi
done
done
#計(jì)劃任務(wù)
find?/etc/cron*?-type?f?|?xargs?-i?ls?-l?{}?|?column?-t
let?Crontab=Crontab+$(find?/etc/cron*?-type?f?|?wc?-l)
#報(bào)表信息
report_Crontab="$Crontab"?#計(jì)劃任務(wù)數(shù)
}
function?getHowLongAgo(){
#?計(jì)算一個(gè)時(shí)間戳離現(xiàn)在有多久了
datetime="$*"
[?-z?"$datetime"?]?&&?echo?"錯(cuò)誤的參數(shù):getHowLongAgo()?$*"
Timestamp=$(date?+%s?-d?"$datetime")?#轉(zhuǎn)化為時(shí)間戳
Now_Timestamp=$(date?+%s)
Difference_Timestamp=$(($Now_Timestamp-$Timestamp))
days=0;hours=0;minutes=0;
sec_in_day=$((60*60*24));
sec_in_hour=$((60*60));
sec_in_minute=60
while?((?$(($Difference_Timestamp-$sec_in_day))?>?1?))
do
let?Difference_Timestamp=Difference_Timestamp-sec_in_day
let?days++
done
while?((?$(($Difference_Timestamp-$sec_in_hour))?>?1?))
do
let?Difference_Timestamp=Difference_Timestamp-sec_in_hour
let?hours++
done
echo?"$days?天?$hours?小時(shí)前"
}
function?getUserLastLogin(){
#?獲取用戶最近一次登錄的時(shí)間,含年份
#?很遺憾last命令不支持顯示年份,只有"last?-t?YYYYMMDDHHMMSS"表示某個(gè)時(shí)間之間的登錄,我
#?們只能用最笨的方法了,對(duì)比今天之前和今年元旦之前(或者去年之前和前年之前……)某個(gè)用戶
#?登錄次數(shù),如果登錄統(tǒng)計(jì)次數(shù)有變化,則說明最近一次登錄是今年。
username=$1
:?${username:="`whoami`"}
thisYear=$(date?+%Y)
oldesYear=$(last?|?tail?-n1?|?awk?'{print?$NF}')
while((?$thisYear?>=?$oldesYear));do
loginBeforeToday=$(last?$username?|?grep?$username?|?wc?-l)
loginBeforeNewYearsDayOfThisYear=$(last?$username?-t?$thisYear"0101000000"?|?grep?$username?|?wc?-l)
if?[?$loginBeforeToday?-eq?0?];then
echo?"從未登錄過"
break
elif?[?$loginBeforeToday?-gt?$loginBeforeNewYearsDayOfThisYear?];then
lastDateTime=$(last?-i?$username?|?head?-n1?|?awk?'{for(i=4;i<(NF-2);i++)printf"%s?",$i}')"?$thisYear"?#格式如:?Sat?Nov?2?20:33?2015
lastDateTime=$(date?"+%Y-%m-%d?%H:%M:%S"?-d?"$lastDateTime")
echo?"$lastDateTime"
break
else
thisYear=$((thisYear-1))
fi
done
}
function?getUserStatus(){
echo?""
echo?""
echo?"############################?用戶檢查?############################"
#/etc/passwd?最后修改時(shí)間
pwdfile="$(cat?/etc/passwd)"
Modify=$(stat?/etc/passwd?|?grep?Modify?|?tr?'.'?'?'?|?awk?'{print?$2,$3}')
echo?"/etc/passwd?最后修改時(shí)間:$Modify?($(getHowLongAgo?$Modify))"
echo?""
echo?"特權(quán)用戶"
echo?"--------"
RootUser=""
for?user?in?$(echo?"$pwdfile"?|?awk?-F:?'{print?$1}');do
if?[?$(id?-u?$user)?-eq?0?];then
echo?"$user"
RootUser="$RootUser,$user"
fi
done
echo?""
echo?"用戶列表"
echo?"--------"
USERs=0
echo?"$(
echo?"用戶名?UID?GID?HOME?SHELL?最后一次登錄"
for?shell?in?$(grep?-v?"/sbin/nologin"?/etc/shells);do
for?username?in?$(grep?"$shell"?/etc/passwd|?awk?-F:?'{print?$1}');do
userLastLogin="$(getUserLastLogin?$username)"
echo?"$pwdfile"?|?grep?-w?"$username"?|grep?-w?"$shell"|?awk?-F:?-v?lastlogin="$(echo?"$userLastLogin"?|?tr?'?'?'_')"?'{print?$1,$3,$4,$6,$7,lastlogin}'
done
let?USERs=USERs+$(echo?"$pwdfile"?|?grep?"$shell"|?wc?-l)
done
)"?|?column?-t
echo?""
echo?"空密碼用戶"
echo?"----------"
USEREmptyPassword=""
for?shell?in?$(grep?-v?"/sbin/nologin"?/etc/shells);do
for?user?in?$(echo?"$pwdfile"?|?grep?"$shell"?|?cut?-d:?-f1);do
r=$(awk?-F:?'$2=="!!"{print?$1}'?/etc/shadow?|?grep?-w?$user)
if?[?!?-z?$r?];then
echo?$r
USEREmptyPassword="$USEREmptyPassword,"$r
fi
done?
done
echo?""
echo?"相同ID的用戶"
echo?"------------"
USERTheSameUID=""
UIDs=$(cut?-d:?-f3?/etc/passwd?|?sort?|?uniq?-c?|?awk?'$1>1{print?$2}')
for?uid?in?$UIDs;do
echo?-n?"$uid";
USERTheSameUID="$uid"
r=$(awk?-F:?'ORS="";$3=='"$uid"'{print?":",$1}'?/etc/passwd)
echo?"$r"
echo?""
USERTheSameUID="$USERTheSameUID?$r,"
done
#報(bào)表信息
report_USERs="$USERs"?#用戶
report_USEREmptyPassword=$(echo?$USEREmptyPassword?|?sed?'s/^,//')?
report_USERTheSameUID=$(echo?$USERTheSameUID?|?sed?'s/,$//')?
report_RootUser=$(echo?$RootUser?|?sed?'s/^,//')?#特權(quán)用戶
}
function?getPasswordStatus?{
echo?""
echo?""
echo?"############################?密碼檢查?############################"
pwdfile="$(cat?/etc/passwd)"
echo?""
echo?"密碼過期檢查"
echo?"------------"
result=""
for?shell?in?$(grep?-v?"/sbin/nologin"?/etc/shells);do
for?user?in?$(echo?"$pwdfile"?|?grep?"$shell"?|?cut?-d:?-f1);do
get_expiry_date=$(/usr/bin/chage?-l?$user?|?grep?'Password?expires'?|?cut?-d:?-f2)
if?[[?$get_expiry_date?=?'?never'?||?$get_expiry_date?=?'never'?]];then
printf?"%-15s?永不過期\n"?$user
result="$result,$user:never"
else
password_expiry_date=$(date?-d?"$get_expiry_date"?"+%s")
current_date=$(date?"+%s")
diff=$(($password_expiry_date-$current_date))
let?DAYS=$(($diff/(60*60*24)))
printf?"%-15s?%s天后過期\n"?$user?$DAYS
result="$result,$user:$DAYS?days"
fi
done
done
report_PasswordExpiry=$(echo?$result?|?sed?'s/^,//')
echo?""
echo?"密碼策略檢查"
echo?"------------"
grep?-v?"#"?/etc/login.defs?|?grep?-E?"PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"
}
function?getSudoersStatus(){
echo?""
echo?""
echo?"############################?Sudoers檢查?#########################"
conf=$(grep?-v?"^#"?/etc/sudoers|?grep?-v?"^Defaults"?|?sed?'/^$/d')
echo?"$conf"
echo?""
#報(bào)表信息
report_Sudoers="$(echo?$conf?|?wc?-l)"
}
function?getInstalledStatus(){
echo?""
echo?""
echo?"############################?軟件檢查?############################"
rpm?-qa?--last?|?head?|?column?-t?
}
function?getProcessStatus(){
echo?""
echo?""
echo?"############################?進(jìn)程檢查?############################"
if?[?$(ps?-ef?|?grep?defunct?|?grep?-v?grep?|?wc?-l)?-ge?1?];then
echo?""
echo?"僵尸進(jìn)程";
echo?"--------"
ps?-ef?|?head?-n1
ps?-ef?|?grep?defunct?|?grep?-v?grep
fi
echo?""
echo?"內(nèi)存占用TOP10"
echo?"-------------"
echo?-e?"PID?%MEM?RSS?COMMAND
$(ps?aux?|?awk?'{print?$2,?$4,?$6,?$11}'?|?sort?-k3rn?|?head?-n?10?)"|?column?-t?
echo?""
echo?"CPU占用TOP10"
echo?"------------"
top?b?-n1?|?head?-17?|?tail?-11
#報(bào)表信息
report_DefunctProsess="$(ps?-ef?|?grep?defunct?|?grep?-v?grep|wc?-l)"
}
function?getJDKStatus(){
echo?""
echo?""
echo?"############################?JDK檢查?#############################"
java?-version?2>/dev/null
if?[?$??-eq?0?];then
java?-version?2>&1
fi
echo?"JAVA_HOME=\"$JAVA_HOME\""
#報(bào)表信息
report_JDK="$(java?-version?2>&1?|?grep?version?|?awk?'{print?$1,$3}'?|?tr?-d?'"')"
}
function?getSyslogStatus(){
echo?""
echo?""
echo?"############################?syslog檢查?##########################"
echo?"服務(wù)狀態(tài):$(getState?rsyslog)"
echo?""
echo?"/etc/rsyslog.conf"
echo?"-----------------"
cat?/etc/rsyslog.conf?2>/dev/null?|?grep?-v?"^#"?|?grep?-v?"^\\$"?|?sed?'/^$/d'?|?column?-t
#報(bào)表信息
report_Syslog="$(getState?rsyslog)"
}
function?getFirewallStatus(){
echo?""
echo?""
echo?"############################?防火墻檢查?##########################"
#防火墻狀態(tài),策略等
if?[[?$centosVersion?/etc/init.d/iptables?status?>/dev/null?2>&1
status=$?
if?[?$status?-eq?0?];then
s="active"
elif?[?$status?-eq?3?];then
s="inactive"
elif?[?$status?-eq?4?];then
s="permission?denied"
else
s="unknown"
fi
else
s="$(getState?iptables)"
fi
echo?"iptables:?$s"
echo?""
echo?"/etc/sysconfig/iptables"
echo?"-----------------------"
cat?/etc/sysconfig/iptables?2>/dev/null
#報(bào)表信息
report_Firewall="$s"
}
function?getSNMPStatus(){
#SNMP服務(wù)狀態(tài),配置等
echo?""
echo?""
echo?"############################?SNMP檢查?############################"
status="$(getState?snmpd)"
echo?"服務(wù)狀態(tài):$status"
echo?""
if?[?-e?/etc/snmp/snmpd.conf?];then
echo?"/etc/snmp/snmpd.conf"
echo?"--------------------"
cat?/etc/snmp/snmpd.conf?2>/dev/null?|?grep?-v?"^#"?|?sed?'/^$/d'
fi
#報(bào)表信息
report_SNMP="$(getState?snmpd)"
}
function?getState(){
if?[[?$centosVersion?if?[?-e?"/etc/init.d/$1"?];then
if?[?`/etc/init.d/$1?status?2>/dev/null?|?grep?-E?"is?running|正在運(yùn)行"?|?wc?-l`?-ge?1?];then
r="active"
else
r="inactive"
fi
else
r="unknown"
fi
else
#CentOS?7+
r="$(systemctl?is-active?$1?2>&1)"
fi
echo?"$r"
}
function?getSSHStatus(){
#SSHD服務(wù)狀態(tài),配置,受信任主機(jī)等
echo?""
echo?""
echo?"############################?SSH檢查?#############################"
#檢查受信任主機(jī)
pwdfile="$(cat?/etc/passwd)"
echo?"服務(wù)狀態(tài):$(getState?sshd)"
Protocol_Version=$(cat?/etc/ssh/sshd_config?|?grep?Protocol?|?awk?'{print?$2}')
echo?"SSH協(xié)議版本:$Protocol_Version"
echo?""
echo?"信任主機(jī)"
echo?"--------"
authorized=0
for?user?in?$(echo?"$pwdfile"?|?grep?/bin/bash?|?awk?-F:?'{print?$1}');do
authorize_file=$(echo?"$pwdfile"?|?grep?-w?$user?|?awk?-F:?'{printf?$6"/.ssh/authorized_keys"}')
authorized_host=$(cat?$authorize_file?2>/dev/null?|?awk?'{print?$3}'?|?tr?'\n'?','?|?sed?'s/,$//')
if?[?!?-z?$authorized_host?];then
echo?"$user?授權(quán)?\"$authorized_host\"?無密碼訪問"
fi
let?authorized=authorized+$(cat?$authorize_file?2>/dev/null?|?awk?'{print?$3}'|wc?-l)
done
echo?""
echo?"是否允許ROOT遠(yuǎn)程登錄"
echo?"--------------------"
config=$(cat?/etc/ssh/sshd_config?|?grep?PermitRootLogin)
firstChar=${config:0:1}
if?[?$firstChar?==?"#"?];then
PermitRootLogin="yes"?#默認(rèn)是允許ROOT遠(yuǎn)程登錄的
else
PermitRootLogin=$(echo?$config?|?awk?'{print?$2}')
fi
echo?"PermitRootLogin?$PermitRootLogin"
echo?""
echo?"/etc/ssh/sshd_config"
echo?"--------------------"
cat?/etc/ssh/sshd_config?|?grep?-v?"^#"?|?sed?'/^$/d'
#報(bào)表信息
report_SSHAuthorized="$authorized"?#SSH信任主機(jī)
report_SSHDProtocolVersion="$Protocol_Version"?#SSH協(xié)議版本
report_SSHDPermitRootLogin="$PermitRootLogin"?#允許root遠(yuǎn)程登錄
}
function?getNTPStatus(){
#NTP服務(wù)狀態(tài),當(dāng)前時(shí)間,配置等
echo?""
echo?""
echo?"############################?NTP檢查?#############################"
if?[?-e?/etc/ntp.conf?];then
echo?"服務(wù)狀態(tài):$(getState?ntpd)"
echo?""
echo?"/etc/ntp.conf"
echo?"-------------"
cat?/etc/ntp.conf?2>/dev/null?|?grep?-v?"^#"?|?sed?'/^$/d'
fi
#報(bào)表信息
report_NTP="$(getState?ntpd)"
}
function?uploadHostDailyCheckReport(){
json="{
\"DateTime\":\"$report_DateTime\",
\"Hostname\":\"$report_Hostname\",
\"OSRelease\":\"$report_OSRelease\",
\"Kernel\":\"$report_Kernel\",
\"Language\":\"$report_Language\",
\"LastReboot\":\"$report_LastReboot\",
\"Uptime\":\"$report_Uptime\",
\"CPUs\":\"$report_CPUs\",
\"CPUType\":\"$report_CPUType\",
\"Arch\":\"$report_Arch\",
\"MemTotal\":\"$report_MemTotal\",
\"MemFree\":\"$report_MemFree\",
\"MemUsedPercent\":\"$report_MemUsedPercent\",
\"DiskTotal\":\"$report_DiskTotal\",
\"DiskFree\":\"$report_DiskFree\",
\"DiskUsedPercent\":\"$report_DiskUsedPercent\",
\"InodeTotal\":\"$report_InodeTotal\",
\"InodeFree\":\"$report_InodeFree\",
\"InodeUsedPercent\":\"$report_InodeUsedPercent\",
\"IP\":\"$report_IP\",
\"MAC\":\"$report_MAC\",
\"Gateway\":\"$report_Gateway\",
\"DNS\":\"$report_DNS\",
\"Listen\":\"$report_Listen\",
\"Selinux\":\"$report_Selinux\",
\"Firewall\":\"$report_Firewall\",
\"USERs\":\"$report_USERs\",
\"USEREmptyPassword\":\"$report_USEREmptyPassword\",
\"USERTheSameUID\":\"$report_USERTheSameUID\",
\"PasswordExpiry\":\"$report_PasswordExpiry\",
\"RootUser\":\"$report_RootUser\",
\"Sudoers\":\"$report_Sudoers\",
\"SSHAuthorized\":\"$report_SSHAuthorized\",
\"SSHDProtocolVersion\":\"$report_SSHDProtocolVersion\",
\"SSHDPermitRootLogin\":\"$report_SSHDPermitRootLogin\",
\"DefunctProsess\":\"$report_DefunctProsess\",
\"SelfInitiatedService\":\"$report_SelfInitiatedService\",
\"SelfInitiatedProgram\":\"$report_SelfInitiatedProgram\",
\"RuningService\":\"$report_RuningService\",
\"Crontab\":\"$report_Crontab\",
\"Syslog\":\"$report_Syslog\",
\"SNMP\":\"$report_SNMP\",
\"NTP\":\"$report_NTP\",
\"JDK\":\"$report_JDK\"
}"
#echo?"$json"?
curl?-l?-H?"Content-type:?application/json"?-X?POST?-d?"$json"?"$uploadHostDailyCheckReportApi"?2>/dev/null
}
function?getchage_file_24h()
{
echo?"############################?文件檢查?#############################"
????check2=$(find?/?-name?'*.sh'?-mtime?-1)
check21=$(find?/?-name?'*.asp'?-mtime?-1)
check22=$(find?/?-name?'*.php'?-mtime?-1)
check23=$(find?/?-name?'*.aspx'?-mtime?-1)
check24=$(find?/?-name?'*.jsp'?-mtime?-1)
check25=$(find?/?-name?'*.html'?-mtime?-1)
check26=$(find?/?-name?'*.htm'?-mtime?-1)
check9=$(find?/?-name?core?-exec?ls?-l?{}?\;)
check10=$(cat?/etc/crontab)
check12=$(ls?-alt?/usr/bin?|?head?-10)
cat?<
############################查看所有被修改過的文件返回最近24小時(shí)內(nèi)的############################
${check2}
${check21}
${check22}
${check23}
${check24}
${check25}
${check26}
${line}
############################檢查定時(shí)文件的完整性############################
${check10}
${line}
############################查看系統(tǒng)命令是否被替換############################
${check12}
${line}
EOF
}
function?check(){
version
getSystemStatus
getCpuStatus
getMemStatus
getDiskStatus
getNetworkStatus
getListenStatus
getProcessStatus
getServiceStatus
getAutoStartStatus
getLoginStatus
getCronStatus
getUserStatus
getPasswordStatus
getSudoersStatus
getJDKStatus
getFirewallStatus
getSSHStatus
getSyslogStatus
getSNMPStatus
getNTPStatus
getInstalledStatus
getchage_file_24h
}
#執(zhí)行檢查并保存檢查結(jié)果
check?>?$RESULTFILE
echo?"檢查結(jié)果:$RESULTFILE"
echo?-e?"`date?"+%Y-%m-%d?%H:%M:%S"`?阿里云PHP企業(yè)平臺(tái)巡檢報(bào)告"??|?mail?-a?$RESULTFILE?-s?"阿里云PHP企業(yè)平臺(tái)巡檢報(bào)告"?h@163.com
END
評(píng)論
圖片
表情