江苏龙网

  1. 主页 > 生活百科 > >

Linux 系统日常巡检脚本( 二 )

巡检脚本

< 7 ]];then/sbin/ifconfig -a | grep -v packets | grep -v collisions | grep -v inet6else#ip afor i in $(ip link | grep BROADCAST | awk -F: '{print $2}');do ip add show $i | grep -E "BROADCAST|global"| awk '{print $2}' | tr 'n' ' ' ;echo "" ;donefiGATEWAY=$(ip route | grep default | awk '{print $3}')DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr 'n' ',' | sed 's/,$//')echo ""echo "网关:$GATEWAY "echo " DNS:$DNS"#报表信息IP=$(ip -f inet addr | grep -v 127.0.0.1 | grep inet | awk '{print $NF,$2}' | tr 'n' ',' | sed 's/,$//')MAC=$(ip link | grep -v "LOOPBACK|loopback" | awk '{print $2}' | sed 'N;s/n//' | tr 'n' ',' | sed 's/,$//')report_IP="$IP" #IP地址report_MAC=$MAC #MAC地址report_Gateway="$GATEWAY" #默认网关report_DNS="$DNS" #DNS}function getListenStatus(){echo ""echo ""echo "############################ 监听检查 ############################"TCPListen=$(ss -ntul | column -t)echo "$TCPListen"#报表信息report_Listen="$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)"}function getCronStatus(){echo ""echo ""echo "############################ 计划任务检查 ########################"Crontab=0for shell in $(grep -v "/sbin/nologin" /etc/shells);dofor user in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');docrontab -l -u $user >/dev/null 2>&1status=$?if [ $status -eq 0 ];thenecho "$user"echo "--------"crontab -l -u $userlet Crontab=Crontab+$(crontab -l -u $user | wc -l)echo ""fidonedone#计划任务find /etc/cron* -type f | xargs -i ls -l {} | column -tlet Crontab=Crontab+$(find /etc/cron* -type f | wc -l)#报表信息report_Crontab="$Crontab" #计划任务数}function getHowLongAgo(){# 计算一个时间戳离现在有多久了datetime="$*"[ -z "$datetime" ] && echo "错误的参数:getHowLongAgo() $*"Timestamp=$(date +%s -d "$datetime") #转化为时间戳Now_Timestamp=$(date +%s)Difference_Timestamp=$(($Now_Timestamp-$Timestamp))days=0;hours=0;minutes=0;sec_in_day=$((60*60*24));sec_in_hour=$((60*60));sec_in_minute=60while (( $(($Difference_Timestamp-$sec_in_day)) > 1 ))dolet Difference_Timestamp=Difference_Timestamp-sec_in_daylet days++donewhile (( $(($Difference_Timestamp-$sec_in_hour)) > 1 ))dolet Difference_Timestamp=Difference_Timestamp-sec_in_hourlet hours++doneecho "$days 天 $hours 小时前"}function getUserLastLogin(){# 获取用户最近一次登录的时间 , 含年份# 很遗憾last命令不支持显示年份 , 只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录 , 我# 们只能用最笨的方法了 , 对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户# 登录次数 , 如果登录统计次数有变化 , 则说明最近一次登录是今年 。username=$1: ${username:="`whoami`"}thisYear=$(date +%Y)oldesYear=$(last | tail -n1 | awk '{print $NF}')while(( $thisYear >= $oldesYear));dologinBeforeToday=$(last $username | grep $username | wc -l)loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)if [ $loginBeforeToday -eq 0 ];thenecho "从未登录过"breakelif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];thenlastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"%s ",$i}')" $thisYear" #格式如: Sat Nov 2 20:33 2015lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime")echo "$lastDateTime"breakelsethisYear=$((thisYear-1))fidone}function getUserStatus(){echo ""echo ""echo "############################ 用户检查 ############################"#/etc/passwd 最后修改时间pwdfile="$(cat /etc/passwd)"Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}')echo "/etc/passwd 最后修改时间:$Modify ($(getHowLongAgo $Modify))"echo ""echo "特权用户"echo "--------"RootUser=""for user in $(echo "$pwdfile" | awk -F: '{print $1}');doif [ $(id -u $user) -eq 0 ];thenecho "$user"RootUser="$RootUser,$user"fidoneecho ""echo "用户列表"echo "--------"USERs=0echo "$(echo "用户名 UID GID HOME SHELL 最后一次登录"for shell in $(grep -v "/sbin/nologin" /etc/shells);dofor username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');douserLastLogin="$(getUserLastLogin $username)"echo "$pwdfile" | grep -w "$username" |grep -w "$shell"| awk -F: -v lastlogin="$(echo "$userLastLogin" | tr ' ' '_')" '{print $1,$3,$4,$6,$7,lastlogin}'donelet USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l)done)" | column -techo ""echo "空密码用户"echo "----------"USEREmptyPassword=""for shell in $(grep -v "/sbin/nologin" /etc/shells);dofor user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);dor=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user)if [ ! -z $r ];thenecho $rUSEREmptyPassword="$USEREmptyPassword,"$rfidone doneecho ""echo "相同ID的用户"echo "------------"USERTheSameUID=""UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}')for uid in $UIDs;doecho -n "$uid";USERTheSameUID="$uid"r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)echo "$r"echo ""USERTheSameUID="$USERTheSameUID $r,"done#报表信息report_USERs="$USERs" #用户report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//') report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//') report_RootUser=$(echo $RootUser | sed 's/^,//') #特权用户}function getPasswordStatus {echo ""echo ""echo "############################ 密码检查 ############################"pwdfile="$(cat /etc/passwd)"echo ""echo "密码过期检查"echo "------------"result=""for shell in $(grep -v "/sbin/nologin" /etc/shells);dofor user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);doget_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2)if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];thenprintf "%-15s 永不过期n" $userresult="$result,$user:never"elsepassword_expiry_date=$(date -d "$get_expiry_date" "+%s")current_date=$(date "+%s")diff=$(($password_expiry_date-$current_date))let DAYS=$(($diff/(60*60*24)))printf "%-15s %s天后过期n" $user $DAYSresult="$result,$user:$DAYS days"fidonedonereport_PasswordExpiry=$(echo $result | sed 's/^,//')echo ""echo "密码策略检查"echo "------------"grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"}function getSudoersStatus(){echo ""echo ""echo "############################ Sudoers检查 #########################"conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')echo "$conf"echo ""#报表信息report_Sudoers="$(echo $conf | wc -l)"}function getInstalledStatus(){echo ""echo ""echo "############################ 软件检查 ############################"rpm -qa --last | head | column -t }function getProcessStatus(){echo ""echo ""echo "############################ 进程检查 ############################"if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];thenecho ""echo "僵尸进程";echo "--------"ps -ef | head -n1ps -ef | grep defunct | grep -v grepfiecho ""echo "内存占用TOP10"echo "-------------"echo -e "PID %MEM RSS COMMAND$(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t echo ""echo "CPU占用TOP10"echo "------------"top b -n1 | head -17 | tail -11#报表信息report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"}function getJDKStatus(){echo ""echo ""echo "############################ JDK检查 #############################"JAVA -version 2>/dev/nullif [ $? -eq 0 ];thenjava -version 2>&1fiecho "JAVA_HOME="$JAVA_HOME""#报表信息report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"}function getSyslogStatus(){echo ""echo ""echo "############################ syslog检查 ##########################"echo "服务状态:$(getState rsyslog)"echo ""echo "/etc/rsyslog.conf"echo "-----------------"cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\$" | sed '/^$/d' | column -t#报表信息report_Syslog="$(getState rsyslog)"}function getFirewallStatus(){echo ""echo ""echo "############################ 防火墙检查 ##########################"#防火墙状态 , 策略等if [[ $centosVersion


推荐阅读


上一篇:Notifier 一文搞懂Linux内核通知链

下一篇:Windows查看端口占用、查看PID对应的进程、并终止进程