CentOS7.X系统巡检脚本
Posted 有暗香盈袖c
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7.X系统巡检脚本相关的知识,希望对你有一定的参考价值。
CentOS7.x 系统巡检脚本
1#!/bin/bash
2##############################################################
3# File Name: 1.sh
4# Version: V1.0
5# Author:
6# Organization:
7# Created Time : date
8# Description:
9##############################################################
10export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
11source /etc/profile
12[ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本!" && exit 1
13#uploadHostDailyCheckApi="http://10.0.0.1:8080/api/uploadHostDailyCheck"
14#uploadHostDailyCheckReportApi="http://10.0.0.1:8080/api/uploadHostDailyCheckReport"
15centosVersion=$(awk '{print $(NF-1)}' /etc/redhat-release)
16VERSION=`date +%F`
17#日志相关
18PROGPATH=`echo $0 | sed -e 's,[\/][^\/][^\/]*$,,'`
19[ -f $PROGPATH ] && PROGPATH="."
20LOGPATH="$PROGPATH/log"
21[ -e $LOGPATH ] || mkdir $LOGPATH
22RESULTFILE="$LOGPATH/HostDailyCheck-`hostname`-`date +%Y%m%d`.txt"
23#定义报表的全局变量
24report_DateTime=""
25report_Hostname=""
26report_OSRelease=""
27report_Kernel=""
28report_Language=""
29report_LastReboot=""
30report_Uptime=""
31report_CPUs=""
32report_CPUType=""
33report_Arch=""
34report_MemTotal=""
35report_MemFree=""
36report_MemUsedPercent=""
37report_DiskTotal=""
38report_DiskFree=""
39report_DiskUsedPercent=""
40report_InodeTotal=""
41report_InodeFree=""
42report_InodeUsedPercent=""
43report_IP=""
44report_MAC=""
45report_Gateway=""
46report_DNS=""
47report_Listen=""
48report_Selinux=""
49report_Firewall=""
50report_USERs=""
51report_USEREmptyPassword=""
52report_USERTheSameUID=""
53report_PasswordExpiry=""
54report_RootUser=""
55report_Sudoers=""
56report_SSHAuthorized=""
57report_SSHDProtocolVersion=""
58report_SSHDPermitRootLogin=""
59report_DefunctProsess=""
60report_SelfInitiatedService=""
61report_SelfInitiatedProgram=""
62report_RuningService=""
63report_Crontab=""
64report_Syslog=""
65report_SNMP=""
66report_NTP=""
67report_JDK=""
68function version(){
69 echo ""
70 echo ""
71 echo "系统巡检脚本:Version $VERSION"
72}
73function getCpuStatus(){
74 echo ""
75 echo -e "�33[33m*******************************************************CPU检查*******************************************************�33[0m"
76 Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l)
77 Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l)
78 CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}')
79 CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq)
80 CPU_Arch=$(uname -m)
81 echo "物理CPU个数:$Physical_CPUs"
82 echo "逻辑CPU个数:$Virt_CPUs"
83 echo "每CPU核心数:$CPU_Kernels"
84 echo " CPU型号:$CPU_Type"
85 echo " CPU架构:$CPU_Arch"
86 #报表信息
87 report_CPUs=$Virt_CPUs
88 report_CPUType=$CPU_Type
89 report_Arch=$CPU_Arch
90}
91function getMemStatus(){
92 echo ""
93 echo -e "�33[33m*******************************************************内存检查*******************************************************�33[0m"
94 if [[ $centosVersion < 7 ]];then
95 free -mo
96 else
97 free -h
98 fi
99 #报表信息
100 MemTotal=$(grep MemTotal /proc/meminfo| awk '{print $2}') #KB
101 MemFree=$(grep MemFree /proc/meminfo| awk '{print $2}') #KB
102 let MemUsed=MemTotal-MemFree
103 MemPercent=$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf "%.2f",$MemUsed*100/$MemTotal}}")
104 report_MemTotal="$((MemTotal/1024))""MB"
105 report_MemFree="$((MemFree/1024))""MB"
106 report_MemUsedPercent="$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf "%.2f",$MemUsed*100/$MemTotal}}")""%"
107}
108function getDiskStatus(){
109 echo ""
110 echo -e "�33[33m*******************************************************磁盘检查*******************************************************�33[0m"
111 df -hiP | sed 's/Mounted on/Mounted/'> /tmp/inode
112 df -hTP | sed 's/Mounted on/Mounted/'> /tmp/disk
113 join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t
114 #报表信息
115 diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB
116 disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB
117 diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB
118 diskfree=$((disktotal-diskused)) #KB
119 diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
120 inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}')
121 inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}')
122 inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}')
123 inodefree=$((inodetotal-inodeused))
124 inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
125 report_DiskTotal=$((disktotal/1024/1024))"GB"
126 report_DiskFree=$((diskfree/1024/1024))"GB"
127 report_DiskUsedPercent="$diskusedpercent""%"
128 report_InodeTotal=$((inodetotal/1000))"K"
129 report_InodeFree=$((inodefree/1000))"K"
130 report_InodeUsedPercent="$inodeusedpercent""%"
131}
132function getSystemStatus(){
133 echo ""
134 echo -e "�33[33m*******************************************************系统检查 *******************************************************�33[0m"
135 if [ -e /etc/sysconfig/i18n ];then
136 default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')"
137 else
138 default_LANG=$LANG
139 fi
140 export LANG="en_US.UTF-8"
141 Release=$(cat /etc/redhat-release 2>/dev/null)
142 Kernel=$(uname -r)
143 OS=$(uname -o)
144 Hostname=$(uname -n)
145 SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}')
146 LastReboot=$(who -b | awk '{print $3,$4}')
147 uptime=$(uptime | sed 's/.*up ([^,]*), .*/1/')
148 echo " 系统:$OS"
149 echo " 发行版本:$Release"
150 echo " 内核:$Kernel"
151 echo " 主机名:$Hostname"
152 echo " SELinux:$SELinux"
153 echo "语言/编码:$default_LANG"
154 echo " 当前时间:$(date +'%F %T')"
155 echo " 最后启动:$LastReboot"
156 echo " 运行时间:$uptime"
157 #报表信息
158 report_DateTime=$(date +"%F %T")
159 report_Hostname="$Hostname"
160 report_OSRelease="$Release"
161 report_Kernel="$Kernel"
162 report_Language="$default_LANG"
163 report_LastReboot="$LastReboot"
164 report_Uptime="$uptime"
165 report_Selinux="$SELinux"
166 export LANG="$default_LANG"
167}
168function getServiceStatus(){
169 echo ""
170 echo -e "�33[33m*******************************************************服务检查*******************************************************�33[0m"
171 echo ""
172 if [[ $centosVersion > 7 ]];then
173 conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled")
174 process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service")
175 #报表信息
176 report_SelfInitiatedService="$(echo "$conf" | wc -l)"
177 report_RuningService="$(echo "$process" | wc -l)"
178 else
179 conf=$(/sbin/chkconfig | grep -E ":on|:启用")
180 process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行")
181 #报表信息
182 report_SelfInitiatedService="$(echo "$conf" | wc -l)"
183 report_RuningService="$(echo "$process" | wc -l)"
184 fi
185 echo "服务配置"
186 echo "--------"
187 echo "$conf" | column -t
188 echo ""
189 echo "正在运行的服务"
190 echo "--------------"
191 echo "$process"
192}
193function getAutoStartStatus(){
194 echo ""
195 echo -e "�33[33m*******************************************************自启动检查*******************************************************�33[0m"
196 conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d')
197 echo "$conf"
198 #报表信息
199 report_SelfInitiatedProgram="$(echo $conf | wc -l)"
200}
201function getLoginStatus(){
202 echo ""
203 echo -e "�33[33m*******************************************************登录检查*******************************************************�33[0m"
204 last | head
205}
206function getNetworkStatus(){
207 echo ""
208 echo -e "�33[33m*******************************************************网络检查*******************************************************�33[0m"
209 if [[ $centosVersion < 7 ]];then
210 /sbin/ifconfig -a | grep -v packets | grep -v collisions | grep -v inet6
211 else
212 #ip a
213 for i in $(ip link | grep BROADCAST | awk -F: '{print $2}');do ip add show $i | grep -E "BROADCAST|global"| awk '{print $2}' | tr '
' ' ' ;echo "" ;done
214 fi
215 GATEWAY=$(ip route | grep default | awk '{print $3}')
216 DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr '
' ',' | sed 's/,$//')
217 echo ""
218 echo "网关:$GATEWAY "
219 echo "DNS:$DNS"
220 #报表信息
221 IP=$(ip -f inet addr | grep -v 127.0.0.1 | grep inet | awk '{print $NF,$2}' | tr '
' ',' | sed 's/,$//')
222 MAC=$(ip link | grep -v "LOOPBACK|loopback" | awk '{print $2}' | sed 'N;s/
//' | tr '
' ',' | sed 's/,$//')
223 report_IP="$IP"
224 report_MAC=$MAC
225 report_Gateway="$GATEWAY"
226 report_DNS="$DNS"
227 echo ""
228ping -c 4 www.baidu.com >/dev/null 2>&1
229if [ $? -eq 0 ];then
230 echo "网络连接:正常"
231else
232 echo "网络连接:异常"
233fi
234}
235function getListenStatus(){
236 echo ""
237 echo -e "�33[33m*******************************************************监听检查*******************************************************�33[0m"
238 TCPListen=$(ss -ntul | column -t)
239 echo "$TCPListen"
240 #报表信息
241 report_Listen="$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)"
242}
243function getCronStatus(){
244 echo ""
245 echo -e "�33[33m*******************************************************计划任务检查*******************************************************�33[0m"
246 Crontab=0
247 for shell in $(grep -v "/sbin/nologin" /etc/shells);do
248 for user in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do
249 crontab -l -u $user >/dev/null 2>&1
250 status=$?
251 if [ $status -eq 0 ];then
252 echo "$user"
253 echo "--------"
254 crontab -l -u $user
255 let Crontab=Crontab+$(crontab -l -u $user | wc -l)
256 echo ""
257 fi
258 done
259 done
260 #计划任务
261 find /etc/cron* -type f | xargs -i ls -l {} | column -t
262 let Crontab=Crontab+$(find /etc/cron* -type f | wc -l)
263 #报表信息
264 report_Crontab="$Crontab"
265}
266function getHowLongAgo(){
267 # 计算一个时间戳离现在有多久了
268 datetime="$*"
269 [ -z "$datetime" ] && echo `stat /etc/passwd|awk "NR==6"`
270 Timestamp=$(date +%s -d "$datetime")
271 Now_Timestamp=$(date +%s)
272 Difference_Timestamp=$(($Now_Timestamp-$Timestamp))
273 days=0;hours=0;minutes=0;
274 sec_in_day=$((60*60*24));
275 sec_in_hour=$((60*60));
276 sec_in_minute=60
277 while (( $(($Difference_Timestamp-$sec_in_day)) > 1 ))
278 do
279 let Difference_Timestamp=Difference_Timestamp-sec_in_day
280 let days++
281 done
282 while (( $(($Difference_Timestamp-$sec_in_hour)) > 1 ))
283 do
284 let Difference_Timestamp=Difference_Timestamp-sec_in_hour
285 let hours++
286 done
287 echo "$days 天 $hours 小时前"
288}
289function getUserLastLogin(){
290 # 获取用户最近一次登录的时间,含年份
291 # 很遗憾last命令不支持显示年份,只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录,我
292 # 们只能用最笨的方法了,对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户
293 # 登录次数,如果登录统计次数有变化,则说明最近一次登录是今年。
294 username=$1
295 : ${username:="`whoami`"}
296 thisYear=$(date +%Y)
297 oldesYear=$(last | tail -n1 | awk '{print $NF}')
298 while(( $thisYear >= $oldesYear));do
299 loginBeforeToday=$(last $username | grep $username | wc -l)
300 loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)
301 if [ $loginBeforeToday -eq 0 ];then
302 echo "从未登录过"
303 break
304 elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then
305 lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"%s ",$i}')" $thisYear"
306 lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime")
307 echo "$lastDateTime"
308 break
309 else
310 thisYear=$((thisYear-1))
311 fi
312 done
313}
314function getUserStatus(){
315 echo ""
316 echo -e "�33[33m*******************************************************用户检查*******************************************************�33[0m"
317 #/etc/passwd 最后修改时间
318 pwdfile="$(cat /etc/passwd)"
319 Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}')
320 echo "/etc/passwd: $Modify ($(getHowLongAgo $Modify))"
321 echo ""
322 echo "特权用户"
323 echo "--------"
324 RootUser=""
325 for user in $(echo "$pwdfile" | awk -F: '{print $1}');do
326 if [ $(id -u $user) -eq 0 ];then
327 echo "$user"
328 RootUser="$RootUser,$user"
329 fi
330 done
331 echo ""
332 echo "用户列表"
333 echo "--------"
334 USERs=0
335 echo "$(
336 echo "用户名 UID GID HOME SHELL 最后一次登录"
337 for shell in $(grep -v "/sbin/nologin" /etc/shells);do
338 for username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do
339 userLastLogin="$(getUserLastLogin $username)"
340 echo "$pwdfile" | grep -w "$username" |grep -w "$shell"| awk -F: -v lastlogin="$(echo "$userLastLogin" | tr ' ' '_')" '{print $1,$3,$4,$6,$7,lastlogin}'
341 done
342 let USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l)
343 done
344 )" | column -t
345 echo ""
346 echo "空密码用户"
347 echo "----------"
348 USEREmptyPassword=""
349 for shell in $(grep -v "/sbin/nologin" /etc/shells);do
350 for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
351 r=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user)
352 if [ ! -z $r ];then
353 echo $r
354 USEREmptyPassword="$USEREmptyPassword,"$r
355 fi
356 done
357 done
358 echo ""
359 echo "相同ID的用户"
360 echo "------------"
361 USERTheSameUID=""
362 UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}')
363 for uid in $UIDs;do
364 echo -n "$uid";
365 USERTheSameUID="$uid"
366 r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)
367 echo "$r"
368 echo ""
369 USERTheSameUID="$USERTheSameUID $r,"
370 done
371 #报表信息
372 report_USERs="$USERs"
373 report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//')
374 report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//')
375 report_RootUser=$(echo $RootUser | sed 's/^,//')
376}
377function getPasswordStatus {
378 echo ""
379 echo -e "�33[33m*******************************************************密码检查*******************************************************�33[0m"
380 pwdfile="$(cat /etc/passwd)"
381 echo ""
382 echo "密码过期检查"
383 echo "------------"
384 result=""
385 for shell in $(grep -v "/sbin/nologin" /etc/shells);do
386 for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
387 get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2)
388 if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then
389 printf "%-15s 永不过期
" $user
390 result="$result,$user:never"
391 else
392 password_expiry_date=$(date -d "$get_expiry_date" "+%s")
393 current_date=$(date "+%s")
394 diff=$(($password_expiry_date-$current_date))
395 let DAYS=$(($diff/(60*60*24)))
396 printf "%-15s %s天后过期
" $user $DAYS
397 result="$result,$user:$DAYS days"
398 fi
399 done
400 done
401 report_PasswordExpiry=$(echo $result | sed 's/^,//')
402 echo ""
403 echo "密码策略检查"
404 echo "------------"
405 grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"
406}
407function getSudoersStatus(){
408 echo ""
409 echo -e "�33[33m*******************************************************Sudoers检查*******************************************************�33[0m"
410 conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')
411 echo "$conf"
412 echo ""
413 #报表信息
414 report_Sudoers="$(echo $conf | wc -l)"
415}
416function getInstalledStatus(){
417 echo ""
418 echo -e "�33[33m*******************************************************软件检查*******************************************************�33[0m"
419 rpm -qa --last | head | column -t
420}
421function getProcessStatus(){
422 echo ""
423 echo -e "�33[33m*******************************************************进程检查*******************************************************�33[0m"
424 if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
425 echo ""
426 echo "僵尸进程";
427 echo "--------"
428 ps -ef | head -n1
429 ps -ef | grep defunct | grep -v grep
430 fi
431 echo ""
432 echo "内存占用TOP10"
433 echo "-------------"
434 echo -e "PID %MEM RSS COMMAND
435 $(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t
436 echo ""
437 echo "CPU占用TOP10"
438 echo "------------"
439 top b -n1 | head -17 | tail -11
440 #报表信息
441 report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"
442}
443function getJDKStatus(){
444 echo ""
445 echo -e "�33[33m*******************************************************JDK检查*******************************************************�33[0m"
446 java -version 2>/dev/null
447 if [ $? -eq 0 ];then
448 java -version 2>&1
449 fi
450 echo "JAVA_HOME="$JAVA_HOME""
451 #报表信息
452 report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"
453}
454function getSyslogStatus(){
455 echo ""
456 echo -e "�33[33m*******************************************************syslog检查*******************************************************�33[0m"
457 echo "服务状态:$(getState rsyslog)"
458 echo ""
459 echo "/etc/rsyslog.conf"
460 echo "-----------------"
461 cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\$" | sed '/^$/d' | column -t
462 #报表信息
463 report_Syslog="$(getState rsyslog)"
464}
465function getFirewallStatus(){
466 echo ""
467 echo -e "�33[33m******************************************************* 防火墙检查*******************************************************�33[0m"
468 #防火墙状态,策略等
469 if [[ $centosVersion = 7 ]];then
470 systemctl status firewalld >/dev/null 2>&1
471 status=$?
472 if [ $status -eq 0 ];then
473 s="active"
474 elif [ $status -eq 3 ];then
475 s="inactive"
476 elif [ $status -eq 4 ];then
477 s="permission denied"
478 else
479 s="unknown"
480 fi
481 else
482 s="$(getState iptables)"
483 fi
484 echo "firewalld: $s"
485 echo ""
486 echo "/etc/sysconfig/firewalld"
487 echo "-----------------------"
488 cat /etc/sysconfig/firewalld 2>/dev/null
489 #报表信息
490 report_Firewall="$s"
491}
492function getSNMPStatus(){
493 #SNMP服务状态,配置等
494 echo ""
495 echo -e "�33[33m*******************************************************SNMP检查*******************************************************�33[0m"
496 status="$(getState snmpd)"
497 echo "服务状态:$status"
498 echo ""
499 if [ -e /etc/snmp/snmpd.conf ];then
500 echo "/etc/snmp/snmpd.conf"
501 echo "--------------------"
502 cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
503 fi
504 #报表信息
505 report_SNMP="$(getState snmpd)"
506}
507function getState(){
508 if [[ $centosVersion < 7 ]];then
509 if [ -e "/etc/init.d/$1" ];then
510 if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在运行" | wc -l` -ge 1 ];then
511 r="active"
512 else
513 r="inactive"
514 fi
515 else
516 r="unknown"
517 fi
518 else
519 #CentOS 7+
520 r="$(systemctl is-active $1 2>&1)"
521 fi
522 echo "$r"
523}
524function getSSHStatus(){
525 #SSHD服务状态,配置,受信任主机等
526 echo ""
527 echo -e "�33[33m*******************************************************SSH检查*******************************************************�33[0m"
528 #检查受信任主机
529 pwdfile="$(cat /etc/passwd)"
530 echo "服务状态:$(getState sshd)"
531 Protocol_Version=$(cat /etc/ssh/sshd_config | grep Protocol | awk '{print $2}')
532 echo "SSH协议版本:$Protocol_Version"
533 echo ""
534 echo "信任主机"
535 echo "--------"
536 authorized=0
537 for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do
538 authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}')
539 authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr '
' ',' | sed 's/,$//')
540 if [ ! -z $authorized_host ];then
541 echo "$user 授权 "$authorized_host" 无密码访问"
542 fi
543 let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l)
544 done
545 echo ""
546 echo "是否允许ROOT远程登录"
547 echo "--------------------"
548 config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin)
549 firstChar=${config:0:1}
550 if [ $firstChar == "#" ];then
551 PermitRootLogin="yes"
552 else
553 PermitRootLogin=$(echo $config | awk '{print $2}')
554 fi
555 echo "PermitRootLogin $PermitRootLogin"
556 echo ""
557 echo "/etc/ssh/sshd_config"
558 echo "--------------------"
559 cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d'
560 #报表信息
561 report_SSHAuthorized="$authorized"
562 report_SSHDProtocolVersion="$Protocol_Version"
563 report_SSHDPermitRootLogin="$PermitRootLogin"
564}
565function getNTPStatus(){
566 #NTP服务状态,当前时间,配置等
567 echo ""
568 echo -e "�33[33m*******************************************************NTP检查*******************************************************�33[0m"
569 if [ -e /etc/ntp.conf ];then
570 echo "服务状态:$(getState ntpd)"
571 echo ""
572 echo "/etc/ntp.conf"
573 echo "-------------"
574 cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
575 fi
576 #报表信息
577 report_NTP="$(getState ntpd)"
578}
579function uploadHostDailyCheckReport(){
580 json="{
581 "DateTime":"$report_DateTime",
582 "Hostname":"$report_Hostname",
583 "OSRelease":"$report_OSRelease",
584 "Kernel":"$report_Kernel",
585 "Language":"$report_Language",
586 "LastReboot":"$report_LastReboot",
587 "Uptime":"$report_Uptime",
588 "CPUs":"$report_CPUs",
589 "CPUType":"$report_CPUType",
590 "Arch":"$report_Arch",
591 "MemTotal":"$report_MemTotal",
592 "MemFree":"$report_MemFree",
593 "MemUsedPercent":"$report_MemUsedPercent",
594 "DiskTotal":"$report_DiskTotal",
595 "DiskFree":"$report_DiskFree",
596 "DiskUsedPercent":"$report_DiskUsedPercent",
597 "InodeTotal":"$report_InodeTotal",
598 "InodeFree":"$report_InodeFree",
599 "InodeUsedPercent":"$report_InodeUsedPercent",
600 "IP":"$report_IP",
601 "MAC":"$report_MAC",
602 "Gateway":"$report_Gateway",
603 "DNS":"$report_DNS",
604 "Listen":"$report_Listen",
605 "Selinux":"$report_Selinux",
606 "Firewall":"$report_Firewall",
607 "USERs":"$report_USERs",
608 "USEREmptyPassword":"$report_USEREmptyPassword",
609 "USERTheSameUID":"$report_USERTheSameUID",
610 "PasswordExpiry":"$report_PasswordExpiry",
611 "RootUser":"$report_RootUser",
612 "Sudoers":"$report_Sudoers",
613 "SSHAuthorized":"$report_SSHAuthorized",
614 "SSHDProtocolVersion":"$report_SSHDProtocolVersion",
615 "SSHDPermitRootLogin":"$report_SSHDPermitRootLogin",
616 "DefunctProsess":"$report_DefunctProsess",
617 "SelfInitiatedService":"$report_SelfInitiatedService",
618 "SelfInitiatedProgram":"$report_SelfInitiatedProgram",
619 "RuningService":"$report_RuningService",
620 "Crontab":"$report_Crontab",
621 "Syslog":"$report_Syslog",
622 "SNMP":"$report_SNMP",
623 "NTP":"$report_NTP",
624 "JDK":"$report_JDK"
625 }"
626 #echo "$json"
627 curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null
628}
629function check(){
630 version
631 getSystemStatus
632 getCpuStatus
633 getMemStatus
634 getDiskStatus
635 getNetworkStatus
636 getListenStatus
637 getProcessStatus
638 getServiceStatus
639 getAutoStartStatus
640 getLoginStatus
641 getCronStatus
642 getUserStatus
643 getPasswordStatus
644 getSudoersStatus
645 getJDKStatus
646 getFirewallStatus
647 getSSHStatus
648 getSyslogStatus
649 getSNMPStatus
650 getNTPStatus
651 getInstalledStatus
652}
653#执行检查并保存检查结果
654check > $RESULTFILE
655echo -e "�33[44;37m 检查结果存放在:$RESULTFILE �33[0m"
656#上传检查结果的文件
657#curl -F "filename=@$RESULTFILE" "$uploadHostDailyCheckApi" 2>/dev/null
长按关注,每周更新一次适合学生党和上班族的干货。
以上是关于CentOS7.X系统巡检脚本的主要内容,如果未能解决你的问题,请参考以下文章