CentOS7.X系统巡检脚本

Posted 有暗香盈袖c

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7.X系统巡检脚本相关的知识,希望对你有一定的参考价值。


CentOS7.X系统巡检脚本
CentOS7.X系统巡检脚本

CentOS7.x  系统巡检脚本

CentOS7.X系统巡检脚本


  1#!/bin/bash
 2##############################################################
 3# File Name: 1.sh
 4# Version: V1.0
 5# Author: 
 6# Organization: 
 7# Created Time : date
 8# Description:
 9##############################################################
10export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
11source /etc/profile
12[ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本!" && exit 1
13#uploadHostDailyCheckApi="http://10.0.0.1:8080/api/uploadHostDailyCheck"
14#uploadHostDailyCheckReportApi="http://10.0.0.1:8080/api/uploadHostDailyCheckReport"
15centosVersion=$(awk '{print $(NF-1)}' /etc/redhat-release)
16VERSION=`date +%F`
17#日志相关
18PROGPATH=`echo $0 | sed -e 's,[\/][^\/][^\/]*$,,'`
19[ -f $PROGPATH ] && PROGPATH="."
20LOGPATH="$PROGPATH/log"
21[ -e $LOGPATH ] || mkdir $LOGPATH
22RESULTFILE="$LOGPATH/HostDailyCheck-`hostname`-`date +%Y%m%d`.txt"
23#定义报表的全局变量
24report_DateTime=""  
25report_Hostname=""   
26report_OSRelease=""    
27report_Kernel=""   
28report_Language=""   
29report_LastReboot=""   
30report_Uptime=""   
31report_CPUs=""  
32report_CPUType=""  
33report_Arch=""   
34report_MemTotal=""    
35report_MemFree=""   
36report_MemUsedPercent=""   
37report_DiskTotal=""    
38report_DiskFree=""    
39report_DiskUsedPercent=""    
40report_InodeTotal=""   
41report_InodeFree="" 
42report_InodeUsedPercent=""  
43report_IP=""  
44report_MAC=""   
45report_Gateway=""   
46report_DNS=""   
47report_Listen=""   
48report_Selinux=""  
49report_Firewall=""   
50report_USERs=""   
51report_USEREmptyPassword=""  
52report_USERTheSameUID=""      
53report_PasswordExpiry=""    
54report_RootUser=""   
55report_Sudoers=""   
56report_SSHAuthorized=""   
57report_SSHDProtocolVersion=""    
58report_SSHDPermitRootLogin=""   
59report_DefunctProsess=""    
60report_SelfInitiatedService=""   
61report_SelfInitiatedProgram=""   
62report_RuningService=""           
63report_Crontab=""    
64report_Syslog=""   
65report_SNMP=""    
66report_NTP=""    
67report_JDK=""   
68function version(){
69    echo ""
70    echo ""
71    echo "系统巡检脚本:Version $VERSION"
72}
73function getCpuStatus(){
74    echo ""
75    echo -e "33[33m*******************************************************CPU检查*******************************************************33[0m"
76    Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l)
77    Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l)
78    CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}')
79    CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq)
80    CPU_Arch=$(uname -m)
81    echo "物理CPU个数:$Physical_CPUs"
82    echo "逻辑CPU个数:$Virt_CPUs"
83    echo "每CPU核心数:$CPU_Kernels"
84    echo "    CPU型号:$CPU_Type"
85    echo "    CPU架构:$CPU_Arch"
86    #报表信息
87    report_CPUs=$Virt_CPUs 
88    report_CPUType=$CPU_Type 
89    report_Arch=$CPU_Arch   
90}
91function getMemStatus(){
92    echo ""
93    echo  -e "33[33m*******************************************************内存检查*******************************************************33[0m"
94    if [[ $centosVersion < 7 ]];then
95        free -mo
96    else
97        free -h
98    fi
99    #报表信息
100    MemTotal=$(grep MemTotal /proc/meminfo| awk '{print $2}')  #KB
101    MemFree=$(grep MemFree /proc/meminfo| awk '{print $2}')    #KB
102    let MemUsed=MemTotal-MemFree
103    MemPercent=$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf "%.2f",$MemUsed*100/$MemTotal}}")
104    report_MemTotal="$((MemTotal/1024))""MB"      
105    report_MemFree="$((MemFree/1024))""MB"       
106    report_MemUsedPercent="$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf "%.2f",$MemUsed*100/$MemTotal}}")""%"  
107}
108function getDiskStatus(){
109    echo "
"
110    echo -e "
33[33m*******************************************************磁盘检查*******************************************************33[0m"
111    df -hiP | sed 's/Mounted on/Mounted/'> /tmp/inode
112    df -hTP | sed 's/Mounted on/Mounted/'> /tmp/disk 
113    join /tmp/disk /tmp/inode | awk '{print $1,$2,"
|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t
114    #报表信息
115    diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB
116    disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB
117    diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}')  #KB
118    diskfree=$((disktotal-diskused)) #KB
119    diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "
%.2f",$2*100/$1}}') 
120    inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}')
121    inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}')
122    inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}')
123    inodefree=$((inodetotal-inodeused))
124    inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "
%.2f",$2*100/$1}}')
125    report_DiskTotal=$((disktotal/1024/1024))"
GB
126    report_DiskFree=$((diskfree/1024/1024))"
GB"   
127    report_DiskUsedPercent="
$diskusedpercent""%"   
128    report_InodeTotal=$((inodetotal/1000))"
K"     
129    report_InodeFree=$((inodefree/1000))"
K"       
130    report_InodeUsedPercent="
$inodeusedpercent""%
131}
132function getSystemStatus(){
133    echo "
"
134    echo -e "
33[33m*******************************************************系统检查 *******************************************************33[0m"
135    if [ -e /etc/sysconfig/i18n ];then
136        default_LANG="
$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')"
137    else
138        default_LANG=$LANG
139    fi
140    export LANG="
en_US.UTF-8"
141    Release=$(cat /etc/redhat-release 2>/dev/null)
142    Kernel=$(uname -r)
143    OS=$(uname -o)
144    Hostname=$(uname -n)
145    SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}')
146    LastReboot=$(who -b | awk '{print $3,$4}')
147    uptime=$(uptime | sed 's/.*up ([^,]*), .*/1/')
148    echo "
     系统:$OS"
149    echo "
 发行版本:$Release"
150    echo "
     内核:$Kernel"
151    echo "
   主机名:$Hostname"
152    echo "
  SELinux:$SELinux"
153    echo "
语言/编码:$default_LANG"
154    echo "
 当前时间:$(date +'%F %T')"
155    echo "
 最后启动:$LastReboot"
156    echo "
 运行时间:$uptime"
157    #报表信息
158    report_DateTime=$(date +"%F %T")  
159    report_Hostname="
$Hostname"     
160    report_OSRelease="
$Release"       
161    report_Kernel="
$Kernel"           
162    report_Language="
$default_LANG"   
163    report_LastReboot="
$LastReboot"   
164    report_Uptime="
$uptime"          
165    report_Selinux="
$SELinux"
166    export LANG="
$default_LANG"
167}
168function getServiceStatus(){
169    echo "
"
170    echo -e "
33[33m*******************************************************服务检查*******************************************************33[0m"
171    echo "
"
172    if [[ $centosVersion > 7 ]];then
173        conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled")
174        process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service")
175        #报表信息
176        report_SelfInitiatedService="
$(echo "$conf" | wc -l)"     
177        report_RuningService="
$(echo "$process" | wc -l)"         
178    else
179        conf=$(/sbin/chkconfig | grep -E ":on|:启用")
180        process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行")
181        #报表信息
182        report_SelfInitiatedService="
$(echo "$conf" | wc -l)"      
183        report_RuningService="
$(echo "$process" | wc -l)"          
184    fi
185    echo "
服务配置"
186    echo "
--------"
187    echo "
$conf"  | column -t
188    echo "
"
189    echo "
正在运行的服务"
190    echo "
--------------"
191    echo "
$process"
192}
193function getAutoStartStatus(){
194    echo "
"
195    echo -e "
33[33m*******************************************************自启动检查*******************************************************33[0m"
196    conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d')
197    echo "
$conf"
198    #报表信息
199    report_SelfInitiatedProgram="
$(echo $conf | wc -l)"   
200}
201function getLoginStatus(){
202    echo "
"
203    echo -e "
33[33m*******************************************************登录检查*******************************************************33[0m"
204    last | head
205}
206function getNetworkStatus(){
207    echo "
"
208    echo -e "
33[33m*******************************************************网络检查*******************************************************33[0m"
209    if [[ $centosVersion < 7 ]];then
210        /sbin/ifconfig -a | grep -v packets | grep -v collisions | grep -v inet6
211    else
212        #ip a
213        for i in $(ip link | grep BROADCAST | awk -F: '{print $2}');do ip add show $i | grep -E "
BROADCAST|global"| awk '{print $2}' | tr ' ' ' ' ;echo "" ;done
214    fi
215    GATEWAY=$(ip route | grep default | awk '{print $3}')
216    DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr ' ' ',' | sed 's/,$//')
217    echo "
"
218    echo "
网关:$GATEWAY "
219    echo "
DNS:$DNS"
220    #报表信息
221    IP=$(ip -f inet addr | grep -v 127.0.0.1 |  grep inet | awk '{print $NF,$2}' | tr ' ' ',' | sed 's/,$//')
222    MAC=$(ip link | grep -v "LOOPBACK|loopback" | awk '{print $2}' | sed 'N;s/ //' | tr ' ' ',' | sed 's/,$//')
223    report_IP="
$IP"         
224    report_MAC=$MAC          
225    report_Gateway="
$GATEWAY
226    report_DNS="
$DNS"
227    echo "
"
228ping -c 4 www.baidu.com >/dev/null 2>&1
229if [ $? -eq 0 ];then
230   echo "
网络连接:正常
231else
232   echo "
网络连接:异常"
233fi 
234}
235function getListenStatus(){
236    echo "
"
237    echo  -e "
33[33m*******************************************************监听检查*******************************************************33[0m"
238    TCPListen=$(ss -ntul | column -t)
239    echo "
$TCPListen"
240    #报表信息
241    report_Listen="
$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)"
242}
243function getCronStatus(){
244    echo "
"
245    echo -e "
33[33m*******************************************************计划任务检查*******************************************************33[0m"
246    Crontab=0
247    for shell in $(grep -v "/sbin/nologin" /etc/shells);do
248        for user in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do
249            crontab -l -u $user >/dev/null 2>&1
250            status=$?
251            if [ $status -eq 0 ];then
252                echo "
$user"
253                echo "
--------"
254                crontab -l -u $user
255                let Crontab=Crontab+$(crontab -l -u $user | wc -l)
256                echo "
"
257            fi
258        done
259    done
260    #计划任务
261    find /etc/cron* -type f | xargs -i ls -l {} | column  -t
262    let Crontab=Crontab+$(find /etc/cron* -type f | wc -l)
263    #报表信息
264    report_Crontab="
$Crontab"   
265}
266function getHowLongAgo(){
267    # 计算一个时间戳离现在有多久了
268    datetime="
$*"
269    [ -z "
$datetime" ] && echo `stat /etc/passwd|awk "NR==6"`
270    Timestamp=$(date +%s -d "$datetime")  
271    Now_Timestamp=$(date +%s)
272    Difference_Timestamp=$(($Now_Timestamp-$Timestamp))
273    days=0;hours=0;minutes=0;
274    sec_in_day=$((60*60*24));
275    sec_in_hour=$((60*60));
276    sec_in_minute=60
277    while (( $(($Difference_Timestamp-$sec_in_day)) > 1 ))
278    do
279        let Difference_Timestamp=Difference_Timestamp-sec_in_day
280        let days++
281    done
282    while (( $(($Difference_Timestamp-$sec_in_hour)) > 1 ))
283    do
284        let Difference_Timestamp=Difference_Timestamp-sec_in_hour
285        let hours++
286    done
287    echo "
$days 天 $hours 小时前"
288}
289function getUserLastLogin(){
290    # 获取用户最近一次登录的时间,含年份
291    # 很遗憾last命令不支持显示年份,只有"
last -t YYYYMMDDHHMMSS"表示某个时间之间的登录,我
292    # 们只能用最笨的方法了,对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户
293    # 登录次数,如果登录统计次数有变化,则说明最近一次登录是今年。
294    username=$1
295    : ${username:="`whoami`"}
296    thisYear=$(date +%Y)
297    oldesYear=$(last | tail -n1 | awk '{print $NF}')
298    while(( $thisYear >= $oldesYear));do
299        loginBeforeToday=$(last $username | grep $username | wc -l)
300        loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)
301        if [ $loginBeforeToday -eq 0 ];then
302            echo "
从未登录过"
303            break
304        elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then
305            lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"
%s ",$i}')" $thisYear
306            lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime")
307            echo "
$lastDateTime"
308            break
309        else
310            thisYear=$((thisYear-1))
311        fi
312    done
313}
314function getUserStatus(){
315    echo "
"
316    echo -e "
33[33m*******************************************************用户检查*******************************************************33[0m"
317    #/etc/passwd 最后修改时间
318    pwdfile="
$(cat /etc/passwd)"
319    Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}')
320    echo "
/etc/passwd: $Modify ($(getHowLongAgo $Modify))"
321    echo "
"
322    echo "
特权用户"
323    echo "
--------"
324    RootUser="
"
325    for user in $(echo "$pwdfile" | awk -F: '{print $1}');do
326        if [ $(id -u $user) -eq 0 ];then
327            echo "
$user"
328            RootUser="
$RootUser,$user"
329        fi
330    done
331    echo "
"
332    echo "
用户列表"
333    echo "
--------"
334    USERs=0
335    echo "
$(
336    echo "用户名 UID GID HOME SHELL 最后一次登录"
337    for shell in $(grep -v "/sbin/nologin" /etc/shells);do
338        for username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do
339            userLastLogin="$(getUserLastLogin $username)"
340            echo "$pwdfile" | grep -w "$username" |grep -w "$shell"| awk -F: -v lastlogin="$(echo "$userLastLogin" | tr ' ' '_')" '{print $1,$3,$4,$6,$7,lastlogin}'
341        done
342        let USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l)
343    done
344    )" | column -t
345    echo "
"
346    echo "
空密码用户"
347    echo "
----------"
348    USEREmptyPassword="
"
349    for shell in $(grep -v "/sbin/nologin" /etc/shells);do
350            for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
351            r=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user)
352            if [ ! -z $r ];then
353                echo $r
354                USEREmptyPassword="
$USEREmptyPassword,"$r
355            fi
356        done    
357    done
358    echo "
"
359    echo "
相同ID的用户"
360    echo "
------------"
361    USERTheSameUID="
"
362    UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}')
363    for uid in $UIDs;do
364        echo -n "
$uid";
365        USERTheSameUID="
$uid"
366        r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)
367        echo "
$r"
368        echo "
"
369        USERTheSameUID="
$USERTheSameUID $r,"
370    done
371    #报表信息
372    report_USERs="
$USERs"  
373    report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//') 
374    report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//') 
375    report_RootUser=$(echo $RootUser | sed 's/^,//')   
376}
377function getPasswordStatus {
378    echo "
"
379    echo -e "
33[33m*******************************************************密码检查*******************************************************33[0m"
380    pwdfile="
$(cat /etc/passwd)"
381    echo "
"
382    echo "
密码过期检查"
383    echo "
------------"
384    result="
"
385    for shell in $(grep -v "/sbin/nologin" /etc/shells);do
386        for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
387            get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2)
388            if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then
389                printf "
%-15s 永不过期 $user
390                result="
$result,$user:never"
391            else
392                password_expiry_date=$(date -d "$get_expiry_date" "+%s")
393                current_date=$(date "+%s")
394                diff=$(($password_expiry_date-$current_date))
395                let DAYS=$(($diff/(60*60*24)))
396                printf "
%-15s %s天后过期 $user $DAYS
397                result="
$result,$user:$DAYS days"
398            fi
399        done
400    done
401    report_PasswordExpiry=$(echo $result | sed 's/^,//')
402    echo "
"
403    echo "
密码策略检查"
404    echo "
------------"
405    grep -v "
#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"
406}
407function getSudoersStatus(){
408    echo ""
409    echo -e "33[33m*******************************************************Sudoers检查*******************************************************33[0m"
410    conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')
411    echo "$conf"
412    echo ""
413    #报表信息
414    report_Sudoers="$(echo $conf | wc -l)"
415}
416function getInstalledStatus(){
417    echo ""
418    echo -e "33[33m*******************************************************软件检查*******************************************************33[0m"
419    rpm -qa --last | head | column -t 
420}
421function getProcessStatus(){
422    echo ""
423    echo -e "33[33m*******************************************************进程检查*******************************************************33[0m"
424    if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
425        echo ""
426        echo "僵尸进程";
427        echo "--------"
428        ps -ef | head -n1
429        ps -ef | grep defunct | grep -v grep
430    fi
431    echo ""
432    echo "内存占用TOP10"
433    echo "-------------"
434    echo -e "PID %MEM RSS COMMAND
435    $(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"
| column -t 
436    echo ""
437    echo "CPU占用TOP10"
438    echo "------------"
439    top b -n1 | head -17 | tail -11
440    #报表信息
441    report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"
442}
443function getJDKStatus(){
444    echo ""
445    echo -e "33[33m*******************************************************JDK检查*******************************************************33[0m"
446    java -version 2>/dev/null
447    if [ $? -eq 0 ];then
448        java -version 2>&1
449    fi
450    echo "JAVA_HOME="$JAVA_HOME""
451    #报表信息
452    report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"
453}
454function getSyslogStatus(){
455    echo ""
456    echo -e "33[33m*******************************************************syslog检查*******************************************************33[0m"
457    echo "服务状态:$(getState rsyslog)"
458    echo ""
459    echo "/etc/rsyslog.conf"
460    echo "-----------------"
461    cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\$" | sed '/^$/d'  | column -t
462    #报表信息
463    report_Syslog="$(getState rsyslog)"
464}
465function getFirewallStatus(){
466    echo ""
467    echo -e "33[33m******************************************************* 防火墙检查*******************************************************33[0m"
468    #防火墙状态,策略等
469    if [[ $centosVersion = 7 ]];then
470        systemctl status firewalld >/dev/null  2>&1
471        status=$?
472        if [ $status -eq 0 ];then
473                s="active"
474        elif [ $status -eq 3 ];then
475                s="inactive"
476        elif [ $status -eq 4 ];then
477                s="permission denied"
478        else
479                s="unknown"
480        fi
481    else
482        s="$(getState iptables)"
483    fi
484    echo "firewalld: $s"
485    echo ""
486    echo "/etc/sysconfig/firewalld"
487    echo "-----------------------"
488    cat /etc/sysconfig/firewalld 2>/dev/null
489    #报表信息
490    report_Firewall="$s"
491}
492function getSNMPStatus(){
493    #SNMP服务状态,配置等
494    echo ""
495    echo -e "33[33m*******************************************************SNMP检查*******************************************************33[0m"
496    status="$(getState snmpd)"
497    echo "服务状态:$status"
498    echo ""
499    if [ -e /etc/snmp/snmpd.conf ];then
500        echo "/etc/snmp/snmpd.conf"
501        echo "--------------------"
502        cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
503    fi
504    #报表信息
505    report_SNMP="$(getState snmpd)"
506}
507function getState(){
508    if [[ $centosVersion < 7 ]];then
509        if [ -e "/etc/init.d/$1" ];then
510            if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在运行" | wc -l` -ge 1 ];then
511                r="active"
512            else
513                r="inactive"
514            fi
515        else
516            r="unknown"
517        fi
518    else
519        #CentOS 7+
520        r="$(systemctl is-active $1 2>&1)"
521    fi
522    echo "$r"
523}
524function getSSHStatus(){
525    #SSHD服务状态,配置,受信任主机等
526    echo ""
527    echo -e "33[33m*******************************************************SSH检查*******************************************************33[0m"
528    #检查受信任主机
529    pwdfile="$(cat /etc/passwd)"
530    echo "服务状态:$(getState sshd)"
531    Protocol_Version=$(cat /etc/ssh/sshd_config | grep Protocol | awk '{print $2}')
532    echo "SSH协议版本:$Protocol_Version"
533    echo ""
534    echo "信任主机"
535    echo "--------"
536    authorized=0
537    for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do
538        authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}')
539        authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr ' ' ',' | sed 's/,$//')
540        if [ ! -z $authorized_host ];then
541            echo "$user 授权 "$authorized_host" 无密码访问"
542        fi
543        let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l)
544    done
545    echo ""
546    echo "是否允许ROOT远程登录"
547    echo "--------------------"
548    config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin)
549    firstChar=${config:0:1}
550    if [ $firstChar == "#" ];then
551        PermitRootLogin="yes" 
552    else
553        PermitRootLogin=$(echo $config | awk '{print $2}')
554    fi
555    echo "PermitRootLogin $PermitRootLogin"
556    echo ""
557    echo "/etc/ssh/sshd_config"
558    echo "--------------------"
559    cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d'
560    #报表信息
561    report_SSHAuthorized="$authorized"   
562    report_SSHDProtocolVersion="$Protocol_Version"   
563    report_SSHDPermitRootLogin="$PermitRootLogin"    
564}
565function getNTPStatus(){
566    #NTP服务状态,当前时间,配置等
567    echo ""
568    echo -e "33[33m*******************************************************NTP检查*******************************************************33[0m"
569    if [ -e /etc/ntp.conf ];then
570        echo "服务状态:$(getState ntpd)"
571        echo ""
572        echo "/etc/ntp.conf"
573        echo "-------------"
574        cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
575    fi
576    #报表信息
577    report_NTP="$(getState ntpd)"
578}
579function uploadHostDailyCheckReport(){
580    json="{
581        "DateTime":"$report_DateTime",
582        "Hostname":"$report_Hostname",
583        "OSRelease":"$report_OSRelease",
584        "Kernel":"$report_Kernel",
585        "Language":"$report_Language",
586        "LastReboot":"$report_LastReboot",
587        "Uptime":"$report_Uptime",
588        "CPUs":"$report_CPUs",
589        "CPUType":"$report_CPUType",
590        "Arch":"$report_Arch",
591        "MemTotal":"$report_MemTotal",
592        "MemFree":"$report_MemFree",
593        "MemUsedPercent":"$report_MemUsedPercent",
594        "DiskTotal":"$report_DiskTotal",
595        "DiskFree":"$report_DiskFree",
596        "DiskUsedPercent":"$report_DiskUsedPercent",
597        "InodeTotal":"$report_InodeTotal",
598        "InodeFree":"$report_InodeFree",
599        "InodeUsedPercent":"$report_InodeUsedPercent",
600        "IP":"$report_IP",
601        "MAC":"$report_MAC",
602        "Gateway":"$report_Gateway",
603        "DNS":"$report_DNS",
604        "Listen":"$report_Listen",
605        "Selinux":"$report_Selinux",
606        "Firewall":"$report_Firewall",
607        "USERs":"$report_USERs",
608        "USEREmptyPassword":"$report_USEREmptyPassword",
609        "USERTheSameUID":"$report_USERTheSameUID",
610        "PasswordExpiry":"$report_PasswordExpiry",
611        "RootUser":"$report_RootUser",
612        "Sudoers":"$report_Sudoers",
613        "SSHAuthorized":"$report_SSHAuthorized",
614        "SSHDProtocolVersion":"$report_SSHDProtocolVersion",
615        "SSHDPermitRootLogin":"$report_SSHDPermitRootLogin",
616        "DefunctProsess":"$report_DefunctProsess",
617        "SelfInitiatedService":"$report_SelfInitiatedService",
618        "SelfInitiatedProgram":"$report_SelfInitiatedProgram",
619        "RuningService":"$report_RuningService",
620        "Crontab":"$report_Crontab",
621        "Syslog":"$report_Syslog",
622        "SNMP":"$report_SNMP",
623        "NTP":"$report_NTP",
624        "JDK":"$report_JDK"
625    }"

626    #echo "$json" 
627    curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null
628}
629function check(){
630    version
631    getSystemStatus
632    getCpuStatus
633    getMemStatus
634    getDiskStatus
635    getNetworkStatus
636    getListenStatus
637    getProcessStatus
638    getServiceStatus
639    getAutoStartStatus
640    getLoginStatus
641    getCronStatus
642    getUserStatus
643    getPasswordStatus
644    getSudoersStatus
645    getJDKStatus
646    getFirewallStatus
647    getSSHStatus
648    getSyslogStatus
649    getSNMPStatus
650    getNTPStatus
651    getInstalledStatus
652}
653#执行检查并保存检查结果
654check > $RESULTFILE
655echo -e "33[44;37m 检查结果存放在:$RESULTFILE 33[0m"
656#上传检查结果的文件
657#curl -F "filename=@$RESULTFILE" "$uploadHostDailyCheckApi" 2>/dev/null


CentOS7.X系统巡检脚本

             

                  

长按关注,每周更新一次适合学生党和上班族的干货

以上是关于CentOS7.X系统巡检脚本的主要内容,如果未能解决你的问题,请参考以下文章

精品Linux系统硬件网络系统及安全巡检邮箱告警脚本shell脚本

shell系统巡检脚本

linux系统安全巡检脚本

系统巡检脚本

shell脚本——日常巡检脚本

日常巡检shell脚本