perl改造成bash---结果写入xml
Posted liupengjuan
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了perl改造成bash---结果写入xml相关的知识,希望对你有一定的参考价值。
#!/bin/bash ipv4=`ifconfig eth0 | grep ‘inet addr‘|awk -F ":" ‘{print $2}‘|awk ‘{print$1}‘` ipv6=`ifconfig eth0 | grep ‘inet6 addr‘|awk -F "/" ‘{print $1}‘` os_name=`uname -s 2>> error;uname.bak -s 2>>error` os_version=`lsb_release -a 2>> error||cat /etc/issue 2>> error||cat /etc/redhat-release 2>> error||cat /etc/redhat-release.bak 2>> error||uname -a 2>> error||uname.bak -a 2>> error` startDate=`date "+%Y-%m-%d %H:%M:%S"` ipaddr="$1" os_result=`uname -a 2>> error||uname.bak -a 2>> error` result=`echo ${os_result%-*}` os=`echo ${result##* }` Script_ID[0]=1 Script_Value[0]="function linux7() { ls -l /lib*/security/pam_tally.so 2>/dev/null echo "---------------system-auth-------------------" cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘ if [[ -n %ls -l /lib*/security/pam_tally.so 2>/dev/null% ]];then if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally.so"% ]];then if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally.so"|egrep "deny=\w+"% ]];then echo "result="%cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally.so"|awk -F"deny=" ‘{print$2}‘|awk ‘{print$1}‘% else echo "result=false" fi else echo "result=false" fi elif [[ -n %ls -l /lib*/security/pam_tally2.so 2>/dev/null% ]];then cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so" if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"% ]];then if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"|egrep "deny=\w+"% ]];then echo "result="%cat /etc/pam.d/system-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"|awk -F"deny=" ‘{print$2}‘|awk ‘{print$1}‘% else echo "result=false" fi else echo "result=false" fi else echo "result=pam_tally not found" fi } function linux8() { ls -l /etc/pam.d/system-auth /etc/pam.d/password-auth 2>/dev/null if [ -f /etc/pam.d/system-auth ]&&[ -f /etc/pam.d/password-auth ];then for FILE in /etc/pam.d/system-auth /etc/pam.d/password-auth do echo $FILE cat $FILE|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘ venus1=$(cat $FILE|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth\s+required\s+pam_faillock.so\s+preauth"|egrep "deny=\w") venus2=$(cat $FILE|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "auth\s+\[default=die\]\s+pam_faillock.so\s+authfail"|egrep "deny=\w") venus3=$(cat $FILE|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|egrep "account\s+required\s+pam_faillock.so") if [[ -n $venus1 ]]&&[[ -n $venus2 ]]&&[[ -n $venus3 ]];then echo "result="$(echo $venus1|sed ‘s/.*\sdeny=\(\w*\)\s.*/\1/‘) echo "result="$(echo $venus2|sed ‘s/.*\sdeny=\(\w*\)\s.*/\1/‘) else echo "result=false" fi done unset FILE venus1 venus2 venus3 else echo "result=false" fi } function ubuntu_debian() { ls /lib/x86_64-linux-gnu/security/pam_tally*.so 2>/dev/null cat etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘ if [ -f /lib/x86_64-linux-gnu/security/pam_tally.so ] || [ -f /lib/x86_64-linux-gnu/security/pam_tally2.so ];then DENY_result1=%cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p‘% DENY_result2=%cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p‘% if [ -n "$DENY_result1" ];then echo "result1="%cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p‘|awk -F= ‘{print$2}‘% elif [ -n "DENY_result2" ];then echo "result="%cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p‘|awk -F= ‘{print$2}‘% else echo "result=false" fi unset DENY_result1 DENY_result2 else echo "result=pam_tally not found" fi } function suse() { ls -l /lib*/security/pam_tally.so 2>/dev/null echo "----------------common-auth------------------" cat /etc/pam.d/common-auth|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘ 2>/dev/null echo "----------------common-account------------------" cat /etc/pam.d/common-account|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘ 2>/dev/null echo "----------------------------------" if [[ -n %ls -l /lib*/security/pam_tally.so 2>/dev/null% ]];then if [[ -n %cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p‘% ]];then echo "result="%cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p‘|awk -F= ‘{print$2}‘% else echo "result=false" fi elif [[ -n %ls -l /lib*/security/pam_tally2.so 2>/dev/null% ]];then if [[ -n %cat /etc/pam.d/common-account 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -n ‘/account\s*required\s*pam_tally2.so/p‘% ]];then if [[ -n %cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p‘% ]];then echo "result="%cat /etc/pam.d/common-auth 2>/dev/null|sed ‘/^\s*#/d‘|sed ‘/^\s*$/d‘|sed -rn ‘/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p‘|awk -F= ‘{print$2}‘% else echo "result=false" fi else echo "result=false" fi else echo "result=pam_tally not found" fi } if [ -f /etc/redhat-release ];then linux_version=$(cat /etc/redhat-release|awk -F"release" ‘{print$2}‘|awk ‘{print$1}‘|cut -d\. -f1) if [ $linux_version -ge 8 ];then cat /etc/redhat-release linux8 else cat /etc/redhat-release linux7 fi elif [ -f /etc/SuSE-release ];then cat /etc/SuSE-release suse elif [[ -n $(cat /etc/os-release 2>/dev/null |grep -w "ID"|egrep -wi "ubuntu|debian") ]];then cat /etc/os-release ubuntu_debian else echo "result=Operating system judgment failed" fi " Script_Support[0]="3.10.0 2.6.32 2.6.18 2.6.9 2.4.21 2.4.9" Script_ID[1]=2 Script_Value[1]="if grep -v "^[[:space:]]*#" /etc/ssh/sshd_config|grep -i "PermitRootLogin no" then echo "This device does not permit root to ssh login,check result:true"; else echo "This device permits root to ssh login,check result:false"; fi if grep -v "^[[:space:]]*#" /etc/ssh/sshd_config|egrep "^protocol[[:space:]]*2|^Protocol[[:space:]]*2" then echo "SSH protocol version is 2,check result:true" else echo "SSH protocol version is not 2,check result:false" fi " Script_Support[1]="4.18.0 2.6.32 2.6.18 2.6.9 2.4.21 2.4.9" Script_ID[2]=3 Script_Value[2]="export LANG=en_US.UTF-8 if [[ %cat /etc/redhat-release 2>/dev/null|cut -b 22% -ge 7 ]] || [[ %cat /etc/redhat-release 2>/dev/null|cut -b 41% -ge 7 ]];then echo "telnet_status="%systemctl|grep telnet|grep active|wc -l% echo "ssh_status="%ps -ef|grep "sshd"|grep -v "grep"|wc -l% else echo "telnet_status="%chkconfig --list |egrep "*.telnet"|egrep -i "on"|wc -l% echo "ssh_status="%ps -ef|grep "sshd"|grep -v "grep"|wc -l% fi unset telnet_status ssh_status " Script_Support[2]="4.18.0 3.10.0 2.6.18 2.6.9 2.4.21 2.4.9" Script_ID[3]=4 Script_Value[3]="ls -alL /etc/passwd /etc/shadow /etc/group echo "passwd_total="%ls -alL /etc/passwd 2>/dev/null|grep -v "[r-][w-]-[r-]--[r-]--"|grep "[r-][w-][x-][r-][w-][x-][r-][w-][x-]"|wc -l% echo "shadow_total="%ls -alL /etc/shadow 2>/dev/null|grep -v "[r-][w-]-------"|grep "[r-][w-][x-][r-][w-][x-][r-][w-][x-]"|wc -l% echo "group_total="%ls -alL /etc/group 2>/dev/null|grep -v "[r-][w-]-[r-]--[r-]--"|grep "[r-][w-][x-][r-][w-][x-][r-][w-][x-]"|wc -l% " Script_Support[3]="4.18.0 3.10.0 2.6.32 2.6.9 2.4.21 2.4.9" Script_ID[4]=5 Script_Value[4]="Calculate (){ echo "DCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ‘ ‘|awk ‘BEGIN{RS=" "}{print $0}‘|awk -F"=" ‘/dcredit/{print$2}‘|awk ‘{print$1}‘|awk -F"-" ‘{print$2}‘% echo "LCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ‘ ‘|awk ‘BEGIN{RS=" "}{print $0}‘|awk -F"=" ‘/lcredit/{print$2}‘|awk ‘{print$1}‘|awk -F"-" ‘{print$2}‘% echo "UCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ‘ ‘|awk ‘BEGIN{RS=" "}{print $0}‘|awk -F"=" ‘/ucredit/{print$2}‘|awk ‘{print$1}‘|awk -F"-" ‘{print$2}‘% echo "OCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ‘ ‘|awk ‘BEGIN{RS=" "}{print $0}‘|awk -F"=" ‘/ocredit/{print$2}‘|awk ‘{print$1}‘|awk -F"-" ‘{print$2}‘% echo "MINCLASS="%cat $1|egrep -v "[[:space:]]*#"|tr -d ‘ ‘|awk ‘BEGIN{RS=" "}{print $0}‘|awk -F"=" ‘/minlen/{print$2}‘|awk ‘{print$1}‘% } if ([ -f /etc/redhat-release ] && [ -f /etc/pam.d/system-auth ]);then if [[ %cat /etc/redhat-release|grep -aPo ‘(?<=release\s)\d‘% -ge "7" ]];then if [[ -n %cat /etc/pam.d/passwd|egrep -v "[[:space:]]*#"|egrep "password[[:space:]]+required[[:space:]]+pam_pwquality.so"% ]];then echo "result0=Found pam_pwquality.so module" FILE=/etc/security/pwquality.conf; Calculate "$FILE"; unset FILE else FILE=/etc/pam.d/system-auth; Calculate "$FILE"; unset FILE fi fi elif ([ -f /etc/SuSE-release ] && [ -f /etc/pam.d/common-password ]);then FILE=/etc/pam.d/common-password Calculate "$FILE"; unset FILE fi " Script_Support[4]="4.18.0 3.10.0 2.6.32 2.6.18 2.4.21 2.4.9" Script_ID[5]=6 Script_Value[5]="export LANG=en_US.UTF-8 if [[ %cat /etc/redhat-release 2>/dev/null|cut -b 22% -ge 7 ]] || [[ %cat /etc/redhat-release 2>/dev/null|cut -b 41% -ge 7 ]];then telnet_status=%systemctl|grep "telnet.socket"|wc -l% else telnet_status=%chkconfig --list|egrep "telnet.*"|grep -w "on"|wc -l% fi if [ $telnet_status -ge 1 ];then echo "pts_count="%cat /etc/securetty 2>/dev/null|grep -v "^[[:space:]]*#"|grep "pts/*"|wc -l% else echo "Telnet process is not open" fi unset telnet_status " Script_Support[5]="4.18.0 3.10.0 2.6.32 2.6.18 2.6.9 2.4.9" Script_ID[6]=7 Script_Value[6]="if [ -f /etc/syslog.conf ]; then cat /etc/syslog.conf | grep -v "^[[:space:]]*#" | grep -E ‘[[:space:]]*.+@.+‘; fi; if [ -s /etc/syslog-ng/syslog-ng.conf ]; then ret_1=%cat /etc/syslog-ng/syslog-ng.conf | grep -v "^[[:space:]]*#" | grep "port(514)"|awk ‘{print $2}‘%; if [ -n "$ret_1" ]; then ret_2=%cat /etc/syslog-ng/syslog-ng.conf | grep -v "^[[:space:]]*#" | grep "destination($ret_1)"%; if [ -n "$ret_2" ]; then echo "Set the log server:true"; else echo "not Set the log server:false"; fi; fi; fi; if [ -f /etc/rsyslog.conf ]; then cat /etc/rsyslog.conf | grep -v "^[[:space:]]*#" | grep -E ‘[[:space:]]*.+@.+‘; fi " Script_Support[6]="4.18.0 3.10.0 2.6.32 2.6.18 2.6.9 2.4.21" file="$1_linux_chk.xml" echo -e "<?xml version="1.0" encoding="UTF-8"?> <result>" > ${file} echo -e "<osName><![CDATA[$os_name]]></osName> <version><![CDATA[$os_version]]></version>" >> ${file} echo "<ip><![CDATA[$ipaddr]]></ip>" >> ${file} echo "<type><![CDATA[/server/Linux]]></type>" >> ${file} echo "<startTime><![CDATA[$startDate]]></startTime>" >> ${file} echo "<pId><![CDATA[0]]></pId>" >> ${file} echo -e " <scripts>" >> ${file} echo 核查开始 total=${#Script_ID[@]} for((i=0;i<=${total};i=i+1)) do if [ -n "${Script_ID[$i]}" ];then index=`expr $i + 1` echo 正在核查第${index}/${total}项 contain=${Script_Support[$i]} value=${Script_Value[$i]} value=${value//%/`} script_result=`echo "${value}"|bash` if [[ $contain =~ $os ]] then echo -e " <script>" >> ${file} echo -e " <id>${Script_ID[$i]}</id>" >> ${file} echo -e " <value><![CDATA[${value} ${script_result}]]></value>" >> ${file} echo -e " </script>" >> ${file} else echo 第${index}/${total}项不兼容此系统 fi echo 第${index}/${total}项核查完毕 fi done echo -e " </scripts>" >> ${file} endDate=`date "+%Y-%m-%d %H:%M:%S"` echo "<endTime><![CDATA[$endDate]]></endTime>" >> ${file} echo "</result>" >> ${file} path=`echo ~+` echo "write result to $path/$file";
因为脚本会预处理 ` 命令` ,所以将 ` 由上层替换为% ,然后在脚本中替换为`,就可以在其他地方输出value 本身以及执行结果,否则的话脚本会将value中命令执行结果替换原来`命令`出的命令
以上是关于perl改造成bash---结果写入xml的主要内容,如果未能解决你的问题,请参考以下文章