熟能生巧是老話,學習本身就是一種將別人東西拿過來自己能用的過程。能力有限,今天花費大概7個小時將此係統巡檢腳本一一測試修正,內容註解均爲自身學識認知之文,不敢苟才,希望能給有興趣者一丁點幫助啓發即可。
#監測內容介紹
# 1、 獲取腳本最後更新時間
# 2、 檢查系統整體信息
# 3、 檢查CPU狀態信息
# 4、 檢查內存信息
# 5、 檢查磁盤狀態
# 6、 檢查網絡狀態
# 7、 檢查端口監聽狀態
# 8、 檢查進程使用狀態
# 9、 檢查服務啓動狀態(自啓動、運行中)
# 10、檢查自定義開機啓動程序
# 11、檢查用戶或終端登錄情況
# 12、檢查cronab定時任務
# 13、檢查用戶狀態
# 14、檢查密碼狀態
# 15、檢查Sudo權限管理
# 16、檢查JDK版本
# 17、檢查firewalld服務狀態
# 18、檢查SSH服務狀態
# 19、檢查syslog服務狀態
# 20、檢查snmp服務狀態
# 21、檢查已安裝軟件包和安裝時間
# 22、檢查NTP服務狀態
# 23、檢查zabbix服務狀態
# 24、巡檢結果上傳FTP
# 25、編排json格式輸出日誌
#!/bin/bash
###################################################################
# Description: Polling system status by script
# Arch: CentOS/RHEL 6/7
# user: Rui
# Last Update: 2020.04.04
# Version: 1.2
# Comment:Perform script testing, corrections and comments on the latest centos7 system for everyone to learn and communicate
# thanks for Ljohn's template!
###################################################################
###################################################################
#監測內容介紹
# 1、 獲取腳本最後更新時間
# 2、 檢查系統整體信息
# 3、 檢查CPU狀態信息
# 4、 檢查內存信息
# 5、 檢查磁盤狀態
# 6、 檢查網絡狀態
# 7、 檢查端口監聽狀態
# 8、 檢查進程使用狀態
# 9、 檢查服務啓動狀態(自啓動、運行中)
# 10、檢查自定義開機啓動程序
# 11、檢查用戶或終端登錄情況
# 12、檢查cronab定時任務
# 13、檢查用戶狀態
# 14、檢查密碼狀態
# 15、檢查Sudo權限管理
# 16、檢查JDK版本
# 17、檢查firewalld服務狀態
# 18、檢查SSH服務狀態
# 19、檢查syslog服務狀態
# 20、檢查snmp服務狀態
# 21、檢查已安裝軟件包和安裝時間
# 22、檢查NTP服務狀態
# 23、檢查zabbix服務狀態
# 24、巡檢結果上傳FTP
# 25、編排json格式輸出日誌
###################################################################
# set path env,if not set will some command not found in crontab
# 設置環境變量,防止crontab執行報錯
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
source /etc/profile
# run this script use root
# 獲取uid大於0說明爲非root用戶,exit 1非正常運行導致退出程序;
[ $(id -u) -gt 0 ] && echo "please use root run the script! " && exit 1
# check system version
# NF相當於最後一詞number of field,
OS_Version=$(awk '{print $(NF-4)"-"$(NF-1)}' /etc/redhat-release)
# declare script version date
# 記錄腳本更新時間
Script_Version="2020.04.04"
# declare now date
# 記錄系統時間
Date_Version=$date
# define polling log path
# 設置巡檢結果存放位置及命名
# card獲取網口,ipaddr利用sed去除行首空格cut根據空格選擇第二詞獲取ip地址
LOGPATH=/var/log/polling
card=$(ip addr |grep inet |egrep -v "inet6|127.0.0.1" | awk '{print $NF}'| sed -n 1p)
ipaddr=$(ifconfig $card | head -2 | tail -1 |sed -e 's/^[ ]*//g' | cut -d' ' -f2)
[ -d $LOGPATH ] || mkdir -p $LOGPATH
RESULTFILE="$LOGPATH/HostDailyCheck-$ipaddr-`hostname`-`date +%Y%m%d`.txt"
# define globle variable
# 定義全局變量
# 通過report information模塊將變量賦值,以供二次調用,體現複用精神
report_DateTime="" #日期 ok
report_Hostname="" #主機名 ok
report_OSRelease="" #發行版本 ok
report_Kernel="" #內核 ok
report_Language="" #語言/編碼 ok
report_LastReboot="" #最近啓動時間 ok
report_Uptime="" #運行時間(天) ok
report_CPUs="" #CPU數量 ok
report_CPUType="" #CPU類型 ok
report_Arch="" #CPU架構 ok
report_MemTotal="" #內存總容量(MB) ok
report_MemFree="" #內存剩餘(MB) ok
report_MemUsedPercent="" #內存使用率% ok
report_DiskTotal="" #硬盤總容量(GB) ok
report_DiskFree="" #硬盤剩餘(GB) ok
report_DiskUsedPercent="" #硬盤使用率% ok
report_DefunctProsess="" #殭屍進程
report_InodeTotal="" #Inode總量 ok
report_InodeFree="" #Inode剩餘 ok
report_InodeUsedPercent="" #Inode使用率 ok
report_IP="" #IP地址 ok
report_NESTMASK="" #子網掩碼 ok
report_MAC="" #MAC地址 ok
report_Gateway="" #默認網關 ok
report_DNS="" #DNS ok
report_Listen="" #監聽 ok
report_Selinux="" #Selinux ok
report_Firewall="" #防火牆 ok
report_USERs="" #用戶 ok
report_USEREmptyPassword="" #空密碼用戶 ok
report_USERTheSameUID="" #相同ID的用戶 ok
report_PasswordExpiry="" #密碼過期(天) ok
report_RootUser="" #root用戶 ok
report_Sudoers="" #sudo授權 ok
report_SSHAuthorized="" #SSH信任主機 ok
report_SSHDProtocolVersion="" #SSH協議版本 ok
report_SSHDPermitRootLogin="" #允許root遠程登錄 ok
report_DefunctProsess="" #殭屍進程數量 ok
report_SelfInitiatedService="" #自啓動服務數量 ok
report_SelfInitiatedProgram="" #自啓動程序數量 ok
report_RuningService="" #運行中服務數 ok
report_Crontab="" #計劃任務數 ok
report_Syslog="" #日誌服務 ok
report_SNMP="" #SNMP OK
report_NTP="" #NTP ok
report_JDK="" #JDK版本 ok
# 編寫獲取服務狀態工具類方法
# 供之後方法直接調用
function getState(){
if [[ $OS_Version < 7 ]];then
if [ -e "/etc/init.d/$1" ];then
if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在運行" | wc -l` -ge 1 ];then
r="active"
else
r="inactive"
fi
else
r="unknown"
fi
else
#CentOS 7+
r="$(systemctl is-active $1 2>&1)"
fi
echo "$r"
}
# 1、獲取腳本最後更新時間
function version(){
echo ""
echo "System Polling:Version $Script_Version "
echo ""
}
# 2、檢查系統整體信息
# centos7不存在/etc/sysconfig/i18n文件,變更爲/etc/locale.conf
function getSystemStatus(){
echo ""
echo "############################ Check System Status ############################"
if [ -e /etc/sysconfig/i18n ];then
default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')"
else
default_LANG="$(sudo cat /etc/locale.conf | awk -F '"' '{print $2}')"
fi
export LANG="en_US.UTF-8"
Release=$(cat /etc/redhat-release 2>/dev/null)
Kernel=$(uname -r)
OS=$(uname -o)
Hostname=$(uname -n)
SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}')
LastReboot=$(who -b | awk '{print $3,$4}')
# uptime=$(uptime | sed 's/.*up [,]*, .*/\1/')
uptime=$(awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60} {printf("%d days, %d hour %d min\n",a,b,c)}' /proc/uptime)
echo " 系統:$OS"
echo " 發行版本:$Release"
echo " 內核:$Kernel"
echo " 主機名:$Hostname"
echo " SELinux:$SELinux"
echo "語言/編碼:$default_LANG"
echo " 當前時間:$(date +'%F %T')"
echo " 最後啓動:$LastReboot"
echo " 運行時間:$uptime"
# report information
report_DateTime=$(date +"%F %T") #日期
report_Hostname="$Hostname" #主機名
report_OSRelease="$Release" #發行版本
report_Kernel="$Kernel" #內核
report_Language="$default_LANG" #語言/編碼
report_LastReboot="$LastReboot" #最近啓動時間
report_Uptime="$uptime" #運行時間(天)
report_Selinux="$SELinux"
export LANG="$default_LANG"
echo ""
}
# 3、檢查CPU狀態信息
# sort默認升序排序,uniq忽略大小寫,wc -l僅列出行
function getCpuStatus(){
echo ""
echo "############################ Check CPU Status#############################"
Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l)
Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l)
CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}')
CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq)
CPU_Arch=$(uname -m)
echo "物理CPU個數:$Physical_CPUs"
echo "邏輯CPU個數:$Virt_CPUs"
echo "每CPU核心數:$CPU_Kernels"
echo " CPU型號:$CPU_Type"
echo " CPU架構:$CPU_Arch"
# report information
report_CPUs=$Virt_CPUs # CPU數量
report_CPUType=$CPU_Type # CPU類型
report_Arch=$CPU_Arch # CPU架構
}
# 4、檢查內存信息
# http://linuxperf.com/?p=142
function getMemStatus(){
echo ""
echo "############################ Check Memmory Usage ###########################"
MemTotal=$(awk '/MemTotal/ {print $2}' /proc/meminfo) # 基本理解爲總內存(除bios、kernel)
MemFree=$(awk '/MemFree/ {print $2}' /proc/meminfo) # 系統尚未使用的內存
Buffers=$(awk '/^Buffers:/ {print $2}' /proc/meminfo) # 塊設備佔用緩存頁
Cached=$(awk '/^Cached:/ {print $2}' /proc/meminfo) # 普通文件所佔用的緩存頁
FreeMem=$(($MemFree/1024+$Buffers/1024+$Cached/1024))
UsedMem=$(($MemTotal/1024-$FreeMem))
if [[ "$OS_Version | awk -F "-" '{print$2}'" < 7 ]];then
free -mo
echo "Total memory is $(($MemTotal/1024)) MB"
echo "Free memory is ${FreeMem} MB"
echo "Used memory is ${UsedMem} MB"
else
free -h
echo "Total memory is $(($MemTotal/1024)) MB"
echo "Free memory is ${FreeMem} MB"
echo "Used memory is ${UsedMem} MB"
fi
# report information
let MemUsed=MemTotal-MemFree
MemPercent=$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf \"%.2f\",$MemUsed*100/$MemTotal}}")
report_MemTotal="$((MemTotal/1024))""MB" #內存總容量(MB)
report_MemFree="$((MemFree/1024))""MB" #內存剩餘(MB)
report_MemUsedPercent="$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf \"%.2f\",$MemUsed*100/$MemTotal}}")""%" #內存使用率%
}
# 5、檢查磁盤狀態
# df -h是查看磁盤容量的使用情況。
# df -i是inode包含的信息:文件的字節數,擁有者id,組id,權限,改動時間,鏈接數,數據block的位置。相反是不表示文件大小。
# df -h清理刪除比較大無用的文件-----------大文件佔用大量的磁盤容量。
# df -i清理刪除數量過多的小文件-----------過多的文件佔用了大量的inode號。
function getDiskStatus(){
echo ""
echo "############################ Check Disk Status ############################"
df -hiP | sed 's/Mounted on/Mounted/' > /tmp/inode
df -hTP | sed 's/Mounted on/Mounted/' > /tmp/disk
join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t
# report information
diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB
disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB
diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB
diskfree=$((disktotal-diskused)) #KB
diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}')
inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}')
inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}')
inodefree=$((inodetotal-inodeused))
inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}')
report_DiskTotal=$((disktotal/1024/1024))"GB" #硬盤總容量(GB)
report_DiskFree=$((diskfree/1024/1024))"GB" #硬盤剩餘(GB)
report_DiskUsedPercent="$diskusedpercent""%" #硬盤使用率%
report_InodeTotal=$((inodetotal/1000))"K" #Inode總量
report_InodeFree=$((inodefree/1000))"K" #Inode剩餘
report_InodeUsedPercent="$inodeusedpercent""%" #Inode使用率%
echo ""
}
# 6、檢查網絡狀態
function getNetworkStatus(){
echo ""
echo "############################ Check Network ############################"
DEVICE=$(ip addr |grep inet |egrep -v "inet6|127.0.0.1" | awk '{print $NF}')
IP=$(ip addr |grep inet |egrep -v "inet6|127.0.0.1" |awk '{print $2}' |awk -F "/" '{print $1}'|tr '\n' ',' | sed 's/,$//')
# 這個是判斷多網卡情況,如果不知一列,for循環依次列出
if [[ `ip addr |grep inet |egrep -v "inet6|127.0.0.1" |awk '{print $2}' |awk -F "/" '{print $1}'|wc -l` < 2 ]];then
MAC=$(cat /sys/class/net/$DEVICE/address)
echo " MAC: $MAC"
else
for ips in $DEVICE;
do
MAC=$(cat /sys/class/net/$ips/address)
echo " MAC: $MAC";
done
fi
NETMASK=$(ifconfig | grep $IP | awk -F "netmask" '{print$2}'| awk -F " " '{print$1}')
GATEWAY=$(ip route | grep default | awk '{print $3}')
DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr '\n' ',' | sed 's/,$//')
echo " IP: $IP"
echo "NETMASK: $NETMASK"
echo "Gateway: $GATEWAY"
echo " DNS: $DNS"
# report information
report_IP="$IP" #IP地址
report_NETMASK="$NETMASK" #子網掩碼
report_MAC=$MAC #MAC地址
report_Gateway="$GATEWAY" #默認網關
report_DNS="$DNS" #DNS
}
# 7、檢查端口監聽狀態
# column以表格形式展示更加規範清晰
# local address表示本地IP地址,foreign address表示遠程IP地址。
# LISTEN爲偵聽狀態,等待遠程機器的連接請求。
# ESTABLISHED爲完成TCP三次握手後,主動連接端進入ESTABLISHED狀態。此時,TCP連接已經建立,可以進行通信。
function getListenStatus(){
echo ""
echo "############################ Check Connect Status ############################"
TCPListen=$(netstat -ntulp | column -t)
AllConnect=$(netstat -tan | awk '/^tcp\>/{state[$NF]++}END{for(i in state) { print i,state[i]}}')
echo "$TCPListen"
echo "$AllConnect"
# report information
# sed '1d'刪除第一行,獲取遠程ip訪問端口的數量
report_Listen="$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)"
}
# 8、檢查進程使用狀態
# 先判斷殭屍進程,利用ps排行內存佔用,利用top排行資源佔用
function getProcessStatus(){
echo ""
echo "############################ Process Check ############################"
#判斷是否存在殭屍進程,也可以用ps -A | grep defunct
if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
echo ""
echo "zombie process";
echo "--------"
ps -ef | head -n1
ps -ef | grep defunct | grep -v grep
fi
echo ""
echo "Merory Usage TOP10"
echo "-------------"
# 列出相關信息,sort按照第三列數值排序,head提取佔用內存前十
echo -e "PID %MEM RSS COMMAND
$(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t
echo ""
echo "CPU Usage TOP10"
echo "------------"
top b -n1 | head -17 | tail -11
# report information
report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)"
}
# 9、檢查系統服務啓動狀態(自啓動、運行中)
function getServiceStatus(){
echo ""
echo "############################ Check Service Status ############################"
# 根據系統版本不同進行判斷,對應命令有所區別
# list-unit-files列出所有啓動文件,--no-pager直接輸出所有結果,不分頁
if [[ "$OS_Version | awk -F "-" '{print$2}'" > 7 ]];then
conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled")
process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service")
# report information
report_SelfInitiatedService="$(echo "$conf" | wc -l)" #系統自啓動服務數量
report_RuningService="$(echo "$process" | wc -l)" #系統運行中服務數量
else
conf=$(/sbin/chkconfig --list| grep -E ":on|:啓用")
process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在運行")
# report information
report_SelfInitiatedService="$(echo "$conf" | wc -l)" #系統自啓動服務數量
report_RuningService="$(echo "$process" | wc -l)" #系統運行中服務數量
fi
echo "Service Configure"
echo "--------------------------------"
echo "$conf" | column -t
echo ""
echo "The Running Services"
echo "--------------------------------"
echo "$process"
}
# 10、檢查自定義開機啓動程序
# rc.local 是在操作系統啓動的時候就有效的。
function getAutoStartStatus(){
echo ""
echo "############################ Check Self-starting Services ##########################"
conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d')
echo "$conf"
# report information
report_SelfInitiatedProgram="$(echo $conf | wc -l)" #自定義開機啓動程序數量
}
# 11、檢查用戶或終端登錄情況
# last作用是顯示近期用戶或終端的登錄情況,pts表示僞終端
function getLoginStatus(){
echo ""
echo "############################ Check Login In ############################"
last | head
}
# 12、檢查cronab定時任務
# /etc/cron*下面幾個定時任務是創建用戶時系統自動創建的
function getCronStatus(){
echo ""
echo "############################ Check Crontab ########################"
Crontab=0
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(grep "$shell" /etc/passwd | awk -F: '{print $1}');do
crontab -l -u $user >/dev/null 2>&1
status=$?
if [ $status -eq 0 ];then
echo "$user"
echo "-------------"
crontab -l -u $user
let Crontab=Crontab+$(crontab -l -u $user | wc -l)
echo ""
fi
done
done
# scheduled task
find /etc/cron* -type f | xargs -i ls -l {} | column -t
let Crontab=Crontab+$(find /etc/cron* -type f | wc -l)
# report information
report_Crontab="$Crontab" #計劃任務數
}
# 13、檢查用戶狀態
# 獲取用戶最近一次登錄的時間,含年份
function getUserLastLogin(){
# 獲取用戶最近一次登錄的時間,含年份
# 很遺憾last命令不支持顯示年份,只有"last -t YYYYMMDDHHMMSS"表示某個時間之間的登錄,我
# 們只能用最笨的方法了,對比今天之前和今年元旦之前(或者去年之前和前年之前……)某個用戶
# 登錄次數,如果登錄統計次數有變化,則說明最近一次登錄是今年。
username=$1
: ${username:="`whoami`"}
thisYear=$(date +%Y)
oldesYear=$(last | tail -n1 | awk '{print $NF}')
while(( $thisYear >= $oldesYear));do
loginBeforeToday=$(last $username | grep $username | wc -l)
loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l)
if [ $loginBeforeToday -eq 0 ];then
echo "Never Login"
break
elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then
lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"%s ",$i}')" $thisYear" #格式如: Sat Nov 2 20:33 2015
lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime")
echo "$lastDateTime"
break
else
thisYear=$((thisYear-1))
fi
done
}
# 顯示用戶狀態方法
function getUserStatus(){
echo ""
echo "############################ Check User ############################"
pwdfile="$(cat /etc/passwd)"
Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}')
echo ""
echo "A privileged user"
echo "-----------------"
RootUser="超級用戶:"
# 截取passwd文件用戶名一列,判斷uid是否爲0,爲0爲root特權用戶(privileged user)
for user in $(echo "$pwdfile" | awk -F: '{print $1}');do
if [ $(id -u $user) -eq 0 ];then
echo "$user"
RootUser="$RootUser,$user"
fi
done
echo ""
echo "User List"
echo "--------"
USERs=0
echo "$(
echo "UserName UID GID HOME SHELL LasttimeLogin"
for shell in $(grep -v "/sbin/nologin" /etc/shells);do # 首先獲取系統上合法的shell
for username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do # 獲取哪些用戶合法使用shell
userLastLogin="$(getUserLastLogin $username)" # 利用getUserLastLogin方法獲取用戶最後登陸shell時間
done
let USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l)
done
)" | column -t
echo ""
echo "Null Password User"
echo "------------------"
USEREmptyPassword=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do
r=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user)
if [ ! -z $r ];then
echo $r
USEREmptyPassword="$USEREmptyPassword,"$r
fi
done
done
echo ""
echo "The Same UID User"
echo "----------------"
USERTheSameUID=""
UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}')
for uid in $UIDs;do
echo -n "$uid";
USERTheSameUID="$uid"
r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd)
echo "$r"
echo ""
USERTheSameUID="$USERTheSameUID $r,"
done
# report information
report_USERs="$USERs" #用戶
report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//')
report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//')
report_RootUser=$(echo $RootUser | sed 's/^,//') #特權用戶
}
# 14、檢查密碼狀態
# 通過執行/usr/bin/chage截取密碼過期,/etc/login.defs配置密碼策略
function getPasswordStatus {
echo ""
echo "############################ Check Password Status ############################"
pwdfile="$(cat /etc/passwd)"
echo ""
# 密碼過期檢查
echo "Password Expiration Check"
echo "-------------------------"
result=""
for shell in $(grep -v "/sbin/nologin" /etc/shells);do # 獲取系統合規shell
for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do # 獲取登陸用戶
get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2) # 可執行文件
if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then
printf "%-15s never expiration\n" $user
result="$result,$user:never"
else
password_expiry_date=$(date -d "$get_expiry_date" "+%s")
current_date=$(date "+%s")
diff=$(($password_expiry_date-$current_date))
let DAYS=$(($diff/(60*60*24)))
printf "%-15s %s expiration after days\n" $user $DAYS
result="$result,$user:$DAYS days"
fi
done
done
report_PasswordExpiry=$(echo $result | sed 's/^,//')
echo ""
# 密碼策略檢查
echo "Check The Password Policy"
echo "------------"
grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE"
echo ""
}
# 15、檢查Sudo權限管理
# root ALL=(ALL) ALL允許root用戶執行任意路徑下的任意命令
# %wheel ALL=(ALL) ALL允許wheel用戶組中的用戶執行所有命令
# wheel用戶組相當於一個管理員組,開啓後組外用戶無法通過su切換root執行操作,默認該選項關閉,
# 所以我們感覺不到此權限限制,建議開啓sudo權限管理。
function getSudoersStatus(){
echo ""
echo "############################ Sudoers Check #########################"
conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d')
echo "$conf"
echo ""
# report information
report_Sudoers="$(echo $conf | wc -l)"
}
# 16、檢查JDK版本
function getJDKStatus(){
echo ""
echo "############################ JDK Check #############################"
java -version 2>/dev/null
if [ $? -eq 0 ];then
java -version 2>&1
fi
echo "JAVA_HOME=\"$JAVA_HOME\"" # 沒有則顯示JAVA_HOME=""
# report information
report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')"
}
# 17、檢查firewalld服務狀態
# 系統版本不同命令有所區別
function getFirewallStatus(){
echo ""
echo "############################ Firewall Check ##########################"
# Firewall Status/Poilcy
if [[ $OS_Version < 7 ]];then
/etc/init.d/iptables status >/dev/null 2>&1
status=$?
if [ $status -eq 0 ];then
s="active"
elif [ $status -eq 3 ];then
s="inactive"
elif [ $status -eq 4 ];then
s="permission denied"
else
s="unknown"
fi
else
s="$(systemctl status firewalld | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
fi
ss="$(systemctl status firewalld)"
echo "iptables: $s"
echo ""
echo "-----------------------"
echo "show firewalld status"
echo $ss
# report information
report_Firewall="$s"
}
# 18、檢查SSH服務狀態
function getSSHStatus(){
#SSHD Service Status,Configure
echo ""
echo "############################ SSH Check #############################"
# Check the trusted host
pwdfile="$(cat /etc/passwd)"
# getState命令沒用過,不太清楚
# getState原來是直接下面定義的方法,由於每個方法單獨驗證導致認識不全面
# echo "Service Status:$(getState sshd)"
echo "Service Status:$(systemctl status sshd | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
#echo "SSH Protocol Version:$(ssh -V)"
#Protocol_Version=$(ssh -V)
echo ""
echo "Trusted Host"
echo "------------"
authorized=0
for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do
authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}')
authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr '\n' ',' | sed 's/,$//')
if [ ! -z $authorized_host ];then
echo "$user authorization \"$authorized_host\" Password-less access"
fi
let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l)
done
echo ""
echo "Whether to allow ROOT remote login"
echo "----------------------------------"
config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin) # 限定root用戶通過ssh的登錄方式
firstChar=${config:0:1} # 切割結果用來判斷是否爲#註釋開頭,yes或者註釋都默認允許
if [ $firstChar == "#" ];then
PermitRootLogin="yes" #The default is to allow ROOT remote login
else
PermitRootLogin=$(echo $config | awk '{print $2}')
fi
echo "PermitRootLogin $PermitRootLogin"
echo ""
echo "/etc/ssh/sshd_config"
echo "--------------------"
cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d'
# report information
report_SSHAuthorized="$authorized" #SSH信任主機
report_SSHDProtocolVersion="$Protocol_Version" #SSH協議版本
report_SSHDPermitRootLogin="$PermitRootLogin" #允許root遠程登錄
}
# 19、檢查syslog服務狀態
function getSyslogStatus(){
echo ""
echo "############################ Syslog Check ##########################"
# echo "Service Status:$(getState rsyslog)"
echo "Service Status:$(systemctl status rsyslog | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
echo ""
echo "/etc/rsyslog.conf"
echo "-----------------"
cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\\$" | sed '/^$/d' | column -t
# report information
report_Syslog="$(getState rsyslog)"
# report_Syslog="$(systemctl status rsyslog | grep Active: | awk -F "(" '{print$2}' | awk -F ")" '{print$1}')"
}
# 20、檢查snmp服務狀態
# 老套路了,先通過getState方法或者systemctl獲取運行狀態,然後獲取配置文件
function getSNMPStatus(){
#SNMP Service Status,Configure
echo ""
echo "############################ SNMP Check ############################"
status="$(getState snmpd)"
echo "Service Status:$status"
echo ""
if [ -e /etc/snmp/snmpd.conf ];then
echo "/etc/snmp/snmpd.conf"
echo "--------------------"
cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
# report information
report_SNMP="$(getState snmpd)"
}
# 21、檢查已安裝軟件包和安裝時間
function getInstalledStatus(){
echo ""
echo "############################ Software Check ############################"
rpm -qa --last | head | column -t
}
# 22、檢查NTP服務狀態
function getNTPStatus(){
# The NTP service status, the current time, configuration, etc
echo ""
echo "############################ NTP Check #############################"
if [ -e /etc/ntp.conf ];then
echo "Service Status:$(getState ntpd)"
echo ""
echo "/etc/ntp.conf"
echo "-------------"
cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d'
fi
# report information
report_NTP="$(getState ntpd)"
}
# 23、檢查zabbix服務狀態
function getZabbixStatus(){
# Check Zabbix Serivce Status
echo ""
echo "######################### Zabbix Check ##############################"
netstat -nltp | grep -v grep | grep zabbix > /dev/null 2>&1
if [ $? -eq 0 ];then
echo "Service Status": Zabbix is running!
else
echo "Service Status": Zabbix not running!
fi
# report information
}
# 24、巡檢結果上傳FTP
# Upload the result file #上傳檢查結果的文件,更改ftp相關信息即可
#function upload_result(){
# echo ""
# echo "############################ FTP Upload #############################"
#
# updir=/var/log/polling
# upfile=HostDailyCheck-$ipaddr-`hostname`-`date +%Y%m%d`.txt
# todir=/jishu/liujian/polling
#ip=192.168.1.99
# user=ljohn1
# password=ljohn
# ftp -nv $ip <<EOF
# user $user $password
# type binary
# passive
# cd $todir
# lcd $updir
# prompt
# put $upfile
# quit
#EOF
#}
# 25、編排json格式上傳系統每日巡檢
# 根據實際情況判斷
function uploadHostDailyCheckReport(){
json="{
\"DateTime\":\"$report_DateTime\",
\"Hostname\":\"$report_Hostname\",
\"OSRelease\":\"$report_OSRelease\",
\"Kernel\":\"$report_Kernel\",
\"Language\":\"$report_Language\",
\"LastReboot\":\"$report_LastReboot\",
\"Uptime\":\"$report_Uptime\",
\"CPUs\":\"$report_CPUs\",
\"CPUType\":\"$report_CPUType\",
\"Arch\":\"$report_Arch\",
\"MemTotal\":\"$report_MemTotal\",
\"MemFree\":\"$report_MemFree\",
\"MemUsedPercent\":\"$report_MemUsedPercent\",
\"DiskTotal\":\"$report_DiskTotal\",
\"DiskFree\":\"$report_DiskFree\",
\"DiskUsedPercent\":\"$report_DiskUsedPercent\",
\"InodeTotal\":\"$report_InodeTotal\",
\"InodeFree\":\"$report_InodeFree\",
\"InodeUsedPercent\":\"$report_InodeUsedPercent\",
\"IP\":\"$report_IP\",
\"MAC\":\"$report_MAC\",
\"Gateway\":\"$report_Gateway\",
\"DNS\":\"$report_DNS\",
\"Listen\":\"$report_Listen\",
\"Selinux\":\"$report_Selinux\",
\"Firewall\":\"$report_Firewall\",
\"USERs\":\"$report_USERs\",
\"USEREmptyPassword\":\"$report_USEREmptyPassword\",
\"USERTheSameUID\":\"$report_USERTheSameUID\",
\"PasswordExpiry\":\"$report_PasswordExpiry\",
\"RootUser\":\"$report_RootUser\",
\"Sudoers\":\"$report_Sudoers\",
\"SSHAuthorized\":\"$report_SSHAuthorized\",
\"SSHDProtocolVersion\":\"$report_SSHDProtocolVersion\",
\"SSHDPermitRootLogin\":\"$report_SSHDPermitRootLogin\",
\"DefunctProsess\":\"$report_DefunctProsess\",
\"SelfInitiatedService\":\"$report_SelfInitiatedService\",
\"SelfInitiatedProgram\":\"$report_SelfInitiatedProgram\",
\"RuningService\":\"$report_RuningService\",
\"Crontab\":\"$report_Crontab\",
\"Syslog\":\"$report_Syslog\",
\"SNMP\":\"$report_SNMP\",
\"NTP\":\"$report_NTP\",
\"JDK\":\"$report_JDK\"
}"
#echo "$json"
curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null
}
# 將所有方法模塊統一編排
# 自定義執行順序
function check(){
version
getSystemStatus
getCpuStatus
getMemStatus
getDiskStatus
getNetworkStatus
getListenStatus
getProcessStatus
getServiceStatus
getAutoStartStatus
getLoginStatus
getCronStatus
getUserStatus
getPasswordStatus
getSudoersStatus
getJDKStatus
getFirewallStatus
getSSHStatus
getSyslogStatus
getSNMPStatus
getNTPStatus
getZabbixStatus
getInstalledStatus
#upload_result
#uploadHostDailyCheckReport
}
# 執行巡檢腳本並保存檢查結果
# RESULTFILE爲腳本一開始定義的保存位置
# Perform inspections and save the inspection results
check > $RESULTFILE
echo "Check the result:$RESULTFILE"
# 編寫定時清理巡檢日誌方法
# Clearlog in /var/log/polling
# 可根據日誌命名時間判斷
# 暫時沒必要寫