{"id":668,"date":"2022-06-05T17:41:34","date_gmt":"2022-06-05T09:41:34","guid":{"rendered":"https:\/\/www.bunnyism.com\/?p=668"},"modified":"2024-12-19T17:45:45","modified_gmt":"2024-12-19T09:45:45","slug":"%e6%97%a5%e5%b8%b8%e5%b7%a1%e6%a3%80%e8%84%9a%e6%9c%ac","status":"publish","type":"post","link":"https:\/\/www.bunnyism.com\/?p=668","title":{"rendered":"Linux\u65e5\u5e38\u5de1\u68c0\u811a\u672c"},"content":{"rendered":"

#!\/bin\/bash
\n#1\u3001\u4e3b\u673a\u4fe1\u606f\u6bcf\u65e5\u5de1\u68c0<\/p>\n

IPADDR=$(ifconfig eth0|grep ‘inet addr’|awk -F ‘[ :]’ ‘{print $13}’)
\n# 2\u3001\u73af\u5883\u53d8\u91cfPATH\u6ca1\u8bbe\u597d\uff0c\u5728cron\u91cc\u6267\u884c\u65f6\u6709\u5f88\u591a\u547d\u4ee4\u4f1a\u627e\u4e0d\u5230
\nexport PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin:\/root\/bin
\nsource \/etc\/profile<\/p>\n

[ $(id -u) -gt 0 ] && echo “\u8bf7\u7528root\u7528\u6237\u6267\u884c\u6b64\u811a\u672c\uff01” && exit 1
\ncentosVersion=$(awk ‘{print $(NF-1)}’ \/etc\/redhat-release)
\nVERSION=”2022-1-12″<\/p>\n

# 3\u3001\u65e5\u5fd7\u76f8\u5173
\nPROGPATH=`echo $0 | sed -e ‘s,[\\\\\/][^\\\\\/][^\\\\\/]*$,,’`
\n[ -f $PROGPATH ] && PROGPATH=”.”
\nLOGPATH=”$PROGPATH\/log”
\n[ -e $LOGPATH ] || mkdir $LOGPATH
\nRESULTFILE=”$LOGPATH\/HostDailyCheck-$IPADDR-`date +%Y%m%d`.txt”<\/p>\n

# 4\u3001\u5b9a\u4e49\u62a5\u8868\u7684\u5168\u5c40\u53d8\u91cf
\nreport_DateTime=”” #\u65e5\u671f ok
\nreport_Hostname=”” #\u4e3b\u673a\u540d ok
\nreport_OSRelease=”” #\u53d1\u884c\u7248\u672c ok
\nreport_Kernel=”” #\u5185\u6838 ok
\nreport_Language=”” #\u8bed\u8a00\/\u7f16\u7801 ok
\nreport_LastReboot=”” #\u6700\u8fd1\u542f\u52a8\u65f6\u95f4 ok
\nreport_Uptime=”” #\u8fd0\u884c\u65f6\u95f4\uff08\u5929\uff09 ok
\nreport_CPUs=”” #CPU\u6570\u91cf ok
\nreport_CPUType=”” #CPU\u7c7b\u578b ok
\nreport_Arch=”” #CPU\u67b6\u6784 ok
\nreport_MemTotal=”” #\u5185\u5b58\u603b\u5bb9\u91cf(MB) ok
\nreport_MemFree=”” #\u5185\u5b58\u5269\u4f59(MB) ok
\nreport_MemUsedPercent=”” #\u5185\u5b58\u4f7f\u7528\u7387% ok
\nreport_DiskTotal=”” #\u786c\u76d8\u603b\u5bb9\u91cf(GB) ok
\nreport_DiskFree=”” #\u786c\u76d8\u5269\u4f59(GB) ok
\nreport_DiskUsedPercent=”” #\u786c\u76d8\u4f7f\u7528\u7387% ok
\nreport_InodeTotal=”” #Inode\u603b\u91cf ok
\nreport_InodeFree=”” #Inode\u5269\u4f59 ok
\nreport_InodeUsedPercent=”” #Inode\u4f7f\u7528\u7387 ok
\nreport_IP=”” #IP\u5730\u5740 ok
\nreport_MAC=”” #MAC\u5730\u5740 ok
\nreport_Gateway=”” #\u9ed8\u8ba4\u7f51\u5173 ok
\nreport_DNS=”” #DNS ok
\nreport_Listen=”” #\u76d1\u542c ok
\nreport_Selinux=”” #Selinux ok
\nreport_Firewall=”” #\u9632\u706b\u5899 ok
\nreport_USERs=”” #\u7528\u6237 ok
\nreport_USEREmptyPassword=”” #\u7a7a\u5bc6\u7801\u7528\u6237 ok
\nreport_USERTheSameUID=”” #\u76f8\u540cID\u7684\u7528\u6237 ok
\nreport_PasswordExpiry=”” #\u5bc6\u7801\u8fc7\u671f\uff08\u5929\uff09 ok
\nreport_RootUser=”” #root\u7528\u6237 ok
\nreport_Sudoers=”” #sudo\u6388\u6743 ok
\nreport_SSHAuthorized=”” #SSH\u4fe1\u4efb\u4e3b\u673a ok
\nreport_SSHDProtocolVersion=”” #SSH\u534f\u8bae\u7248\u672c ok
\nreport_SSHDPermitRootLogin=”” #\u5141\u8bb8root\u8fdc\u7a0b\u767b\u5f55 ok
\nreport_DefunctProsess=”” #\u50f5\u5c38\u8fdb\u7a0b\u6570\u91cf ok
\nreport_SelfInitiatedService=”” #\u81ea\u542f\u52a8\u670d\u52a1\u6570\u91cf ok
\nreport_SelfInitiatedProgram=”” #\u81ea\u542f\u52a8\u7a0b\u5e8f\u6570\u91cf ok
\nreport_RuningService=”” #\u8fd0\u884c\u4e2d\u670d\u52a1\u6570 ok
\nreport_Crontab=”” #\u8ba1\u5212\u4efb\u52a1\u6570 ok
\nreport_Syslog=”” #\u65e5\u5fd7\u670d\u52a1 ok
\nreport_SNMP=”” #SNMP OK
\nreport_NTP=”” #NTP ok
\nreport_JDK=”” #JDK\u7248\u672c ok
\nfunction version(){
\necho “”
\necho “”
\necho “\u7cfb\u7edf\u5de1\u68c0\u811a\u672c\uff1aVersion $VERSION”
\n}<\/p>\n

function getCpuStatus(){
\necho “”
\necho “”
\necho “############################ CPU\u68c0\u67e5 #############################”
\nPhysical_CPUs=$(grep “physical id” \/proc\/cpuinfo| sort | uniq | wc -l)
\nVirt_CPUs=$(grep “processor” \/proc\/cpuinfo | wc -l)
\nCPU_Kernels=$(grep “cores” \/proc\/cpuinfo |sort -r |uniq |awk -F ‘: ‘ ‘{print $2}’)
\nCPU_Type=$(grep “model name” \/proc\/cpuinfo | awk -F ‘: ‘ ‘{print $2}’ | sort | uniq)
\nCPU_Arch=$(uname -m)
\necho “\u7269\u7406CPU\u4e2a\u6570:$Physical_CPUs”
\necho “\u903b\u8f91CPU\u4e2a\u6570:$Virt_CPUs”
\necho “\u6bcfCPU\u6838\u5fc3\u6570:$CPU_Kernels”
\necho ” CPU\u578b\u53f7:$CPU_Type”
\necho ” CPU\u67b6\u6784:$CPU_Arch”
\n# 5\u3001CPU\u62a5\u8868\u4fe1\u606f
\nreport_CPUs=$Virt_CPUs #CPU\u6570\u91cf
\nreport_CPUType=$CPU_Type #CPU\u7c7b\u578b
\nreport_Arch=$CPU_Arch #CPU\u67b6\u6784
\n}<\/p>\n

function getMemStatus(){
\necho “”
\necho “”
\necho “############################ \u5185\u5b58\u68c0\u67e5 ############################”
\nif [[ $centosVersion < 7 ]];then
\nfree -mo
\nelse
\nfree -h
\nfi
\n# 6\u3001\u5185\u5b58\u62a5\u8868\u4fe1\u606f
\nMemTotal=$(grep MemTotal \/proc\/meminfo| awk ‘{print $2}’) #KB
\nMemFree=$(grep MemFree \/proc\/meminfo| awk ‘{print $2}’) #KB
\nlet MemUsed=MemTotal-MemFree
\nMemPercent=$(awk “BEGIN {if($MemTotal==0){printf 100}else{printf \\”%.2f\\”,$MemUsed*100\/$MemTotal}}”)
\nreport_MemTotal=”$((MemTotal\/1024))””MB” #\u5185\u5b58\u603b\u5bb9\u91cf(MB)
\nreport_MemFree=”$((MemFree\/1024))””MB” #\u5185\u5b58\u5269\u4f59(MB)
\nreport_MemUsedPercent=”$(awk “BEGIN {if($MemTotal==0){printf 100}else{printf \\”%.2f\\”,$MemUsed*100\/$MemTotal}}”)””%” #\u5185\u5b58\u4f7f\u7528\u7387%
\n}
\nfunction getDiskStatus(){
\necho “”
\necho “”
\necho “############################ \u78c1\u76d8\u68c0\u67e5 ############################”
\ndf -hiP | sed ‘s\/Mounted on\/Mounted\/’> \/tmp\/inode
\ndf -hTP | sed ‘s\/Mounted on\/Mounted\/’> \/tmp\/disk
\njoin \/tmp\/disk \/tmp\/inode | awk ‘{print $1,$2,”|”,$3,$4,$5,$6,”|”,$8,$9,$10,$11,”|”,$12}’| column -t
\n# 7\u3001\u78c1\u76d8\u62a5\u8868\u4fe1\u606f
\ndiskdata=$(df -TP | sed ‘1d’ | awk ‘$2!=”tmpfs”{print}’) #KB
\ndisktotal=$(echo “$diskdata” | awk ‘{total+=$3}END{print total}’) #KB
\ndiskused=$(echo “$diskdata” | awk ‘{total+=$4}END{print total}’) #KB
\ndiskfree=$((disktotal-diskused)) #KB
\ndiskusedpercent=$(echo $disktotal $diskused | awk ‘{if($1==0){printf 100}else{printf “%.2f”,$2*100\/$1}}’)
\ninodedata=$(df -iTP | sed ‘1d’ | awk ‘$2!=”tmpfs”{print}’)
\ninodetotal=$(echo “$inodedata” | awk ‘{total+=$3}END{print total}’)
\ninodeused=$(echo “$inodedata” | awk ‘{total+=$4}END{print total}’)
\ninodefree=$((inodetotal-inodeused))
\ninodeusedpercent=$(echo $inodetotal $inodeused | awk ‘{if($1==0){printf 100}else{printf “%.2f”,$2*100\/$1}}’)
\nreport_DiskTotal=$((disktotal\/1024\/1024))”GB” #\u786c\u76d8\u603b\u5bb9\u91cf(GB)
\nreport_DiskFree=$((diskfree\/1024\/1024))”GB” #\u786c\u76d8\u5269\u4f59(GB)
\nreport_DiskUsedPercent=”$diskusedpercent””%” #\u786c\u76d8\u4f7f\u7528\u7387%
\nreport_InodeTotal=$((inodetotal\/1000))”K” #Inode\u603b\u91cf
\nreport_InodeFree=$((inodefree\/1000))”K” #Inode\u5269\u4f59
\nreport_InodeUsedPercent=”$inodeusedpercent””%” #Inode\u4f7f\u7528\u7387%<\/p>\n

}<\/p>\n

function getSystemStatus(){
\necho “”
\necho “”
\necho “############################ \u7cfb\u7edf\u68c0\u67e5 ############################”
\nif [ -e \/etc\/sysconfig\/i18n ];then
\ndefault_LANG=”$(grep “LANG=” \/etc\/sysconfig\/i18n | grep -v “^#” | awk -F ‘”‘ ‘{print $2}’)”
\nelse
\ndefault_LANG=$LANG
\nfi
\nexport LANG=”en_US.UTF-8″
\nRelease=$(cat \/etc\/redhat-release 2>\/dev\/null)
\nKernel=$(uname -r)
\nOS=$(uname -o)
\nHostname=$(uname -n)
\nSELinux=$(\/usr\/sbin\/sestatus | grep “SELinux status: ” | awk ‘{print $3}’)
\nLastReboot=$(who -b | awk ‘{print $3,$4}’)
\nuptime=$(uptime | sed ‘s\/.*up \\([^,]*\\), .*\/\\1\/’)
\necho ” \u7cfb\u7edf\uff1a$OS”
\necho ” \u53d1\u884c\u7248\u672c\uff1a$Release”
\necho ” \u5185\u6838\uff1a$Kernel”
\necho ” \u4e3b\u673a\u540d\uff1a$Hostname”
\necho ” SELinux\uff1a$SELinux”
\necho “\u8bed\u8a00\/\u7f16\u7801\uff1a$default_LANG”
\necho ” \u5f53\u524d\u65f6\u95f4\uff1a$(date +’%F %T’)”
\necho ” \u6700\u540e\u542f\u52a8\uff1a$LastReboot”
\necho ” \u8fd0\u884c\u65f6\u95f4\uff1a$uptime”
\n# 8\u3001\u5185\u6838\u62a5\u8868\u4fe1\u606f
\nreport_DateTime=$(date +”%F %T”) #\u65e5\u671f
\nreport_Hostname=”$Hostname” #\u4e3b\u673a\u540d
\nreport_OSRelease=”$Release” #\u53d1\u884c\u7248\u672c
\nreport_Kernel=”$Kernel” #\u5185\u6838
\nreport_Language=”$default_LANG” #\u8bed\u8a00\/\u7f16\u7801
\nreport_LastReboot=”$LastReboot” #\u6700\u8fd1\u542f\u52a8\u65f6\u95f4
\nreport_Uptime=”$uptime” #\u8fd0\u884c\u65f6\u95f4\uff08\u5929\uff09
\nreport_Selinux=”$SELinux”
\nexport LANG=”$default_LANG”<\/p>\n

}<\/p>\n

function getServiceStatus(){
\necho “”
\necho “”
\necho “############################ \u670d\u52a1\u68c0\u67e5 ############################”
\necho “”
\nif [[ $centosVersion > 7 ]];then
\nconf=$(systemctl list-unit-files –type=service –state=enabled –no-pager | grep “enabled”)
\nprocess=$(systemctl list-units –type=service –state=running –no-pager | grep “.service”)
\n# 9\u3001\u670d\u52a1\u62a5\u8868\u4fe1\u606f
\nreport_SelfInitiatedService=”$(echo “$conf” | wc -l)” #\u81ea\u542f\u52a8\u670d\u52a1\u6570\u91cf
\nreport_RuningService=”$(echo “$process” | wc -l)” #\u8fd0\u884c\u4e2d\u670d\u52a1\u6570\u91cf
\nelse
\nconf=$(\/sbin\/chkconfig | grep -E “:on|:\u542f\u7528”)
\nprocess=$(\/sbin\/service –status-all 2>\/dev\/null | grep -E “is running|\u6b63\u5728\u8fd0\u884c”)
\n# 10\u3001\u670d\u52a1\u62a5\u8868\u4fe1\u606f
\nreport_SelfInitiatedService=”$(echo “$conf” | wc -l)” #\u81ea\u542f\u52a8\u670d\u52a1\u6570\u91cf
\nreport_RuningService=”$(echo “$process” | wc -l)” #\u8fd0\u884c\u4e2d\u670d\u52a1\u6570\u91cf
\nfi
\necho “\u670d\u52a1\u914d\u7f6e”
\necho “——–”
\necho “$conf” | column -t
\necho “”
\necho “\u6b63\u5728\u8fd0\u884c\u7684\u670d\u52a1”
\necho “————–”
\necho “$process”<\/p>\n

}<\/p>\n

function getAutoStartStatus(){
\necho “”
\necho “”
\necho “############################ \u81ea\u542f\u52a8\u68c0\u67e5 ##########################”
\nconf=$(grep -v “^#” \/etc\/rc.d\/rc.local| sed ‘\/^$\/d’)
\necho “$conf”
\n# 12\u3001\u670d\u52a1\u62a5\u8868\u4fe1\u606f
\nreport_SelfInitiatedProgram=”$(echo $conf | wc -l)” #\u81ea\u542f\u52a8\u7a0b\u5e8f\u6570\u91cf
\n}<\/p>\n

function getLoginStatus(){
\necho “”
\necho “”
\necho “############################ \u767b\u5f55\u68c0\u67e5 ############################”
\nlast | head
\n}<\/p>\n

function getNetworkStatus(){
\necho “”
\necho “”
\necho “############################ \u7f51\u7edc\u68c0\u67e5 ############################”
\nif [[ $centosVersion < 7 ]];then
\n\/sbin\/ifconfig -a | grep -v packets | grep -v collisions | grep -v inet6
\nelse
\n# 16\u3001IP\u62a5\u8868\u4fe1\u606f
\nfor i in $(ip link | grep BROADCAST | awk -F: ‘{print $2}’);do ip add show $i | grep -E “BROADCAST|global”| awk ‘{print $2}’ | tr ‘\\n’ ‘ ‘ ;echo “” ;done
\nfi
\nGATEWAY=$(ip route | grep default | awk ‘{print $3}’)
\nDNS=$(grep nameserver \/etc\/resolv.conf| grep -v “#” | awk ‘{print $2}’ | tr ‘\\n’ ‘,’ | sed ‘s\/,$\/\/’)
\necho “”
\necho “\u7f51\u5173\uff1a$GATEWAY ”
\necho ” DNS\uff1a$DNS”
\n# 17\u3001IP\u62a5\u8868\u4fe1\u606f
\nIP=$(ip -f inet addr | grep -v 127.0.0.1 | grep inet | awk ‘{print $NF,$2}’ | tr ‘\\n’ ‘,’ | sed ‘s\/,$\/\/’)
\nMAC=$(ip link | grep -v “LOOPBACK\\|loopback” | awk ‘{print $2}’ | sed ‘N;s\/\\n\/\/’ | tr ‘\\n’ ‘,’ | sed ‘s\/,$\/\/’)
\nreport_IP=”$IP” #IP\u5730\u5740
\nreport_MAC=$MAC #MAC\u5730\u5740
\nreport_Gateway=”$GATEWAY” #\u9ed8\u8ba4\u7f51\u5173
\nreport_DNS=”$DNS” #DNS
\n}<\/p>\n

function getListenStatus(){
\necho “”
\necho “”
\necho “############################ \u76d1\u542c\u68c0\u67e5 ############################”
\nTCPListen=$(ss -ntul | column -t)
\necho “$TCPListen”
\n# 18\u3001\u8ba1\u5212\u4efb\u52a1\u62a5\u8868\u4fe1\u606f
\nreport_Listen=”$(echo “$TCPListen”| sed ‘1d’ | awk ‘\/tcp\/ {print $5}’ | awk -F: ‘{print $NF}’ | sort | uniq | wc -l)”
\n}<\/p>\n

function getCronStatus(){
\necho “”
\necho “”
\necho “############################ \u8ba1\u5212\u4efb\u52a1\u68c0\u67e5 ########################”
\nCrontab=0
\nfor shell in $(grep -v “\/sbin\/nologin” \/etc\/shells);do
\nfor user in $(grep “$shell” \/etc\/passwd| awk -F: ‘{print $1}’);do
\ncrontab -l -u $user >\/dev\/null 2>&1
\nstatus=$?
\nif [ $status -eq 0 ];then
\necho “$user”
\necho “——–”
\ncrontab -l -u $user
\nlet Crontab=Crontab+$(crontab -l -u $user | wc -l)
\necho “”
\nfi
\ndone
\ndone
\n# 19\u3001\u8ba1\u5212\u4efb\u52a1\u62a5\u8868\u4fe1\u606f
\nfind \/etc\/cron* -type f | xargs -i ls -l {} | column -t
\nlet Crontab=Crontab+$(find \/etc\/cron* -type f | wc -l)
\n# 20\u3001\u8ba1\u5212\u4efb\u52a1\u62a5\u8868\u4fe1\u606f
\nreport_Crontab=”$Crontab” #\u8ba1\u5212\u4efb\u52a1\u6570
\n}
\nfunction getHowLongAgo(){
\n# 21\u3001\u8ba1\u7b97\u4e00\u4e2a\u65f6\u95f4\u6233\u79bb\u73b0\u5728\u6709\u591a\u4e45\u4e86
\ndatetime=”$*”
\n[ -z “$datetime” ] && echo “\u9519\u8bef\u7684\u53c2\u6570\uff1agetHowLongAgo() $*”
\nTimestamp=$(date +%s -d “$datetime”) #\u8f6c\u5316\u4e3a\u65f6\u95f4\u6233
\nNow_Timestamp=$(date +%s)
\nDifference_Timestamp=$(($Now_Timestamp-$Timestamp))
\ndays=0;hours=0;minutes=0;
\nsec_in_day=$((60*60*24));
\nsec_in_hour=$((60*60));
\nsec_in_minute=60
\nwhile (( $(($Difference_Timestamp-$sec_in_day)) > 1 ))
\ndo
\nlet Difference_Timestamp=Difference_Timestamp-sec_in_day
\nlet days++
\ndone
\nwhile (( $(($Difference_Timestamp-$sec_in_hour)) > 1 ))
\ndo
\nlet Difference_Timestamp=Difference_Timestamp-sec_in_hour
\nlet hours++
\ndone
\necho “$days \u5929 $hours \u5c0f\u65f6\u524d”
\n}<\/p>\n

function getUserLastLogin(){
\n# 22\u3001\u83b7\u53d6\u7528\u6237\u6700\u8fd1\u4e00\u6b21\u767b\u5f55\u7684\u65f6\u95f4\uff0c\u542b\u5e74\u4efd
\n# \u5f88\u9057\u61belast\u547d\u4ee4\u4e0d\u652f\u6301\u663e\u793a\u5e74\u4efd\uff0c\u53ea\u6709”last -t YYYYMMDDHHMMSS”\u8868\u793a\u67d0\u4e2a\u65f6\u95f4\u4e4b\u95f4\u7684\u767b\u5f55\uff0c\u6211
\n# \u53ea\u80fd\u7528\u6700\u7b28\u7684\u65b9\u6cd5\u4e86\uff0c\u5bf9\u6bd4\u4eca\u5929\u4e4b\u524d\u548c\u4eca\u5e74\u5143\u65e6\u4e4b\u524d\uff08\u6216\u8005\u53bb\u5e74\u4e4b\u524d\u548c\u524d\u5e74\u4e4b\u524d\u2026\u2026\uff09\u67d0\u4e2a\u7528\u6237
\n# \u767b\u5f55\u6b21\u6570\uff0c\u5982\u679c\u767b\u5f55\u7edf\u8ba1\u6b21\u6570\u6709\u53d8\u5316\uff0c\u5219\u8bf4\u660e\u6700\u8fd1\u4e00\u6b21\u767b\u5f55\u662f\u4eca\u5e74\u3002
\nusername=$1
\n: ${username:=”`whoami`”}
\nthisYear=$(date +%Y)
\noldesYear=$(last | tail -n1 | awk ‘{print $NF}’)
\nwhile(( $thisYear >= $oldesYear));do
\nloginBeforeToday=$(last $username | grep $username | wc -l)
\nloginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear”0101000000″ | grep $username | wc -l)
\nif [ $loginBeforeToday -eq 0 ];then
\necho “\u4ece\u672a\u767b\u5f55\u8fc7”
\nbreak
\nelif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then
\nlastDateTime=$(last -i $username | head -n1 | awk ‘{for(i=4;i<(NF-2);i++)printf”%s “,$i}’)” $thisYear” #\u683c\u5f0f\u5982: Sat Nov 2 20:33 2015
\nlastDateTime=$(date “+%Y-%m-%d %H:%M:%S” -d “$lastDateTime”)
\necho “$lastDateTime”
\nbreak
\nelse
\nthisYear=$((thisYear-1))
\nfi
\ndone<\/p>\n

}<\/p>\n

function getUserStatus(){
\necho “”
\necho “”
\necho “############################ \u7528\u6237\u68c0\u67e5 ############################”
\n# 23\u3001\/etc\/passwd \u6700\u540e\u4fee\u6539\u65f6\u95f4
\npwdfile=”$(cat \/etc\/passwd)”
\nModify=$(stat \/etc\/passwd | grep Modify | tr ‘.’ ‘ ‘ | awk ‘{print $2,$3}’)<\/p>\n

echo “\/etc\/passwd \u6700\u540e\u4fee\u6539\u65f6\u95f4\uff1a$Modify ($(getHowLongAgo $Modify))”
\necho “”
\necho “\u7279\u6743\u7528\u6237”
\necho “——–”
\nRootUser=””
\nfor user in $(echo “$pwdfile” | awk -F: ‘{print $1}’);do
\nif [ $(id -u $user) -eq 0 ];then
\necho “$user”
\nRootUser=”$RootUser,$user”
\nfi
\ndone
\necho “”
\necho “\u7528\u6237\u5217\u8868”
\necho “——–”
\nUSERs=0
\necho “$(
\necho “\u7528\u6237\u540d UID GID HOME SHELL \u6700\u540e\u4e00\u6b21\u767b\u5f55”
\nfor shell in $(grep -v “\/sbin\/nologin” \/etc\/shells);do
\nfor username in $(grep “$shell” \/etc\/passwd| awk -F: ‘{print $1}’);do
\nuserLastLogin=”$(getUserLastLogin $username)”
\necho “$pwdfile” | grep -w “$username” |grep -w “$shell”| awk -F: -v lastlogin=”$(echo “$userLastLogin” | tr ‘ ‘ ‘_’)” ‘{print $1,$3,$4,$6,$7,lastlogin}’
\ndone
\nlet USERs=USERs+$(echo “$pwdfile” | grep “$shell”| wc -l)
\ndone
\n)” | column -t
\necho “”
\necho “\u7a7a\u5bc6\u7801\u7528\u6237”
\necho “———-”
\nUSEREmptyPassword=””
\nfor shell in $(grep -v “\/sbin\/nologin” \/etc\/shells);do
\nfor user in $(echo “$pwdfile” | grep “$shell” | cut -d: -f1);do
\nr=$(awk -F: ‘$2==”!!”{print $1}’ \/etc\/shadow | grep -w $user)
\nif [ ! -z $r ];then
\necho $r
\nUSEREmptyPassword=”$USEREmptyPassword,”$r
\nfi
\ndone
\ndone
\necho “”
\necho “\u76f8\u540cID\u7684\u7528\u6237”
\necho “————”
\nUSERTheSameUID=””
\nUIDs=$(cut -d: -f3 \/etc\/passwd | sort | uniq -c | awk ‘$1>1{print $2}’)
\nfor uid in $UIDs;do
\necho -n “$uid”;
\nUSERTheSameUID=”$uid”
\nr=$(awk -F: ‘ORS=””;$3=='”$uid”‘{print “:”,$1}’ \/etc\/passwd)
\necho “$r”
\necho “”
\nUSERTheSameUID=”$USERTheSameUID $r,”
\ndone
\n# 24\u3001\u7528\u6237\u62a5\u8868\u4fe1\u606f
\nreport_USERs=”$USERs” #\u7528\u6237
\nreport_USEREmptyPassword=$(echo $USEREmptyPassword | sed ‘s\/^,\/\/’)
\nreport_USERTheSameUID=$(echo $USERTheSameUID | sed ‘s\/,$\/\/’)
\nreport_RootUser=$(echo $RootUser | sed ‘s\/^,\/\/’) #\u7279\u6743\u7528\u6237
\n}<\/p>\n

function getPasswordStatus {
\necho “”
\necho “”
\necho “############################ \u5bc6\u7801\u68c0\u67e5 ############################”
\npwdfile=”$(cat \/etc\/passwd)”
\necho “”
\necho “\u5bc6\u7801\u8fc7\u671f\u68c0\u67e5”
\necho “————”
\nresult=””
\nfor shell in $(grep -v “\/sbin\/nologin” \/etc\/shells);do
\nfor user in $(echo “$pwdfile” | grep “$shell” | cut -d: -f1);do
\nget_expiry_date=$(\/usr\/bin\/chage -l $user | grep ‘Password expires’ | cut -d: -f2)
\nif [[ $get_expiry_date = ‘ never’ || $get_expiry_date = ‘never’ ]];then
\nprintf “%-15s \u6c38\u4e0d\u8fc7\u671f\\n” $user
\nresult=”$result,$user:never”
\nelse
\npassword_expiry_date=$(date -d “$get_expiry_date” “+%s”)
\ncurrent_date=$(date “+%s”)
\ndiff=$(($password_expiry_date-$current_date))
\nlet DAYS=$(($diff\/(60*60*24)))
\nprintf “%-15s %s\u5929\u540e\u8fc7\u671f\\n” $user $DAYS
\nresult=”$result,$user:$DAYS days”
\nfi
\ndone
\ndone
\nreport_PasswordExpiry=$(echo $result | sed ‘s\/^,\/\/’)<\/p>\n

echo “”
\necho “\u5bc6\u7801\u7b56\u7565\u68c0\u67e5”
\necho “————”
\ngrep -v “#” \/etc\/login.defs | grep -E “PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE”<\/p>\n

}<\/p>\n

function getSudoersStatus(){
\necho “”
\necho “”
\necho “############################ Sudoers\u68c0\u67e5 #########################”
\nconf=$(grep -v “^#” \/etc\/sudoers| grep -v “^Defaults” | sed ‘\/^$\/d’)
\necho “$conf”
\necho “”
\n# 25\u3001\u8fdb\u7a0b\u62a5\u8868\u4fe1\u606f
\nreport_Sudoers=”$(echo $conf | wc -l)”
\n}<\/p>\n

function getInstalledStatus(){
\necho “”
\necho “”
\necho “############################ \u8f6f\u4ef6\u68c0\u67e5 ############################”
\nrpm -qa –last | head | column -t
\n}<\/p>\n

function getProcessStatus(){
\necho “”
\necho “”
\necho “############################ \u8fdb\u7a0b\u68c0\u67e5 ############################”
\nif [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then
\necho “”
\necho “\u50f5\u5c38\u8fdb\u7a0b”;
\necho “——–”
\nps -ef | head -n1
\nps -ef | grep defunct | grep -v grep
\nfi
\necho “”
\necho “\u5185\u5b58\u5360\u7528TOP10”
\necho “————-”
\necho -e “PID %MEM RSS COMMAND
\n$(ps aux | awk ‘{print $2, $4, $6, $11}’ | sort -k3rn | head -n 10 )”| column -t
\necho “”
\necho “CPU\u5360\u7528TOP10”
\necho “————”
\ntop b -n1 | head -17 | tail -11
\n# 26\u3001jdk\u68c0\u67e5\u62a5\u8868\u4fe1\u606f
\nreport_DefunctProsess=”$(ps -ef | grep defunct | grep -v grep|wc -l)”
\n}<\/p>\n

function getJDKStatus(){
\necho “”
\necho “”
\necho “############################ JDK\u68c0\u67e5 #############################”
\njava -version 2>\/dev\/null
\nif [ $? -eq 0 ];then
\njava -version 2>&1
\nfi
\necho “JAVA_HOME=\\”$JAVA_HOME\\””
\n# 27\u3001jdk\u68c0\u67e5\u62a5\u8868\u4fe1\u606f
\nreport_JDK=”$(java -version 2>&1 | grep version | awk ‘{print $1,$3}’ | tr -d ‘”‘)”
\n}
\nfunction getSyslogStatus(){
\necho “”
\necho “”
\necho “############################ syslog\u68c0\u67e5 ##########################”
\necho “\u670d\u52a1\u72b6\u6001\uff1a$(getState rsyslog)”
\necho “”
\necho “\/etc\/rsyslog.conf”
\necho “—————–”
\ncat \/etc\/rsyslog.conf 2>\/dev\/null | grep -v “^#” | grep -v “^\\\\$” | sed ‘\/^$\/d’ | column -t
\n# 28\u3001\u9632\u706b\u5899\u62a5\u8868\u4fe1\u606f
\nreport_Syslog=”$(getState rsyslog)”
\n}
\nfunction getFirewallStatus(){
\necho “”
\necho “”
\necho “############################ \u9632\u706b\u5899\u68c0\u67e5 ##########################”
\n# 29\u3001\u9632\u706b\u5899\u72b6\u6001\uff0c\u7b56\u7565\u7b49
\nif [[ $centosVersion < 7 ]];then
\n\/etc\/init.d\/iptables status >\/dev\/null 2>&1
\nstatus=$?
\nif [ $status -eq 0 ];then
\ns=”active”
\nelif [ $status -eq 3 ];then
\ns=”inactive”
\nelif [ $status -eq 4 ];then
\ns=”permission denied”
\nelse
\ns=”unknown”
\nfi
\nelse
\ns=”$(getState iptables)”
\nfi
\necho “iptables: $s”
\necho “”
\necho “\/etc\/sysconfig\/iptables”
\necho “———————–”
\ncat \/etc\/sysconfig\/iptables 2>\/dev\/null
\n# 30\u3001\u9632\u706b\u5899\u62a5\u8868\u4fe1\u606f
\nreport_Firewall=”$s”
\n}<\/p>\n

function getSNMPStatus(){
\n# 31\u3001SNMP\u670d\u52a1\u72b6\u6001\uff0c\u914d\u7f6e\u7b49
\necho “”
\necho “”
\necho “############################ SNMP\u68c0\u67e5 ############################”
\nstatus=”$(getState snmpd)”
\necho “\u670d\u52a1\u72b6\u6001\uff1a$status”
\necho “”
\nif [ -e \/etc\/snmp\/snmpd.conf ];then
\necho “\/etc\/snmp\/snmpd.conf”
\necho “——————–”
\ncat \/etc\/snmp\/snmpd.conf 2>\/dev\/null | grep -v “^#” | sed ‘\/^$\/d’
\nfi
\n# 32\u3001SNMP\u62a5\u8868\u4fe1\u606f
\nreport_SNMP=”$(getState snmpd)”
\n}
\nfunction getState(){
\nif [[ $centosVersion < 7 ]];then
\nif [ -e “\/etc\/init.d\/$1” ];then
\nif [ `\/etc\/init.d\/$1 status 2>\/dev\/null | grep -E “is running|\u6b63\u5728\u8fd0\u884c” | wc -l` -ge 1 ];then
\nr=”active”
\nelse
\nr=”inactive”
\nfi
\nelse
\nr=”unknown”
\nfi
\nelse
\n#CentOS 7+
\nr=”$(systemctl is-active $1 2>&1)”
\nfi
\necho “$r”
\n}
\nfunction getSSHStatus(){
\n# 33\u3001SSHD\u670d\u52a1\u72b6\u6001\uff0c\u914d\u7f6e,\u53d7\u4fe1\u4efb\u4e3b\u673a\u7b49
\necho “”
\necho “”
\necho “############################ SSH\u68c0\u67e5 #############################”
\n# 34\u3001\u68c0\u67e5\u53d7\u4fe1\u4efb\u4e3b\u673a
\npwdfile=”$(cat \/etc\/passwd)”
\necho “\u670d\u52a1\u72b6\u6001\uff1a$(getState sshd)”
\nProtocol_Version=$(cat \/etc\/ssh\/sshd_config | grep Protocol | awk ‘{print $2}’)
\necho “SSH\u534f\u8bae\u7248\u672c\uff1a$Protocol_Version”
\necho “”
\necho “\u4fe1\u4efb\u4e3b\u673a”
\necho “——–”
\nauthorized=0
\nfor user in $(echo “$pwdfile” | grep \/bin\/bash | awk -F: ‘{print $1}’);do
\nauthorize_file=$(echo “$pwdfile” | grep -w $user | awk -F: ‘{printf $6″\/.ssh\/authorized_keys”}’)
\nauthorized_host=$(cat $authorize_file 2>\/dev\/null | awk ‘{print $3}’ | tr ‘\\n’ ‘,’ | sed ‘s\/,$\/\/’)
\nif [ ! -z $authorized_host ];then
\necho “$user \u6388\u6743 \\”$authorized_host\\” \u65e0\u5bc6\u7801\u8bbf\u95ee”
\nfi
\nlet authorized=authorized+$(cat $authorize_file 2>\/dev\/null | awk ‘{print $3}’|wc -l)
\ndone<\/p>\n

echo “”
\necho “\u662f\u5426\u5141\u8bb8ROOT\u8fdc\u7a0b\u767b\u5f55”
\necho “——————–”
\nconfig=$(cat \/etc\/ssh\/sshd_config | grep PermitRootLogin)
\nfirstChar=${config:0:1}
\nif [ $firstChar == “#” ];then
\nPermitRootLogin=”yes” #\u9ed8\u8ba4\u662f\u5141\u8bb8ROOT\u8fdc\u7a0b\u767b\u5f55\u7684
\nelse
\nPermitRootLogin=$(echo $config | awk ‘{print $2}’)
\nfi
\necho “PermitRootLogin $PermitRootLogin”<\/p>\n

echo “”
\necho “\/etc\/ssh\/sshd_config”
\necho “——————–”
\ncat \/etc\/ssh\/sshd_config | grep -v “^#” | sed ‘\/^$\/d’<\/p>\n

# 35\u3001\u4fe1\u4efb\u4e3b\u673a\u62a5\u8868\u4fe1\u606f
\nreport_SSHAuthorized=”$authorized” #SSH\u4fe1\u4efb\u4e3b\u673a
\nreport_SSHDProtocolVersion=”$Protocol_Version” #SSH\u534f\u8bae\u7248\u672c
\nreport_SSHDPermitRootLogin=”$PermitRootLogin” #\u5141\u8bb8root\u8fdc\u7a0b\u767b\u5f55
\n}
\nfunction getNTPStatus(){
\n# 36\u3001NTP\u670d\u52a1\u72b6\u6001\uff0c\u5f53\u524d\u65f6\u95f4\uff0c\u914d\u7f6e\u7b49
\necho “”
\necho “”
\necho “############################ NTP\u68c0\u67e5 #############################”
\nif [ -e \/etc\/ntp.conf ];then
\necho “\u670d\u52a1\u72b6\u6001\uff1a$(getState ntpd)”
\necho “”
\necho “\/etc\/ntp.conf”
\necho “————-”
\ncat \/etc\/ntp.conf 2>\/dev\/null | grep -v “^#” | sed ‘\/^$\/d’
\nfi
\n# 37\u3001NTP\u62a5\u8868\u4fe1\u606f
\nreport_NTP=”$(getState ntpd)”
\n}
\nfunction uploadHostDailyCheckReport(){
\njson=”{
\n\\”DateTime\\”:\\”$report_DateTime\\”,
\n\\”Hostname\\”:\\”$report_Hostname\\”,
\n\\”OSRelease\\”:\\”$report_OSRelease\\”,
\n\\”Kernel\\”:\\”$report_Kernel\\”,
\n\\”Language\\”:\\”$report_Language\\”,
\n\\”LastReboot\\”:\\”$report_LastReboot\\”,
\n\\”Uptime\\”:\\”$report_Uptime\\”,
\n\\”CPUs\\”:\\”$report_CPUs\\”,
\n\\”CPUType\\”:\\”$report_CPUType\\”,
\n\\”Arch\\”:\\”$report_Arch\\”,
\n\\”MemTotal\\”:\\”$report_MemTotal\\”,
\n\\”MemFree\\”:\\”$report_MemFree\\”,
\n\\”MemUsedPercent\\”:\\”$report_MemUsedPercent\\”,
\n\\”DiskTotal\\”:\\”$report_DiskTotal\\”,
\n\\”DiskFree\\”:\\”$report_DiskFree\\”,
\n\\”DiskUsedPercent\\”:\\”$report_DiskUsedPercent\\”,
\n\\”InodeTotal\\”:\\”$report_InodeTotal\\”,
\n\\”InodeFree\\”:\\”$report_InodeFree\\”,
\n\\”InodeUsedPercent\\”:\\”$report_InodeUsedPercent\\”,
\n\\”IP\\”:\\”$report_IP\\”,
\n\\”MAC\\”:\\”$report_MAC\\”,
\n\\”Gateway\\”:\\”$report_Gateway\\”,
\n\\”DNS\\”:\\”$report_DNS\\”,
\n\\”Listen\\”:\\”$report_Listen\\”,
\n\\”Selinux\\”:\\”$report_Selinux\\”,
\n\\”Firewall\\”:\\”$report_Firewall\\”,
\n\\”USERs\\”:\\”$report_USERs\\”,
\n\\”USEREmptyPassword\\”:\\”$report_USEREmptyPassword\\”,
\n\\”USERTheSameUID\\”:\\”$report_USERTheSameUID\\”,
\n\\”PasswordExpiry\\”:\\”$report_PasswordExpiry\\”,
\n\\”RootUser\\”:\\”$report_RootUser\\”,
\n\\”Sudoers\\”:\\”$report_Sudoers\\”,
\n\\”SSHAuthorized\\”:\\”$report_SSHAuthorized\\”,
\n\\”SSHDProtocolVersion\\”:\\”$report_SSHDProtocolVersion\\”,
\n\\”SSHDPermitRootLogin\\”:\\”$report_SSHDPermitRootLogin\\”,
\n\\”DefunctProsess\\”:\\”$report_DefunctProsess\\”,
\n\\”SelfInitiatedService\\”:\\”$report_SelfInitiatedService\\”,
\n\\”SelfInitiatedProgram\\”:\\”$report_SelfInitiatedProgram\\”,
\n\\”RuningService\\”:\\”$report_RuningService\\”,
\n\\”Crontab\\”:\\”$report_Crontab\\”,
\n\\”Syslog\\”:\\”$report_Syslog\\”,
\n\\”SNMP\\”:\\”$report_SNMP\\”,
\n\\”NTP\\”:\\”$report_NTP\\”,
\n\\”JDK\\”:\\”$report_JDK\\”
\n}”
\n# 38\u3001echo “$json”
\ncurl -l -H “Content-type: application\/json” -X POST -d “$json” “$uploadHostDailyCheckReportApi” 2>\/dev\/null
\n}
\nfunction getchage_file_24h()
\n{
\necho “############################ \u6587\u4ef6\u68c0\u67e5 #############################”
\ncheck2=$(find \/ -name ‘*.sh’ -mtime -1)
\ncheck21=$(find \/ -name ‘*.asp’ -mtime -1)
\ncheck22=$(find \/ -name ‘*.php’ -mtime -1)
\ncheck23=$(find \/ -name ‘*.aspx’ -mtime -1)
\ncheck24=$(find \/ -name ‘*.jsp’ -mtime -1)
\ncheck25=$(find \/ -name ‘*.html’ -mtime -1)
\ncheck26=$(find \/ -name ‘*.htm’ -mtime -1)
\ncheck9=$(find \/ -name core -exec ls -l {} \\;)
\ncheck10=$(cat \/etc\/crontab)
\ncheck12=$(ls -alt \/usr\/bin | head -10)
\ncat <<EOF
\n############################\u67e5\u770b\u6240\u6709\u88ab\u4fee\u6539\u8fc7\u7684\u6587\u4ef6\u8fd4\u56de\u6700\u8fd124\u5c0f\u65f6\u5185\u7684############################
\n${check2}
\n${check21}
\n${check22}
\n${check23}
\n${check24}
\n${check25}
\n${check26}
\n${line}
\n############################\u68c0\u67e5\u5b9a\u65f6\u6587\u4ef6\u7684\u5b8c\u6574\u6027############################
\n${check10}
\n${line}<\/p>\n

############################\u67e5\u770b\u7cfb\u7edf\u547d\u4ee4\u662f\u5426\u88ab\u66ff\u6362############################
\n${check12}
\n${line}
\nEOF
\n}
\nfunction check(){
\nversion
\ngetSystemStatus
\ngetCpuStatus
\ngetMemStatus
\ngetDiskStatus
\ngetNetworkStatus
\ngetListenStatus
\ngetProcessStatus
\ngetServiceStatus
\ngetAutoStartStatus
\ngetLoginStatus
\ngetCronStatus
\ngetUserStatus
\ngetPasswordStatus
\ngetSudoersStatus
\ngetJDKStatus
\ngetFirewallStatus
\ngetSSHStatus
\ngetSyslogStatus
\ngetSNMPStatus
\ngetNTPStatus
\ngetInstalledStatus
\ngetchage_file_24h
\n}<\/p>\n

# 39\u3001\u6267\u884c\u68c0\u67e5\u5e76\u4fdd\u5b58\u68c0\u67e5\u7ed3\u679c
\ncheck > $RESULTFILE<\/p>\n

echo “\u68c0\u67e5\u7ed3\u679c\uff1a$RESULTFILE”
\necho -e “`date “+%Y-%m-%d %H:%M:%S”` \u963f\u91cc\u4e91PHP\u4f01\u4e1a\u5e73\u53f0\u5de1\u68c0\u62a5\u544a” | mail -a $RESULTFILE -s “\u963f\u91cc\u4e91PHP\u4f01\u4e1a\u5e73\u53f0\u5de1\u68c0\u62a5\u544a” fengmm@shait.com.cn<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

#!\/bin\/bash #1\u3001\u4e3b\u673a\u4fe1\u606f\u6bcf\u65e5\u5de1\u68c0 IPADDR=$(ifconfig eth0|grep &#8 […]<\/p>\n","protected":false},"author":1,"featured_media":671,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-668","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/posts\/668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=668"}],"version-history":[{"count":3,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/posts\/668\/revisions"}],"predecessor-version":[{"id":672,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/posts\/668\/revisions\/672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=\/wp\/v2\/media\/671"}],"wp:attachment":[{"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bunnyism.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}