1、自动化登录服务器操作:
第一种方式:(login.vbs文件)
Sub Main
xsh.Screen.Send "ssh root@10.99.202.54"
xsh.Screen.Send VbCr
xsh.Screen.WaitForString "password: "
xsh.Screen.Send "TOYxmx$Hpv"
xsh.Screen.Send VbCr
xsh.Screen.Send "ifconfig"
xsh.Screen.Send VbCr
End Sub
第二种方式:建立会话实现点击登录
2、执行命令的脚本文件(basci.vbs文件)
Sub Main
xsh.Screen.Send "yum install lrzsz -y"
xsh.Screen.Send VbCr
xsh.Screen.Send "yum -y install psmisc"
xsh.Screen.Send VbCr
xsh.Screen.Send "yum install -y ntp"
xsh.Screen.Send VbCr
xsh.Screen.Send "service ntpd start"
xsh.Screen.Send VbCr
xsh.Screen.Send "cd /home"
xsh.Screen.Send VbCr
xsh.Screen.Send "mkdir securityCheck"
xsh.Screen.Send VbCr
xsh.Screen.Send "cd /home/securityCheck"
xsh.Screen.Send VbCr
End Sub
3、上传文件
rz (enter)
4、执行脚本文件(查询信息,生成TXT文件并且导出到本地)run.vbs文件
Sub Main
xsh.Screen.Send "chmod +x securityCheck.sh"
xsh.Screen.Send VbCr
xsh.Screen.Send "./securityCheck.sh"
xsh.Screen.Send VbCr
xsh.Screen.Send "sz securityReport.txt"
xsh.Screen.Send VbCr
xsh.Screen.Send VbCr
End Sub
5、脚本文件具体内容(securityCheck.sh文件)
#!/bin/bash
echo "------------------------网络安全检查开始----------------------" >> /home/securityCheck/securityReport.txt
echo "------------------第一部分——网卡配置查询--------------------" >> /home/securityCheck/securityReport.txt
#01-网卡配置——查询命令总结
network_scripts=`cat /etc/sysconfig/network-scripts/ifcfg-ens192`
echo "1.1 系统网卡配置信息ifcfg-ens192:" >> /home/securityCheck/securityReport.txt
echo "$network_scripts" >> /home/securityCheck/securityReport.txt
ifconfig=`ifconfig`
echo "1.2 系统网卡ifconfig具体信息:" >> /home/securityCheck/securityReport.txt
echo "$ifconfig" >> /home/securityCheck/securityReport.txt
#02-DNS文件配置——查询命令
echo "------------------第二部分——DNS配置查询--------------------" >> /home/securityCheck/securityReport.txt
DNS=`cat /etc/resolv.conf`
echo "2.1 系统DNS配置信息:" >> /home/securityCheck/securityReport.txt
echo "$DNS" >> /home/securityCheck/securityReport.txt
#03-核查NTP文件配置-查询命令
echo "------------------第三部分——NTP配置查询--------------------" >> /home/securityCheck/securityReport.txt
#查询NTP文件配置
NTP=`ntpq -p`
echo "3.1 系统NTP配置信息" >> /home/securityCheck/securityReport.txt
echo "$NTP" >> /home/securityCheck/securityReport.txt
#显示网络时间同步状态
NTPstat=`ntpstat`
echo "3.2 系统网络时间同步状态信息" >> /home/securityCheck/securityReport.txt
echo "$NTPstat" >> /home/securityCheck/securityReport.txt
#04-端口检查-查询命令
echo "------------------第四部分——端口信息查询--------------------" >> /home/securityCheck/securityReport.txt
#所有端口检查
PORT=`netstat -tunlp`
echo "4.1 系统所有端口信息" >> /home/securityCheck/securityReport.txt
echo "$PORT" >> /home/securityCheck/securityReport.txt
#查看所有的服务和端口
AllPORT=`netstat -anlp`
echo "4.2 系统所有的服务及端口信息" >> /home/securityCheck/securityReport.txt
echo "$AllPORT" >> /home/securityCheck/securityReport.txt
#查看服务占用的端口(比如Nginx,mysqld)
JAVA=`netstat -ntulp | grep java`
echo "4.3-1 java服务占用的端口信息" >> /home/securityCheck/securityReport.txt
echo "$JAVA" >> /home/securityCheck/securityReport.txt
NGINX=`netstat -ntulp | grep nginx`
echo "4.3-2 nginx服务占用的端口信息" >> /home/securityCheck/securityReport.txt
echo "$NGINX" >> /home/securityCheck/securityReport.txt
REDIS=`netstat -ntulp | grep redis`
echo "4.3-3 redis服务占用的端口信息" >> /home/securityCheck/securityReport.txt
echo "$REDIS" >> /home/securityCheck/securityReport.txt
#ssh服务器端/etc/ssh/sshd_conf配置文件详解
SSH=`cat /etc/ssh/sshd_config`
echo "4.4 SSH服务的具体配置信息" >> /home/securityCheck/securityReport.txt
echo "$SSH" >> /home/securityCheck/securityReport.txt
echo "------------------第五部分——防火墙信息查询--------------------" >> /home/securityCheck/securityReport.txt
#05-核查防火墙-查询命令
#查看防火墙的状态
FIREWALL=`firewall-cmd --state`
echo "5.1 防火墙的具体信息" >> /home/securityCheck/securityReport.txt
echo "$FIREWALL" >> /home/securityCheck/securityReport.txt
#查看防火墙的规则
FIRERULE=`firewall-cmd --list-all`
echo "5.2 防火墙的具体信息" >> /home/securityCheck/securityReport.txt
echo "$FIRERULE" >> /home/securityCheck/securityReport.txt
echo "------------------第六部分——系统用户信息查询--------------------" >> /home/securityCheck/securityReport.txt
#06-核查系统用户-查询命令
#查询系统用户列表
SYSTEMUSER=`cat /etc/passwd`
echo "6.1 系统的用户状态信息" >> /home/securityCheck/securityReport.txt
echo "$SYSTEMUSER" >> /home/securityCheck/securityReport.txt
#查询系统用户密码列表
USERPASSWORD=`cat /etc/shadow`
echo "6.2 系统的用户密码信息" >> /home/securityCheck/securityReport.txt
echo "$USERPASSWORD" >> /home/securityCheck/securityReport.txt
#查看系统中有哪些用户
USER=`cut -d : -f 1 /etc/passwd`
echo "6.3 系统的用户列表" >> /home/securityCheck/securityReport.txt
echo "$USER" >> /home/securityCheck/securityReport.txt
#查看可以登录系统的用户
LOGINUSER=`cat /etc/passwd | grep -v /sbin/nologin | cut -d : -f 1`
echo "6.4 系统中具有登录权限的用户信息" >> /home/securityCheck/securityReport.txt
echo "$LOGINUSER" >> /home/securityCheck/securityReport.txt
echo "------------------第七部分——系统进程信息查询--------------------" >> /home/securityCheck/securityReport.txt
#07-核查进程-查询命令
#查询系统的所有进程
PROCESS=`ps aux --sort=-%mem`
echo "7.1 系统所有的进程信息(按照占用内存大小排序)" >> /home/securityCheck/securityReport.txt
echo "$PROCESS" >> /home/securityCheck/securityReport.txt
#查询所有正在运行中的进程
PROCESSING=`ps aux | less`
echo "7.2 系统中正在运行的进程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESSING" >> /home/securityCheck/securityReport.txt
#显示系统所有进程的进程树
PTREE=`pstree`
echo "7.3 系统整体进程树信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE" >> /home/securityCheck/securityReport.txt
#查询特定服务的进程树
PTREE_JAVA=`pstree -aup | grep java`
echo "7.4.1 系统中java服务的进程树信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_JAVA" >> /home/securityCheck/securityReport.txt
PTREE_REDIS=`pstree -aup | grep redis`
echo "7.4.2 系统中redis服务的进程树信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_REDIS" >> /home/securityCheck/securityReport.txt
PTREE_NGINX=`pstree -aup | grep nginx`
echo "7.4.3 系统中nginx服务的进程树信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_NGINX" >> /home/securityCheck/securityReport.txt
PTREE_SSH=`pstree -aup | grep ssh`
echo "7.4.4 系统中SSH服务的进程树信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_SSH" >> /home/securityCheck/securityReport.txt
#查询某一个服务的进程数
PROCESS_COUNT_JAVA=`ps -ef | grep java | wc -l`
echo "7.5.1 系统中java服务的进程数" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_JAVA" >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_REDIS=`ps -ef | grep redis | wc -l`
echo "7.5.2 系统中redis服务的进程数" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_JAVA" >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_NGINX=`ps -ef | grep nginx | wc -l`
echo "7.5.3 系统中nignx服务的进程数" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_NGINX" >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_SSH=`ps -ef | grep ssh | wc -l`
echo "7.5.4 系统中ssh服务的进程数" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_SSH" >> /home/securityCheck/securityReport.txt
#查询某一个服务的进程详细信息
PROCESS_DETAIL_JAVA=`ps -ef | grep java`
echo "7.6.1 系统中java服务的具体进程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_JAVA" >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_REDIS=`ps -ef | grep redis`
echo "7.6.2 系统中redis服务的具体进程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_REDIS" >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_NGINX=`ps -ef | grep nginx`
echo "7.6.3 系统中nignx服务的具体进程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_NGINX" >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_SSH=`ps -ef | grep ssh`
echo "7.6.4 系统中ssh服务的具体进程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_SSH" >> /home/securityCheck/securityReport.txt
echo "------------------第八部分——系统CPU信息查询--------------------" >> /home/securityCheck/securityReport.txt
#08-核查CPU信息-查询命令
#cpu逻辑核个数
CPU_NUMBER_logistic=`cat /proc/cpuinfo | grep "processor" | wc -l`
echo "8.1 系统CPU逻辑核个数" >> /home/securityCheck/securityReport.txt
echo "$CPU_NUMBER_logistic" >> /home/securityCheck/securityReport.txt
#cpu物理核个数
CPU_NUMBER_physical=`cat /proc/cpuinfo | grep "cpu cores" | uniq`
echo "8.2 系统CPU物理核个数" >> /home/securityCheck/securityReport.txt
echo "$CPU_NUMBER_physical" >> /home/securityCheck/securityReport.txt
#cpu个数
CPU_NUMBER=`cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l`
echo "8.3 系统CPU的个数" >> /home/securityCheck/securityReport.txt
echo "$CPU_NUMBER" >> /home/securityCheck/securityReport.txt
#cpu是否启用超线程(siblings 大于 cpu cores,说明启用了超线程)
CHAO_THREAD=`cat /proc/cpuinfo | grep -e "cpu cores" -e "siblings" | sort | uniq`
echo "8.4 系统的超线程情况信息" >> /home/securityCheck/securityReport.txt
echo "$CHAO_THREAD" >> /home/securityCheck/securityReport.txt
#cpu的具体信息查询
CPU_DETAIL=`cat /proc/cpuinfo`
echo "8.5 系统CPU的具体信息" >> /home/securityCheck/securityReport.txt
echo "$CPU_DETAIL" >> /home/securityCheck/securityReport.txt
#查询CPU的主频
CPU_HZ=`cat /proc/cpuinfo |grep MHz|uniq`
echo "8.6 系统CPU的主频信息" >> /home/securityCheck/securityReport.txt
echo "$CPU_HZ" >> /home/securityCheck/securityReport.txt
#查询内存的基本信息
RAM=`cat /proc/meminfo`
echo "8.7 系统内存信息" >> /home/securityCheck/securityReport.txt
echo "$RAM" >> /home/securityCheck/securityReport.txt
#查看CPU的型号
CPU_TYPE=`dmidecode -s processor-version`
echo "8.7 系统内存信息" >> /home/securityCheck/securityReport.txt
echo "$CPU_TYPE" >> /home/securityCheck/securityReport.txt
echo "------------------------网络安全检查结束----------------------" >> /home/securityCheck/securityReport.txt
6、结束脚本内容(end.vbs)
Sub Main
xsh.Screen.Send "cd /home"
xsh.Screen.Send VbCr
xsh.Screen.Send "rm -rf securityCheck"
xsh.Screen.Send VbCr
xsh.Screen.Send "ll"
xsh.Screen.Send VbCr
End Sub
综合以上脚本内容和执行顺序,具体的文件如下所示: