• 系统检查脚本 LinuxSysCheckv2.0.sh


    年底了需要巡检机器
    做个参考
    输出内容有点多
    适当减少

    #!/bin/sh
    echo "1.开关状态类检查项目:(检查通过不打印,不通过有提示)"
    
    echo "===> 系统为64位系统"
    uname -i|grep -q 'x86_64'
    if [[ $? -ne 0 ]]
    then
    	uname -i
    fi
    echo "===> 禁用iptables"
    iptables-save
    
    echo "===> 禁用firewalld"
    systemctl status firewalld.service &>/dev/null && echo "未禁用"
    
    echo "===> 停用SElinux"
    getenforce | grep -q  Disabled
    if [[ $? -ne 0 ]]
    then
    	getenforce
    	grep '^SELINUX=' /etc/selinux/config
    fi
    
    echo "===> 默认的语言/编码是UTF-8"
    locale | grep -q UTF-8
    if [[ $? -ne 0 ]]
    then
    	locale
    fi
    
    echo "===> 时间同步"
    timedatectl status|grep -q 'synchronized: yes'
    if [[ $? -ne 0 ]]
    then
    	timedatectl status|grep  'synchronized' || ntpstat
    fi
    echo "===> ntpd/chronyd服务运行"
    Count=`ps -ef | egrep "chrony[d]|ntp[d]" |wc -l`
    if [[ $Count -eq 0 ]]
    then
    	echo "时间同步服务未启动"
    fi
    
    echo "===> 停用swap分区"
    if [[ $(swapon -s | wc -l) -ne 0 ]]
    then
    	free -h
    fi
    
    echo "===> sysctl 配置有效性检查"
    sysctl -p > sysCheckP.txt 2>sysCheckP.err
    for x in $(awk -F'=' '/=/{print $1}' sysCheckP.txt|sed 's#\.#/#g')
    do
    	echo -n "/proc/sys/$x" "= "
    	cat /proc/sys/$x
    done > sysCheck.tmp
    
    awk -F'/proc/sys/' '{print $2}' sysCheck.tmp |sed  's#/#\.#g' > sysCheck.result
    
    Dif=`diff -b sysCheck.result sysCheckP.txt |wc -l`
    # -b忽略空格数量
    if [[ $Dif -ne 0 ]]
    then
    	diff -b sysCheck.result sysCheckP.txt
    fi
    rm -f sysCheck*
    
    echo "===> 内存使用率低于70%"
    free -m|awk 'NR==2{if ( $3 > $2*0.7) print "内存使用超过70%" }'
    
    
    echo "===> 允许root远程登录"
    grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config
    if [[ $? -ne 0 ]]
    then
    	grep '^PermitRootLogin ' /etc/ssh/sshd_config
    fi
    
    echo "===> 禁用免密ssh登陆"
    grep -q 'PermitEmptyPasswords.*yes' /etc/ssh/sshd_config
    if [[ $? -eq 0 ]]
    then
    	grep  'PermitEmptyPasswords' /etc/ssh/sshd_config
    fi
    
    echo "===> 隐藏的特权用户"
    Count=`awk -F: '$3==0{print $0}' /etc/passwd |wc -l`
    if [[ $Count -ne 1 ]]
    then
    	awk -F: '$3==0{print $0}' /etc/passwd
    fi
    
    echo "===> 空密码用户"
    Count=`grep -v ":x:" /etc/passwd | wc -l`
    if [[ $Count -ne 0 ]]
    then
    	grep -v ":x:" /etc/passwd
    fi
    
    echo "===> 内核/硬件报错日志"
    Count=grep -i error /var/log/messages | wc -l
    if [[ $Count -ne 0 ]]
    then
    	echo "/var/log/messages有error日志"
    fi
    
    echo "===> 磁盘使用率不超过80%"
    df -Th|egrep -v 'docker|kube' | egrep "[8-9].%|100%"
    
    echo "===> Inode使用率不超过80%"
    df -i|egrep -v 'docker|kube' | egrep "[8-9].%|100%"
    
    
    
    echo -e "\n\n2.信息打印类"
    
    echo "===> 检查内存占用TOP10"
    top -b -n1 -o%CPU|head -17
    echo "===> 检查CPU占用TOP10"
    top -b -n1 -o%MEM|head -17
    echo "===> 检查僵尸进程"
    top -b -n1 |grep zombie
    ps -e -o stat,ppid,pid,cmd|egrep "^[Zz]"
    
    echo "===> 检查自启动服务"
    test -e /usr/bin/systemctl
    if [[ $? -eq 0 ]]
    then
    	systemctl list-unit-files |grep enabled
    else
    	chkconfig --list |egrep '3:on|3:启用' #centos6
    fi
    echo "===> 检查正在运行的服务"
    systemctl list-units|awk '/running/{print $4,$1}'
    
    echo "===> 检查最近10次登录情况"
    last -n30 |grep pts| egrep -v 'root|mtime|rd|jumpser'
    
    echo "===> 检查系统计划任务"
    cat /etc/crontab
    echo "===> 检查用户计划任务"
    grep '^[^#]' /var/spool/cron/*
    
    echo "===> 检查/etc/passwd最后修改时间"
    stat /etc/passwd
    echo "===> 检查相同UID的用户"
    grep ':'$(awk -F: '{print $3}' /etc/passwd | uniq -c | sort -r | awk '$1>1{print $2}')':' /etc/passwd |grep -v '::'
    # 加':'防止awk结果为NULL时,grep夯住
    
    echo "===> 有sudo权限的用户"
    grep -r 'ALL=(ALL)' /etc/sudoers /etc/sudoers.d/ |grep -v root
    
    echo "===> jdk信息"
    java -version
    
    echo "===> 硬件时间、系统时间是否一致"
    hwclock ; date '+%a %d %b %Y %r %Z'
    
    #因hwclock与date两个命令执行时间有快有慢,直接grep可能匹配失败
    #hwclock | grep -q "$(date '+%a %d %b %Y %r %Z')"
    
    echo "===> 检查CPU类型"
    lscpu |egrep "Architecture|GHz"
    echo "===> 检查CPU个数"
    lscpu |grep Socket
    echo "===> 检查CPU核心数"
    lscpu |grep "^CPU(s):"
    
    
    echo "===> 检查IP地址"
    hostname -I
    echo "===> 检查MAC地址"
    cat /sys/class/net/e[a-z][a-z]*/address
    echo "===> 检查网关"
    ip route show
    echo "===> 检查本地Host"
    grep -v localhost /etc/hosts
    echo "===> 检查网卡/bond0状态"
    echo -n "当前的启用网卡:"  && echo $(/sbin/ip -o link show up | awk -F ": " '{ print $2}')
    ##不建议使用 /etc/init.d/network status 可能导致rundeck job 夯住
    
    exit
    
    ================# 水平有限 欢迎留言 批评指正 #=================
  • 相关阅读:
    nodejs安装
    mongodb安装指南
    JQuery控制input的readonly和disabled属性
    C# 汉子增加UTF-8头
    Microsoft Visual C++ 2005 SP1 Redistributable 安装错误
    sql server 查找指定字符串的位置
    sql server 数据库附加时程序集错误
    前端路由
    CSS学习笔记——选择器优先级
    CSS学习笔记——盒子模型
  • 原文地址:https://www.cnblogs.com/max27149/p/15793591.html
Copyright © 2020-2023  润新知