年底了需要巡检机器
做个参考
输出内容有点多
适当减少
#!/bin/sh
echo "1.开关状态类检查项目:(检查通过不打印,不通过有提示)"
echo "===> 系统为64位系统"
uname -i|grep -q 'x86_64'
if [[ $? -ne 0 ]]
then
uname -i
fi
echo "===> 禁用iptables"
iptables-save
echo "===> 禁用firewalld"
systemctl status firewalld.service &>/dev/null && echo "未禁用"
echo "===> 停用SElinux"
getenforce | grep -q Disabled
if [[ $? -ne 0 ]]
then
getenforce
grep '^SELINUX=' /etc/selinux/config
fi
echo "===> 默认的语言/编码是UTF-8"
locale | grep -q UTF-8
if [[ $? -ne 0 ]]
then
locale
fi
echo "===> 时间同步"
timedatectl status|grep -q 'synchronized: yes'
if [[ $? -ne 0 ]]
then
timedatectl status|grep 'synchronized' || ntpstat
fi
echo "===> ntpd/chronyd服务运行"
Count=`ps -ef | egrep "chrony[d]|ntp[d]" |wc -l`
if [[ $Count -eq 0 ]]
then
echo "时间同步服务未启动"
fi
echo "===> 停用swap分区"
if [[ $(swapon -s | wc -l) -ne 0 ]]
then
free -h
fi
echo "===> sysctl 配置有效性检查"
sysctl -p > sysCheckP.txt 2>sysCheckP.err
for x in $(awk -F'=' '/=/{print $1}' sysCheckP.txt|sed 's#\.#/#g')
do
echo -n "/proc/sys/$x" "= "
cat /proc/sys/$x
done > sysCheck.tmp
awk -F'/proc/sys/' '{print $2}' sysCheck.tmp |sed 's#/#\.#g' > sysCheck.result
Dif=`diff -b sysCheck.result sysCheckP.txt |wc -l`
# -b忽略空格数量
if [[ $Dif -ne 0 ]]
then
diff -b sysCheck.result sysCheckP.txt
fi
rm -f sysCheck*
echo "===> 内存使用率低于70%"
free -m|awk 'NR==2{if ( $3 > $2*0.7) print "内存使用超过70%" }'
echo "===> 允许root远程登录"
grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config
if [[ $? -ne 0 ]]
then
grep '^PermitRootLogin ' /etc/ssh/sshd_config
fi
echo "===> 禁用免密ssh登陆"
grep -q 'PermitEmptyPasswords.*yes' /etc/ssh/sshd_config
if [[ $? -eq 0 ]]
then
grep 'PermitEmptyPasswords' /etc/ssh/sshd_config
fi
echo "===> 隐藏的特权用户"
Count=`awk -F: '$3==0{print $0}' /etc/passwd |wc -l`
if [[ $Count -ne 1 ]]
then
awk -F: '$3==0{print $0}' /etc/passwd
fi
echo "===> 空密码用户"
Count=`grep -v ":x:" /etc/passwd | wc -l`
if [[ $Count -ne 0 ]]
then
grep -v ":x:" /etc/passwd
fi
echo "===> 内核/硬件报错日志"
Count=grep -i error /var/log/messages | wc -l
if [[ $Count -ne 0 ]]
then
echo "/var/log/messages有error日志"
fi
echo "===> 磁盘使用率不超过80%"
df -Th|egrep -v 'docker|kube' | egrep "[8-9].%|100%"
echo "===> Inode使用率不超过80%"
df -i|egrep -v 'docker|kube' | egrep "[8-9].%|100%"
echo -e "\n\n2.信息打印类"
echo "===> 检查内存占用TOP10"
top -b -n1 -o%CPU|head -17
echo "===> 检查CPU占用TOP10"
top -b -n1 -o%MEM|head -17
echo "===> 检查僵尸进程"
top -b -n1 |grep zombie
ps -e -o stat,ppid,pid,cmd|egrep "^[Zz]"
echo "===> 检查自启动服务"
test -e /usr/bin/systemctl
if [[ $? -eq 0 ]]
then
systemctl list-unit-files |grep enabled
else
chkconfig --list |egrep '3:on|3:启用' #centos6
fi
echo "===> 检查正在运行的服务"
systemctl list-units|awk '/running/{print $4,$1}'
echo "===> 检查最近10次登录情况"
last -n30 |grep pts| egrep -v 'root|mtime|rd|jumpser'
echo "===> 检查系统计划任务"
cat /etc/crontab
echo "===> 检查用户计划任务"
grep '^[^#]' /var/spool/cron/*
echo "===> 检查/etc/passwd最后修改时间"
stat /etc/passwd
echo "===> 检查相同UID的用户"
grep ':'$(awk -F: '{print $3}' /etc/passwd | uniq -c | sort -r | awk '$1>1{print $2}')':' /etc/passwd |grep -v '::'
# 加':'防止awk结果为NULL时,grep夯住
echo "===> 有sudo权限的用户"
grep -r 'ALL=(ALL)' /etc/sudoers /etc/sudoers.d/ |grep -v root
echo "===> jdk信息"
java -version
echo "===> 硬件时间、系统时间是否一致"
hwclock ; date '+%a %d %b %Y %r %Z'
#因hwclock与date两个命令执行时间有快有慢,直接grep可能匹配失败
#hwclock | grep -q "$(date '+%a %d %b %Y %r %Z')"
echo "===> 检查CPU类型"
lscpu |egrep "Architecture|GHz"
echo "===> 检查CPU个数"
lscpu |grep Socket
echo "===> 检查CPU核心数"
lscpu |grep "^CPU(s):"
echo "===> 检查IP地址"
hostname -I
echo "===> 检查MAC地址"
cat /sys/class/net/e[a-z][a-z]*/address
echo "===> 检查网关"
ip route show
echo "===> 检查本地Host"
grep -v localhost /etc/hosts
echo "===> 检查网卡/bond0状态"
echo -n "当前的启用网卡:" && echo $(/sbin/ip -o link show up | awk -F ": " '{ print $2}')
##不建议使用 /etc/init.d/network status 可能导致rundeck job 夯住
exit