Linux 服务器日常巡检脚本分享
https://mp.weixin.qq.com/s/zWB4AMqGnytY7y61mom2vw
Linux 系统日常巡检脚本,巡检内容包含了,磁盘,内存 cpu 进程 文件更改 用户登录等一系列的操作 直接用就行了。
报告以邮件发送到邮箱 在log下生成巡检报告。
#!/bin/bash # @Author: HanWei # @Date: 2020-03-16 09:56:57 # @Last Modified by: HanWei # @Last Modified time: 2020-03-16 11:06:31 # @E-mail: han_wei_95@163.com #!/bin/bash #主机信息每日巡检 IPADDR=$(ifconfig eth0|grep 'inet addr'|awk -F '[ :]' '{print $13}') #环境变量PATH没设好,在cron里执行时有很多命令会找不到 export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin source /etc/profile [ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本!" && exit 1 centosVersion=$(awk '{print $(NF-1)}' /etc/redhat-release) VERSION="2020-03-16" #日志相关 PROGPATH=`echo $0 | sed -e 's,[\/][^\/][^\/]*$,,'` [ -f $PROGPATH ] && PROGPATH="." LOGPATH="$PROGPATH/log" [ -e $LOGPATH ] || mkdir $LOGPATH RESULTFILE="$LOGPATH/HostDailyCheck-$IPADDR-`date +%Y%m%d`.txt" #定义报表的全局变量 report_DateTime="" #日期 ok report_Hostname="" #主机名 ok report_OSRelease="" #发行版本 ok report_Kernel="" #内核 ok report_Language="" #语言/编码 ok report_LastReboot="" #最近启动时间 ok report_Uptime="" #运行时间(天) ok report_CPUs="" #CPU数量 ok report_CPUType="" #CPU类型 ok report_Arch="" #CPU架构 ok report_MemTotal="" #内存总容量(MB) ok report_MemFree="" #内存剩余(MB) ok report_MemUsedPercent="" #内存使用率% ok report_DiskTotal="" #硬盘总容量(GB) ok report_DiskFree="" #硬盘剩余(GB) ok report_DiskUsedPercent="" #硬盘使用率% ok report_InodeTotal="" #Inode总量 ok report_InodeFree="" #Inode剩余 ok report_InodeUsedPercent="" #Inode使用率 ok report_IP="" #IP地址 ok report_MAC="" #MAC地址 ok report_Gateway="" #默认网关 ok report_DNS="" #DNS ok report_Listen="" #监听 ok report_Selinux="" #Selinux ok report_Firewall="" #防火墙 ok report_USERs="" #用户 ok report_USEREmptyPassword="" #空密码用户 ok report_USERTheSameUID="" #相同ID的用户 ok report_PasswordExpiry="" #密码过期(天) ok report_RootUser="" #root用户 ok report_Sudoers="" #sudo授权 ok report_SSHAuthorized="" #SSH信任主机 ok report_SSHDProtocolVersion="" #SSH协议版本 ok report_SSHDPermitRootLogin="" #允许root远程登录 ok report_DefunctProsess="" #僵尸进程数量 ok report_SelfInitiatedService="" #自启动服务数量 ok report_SelfInitiatedProgram="" #自启动程序数量 ok report_RuningService="" #运行中服务数 ok report_Crontab="" #计划任务数 ok report_Syslog="" #日志服务 ok report_SNMP="" #SNMP OK report_NTP="" #NTP ok report_JDK="" #JDK版本 ok function version(){ echo "" echo "" echo "系统巡检脚本:Version $VERSION" } function getCpuStatus(){ echo "" echo "" echo "############################ CPU检查 #############################" Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l) Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l) CPU_Kernels=$(grep "cores" /proc/cpuinfo|uniq| awk -F ': ' '{print $2}') CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F ': ' '{print $2}' | sort | uniq) CPU_Arch=$(uname -m) echo "物理CPU个数:$Physical_CPUs" echo "逻辑CPU个数:$Virt_CPUs" echo "每CPU核心数:$CPU_Kernels" echo " CPU型号:$CPU_Type" echo " CPU架构:$CPU_Arch" #报表信息 report_CPUs=$Virt_CPUs #CPU数量 report_CPUType=$CPU_Type #CPU类型 report_Arch=$CPU_Arch #CPU架构 } function getMemStatus(){ echo "" echo "" echo "############################ 内存检查 ############################" if [[ $centosVersion < 7 ]];then free -mo else free -h fi #报表信息 MemTotal=$(grep MemTotal /proc/meminfo| awk '{print $2}') #KB MemFree=$(grep MemFree /proc/meminfo| awk '{print $2}') #KB let MemUsed=MemTotal-MemFree MemPercent=$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf "%.2f",$MemUsed*100/$MemTotal}}") report_MemTotal="$((MemTotal/1024))""MB" #内存总容量(MB) report_MemFree="$((MemFree/1024))""MB" #内存剩余(MB) report_MemUsedPercent="$(awk "BEGIN {if($MemTotal==0){printf 100}else{printf "%.2f",$MemUsed*100/$MemTotal}}")""%" #内存使用率% } function getDiskStatus(){ echo "" echo "" echo "############################ 磁盘检查 ############################" df -hiP | sed 's/Mounted on/Mounted/'> /tmp/inode df -hTP | sed 's/Mounted on/Mounted/'> /tmp/disk join /tmp/disk /tmp/inode | awk '{print $1,$2,"|",$3,$4,$5,$6,"|",$8,$9,$10,$11,"|",$12}'| column -t #报表信息 diskdata=$(df -TP | sed '1d' | awk '$2!="tmpfs"{print}') #KB disktotal=$(echo "$diskdata" | awk '{total+=$3}END{print total}') #KB diskused=$(echo "$diskdata" | awk '{total+=$4}END{print total}') #KB diskfree=$((disktotal-diskused)) #KB diskusedpercent=$(echo $disktotal $diskused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}') inodedata=$(df -iTP | sed '1d' | awk '$2!="tmpfs"{print}') inodetotal=$(echo "$inodedata" | awk '{total+=$3}END{print total}') inodeused=$(echo "$inodedata" | awk '{total+=$4}END{print total}') inodefree=$((inodetotal-inodeused)) inodeusedpercent=$(echo $inodetotal $inodeused | awk '{if($1==0){printf 100}else{printf "%.2f",$2*100/$1}}') report_DiskTotal=$((disktotal/1024/1024))"GB" #硬盘总容量(GB) report_DiskFree=$((diskfree/1024/1024))"GB" #硬盘剩余(GB) report_DiskUsedPercent="$diskusedpercent""%" #硬盘使用率% report_InodeTotal=$((inodetotal/1000))"K" #Inode总量 report_InodeFree=$((inodefree/1000))"K" #Inode剩余 report_InodeUsedPercent="$inodeusedpercent""%" #Inode使用率% } function getSystemStatus(){ echo "" echo "" echo "############################ 系统检查 ############################" if [ -e /etc/sysconfig/i18n ];then default_LANG="$(grep "LANG=" /etc/sysconfig/i18n | grep -v "^#" | awk -F '"' '{print $2}')" else default_LANG=$LANG fi export LANG="en_US.UTF-8" Release=$(cat /etc/redhat-release 2>/dev/null) Kernel=$(uname -r) OS=$(uname -o) Hostname=$(uname -n) SELinux=$(/usr/sbin/sestatus | grep "SELinux status: " | awk '{print $3}') LastReboot=$(who -b | awk '{print $3,$4}') uptime=$(uptime | sed 's/.*up ([^,]*), .*/1/') echo " 系统:$OS" echo " 发行版本:$Release" echo " 内核:$Kernel" echo " 主机名:$Hostname" echo " SELinux:$SELinux" echo "语言/编码:$default_LANG" echo " 当前时间:$(date +'%F %T')" echo " 最后启动:$LastReboot" echo " 运行时间:$uptime" #报表信息 report_DateTime=$(date +"%F %T") #日期 report_Hostname="$Hostname" #主机名 report_OSRelease="$Release" #发行版本 report_Kernel="$Kernel" #内核 report_Language="$default_LANG" #语言/编码 report_LastReboot="$LastReboot" #最近启动时间 report_Uptime="$uptime" #运行时间(天) report_Selinux="$SELinux" export LANG="$default_LANG" } function getServiceStatus(){ echo "" echo "" echo "############################ 服务检查 ############################" echo "" if [[ $centosVersion > 7 ]];then conf=$(systemctl list-unit-files --type=service --state=enabled --no-pager | grep "enabled") process=$(systemctl list-units --type=service --state=running --no-pager | grep ".service") #报表信息 report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量 report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量 else conf=$(/sbin/chkconfig | grep -E ":on|:启用") process=$(/sbin/service --status-all 2>/dev/null | grep -E "is running|正在运行") #报表信息 report_SelfInitiatedService="$(echo "$conf" | wc -l)" #自启动服务数量 report_RuningService="$(echo "$process" | wc -l)" #运行中服务数量 fi echo "服务配置" echo "--------" echo "$conf" | column -t echo "" echo "正在运行的服务" echo "--------------" echo "$process" } function getAutoStartStatus(){ echo "" echo "" echo "############################ 自启动检查 ##########################" conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d') echo "$conf" #报表信息 report_SelfInitiatedProgram="$(echo $conf | wc -l)" #自启动程序数量 } function getLoginStatus(){ echo "" echo "" echo "############################ 登录检查 ############################" last | head } function getNetworkStatus(){ echo "" echo "" echo "############################ 网络检查 ############################" if [[ $centosVersion < 7 ]];then /sbin/ifconfig -a | grep -v packets | grep -v collisions | grep -v inet6 else #ip a for i in $(ip link | grep BROADCAST | awk -F: '{print $2}');do ip add show $i | grep -E "BROADCAST|global"| awk '{print $2}' | tr ' ' ' ' ;echo "" ;done fi GATEWAY=$(ip route | grep default | awk '{print $3}') DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr ' ' ',' | sed 's/,$//') echo "" echo "网关:$GATEWAY " echo " DNS:$DNS" #报表信息 IP=$(ip -f inet addr | grep -v 127.0.0.1 | grep inet | awk '{print $NF,$2}' | tr ' ' ',' | sed 's/,$//') MAC=$(ip link | grep -v "LOOPBACK|loopback" | awk '{print $2}' | sed 'N;s/ //' | tr ' ' ',' | sed 's/,$//') report_IP="$IP" #IP地址 report_MAC=$MAC #MAC地址 report_Gateway="$GATEWAY" #默认网关 report_DNS="$DNS" #DNS } function getListenStatus(){ echo "" echo "" echo "############################ 监听检查 ############################" TCPListen=$(ss -ntul | column -t) echo "$TCPListen" #报表信息 report_Listen="$(echo "$TCPListen"| sed '1d' | awk '/tcp/ {print $5}' | awk -F: '{print $NF}' | sort | uniq | wc -l)" } function getCronStatus(){ echo "" echo "" echo "############################ 计划任务检查 ########################" Crontab=0 for shell in $(grep -v "/sbin/nologin" /etc/shells);do for user in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do crontab -l -u $user >/dev/null 2>&1 status=$? if [ $status -eq 0 ];then echo "$user" echo "--------" crontab -l -u $user let Crontab=Crontab+$(crontab -l -u $user | wc -l) echo "" fi done done #计划任务 find /etc/cron* -type f | xargs -i ls -l {} | column -t let Crontab=Crontab+$(find /etc/cron* -type f | wc -l) #报表信息 report_Crontab="$Crontab" #计划任务数 } function getHowLongAgo(){ # 计算一个时间戳离现在有多久了 datetime="$*" [ -z "$datetime" ] && echo "错误的参数:getHowLongAgo() $*" Timestamp=$(date +%s -d "$datetime") #转化为时间戳 Now_Timestamp=$(date +%s) Difference_Timestamp=$(($Now_Timestamp-$Timestamp)) days=0;hours=0;minutes=0; sec_in_day=$((60*60*24)); sec_in_hour=$((60*60)); sec_in_minute=60 while (( $(($Difference_Timestamp-$sec_in_day)) > 1 )) do let Difference_Timestamp=Difference_Timestamp-sec_in_day let days++ done while (( $(($Difference_Timestamp-$sec_in_hour)) > 1 )) do let Difference_Timestamp=Difference_Timestamp-sec_in_hour let hours++ done echo "$days 天 $hours 小时前" } function getUserLastLogin(){ # 获取用户最近一次登录的时间,含年份 # 很遗憾last命令不支持显示年份,只有"last -t YYYYMMDDHHMMSS"表示某个时间之间的登录,我 # 们只能用最笨的方法了,对比今天之前和今年元旦之前(或者去年之前和前年之前……)某个用户 # 登录次数,如果登录统计次数有变化,则说明最近一次登录是今年。 username=$1 : ${username:="`whoami`"} thisYear=$(date +%Y) oldesYear=$(last | tail -n1 | awk '{print $NF}') while(( $thisYear >= $oldesYear));do loginBeforeToday=$(last $username | grep $username | wc -l) loginBeforeNewYearsDayOfThisYear=$(last $username -t $thisYear"0101000000" | grep $username | wc -l) if [ $loginBeforeToday -eq 0 ];then echo "从未登录过" break elif [ $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ];then lastDateTime=$(last -i $username | head -n1 | awk '{for(i=4;i<(NF-2);i++)printf"%s ",$i}')" $thisYear" #格式如: Sat Nov 2 20:33 2015 lastDateTime=$(date "+%Y-%m-%d %H:%M:%S" -d "$lastDateTime") echo "$lastDateTime" break else thisYear=$((thisYear-1)) fi done } function getUserStatus(){ echo "" echo "" echo "############################ 用户检查 ############################" #/etc/passwd 最后修改时间 pwdfile="$(cat /etc/passwd)" Modify=$(stat /etc/passwd | grep Modify | tr '.' ' ' | awk '{print $2,$3}') echo "/etc/passwd 最后修改时间:$Modify ($(getHowLongAgo $Modify))" echo "" echo "特权用户" echo "--------" RootUser="" for user in $(echo "$pwdfile" | awk -F: '{print $1}');do if [ $(id -u $user) -eq 0 ];then echo "$user" RootUser="$RootUser,$user" fi done echo "" echo "用户列表" echo "--------" USERs=0 echo "$( echo "用户名 UID GID HOME SHELL 最后一次登录" for shell in $(grep -v "/sbin/nologin" /etc/shells);do for username in $(grep "$shell" /etc/passwd| awk -F: '{print $1}');do userLastLogin="$(getUserLastLogin $username)" echo "$pwdfile" | grep -w "$username" |grep -w "$shell"| awk -F: -v lastlogin="$(echo "$userLastLogin" | tr ' ' '_')" '{print $1,$3,$4,$6,$7,lastlogin}' done let USERs=USERs+$(echo "$pwdfile" | grep "$shell"| wc -l) done )" | column -t echo "" echo "空密码用户" echo "----------" USEREmptyPassword="" for shell in $(grep -v "/sbin/nologin" /etc/shells);do for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do r=$(awk -F: '$2=="!!"{print $1}' /etc/shadow | grep -w $user) if [ ! -z $r ];then echo $r USEREmptyPassword="$USEREmptyPassword,"$r fi done done echo "" echo "相同ID的用户" echo "------------" USERTheSameUID="" UIDs=$(cut -d: -f3 /etc/passwd | sort | uniq -c | awk '$1>1{print $2}') for uid in $UIDs;do echo -n "$uid"; USERTheSameUID="$uid" r=$(awk -F: 'ORS="";$3=='"$uid"'{print ":",$1}' /etc/passwd) echo "$r" echo "" USERTheSameUID="$USERTheSameUID $r," done #报表信息 report_USERs="$USERs" #用户 report_USEREmptyPassword=$(echo $USEREmptyPassword | sed 's/^,//') report_USERTheSameUID=$(echo $USERTheSameUID | sed 's/,$//') report_RootUser=$(echo $RootUser | sed 's/^,//') #特权用户 } function getPasswordStatus { echo "" echo "" echo "############################ 密码检查 ############################" pwdfile="$(cat /etc/passwd)" echo "" echo "密码过期检查" echo "------------" result="" for shell in $(grep -v "/sbin/nologin" /etc/shells);do for user in $(echo "$pwdfile" | grep "$shell" | cut -d: -f1);do get_expiry_date=$(/usr/bin/chage -l $user | grep 'Password expires' | cut -d: -f2) if [[ $get_expiry_date = ' never' || $get_expiry_date = 'never' ]];then printf "%-15s 永不过期 " $user result="$result,$user:never" else password_expiry_date=$(date -d "$get_expiry_date" "+%s") current_date=$(date "+%s") diff=$(($password_expiry_date-$current_date)) let DAYS=$(($diff/(60*60*24))) printf "%-15s %s天后过期 " $user $DAYS result="$result,$user:$DAYS days" fi done done report_PasswordExpiry=$(echo $result | sed 's/^,//') echo "" echo "密码策略检查" echo "------------" grep -v "#" /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE" } function getSudoersStatus(){ echo "" echo "" echo "############################ Sudoers检查 #########################" conf=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d') echo "$conf" echo "" #报表信息 report_Sudoers="$(echo $conf | wc -l)" } function getInstalledStatus(){ echo "" echo "" echo "############################ 软件检查 ############################" rpm -qa --last | head | column -t } function getProcessStatus(){ echo "" echo "" echo "############################ 进程检查 ############################" if [ $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ];then echo "" echo "僵尸进程"; echo "--------" ps -ef | head -n1 ps -ef | grep defunct | grep -v grep fi echo "" echo "内存占用TOP10" echo "-------------" echo -e "PID %MEM RSS COMMAND $(ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 )"| column -t echo "" echo "CPU占用TOP10" echo "------------" top b -n1 | head -17 | tail -11 #报表信息 report_DefunctProsess="$(ps -ef | grep defunct | grep -v grep|wc -l)" } function getJDKStatus(){ echo "" echo "" echo "############################ JDK检查 #############################" java -version 2>/dev/null if [ $? -eq 0 ];then java -version 2>&1 fi echo "JAVA_HOME="$JAVA_HOME"" #报表信息 report_JDK="$(java -version 2>&1 | grep version | awk '{print $1,$3}' | tr -d '"')" } function getSyslogStatus(){ echo "" echo "" echo "############################ syslog检查 ##########################" echo "服务状态:$(getState rsyslog)" echo "" echo "/etc/rsyslog.conf" echo "-----------------" cat /etc/rsyslog.conf 2>/dev/null | grep -v "^#" | grep -v "^\$" | sed '/^$/d' | column -t #报表信息 report_Syslog="$(getState rsyslog)" } function getFirewallStatus(){ echo "" echo "" echo "############################ 防火墙检查 ##########################" #防火墙状态,策略等 if [[ $centosVersion < 7 ]];then /etc/init.d/iptables status >/dev/null 2>&1 status=$? if [ $status -eq 0 ];then s="active" elif [ $status -eq 3 ];then s="inactive" elif [ $status -eq 4 ];then s="permission denied" else s="unknown" fi else s="$(getState iptables)" fi echo "iptables: $s" echo "" echo "/etc/sysconfig/iptables" echo "-----------------------" cat /etc/sysconfig/iptables 2>/dev/null #报表信息 report_Firewall="$s" } function getSNMPStatus(){ #SNMP服务状态,配置等 echo "" echo "" echo "############################ SNMP检查 ############################" status="$(getState snmpd)" echo "服务状态:$status" echo "" if [ -e /etc/snmp/snmpd.conf ];then echo "/etc/snmp/snmpd.conf" echo "--------------------" cat /etc/snmp/snmpd.conf 2>/dev/null | grep -v "^#" | sed '/^$/d' fi #报表信息 report_SNMP="$(getState snmpd)" } function getState(){ if [[ $centosVersion < 7 ]];then if [ -e "/etc/init.d/$1" ];then if [ `/etc/init.d/$1 status 2>/dev/null | grep -E "is running|正在运行" | wc -l` -ge 1 ];then r="active" else r="inactive" fi else r="unknown" fi else #CentOS 7+ r="$(systemctl is-active $1 2>&1)" fi echo "$r" } function getSSHStatus(){ #SSHD服务状态,配置,受信任主机等 echo "" echo "" echo "############################ SSH检查 #############################" #检查受信任主机 pwdfile="$(cat /etc/passwd)" echo "服务状态:$(getState sshd)" Protocol_Version=$(cat /etc/ssh/sshd_config | grep Protocol | awk '{print $2}') echo "SSH协议版本:$Protocol_Version" echo "" echo "信任主机" echo "--------" authorized=0 for user in $(echo "$pwdfile" | grep /bin/bash | awk -F: '{print $1}');do authorize_file=$(echo "$pwdfile" | grep -w $user | awk -F: '{printf $6"/.ssh/authorized_keys"}') authorized_host=$(cat $authorize_file 2>/dev/null | awk '{print $3}' | tr ' ' ',' | sed 's/,$//') if [ ! -z $authorized_host ];then echo "$user 授权 "$authorized_host" 无密码访问" fi let authorized=authorized+$(cat $authorize_file 2>/dev/null | awk '{print $3}'|wc -l) done echo "" echo "是否允许ROOT远程登录" echo "--------------------" config=$(cat /etc/ssh/sshd_config | grep PermitRootLogin) firstChar=${config:0:1} if [ $firstChar == "#" ];then PermitRootLogin="yes" #默认是允许ROOT远程登录的 else PermitRootLogin=$(echo $config | awk '{print $2}') fi echo "PermitRootLogin $PermitRootLogin" echo "" echo "/etc/ssh/sshd_config" echo "--------------------" cat /etc/ssh/sshd_config | grep -v "^#" | sed '/^$/d' #报表信息 report_SSHAuthorized="$authorized" #SSH信任主机 report_SSHDProtocolVersion="$Protocol_Version" #SSH协议版本 report_SSHDPermitRootLogin="$PermitRootLogin" #允许root远程登录 } function getNTPStatus(){ #NTP服务状态,当前时间,配置等 echo "" echo "" echo "############################ NTP检查 #############################" if [ -e /etc/ntp.conf ];then echo "服务状态:$(getState ntpd)" echo "" echo "/etc/ntp.conf" echo "-------------" cat /etc/ntp.conf 2>/dev/null | grep -v "^#" | sed '/^$/d' fi #报表信息 report_NTP="$(getState ntpd)" } function uploadHostDailyCheckReport(){ json="{ "DateTime":"$report_DateTime", "Hostname":"$report_Hostname", "OSRelease":"$report_OSRelease", "Kernel":"$report_Kernel", "Language":"$report_Language", "LastReboot":"$report_LastReboot", "Uptime":"$report_Uptime", "CPUs":"$report_CPUs", "CPUType":"$report_CPUType", "Arch":"$report_Arch", "MemTotal":"$report_MemTotal", "MemFree":"$report_MemFree", "MemUsedPercent":"$report_MemUsedPercent", "DiskTotal":"$report_DiskTotal", "DiskFree":"$report_DiskFree", "DiskUsedPercent":"$report_DiskUsedPercent", "InodeTotal":"$report_InodeTotal", "InodeFree":"$report_InodeFree", "InodeUsedPercent":"$report_InodeUsedPercent", "IP":"$report_IP", "MAC":"$report_MAC", "Gateway":"$report_Gateway", "DNS":"$report_DNS", "Listen":"$report_Listen", "Selinux":"$report_Selinux", "Firewall":"$report_Firewall", "USERs":"$report_USERs", "USEREmptyPassword":"$report_USEREmptyPassword", "USERTheSameUID":"$report_USERTheSameUID", "PasswordExpiry":"$report_PasswordExpiry", "RootUser":"$report_RootUser", "Sudoers":"$report_Sudoers", "SSHAuthorized":"$report_SSHAuthorized", "SSHDProtocolVersion":"$report_SSHDProtocolVersion", "SSHDPermitRootLogin":"$report_SSHDPermitRootLogin", "DefunctProsess":"$report_DefunctProsess", "SelfInitiatedService":"$report_SelfInitiatedService", "SelfInitiatedProgram":"$report_SelfInitiatedProgram", "RuningService":"$report_RuningService", "Crontab":"$report_Crontab", "Syslog":"$report_Syslog", "SNMP":"$report_SNMP", "NTP":"$report_NTP", "JDK":"$report_JDK" }" #echo "$json" curl -l -H "Content-type: application/json" -X POST -d "$json" "$uploadHostDailyCheckReportApi" 2>/dev/null } function getchage_file_24h() { echo "############################ 文件检查 #############################" check2=$(find / -name '*.sh' -mtime -1) check21=$(find / -name '*.asp' -mtime -1) check22=$(find / -name '*.php' -mtime -1) check23=$(find / -name '*.aspx' -mtime -1) check24=$(find / -name '*.jsp' -mtime -1) check25=$(find / -name '*.html' -mtime -1) check26=$(find / -name '*.htm' -mtime -1) check9=$(find / -name core -exec ls -l {} ;) check10=$(cat /etc/crontab) check12=$(ls -alt /usr/bin | head -10) cat <<EOF ############################查看所有被修改过的文件返回最近24小时内的############################ ${check2} ${check21} ${check22} ${check23} ${check24} ${check25} ${check26} ${line} ############################检查定时文件的完整性############################ ${check10} ${line} ############################查看系统命令是否被替换############################ ${check12} ${line} EOF } function check(){ version getSystemStatus getCpuStatus getMemStatus getDiskStatus getNetworkStatus getListenStatus getProcessStatus getServiceStatus getAutoStartStatus getLoginStatus getCronStatus getUserStatus getPasswordStatus getSudoersStatus getJDKStatus getFirewallStatus getSSHStatus getSyslogStatus getSNMPStatus getNTPStatus getInstalledStatus getchage_file_24h } #执行检查并保存检查结果 check > $RESULTFILE echo "检查结果:$RESULTFILE" echo -e "`date "+%Y-%m-%d %H:%M:%S"` 阿里云PHP企业平台巡检报告" | mail -a $RESULTFILE -s "阿里云PHP企业平台巡检报告" h@163.com
结果示例
cat log/HostDailyCheck--20211027.txt 系统巡检脚本:Version 2020-03-16 ############################ 系统检查 ############################ 系统:GNU/Linux 发行版本:CentOS Linux release 7.5.1804 (Core) 内核:3.10.0-514.el7.x86_64 主机名:mongo_mongo_16 SELinux:disabled 语言/编码:en_US.UTF-8 当前时间:2021-10-27 09:39:27 最后启动:2021-07-13 10:10 运行时间:105 days ############################ CPU检查 ############################# 物理CPU个数:1 逻辑CPU个数:2 每CPU核心数:2 CPU型号:Intel(R) Xeon(R) CPU E5-2680 0 @ 2.70GHz CPU架构:x86_64 ############################ 内存检查 ############################ total used free shared buff/cache available Mem: 3.7G 780M 1.5G 174M 1.4G 2.5G Swap: 1.6G 0B 1.6G ############################ 磁盘检查 ############################ Filesystem Type | Size Used Avail Use% | Inodes IUsed IFree IUse% | Mounted /dev/mapper/cl-root xfs | 14G 4.9G 8.6G 37% | 6.7M 74K 6.7M 2% | / devtmpfs devtmpfs | 1.9G 0 1.9G 0% | 472K 353 471K 1% | /dev tmpfs tmpfs | 1.9G 216K 1.9G 1% | 474K 55 474K 1% | /dev/shm tmpfs tmpfs | 1.9G 216K 1.9G 1% | 474K 545 474K 1% | /run tmpfs tmpfs | 1.9G 216K 1.9G 1% | 474K 16 474K 1% | /sys/fs/cgroup tmpfs tmpfs | 1.9G 175M 1.7G 10% | 474K 55 474K 1% | /dev/shm tmpfs tmpfs | 1.9G 175M 1.7G 10% | 474K 545 474K 1% | /run tmpfs tmpfs | 1.9G 175M 1.7G 10% | 474K 16 474K 1% | /sys/fs/cgroup tmpfs tmpfs | 1.9G 0 1.9G 0% | 474K 55 474K 1% | /dev/shm tmpfs tmpfs | 1.9G 0 1.9G 0% | 474K 545 474K 1% | /run tmpfs tmpfs | 1.9G 0 1.9G 0% | 474K 16 474K 1% | /sys/fs/cgroup /dev/sdb1 xfs | 100G 3.9G 97G 4% | 50M 18K 50M 1% | /data /dev/sda1 xfs | 1014M 135M 880M 14% | 512K 332 512K 1% | /boot tmpfs tmpfs | 380M 0 380M 0% | 474K 1 474K 1% | /run/user/0 ############################ 网络检查 ############################ ens160: 192.168.15.16/24 网关:192.168.15.1 DNS:202.96.134.133 ############################ 监听检查 ############################ Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.1:323 *:* udp UNCONN 0 0 *:123 *:* udp UNCONN 0 0 ::1:323 :::* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 1000 *:4505 *:* tcp LISTEN 0 1000 *:4506 *:* tcp LISTEN 0 128 *:3717 *:* tcp LISTEN 0 128 :::22 :::* ############################ 进程检查 ############################ 内存占用TOP10 ------------- PID %MEM RSS COMMAND 3662 8.1 315484 /usr/local/mongodb/bin/mongod 1214 1.9 77076 /usr/bin/python 1218 1.4 55604 /usr/bin/python 1217 1.4 55588 /usr/bin/python 1229 1.4 55504 /usr/bin/python 1219 1.4 55500 /usr/bin/python 1228 1.4 55460 /usr/bin/python 982 1.3 52048 /usr/bin/python 984 1.1 45928 /usr/bin/python 1216 1.0 40388 /usr/bin/python CPU占用TOP10 ------------ PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 7338 root 20 0 161852 2120 1540 R 6.2 0.1 0:00.04 top 1 root 20 0 125324 3752 2512 S 0.0 0.1 1:07.85 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:02.44 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:07.84 ksoftirqd/0 7 root rt 0 0 0 0 S 0.0 0.0 0:33.33 migration/0 8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh 9 root 20 0 0 0 0 S 0.0 0.0 33:59.52 rcu_sched 10 root rt 0 0 0 0 S 0.0 0.0 0:47.50 watchdog/0 11 root rt 0 0 0 0 S 0.0 0.0 0:50.74 watchdog/1 12 root rt 0 0 0 0 S 0.0 0.0 1:18.91 migration/1 ############################ 服务检查 ############################ 服务配置 -------- auditd.service enabled autovt@.service enabled chronyd.service enabled crond.service enabled dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled getty@.service enabled irqbalance.service enabled kdump.service enabled lvm2-monitor.service enabled microcode.service enabled NetworkManager-dispatcher.service enabled NetworkManager-wait-online.service enabled NetworkManager.service enabled rhel-autorelabel-mark.service enabled rhel-autorelabel.service enabled rhel-configure.service enabled rhel-dmesg.service enabled rhel-domainname.service enabled rhel-import-state.service enabled rhel-loadmodules.service enabled rhel-readonly.service enabled rsyslog.service enabled salt-master.service enabled salt-syndic.service enabled sshd.service enabled systemd-readahead-collect.service enabled systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled tuned.service enabled vmtoolsd.service enabled 正在运行的服务 -------------- auditd.service loaded active running Security Auditing Service chronyd.service loaded active running NTP client/server crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus getty@tty1.service loaded active running Getty on tty1 irqbalance.service loaded active running irqbalance daemon lvm2-lvmetad.service loaded active running LVM2 metadata daemon NetworkManager.service loaded active running Network Manager polkit.service loaded active running Authorization Manager rsyslog.service loaded active running System Logging Service salt-master.service loaded active running The Salt Master Server salt-syndic.service loaded active running The Salt Master Server sshd.service loaded active running OpenSSH server daemon systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running Login Service systemd-udevd.service loaded active running udev Kernel Device Manager tuned.service loaded active running Dynamic System Tuning Daemon vgauthd.service loaded active running VGAuth Service for open-vm-tools vmtoolsd.service loaded active running Service for virtual machines hosted on VMware ############################ 自启动检查 ########################## touch /var/lock/subsys/local ############################ 登录检查 ############################ root pts/0 192.168.10.18 Mon Oct 25 09:30 still logged in root pts/0 192.168.10.18 Fri Oct 8 09:54 - 04:34 (15+18:39) root pts/0 192.168.10.18 Fri Aug 6 18:03 - 00:19 (55+06:16) root pts/0 192.168.10.18 Tue Jul 13 10:14 - 18:03 (24+07:49) reboot system boot 3.10.0-514.el7.x Tue Jul 13 10:10 - 09:39 (105+23:29) root pts/0 192.168.10.18 Fri Jul 9 16:54 - crash (3+17:16) root pts/0 192.168.10.18 Fri Jul 9 15:22 - 15:35 (00:13) root pts/1 192.168.10.18 Wed Jul 7 17:13 - 17:56 (00:43) root pts/0 192.168.10.18 Mon Jul 5 22:37 - 15:15 (3+16:38) reboot system boot 3.10.0-514.el7.x Mon Jul 5 22:36 - 09:39 (113+11:02) ############################ 计划任务检查 ######################## root -------- */20 * * * * /usr/sbin/ntpdate -b time1.aliyun.com > /dev/null 2>&1 -rw-r--r--. 1 root root 128 Apr 11 2018 /etc/cron.d/0hourly -rw-r--r-- 1 root root 224 Dec 6 2018 /etc/cron.d/mongodb-consistent-backup -rwx------. 1 root root 219 Apr 11 2018 /etc/cron.daily/logrotate -rwxr-xr-x. 1 root root 618 Mar 18 2014 /etc/cron.daily/man-db.cron -rw-------. 1 root root 0 Apr 11 2018 /etc/cron.deny -rwxr-xr-x. 1 root root 392 Apr 11 2018 /etc/cron.hourly/0anacron -rw-r--r--. 1 root root 451 Jun 10 2014 /etc/crontab ############################ 用户检查 ############################ /etc/passwd 最后修改时间:2021-07-13 10:34:27 (105 天 23 小时前) 特权用户 -------- root 用户列表 -------- 用户名 UID GID HOME SHELL 最后一次登录 root 0 0 /root /bin/bash 2021-10-25_09:30:00 25QPSZUser 1000 1000 /home/25QPSZUser /bin/bash 从未登录过 postgres 1002 1002 /home/postgres /bin/bash 从未登录过 空密码用户 ---------- postgres 相同ID的用户 ------------ ############################ 密码检查 ############################ 密码过期检查 ------------ root 永不过期 25QPSZUser 永不过期 postgres 永不过期 密码策略检查 ------------ PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 ############################ Sudoers检查 ######################### root ALL=(ALL) ALL 25QPSZUser ALL=(root) ALL %wheel ALL=(ALL) ALL ############################ JDK检查 ############################# JAVA_HOME="" ############################ 防火墙检查 ########################## iptables: inactive /etc/sysconfig/iptables ----------------------- ############################ SSH检查 ############################# 服务状态:active SSH协议版本: 信任主机 -------- 是否允许ROOT远程登录 -------------------- PermitRootLogin yes /etc/ssh/sshd_config -------------------- HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key SyslogFacility AUTHPRIV AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials no UsePAM yes X11Forwarding yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS Subsystem sftp /usr/libexec/openssh/sftp-server ############################ syslog检查 ########################## 服务状态:active /etc/rsyslog.conf ----------------- *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log ############################ SNMP检查 ############################ 服务状态:unknown ############################ NTP检查 ############################# ############################ 软件检查 ############################ libgcc-4.8.5-44.el7.i686 Wed 13 Oct 2021 11:41:41 AM CST gcc-4.8.5-44.el7.x86_64 Wed 13 Oct 2021 11:41:39 AM CST cpp-4.8.5-44.el7.x86_64 Wed 13 Oct 2021 11:41:37 AM CST libgcc-4.8.5-44.el7.x86_64 Wed 13 Oct 2021 11:41:35 AM CST libgomp-4.8.5-44.el7.x86_64 Wed 13 Oct 2021 11:41:34 AM CST psmisc-22.20-17.el7.x86_64 Thu 01 Jul 2021 10:03:22 PM CST irqbalance-1.0.7-12.el7.x86_64 Wed 30 Jun 2021 03:54:44 PM CST percona-xtrabackup-80-8.0.25-17.1.el7.x86_64 Wed 23 Jun 2021 05:52:32 PM CST gpg-pubkey-8507efa5-5b02c2fb Wed 23 Jun 2021 05:52:07 PM CST gpg-pubkey-cd2efd2a-4b26dda1 Wed 23 Jun 2021 05:51:57 PM CST ############################ 文件检查 ############################# ############################查看所有被修改过的文件返回最近24小时内的############################ /tmp/a.sh ############################检查定时文件的完整性############################ SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed ############################查看系统命令是否被替换############################ total 482908 dr-xr-xr-x. 2 root root 28672 Oct 13 11:41 . lrwxrwxrwx 1 root root 3 Oct 13 11:41 cc -> gcc lrwxrwxrwx 1 root root 6 Jul 1 22:03 pstree.x11 -> pstree -rwxr-xr-x 1 root root 75684 Jun 23 17:52 qpress -rwxr-xr-x 1 root root 467824 May 31 18:49 xbcloud -rwxr-xr-x 1 root root 222456 May 31 18:49 xbcrypt -rwxr-xr-x 1 root root 252224 May 31 18:49 xbstream -rwxr-xr-x 1 root root 58267600 May 31 18:48 xtrabackup -rwxr-xr-x 1 root root 3020 May 31 18:25 xbcloud_osenv
f
