perl改造成bash---结果写入xml

#!/bin/bash

ipv4=`ifconfig eth0 | grep 'inet addr'|awk -F ":" '{print $2}'|awk '{print$1}'`
ipv6=`ifconfig eth0 | grep 'inet6 addr'|awk -F "/" '{print $1}'`

os_name=`uname -s 2>> error;uname.bak -s 2>>error`
os_version=`lsb_release -a 2>> error||cat /etc/issue 2>> error||cat /etc/redhat-release 2>> error||cat /etc/redhat-release.bak 2>> error||uname -a 2>> error||uname.bak -a 2>> error`
startDate=`date "+%Y-%m-%d %H:%M:%S"`
ipaddr="$1"

os_result=`uname -a 2>> error||uname.bak -a 2>> error`
result=`echo ${os_result%-*}`
os=`echo ${result##* }`

Script_ID[0]=1
Script_Value[0]="function linux7() {
ls -l /lib*/security/pam_tally.so 2>/dev/null
echo "---------------system-auth-------------------"
cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'
if [[ -n %ls -l /lib*/security/pam_tally.so 2>/dev/null% ]];then
if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally.so"% ]];then
if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally.so"|egrep "deny=\w+"% ]];then
echo "result="%cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally.so"|awk -F"deny=" '{print$2}'|awk '{print$1}'%
else
echo "result=false"
fi
else
echo "result=false"
fi
elif [[ -n %ls -l /lib*/security/pam_tally2.so 2>/dev/null% ]];then
cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"
if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"% ]];then
if [[ -n %cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"|egrep "deny=\w+"% ]];then
echo "result="%cat /etc/pam.d/system-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth[[:space:]]*required[[:space:]]*\S*pam_tally2.so"|awk -F"deny=" '{print$2}'|awk '{print$1}'%
else
echo "result=false"
fi
else
echo "result=false"
fi
else
echo "result=pam_tally not found"
fi
}
function linux8() {
ls -l /etc/pam.d/system-auth /etc/pam.d/password-auth 2>/dev/null
if [ -f /etc/pam.d/system-auth ]&&[ -f /etc/pam.d/password-auth ];then
for FILE in /etc/pam.d/system-auth /etc/pam.d/password-auth
do
echo $FILE
cat $FILE|sed '/^\s*#/d'|sed '/^\s*$/d'
venus1=$(cat $FILE|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth\s+required\s+pam_faillock.so\s+preauth"|egrep "deny=\w")
venus2=$(cat $FILE|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "auth\s+\[default=die\]\s+pam_faillock.so\s+authfail"|egrep "deny=\w")
venus3=$(cat $FILE|sed '/^\s*#/d'|sed '/^\s*$/d'|egrep "account\s+required\s+pam_faillock.so")
if [[ -n $venus1 ]]&&[[ -n $venus2 ]]&&[[ -n $venus3 ]];then
echo "result="$(echo $venus1|sed 's/.*\sdeny=\(\w*\)\s.*/\1/')
echo "result="$(echo $venus2|sed 's/.*\sdeny=\(\w*\)\s.*/\1/')
else
echo "result=false"
fi
done
unset FILE venus1 venus2 venus3
else
echo "result=false"
fi
}
function ubuntu_debian() {
ls /lib/x86_64-linux-gnu/security/pam_tally*.so 2>/dev/null
cat etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'
if [ -f /lib/x86_64-linux-gnu/security/pam_tally.so ] || [ -f /lib/x86_64-linux-gnu/security/pam_tally2.so ];then
DENY_result1=%cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p'%
DENY_result2=%cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p'%
if [ -n "$DENY_result1" ];then
echo "result1="%cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p'|awk -F= '{print$2}'%
elif [ -n "DENY_result2" ];then
echo "result="%cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p'|awk -F= '{print$2}'%
else
echo "result=false"
fi
unset DENY_result1 DENY_result2
else
echo "result=pam_tally not found"
fi
}
function suse() {
ls -l /lib*/security/pam_tally.so 2>/dev/null
echo "----------------common-auth------------------"
cat /etc/pam.d/common-auth|sed '/^\s*#/d'|sed '/^\s*$/d' 2>/dev/null
echo "----------------common-account------------------"
cat /etc/pam.d/common-account|sed '/^\s*#/d'|sed '/^\s*$/d' 2>/dev/null
echo "----------------------------------"
if [[ -n %ls -l /lib*/security/pam_tally.so 2>/dev/null% ]];then
if [[ -n %cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p'% ]];then
echo "result="%cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally.so.*(deny=[[:digit:]]+).*/\1/p'|awk -F= '{print$2}'%
else
echo "result=false"
fi
elif [[ -n %ls -l /lib*/security/pam_tally2.so 2>/dev/null% ]];then
if [[ -n %cat /etc/pam.d/common-account 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -n '/account\s*required\s*pam_tally2.so/p'% ]];then
if [[ -n %cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p'% ]];then
echo "result="%cat /etc/pam.d/common-auth 2>/dev/null|sed '/^\s*#/d'|sed '/^\s*$/d'|sed -rn '/auth/s/auth\s*required\s*pam_tally2.so.*(deny=[[:digit:]]+).*/\1/p'|awk -F= '{print$2}'%
else
echo "result=false"
fi
else
echo "result=false"
fi
else
echo "result=pam_tally not found"
fi
}
if [ -f /etc/redhat-release ];then
linux_version=$(cat /etc/redhat-release|awk -F"release" '{print$2}'|awk '{print$1}'|cut -d\. -f1)
if [ $linux_version -ge 8 ];then
cat /etc/redhat-release
linux8
else
cat /etc/redhat-release
linux7
fi
elif [ -f /etc/SuSE-release ];then
cat /etc/SuSE-release
suse
elif [[ -n $(cat /etc/os-release 2>/dev/null |grep -w "ID"|egrep -wi "ubuntu|debian") ]];then
cat /etc/os-release
ubuntu_debian
else
echo "result=Operating system judgment failed"
fi
"
Script_Support[0]="3.10.0 2.6.32 2.6.18 2.6.9 2.4.21 2.4.9"

Script_ID[1]=2
Script_Value[1]="if grep -v "^[[:space:]]*#" /etc/ssh/sshd_config|grep -i "PermitRootLogin no"
then echo "This device does not permit root to ssh login,check result:true";
else
echo "This device permits root to ssh login,check result:false";
fi
if grep  -v "^[[:space:]]*#" /etc/ssh/sshd_config|egrep "^protocol[[:space:]]*2|^Protocol[[:space:]]*2"
then echo "SSH protocol version is 2,check result:true"
else
echo "SSH protocol version is not 2,check result:false"
fi
"
Script_Support[1]="4.18.0 2.6.32 2.6.18 2.6.9 2.4.21 2.4.9"

Script_ID[2]=3
Script_Value[2]="export LANG=en_US.UTF-8
if [[ %cat /etc/redhat-release 2>/dev/null|cut -b 22% -ge 7 ]] || [[ %cat /etc/redhat-release 2>/dev/null|cut -b 41% -ge 7 ]];then
echo "telnet_status="%systemctl|grep telnet|grep active|wc -l%
echo "ssh_status="%ps -ef|grep "sshd"|grep -v "grep"|wc -l%
else
echo "telnet_status="%chkconfig --list |egrep "*.telnet"|egrep -i "on"|wc -l%
echo "ssh_status="%ps -ef|grep "sshd"|grep -v "grep"|wc -l%
fi
unset telnet_status ssh_status
"
Script_Support[2]="4.18.0 3.10.0 2.6.18 2.6.9 2.4.21 2.4.9"

Script_ID[3]=4
Script_Value[3]="ls -alL /etc/passwd /etc/shadow /etc/group
echo "passwd_total="%ls -alL /etc/passwd 2>/dev/null|grep -v  "[r-][w-]-[r-]--[r-]--"|grep "[r-][w-][x-][r-][w-][x-][r-][w-][x-]"|wc -l%
echo "shadow_total="%ls -alL /etc/shadow 2>/dev/null|grep -v  "[r-][w-]-------"|grep "[r-][w-][x-][r-][w-][x-][r-][w-][x-]"|wc -l%
echo "group_total="%ls -alL /etc/group 2>/dev/null|grep -v  "[r-][w-]-[r-]--[r-]--"|grep "[r-][w-][x-][r-][w-][x-][r-][w-][x-]"|wc -l%
"
Script_Support[3]="4.18.0 3.10.0 2.6.32 2.6.9 2.4.21 2.4.9"

Script_ID[4]=5
Script_Value[4]="Calculate (){
echo "DCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ' '|awk 'BEGIN{RS=" "}{print $0}'|awk -F"=" '/dcredit/{print$2}'|awk '{print$1}'|awk -F"-" '{print$2}'%
echo "LCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ' '|awk 'BEGIN{RS=" "}{print $0}'|awk -F"=" '/lcredit/{print$2}'|awk '{print$1}'|awk -F"-" '{print$2}'%
echo "UCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ' '|awk 'BEGIN{RS=" "}{print $0}'|awk -F"=" '/ucredit/{print$2}'|awk '{print$1}'|awk -F"-" '{print$2}'%
echo "OCREDIT="%cat $1|egrep -v "[[:space:]]*#"|tr -d ' '|awk 'BEGIN{RS=" "}{print $0}'|awk -F"=" '/ocredit/{print$2}'|awk '{print$1}'|awk -F"-" '{print$2}'%
echo "MINCLASS="%cat $1|egrep -v "[[:space:]]*#"|tr -d ' '|awk 'BEGIN{RS=" "}{print $0}'|awk -F"=" '/minlen/{print$2}'|awk '{print$1}'%
}
if ([ -f /etc/redhat-release ] && [ -f /etc/pam.d/system-auth ]);then
if [[ %cat /etc/redhat-release|grep -aPo '(?<=release\s)\d'% -ge "7" ]];then
if [[ -n %cat /etc/pam.d/passwd|egrep -v "[[:space:]]*#"|egrep "password[[:space:]]+required[[:space:]]+pam_pwquality.so"% ]];then
echo "result0=Found pam_pwquality.so module"
FILE=/etc/security/pwquality.conf;
Calculate "$FILE";
unset FILE
else
FILE=/etc/pam.d/system-auth;
Calculate "$FILE";
unset FILE
fi
fi
elif ([ -f /etc/SuSE-release ] && [ -f /etc/pam.d/common-password ]);then
FILE=/etc/pam.d/common-password
Calculate "$FILE";
unset FILE
fi
"
Script_Support[4]="4.18.0 3.10.0 2.6.32 2.6.18 2.4.21 2.4.9"

Script_ID[5]=6
Script_Value[5]="export LANG=en_US.UTF-8
if [[ %cat /etc/redhat-release 2>/dev/null|cut -b 22% -ge 7 ]] || [[ %cat /etc/redhat-release 2>/dev/null|cut -b 41% -ge 7 ]];then
telnet_status=%systemctl|grep "telnet.socket"|wc -l%
else
telnet_status=%chkconfig --list|egrep "telnet.*"|grep -w "on"|wc -l%
fi
if [ $telnet_status -ge 1 ];then
echo "pts_count="%cat /etc/securetty 2>/dev/null|grep -v "^[[:space:]]*#"|grep "pts/*"|wc -l%
else
echo "Telnet process is not open"
fi
unset telnet_status
"
Script_Support[5]="4.18.0 3.10.0 2.6.32 2.6.18 2.6.9 2.4.9"

Script_ID[6]=7
Script_Value[6]="if [ -f /etc/syslog.conf ];
then
cat /etc/syslog.conf | grep -v "^[[:space:]]*#" | grep -E '[[:space:]]*.+@.+';
fi;
if [ -s /etc/syslog-ng/syslog-ng.conf ];
then
ret_1=%cat /etc/syslog-ng/syslog-ng.conf | grep -v "^[[:space:]]*#" | grep "port(514)"|awk '{print $2}'%;
if [ -n "$ret_1" ];
then
ret_2=%cat /etc/syslog-ng/syslog-ng.conf | grep -v "^[[:space:]]*#" | grep "destination($ret_1)"%;
if [ -n "$ret_2" ];
then
echo "Set the log server:true";
else
echo "not Set the log server:false";
fi;
fi;
fi;
if [ -f /etc/rsyslog.conf ];
then cat /etc/rsyslog.conf | grep -v "^[[:space:]]*#" | grep -E '[[:space:]]*.+@.+';
fi
"
Script_Support[6]="4.18.0 3.10.0 2.6.32 2.6.18 2.6.9 2.4.21"

file="$1_linux_chk.xml"

echo -e "<?xml version="1.0" encoding="UTF-8"?>
<result>" > ${file}
echo -e "<osName><![CDATA[$os_name]]></osName>
<version><![CDATA[$os_version]]></version>" >> ${file}
echo "<ip><![CDATA[$ipaddr]]></ip>" >> ${file}
echo "<type><![CDATA[/server/Linux]]></type>" >> ${file}
echo "<startTime><![CDATA[$startDate]]></startTime>" >> ${file}
echo "<pId><![CDATA[0]]></pId>" >> ${file}
echo -e "	<scripts>" >> ${file}
echo 核查开始
total=${#Script_ID[@]}
for((i=0;i<=${total};i=i+1))
do
  if [ -n "${Script_ID[$i]}" ];then
    
    index=`expr $i + 1`
    echo 正在核查第${index}/${total}项
    contain=${Script_Support[$i]}
    value=${Script_Value[$i]}
    value=${value//%/\`}
    script_result=`echo "${value}"|bash`
    if [[ $contain =~ $os ]] 
    then
        echo -e "		<script>" >> ${file}
        echo -e "			<id>${Script_ID[$i]}</id>" >> ${file}
        echo -e "			<value><![CDATA[${value}
${script_result}]]></value>" >> ${file}
        echo -e "		</script>" >> ${file}
    else 
        echo 第${index}/${total}项不兼容此系统
    fi
    echo 第${index}/${total}项核查完毕
  fi
done
echo -e "	</scripts>" >> ${file}
endDate=`date "+%Y-%m-%d %H:%M:%S"`
echo "<endTime><![CDATA[$endDate]]></endTime>" >> ${file}
echo "</result>" >> ${file}
path=`echo ~+`
echo "write result to $path/$file";

因为脚本会预处理 ` 命令` ，所以将 ` 由上层替换为% ，然后在脚本中替换为`，就可以在其他地方输出value 本身以及执行结果，否则的话脚本会将value中命令执行结果替换原来`命令`出的命令