Linux信息采集shell脚本

某次项目遇到要批量检测环境,改了个shell脚本


#!/bin/bash
echo ---------------------------------------主机安全检查---------------------------------------
echo "系统版本"
uname -a

echo --------------------------------------------------------------------------
echo "本机的ip地址是:"
ifconfig | grep --color "\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}"

echo -----------------------------------------------------------------------
echo "内存使用情况"
more /proc/meminfo

echo -----------------------------------------------------------------------
echo "文件系统使用情况"
df -h

echo ---------------------------------------账户安全检查---------------------------------------
echo "查看passwd文件中有哪些特权用户(root权限)"
awk -F: '$3==0 {print $1}' /etc/passwd

echo ------------------------------------------------------------------------
echo "查看系统中是否存在空口令账户"
awk -F: '($2=="!!") {print $1}' /etc/shadow
echo "该结果不适用于Ubuntu系统"

echo ------------------------------------------------------------------------
echo "查看系统中存在哪些非系统默认用户"
echo "root:x:“该值大于500为新创建用户,小于或等于500为系统初始用户”"
more /etc/passwd |awk -F ":" '{if($3>=500){print "/etc/passwd里面的"$1 "的值为"$3 ",工作目录为"$6 ",启用的shell为"$7 ",请管理员确认该账户是否正常。"}}'

echo ------------------------------------------------------------------------
echo "查看正常情况下登录到本机的所有用户的历史记录"
last

echo ---------------------------------------历史命令及用户配置检查-----------------------------
echo "查看root账户历史命令"
cat /root/.bash_history

echo -----------------------------------------------------------------------
echo "查看root账户配置"
cat /root/.bashrc

echo -----------------------------------------------------------------------
echo "查看weblogic账户历史命令"
cat /home/weblogic/.bash_history

echo -----------------------------------------------------------------------
echo "查看weblogic账户配置"
cat /home/weblogic/.bashrc

echo ---------------------------------------连接安全检查---------------------------------------
echo "查看系统中root用户外连情况"
lsof -u root |egrep "ESTABLISHED|SYN_SENT|LISTEN"
echo ----------------------------状态解释------------------------------
echo "ESTABLISHED的意思是建立连接。表示两台机器正在通信。"
echo "LISTENING的"
echo "SYN_SENT状态表示请求连接"

echo ------------------------------------------------------------------------
echo "查看系统中root用户TCP连接情况"
lsof -u root |egrep "TCP"

echo ------------------------------------------------------------------------
echo "检查网络连接和监听端口"
netstat -antp

echo "--------------------------路由表、网络连接、接口信息--------------"
netstat -rn

echo "------------------------查看网卡详细信息--------------------------"
ifconfig -a

echo ---------------------------------------进程安全检查---------------------------------------
echo "查看进程树"
ps auxf

echo ----------------------------------------------------------------------
echo "按进程名称排序的进程项"
ps auxf |sort -k 11

echo ----------------------------------------------------------------------
echo "按进程启动时间排序的进程项"
ps auxf |sort -k 9
echo ---------------------------------------------------------------------

echo ---------------------------------------文件安全检查---------------------------------------
echo "检查系统中关键文件修改时间"
ls -ltr /bin/ls /bin/login /etc/passwd /bin/ps /usr/bin/top /etc/shadow|awk '{print "文件名:"$9"\t最后修改时间:\t"$6" "$7" "$8}'

echo --------------------------------------------------------------------------
echo "检查重点文件完整性(MD5检查)"
md5sum /etc/passwd
md5sum /etc/shadow
md5sum /etc/group
md5sum /usr/bin/passwd
md5sum /sbin/portmap
md5sum /bin/login
md5sum /bin/ls
md5sum /bin/ps
md5sum /usr/bin/top

echo --------------------------------------------------------------------------
echo "检查重点目录完整性(MD5检查)"
find /bin -type f | xargs md5sum

echo --------------------------------------------------------------------------
echo "检查关键目录最近120天内修改文件"
find /root /boot /bin /etc /sbin /usr /home /opt /var /sys /lib /weblogic /tmp -type f -ctime -120 | xargs ls -la

echo ---------------------------------------启动项检查-----------------------------------------
echo "检查/etc/rc.local"
cat /etc/rc.local

echo --------------------------------------------------------------------------
echo "检查/etc/init.d/中的服务项"
ls -la /etc/init.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc0.d/中的启动项"
ls -la /etc/rc0.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc1.d/中的启动项"
ls -la /etc/rc1.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc2.d/中的启动项"
ls -la /etc/rc2.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc3.d/中的启动项"
ls -la /etc/rc3.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc4.d/中的启动项"
ls -la /etc/rc4.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc5.d/中的启动项"
ls -la /etc/rc5.d/

echo --------------------------------------------------------------------------
echo "检查/etc/rc6.d/中的启动项"
ls -la /etc/rc6.d/

echo --------------------------------------------------------------------------
echo "检查/etc/crontab中的定时启动项"
cat /etc/crontab

echo --------------------------------------------------------------------------
echo "检查/etc/cron.hourly中的小时定时启动项"
ls -la /etc/cron.hourly

echo --------------------------------------------------------------------------
echo "检查/etc/cron.daily中的按日定时启动项"
ls -la /etc/cron.daily

echo --------------------------------------------------------------------------
echo "检查/etc/cron.weekly中的按周定时启动项"
ls -la /etc/cron.weekly

echo --------------------------------------------------------------------------
echo "检查/etc/cron.monthly中的按月定时启动项"
ls -la /etc/cron.monthly

echo ---------------------------------------日志检查-------------------------------------------
echo "查看/var/log/secure中的部分用户登录日志"
more /var/log/secure

echo --------------------------------------------------------------------------
echo "检查/var/log/messages中的部分系统日志"
more /var/log/messages


发表评论