SHELL脚本生产案例集锦

原创

wcgrainman 2019-02-13 08:57:52 博主文章分类：shell ©著作权

©著作权归作者所有：来自51CTO博客作者wcgrainman的原创作品，请联系作者获取转载授权，否则将追究法律责任

1、LVS客户端自动配置 #/bin/bash VIP=(202.106.195.111 202.106.195.222) [ -e /etc/sysctl.conf ]&&rm -f /etc/sysctl.conf [ -e /etc/sysconfig/network-scripts/ifcfg-lo:0 ]&&rm -f /etc/sysconfig/network-scripts/ifcfg-lo:0 [ -e /etc/sysconfig/network-scripts/ifcfg-lo:1 ]&&rm -f /etc/sysconfig/network-scripts/ifcfg-lo:1

echo "net.ipv4.conf.all.arp_ignore = 1">/etc/sysctl.conf echo "net.ipv4.conf.all.arp_announce = 2">>/etc/sysctl.conf echo "net.ipv4.conf.default.arp_ignore = 1">>/etc/sysctl.conf echo "net.ipv4.conf.default.arp_announce = 2">>/etc/sysctl.conf echo "net.ipv4.conf.lo.arp_ignore = 1">>/etc/sysctl.conf echo "net.ipv4.conf.lo.arp_announce = 2">>/etc/sysctl.conf sysctl -p &>/dev/null

cd /etc/sysconfig/network-scripts for ((i=0;i<echo ${#VIP[*]};i++)) do cp ifcfg-lo ifcfg-lo:$i echo "DEVICE=lo:$i">ifcfg-lo:$i echo "IPADDR=${VIP[$i]}">>ifcfg-lo:$i echo "NETMASK=255.255.255.255">>ifcfg-lo:$i echo "ONBOOT=yes">>ifcfg-lo:$i ifup ifcfg-lo:$i /usr/sbin/route add -host ${VIP[$i]} dev lo:$i &>/dev/null done

2、企业日常巡检

#!/bin/bash

function system(){ echo "#########################系统信息#########################" OS_TYPE=uname OS_VER=cat /etc/redhat-release OS_KER=uname -a|awk '{print $3}' OS_TIME=date +%F_%T OS_RUN_TIME=uptime |awk '{print $3}'|awk -F, '{print $1}' OS_LAST_REBOOT_TIME=who -b|awk '{print $2,$3}' OS_HOSTNAME=hostname

echo " 系统类型：$OS_TYPE" echo " 系统版本：$OS_VER" echo " 系统内核：$OS_KER" echo " 当前时间：$OS_TIME" echo " 运行时间：$OS_RUN_TIME" echo "最后重启时间：$OS_LAST_REBOOT_TIME" echo " 本机名称：$OS_HOSTNAME" } function network(){

echo "#########################网络信息#########################" INTERNET=(ifconfig|grep ens|awk -F: '{print $1}') for((i=0;i<echo ${#INTERNET[*]};i++)) do OS_IP=ifconfig ${INTERNET[$i]}|head -2|grep inet|awk '{print $2}' echo " 本机IP：${INTERNET[$i]}:$OS_IP" done curl -I http://www.baidu.com &>/dev/null if [ $? -eq 0 ] then echo " 访问外网：成功" else echo " 访问外网：失败" fi }

function hardware(){

echo "#########################硬件信息#########################" CPUID=grep "physical id" /proc/cpuinfo |sort|uniq|wc -l CPUCORES=grep "cores" /proc/cpuinfo|sort|uniq|awk -F: '{print $2}' CPUMODE=grep "model name" /proc/cpuinfo|sort|uniq|awk -F: '{print $2}'

echo " CPU数量: $CPUID" echo " CPU核心:$CPUCORES" echo " CPU型号:$CPUMODE"

MEMTOTAL=free -m|grep Mem|awk '{print $2}' MEMFREE=free -m|grep Mem|awk '{print $7}'

echo " 内存总容量: ${MEMTOTAL}MB" echo "剩余内存容量: ${MEMFREE}MB"

disksize=0 swapsize=free|grep Swap|awk {'print $2'} partitionsize=(df -T|sed 1d|egrep -v "tmpfs|sr0"|awk {'print $3'}) for ((i=0;i<echo ${#partitionsize[*]};i++)) do disksize=expr $disksize + ${partitionsize[$i]} done ((disktotal=($disksize+$swapsize)/1024/1024))

echo " 磁盘总容量: ${disktotal}GB"

diskfree=0 swapfree=free|grep Swap|awk '{print $4}' partitionfree=(df -T|sed 1d|egrep -v "tmpfs|sr0"|awk '{print $5}') for ((i=0;i<echo ${#partitionfree[*]};i++)) do diskfree=expr $diskfree + ${partitionfree[$i]} done

((freetotal=($diskfree+$swapfree)/1024/1024))

echo "剩余磁盘容量：${freetotal}GB" }

function secure(){ echo "#########################安全信息#########################"

countuser=(last|grep "still logged in"|awk '{print $1}'|sort|uniq) for ((i=0;i<echo ${#countuser[*]};i++)) do echo "当前登录用户：${countuser[$i]}" done

md5sum -c --quiet /opt/passwd.db &>/dev/null if [ $? -eq 0 ] then echo " 用户异常：否" else echo " 用户异常：是" fi }

function chksys(){ system network hardware secure }

3、检测网站地址是否存活

#!/bin/bash . /etc/init.d/functions url_list=(www.tec.com www.stu.com)

function chkurl(){ i=0 while [ $i -lt 2 ] do curl http://${url_list[$i]} &>/dev/null if [ $? -eq 0 ] then action "${url_list[$i]}" /bin/true else action "${url_list[$i]}" /bin/false fi let i++ done }

function main(){ while true do chkurl sleep 3 done } main

4、LVS节点健康检查

#!/bin/bash VIP=202.106.195.1 PORT=80 RIP=(192.168.100.10 192.168.100.20)

while true do for ((i=0;i<echo ${#RIP[*]};i++)) do code=curl -I -m 10 -o /dev/null -s -w %{http_code} http://${RIP[$i]} if [ $code -ne 200 -a $(ipvsadm -Ln|grep ${RIP[$i]}|wc -l) -eq 1 ] then ipvsadm -d -t $VIP:$PORT -r ${RIP[$i]}:$PORT elif [ $code -eq 200 -a $(ipvsadm -Ln|grep ${RIP[$i]}|wc -l) -lt 1 ] then ipvsadm -a -t $VIP:$PORT -r ${RIP[$i]}:$PORT fi done sleep 5 done

5、Keepalived监控服务

#!/bin/bash while true do if [ $(pidof httpd|wc -l) -eq 1 -a $(pidof keepalived|wc -l) -eq 0 ] then systemctl start keepalived fi

pidof httpd &>/dev/null if [ $? -ne 0 ] then systemctl start httpd &>/dev/null fi sleep 3

pidof httpd &>/dev/null if [ $? -ne 0 ] then systemctl stop keepalived fi sleep 3 done

6、mysql建库建表插入数据

#!/bin/bash user="root" password="123456" mycmd="mysql -u$user -p$password"

for dbname in tec stu do $mycmd -e "create database $dbname;" $mycmd -e "use $dbname;create table test(id int,name varchar(18));insert into test values(1,'rainman');" done

7、mysql分库分表备份

#!/bin/bash user="root" password="123456" mycmd="mysql -u$user -p$password -h 192.168.100.1" mydump="mysqldump -u$user -p$password -h 192.168.100.1 --lock-tables=0"

for dbname in $mycmd -e "show databases;"|egrep -v "Database|schema"

do [ -d /opt/$dbname ]||mkdir -p /opt/$dbname for tabname in $mycmd -e "show tables from $dbname"|sed 1d do $mydump $dbname $tabname > /opt/$dbname/${tabname}_$(date +%F).sql done done

8、检测MySQL主从复制是否异常

#!/bin/bash user="root" password="123456" mycmd="mysql -u$user -p$password -h 192.168.100.20"

function chkdb() { list=($($mycmd -e "show slave status \G"|egrep "Running|Behind"|awk -F: '{print $2}')) if [ ${list[0]} = "Yes" -a ${list[1]} = "Yes" -a ${list[2]} -lt 120 ] then echo "Mysql slave is ok" else echo "Mysql slave replation is filed" fi }

function main() { while true do chkdb sleep 3 done } main

9、mysql日志切割

#!/bin/bash

logfile=/var/log/httpd/access_log pid=/run/httpd/httpd.pid

mv $logfile /opt/access_$(date -d "yesterday" +"%Y-%m-%d").log kill -USR1 $(cat $pid)

size=du -sh /opt|awk '{print $1}'|awk -F "M" '{print $1}'

if [ $size -gt 1000 ] then find /opt -type f -name access* -mtime +30 -exec rm -f {} ; fi

10、防DOS攻击-网络连接法

#!/bin/bash netstat -antup|grep SYN_RECV|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c>/opt/tmp exec</opt/tmp while read line do count=echo $line|awk '{print $1}' ip=echo $line |awk '{print $2}' if [ $count -gt 128 ] then iptables -I INPUT -s $ip -j DROP fi done

11、入侵检测与邮件报警

#!/bin/bash webdir=/var/www/html cd $webdir md5sum -c --quiet /opt/sumfile.db &>/opt/sum_err.log if [ $? -ne 0 ] then echo "the file_sum is changed" mail -s "sum_error" wcg@bw.com </opt/sum_err.log else echo "check file_sum is ok" fi

find /var/www/html/ -type f >/opt/countfile.db_sec diff /opt/countfile.db_* &>/opt/count_err.log if [ $(diff /opt/countfile.db_*|wc -l) -gt 0 ] then echo "the file_count is changed" mail -s "count_err" wcg@bw.com </opt/count_err.log else echo "check file_count is ok" fi

12、企业微信报警

function sendmsg() {

CorpID="ww3c6298264d839e2f" Secret="YvyMQpMRIoXtdQRWo0RNkMBTZnHWKvBwC3ILkyuCsKQ" agentid=1000002

GURL="https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$CorpID&corpsecret=$Secret" Gtoken=$(/usr/bin/curl -s -G $GURL|awk -F" '{print $10}')

#echo $Gtoken PURL="https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=$Gtoken"

Ip=$(ip a |grep ens33 |grep inet|awk -F "/" '{ print $1 }' |awk -F " " '{ print $2 }')

/usr/bin/curl --data-ascii '{ "touser": "@all", "toparty": "2", "msgtype": "text", "agentid": "1000002", "text": {"content": "'"警告:[$msg]\n主机:[uname -n]\n日期:[$(date +%F-%T)]\n地址:[$Ip]"'"}, "safe":"0"

}' $PURL >/dev/null 2>&1 }