【Linux巡检脚本】

#!/bin/sh

##edit by ayp @ 2021.08.26
##

curdir=$PWD

clear
echo "Welcome to this document of check linux!"

mkdir -p /linux-out

export home=/linux-out

more /proc/version > $home/01001-1.txt
uname -a > $home/01001-2.txt
cat /etc/redhat-release > $home/01001-3.txt
cat /etc/regflag-release > $home/01001-4.txt

df -k > $home/01002-1.txt
df -T > $home/01002-2.txt
more /proc/partitions > $home/01003-3.txt

hostname > $home/01003-1.txt
ifconfig -a > $home/01003-2.txt
more /etc/sysconfig/network > $home/01003-3.txt
more /etc/resolv.conf > $home/01003-4.txt
more /etc/sysconfig/network-scripts/ifcfg-eth0 > $home/01003-5.txt
more /etc/sysconfig/network-scripts/ifcfg-eth1 > $home/01003-6.txt

free > $home/01004-1.txt
more /proc/meminfo > $home/01004-2.txt

route > $home/01005-1.txt
ip route > $home/01005-2.txt

more /proc/cpuinfo > $home/01006-1.txt
more /proc/ioports > $home/01006-2.txt
more /proc/swaps > $home/01006-3.txt
more /proc/pci > $home/01006-4.txt

##  补丁暂时不做检查

more /etc/login.defs > $home/02001.txt
more /etc/passwd > $home/02002-1.txt
more /etc/group > $home/02002-2.txt
more /etc/shadow > $home/02002-3.txt
getent passwd | awk -F: '$3 == "0" { print $1 }' > $home/02003.txt
awk -F: ' ( $2 == "" ) { print $1 }' /etc/shadow > $home/02004.txt
more /etc/passwd /etc/shadow /etc/group > $home/02005.txt
lsattr /etc/passwd /etc/group /etc/shadow /etc/gshadow > $home/02006.txt
ls /home -l > $home/02007.txt
ls -la /etc/group /etc/gshadow /etc/passwd /etc/shadow > $home/02008.txt
lsattr /etc/group /etc/gshadow /etc/passwd /etc/shadow > $home/02009.txt

netstat -an|grep LISTEN > $home/03001-1.txt
netstat -an > $home/03001-2.txt
netstat -s > $home/03001-3.txt
netstat -npa > $home/03001-4.txt
ps -ef > $home/03002-1.txt
ps aux > $home/03002-2.txt
##top > $home/03002-3.txt
more /etc/inittab > $home/03003-1.txt
ls -l /etc/rc3.d/ > $home/03003-2.txt
ls -l /etc/rc2.d/ > $home/03003-3.txt
more /etc/rc.local > $home/03003-4.txt
more /etc/rc.sysinit > $home/03003-5.txt
##crontab -e > $home/03004.txt
chkconfig --list > $home/03005.txt

echo $PATH > $home/04001.txt
find / -name ".rhosts" -print > $home/04002-1.txt
find / -name "hosts.equiv" -print > $home/04002-2.txt
ls -l /etc/ftpusers > $home/04003.txt
more /etc/cron.d/cron.allow > $home/04004-1.txt
more /etc/cron.d/cron.deny > $home/04004-2.txt
more /etc/cron.d/at.allow > $home/04005-1.txt
more /etc/cron.d/at.deny > $home/04005-2.txt
more /default/login > $home/04006.txt
more /etc/inittab > $home/04007.txt
umask > $home/04008.txt
##find / -type f ( -perm -linux-04000 -o -perm -linux-02000 ) -print > $home/04009.txt
find / -type f -perm -2000 -exec ls -l {} \; > $home/04009-1.txt
find / -type f -perm -4000 -exec ls -l {} \; > $home/04009-2.txt
more /etc/ssh/sshd_config > $home/04010.txt
find /home -name ".*" -xdev -ls > $home/04011.txt

ps -ef|grep audit > $home/05001-1.txt
ls /lib/modules/$(uname -r)/kernel/fs  > $home/05001-2.txt
more /etc/fstab > $home/005001-3.txt
ls -la /var/log/audit.d > $home/05002-1.txt
ls -la /var/log/autid/autid.log > $home/05002.txt
last > $home/05003.txt
##access-log  acct/pacct aculog messages sudolog syslog xferlog
##who w last 
##more /var/log/lastlog
##more /var/adm/sulog
##more /var/adm/loginlog

find / -nouser -print|xargs ls -l > $home/06001-1.txt
find / -nogroup -print|xargs ls -l > $home/06001-2.txt
more /etc/motd > $home/06002-1.txt
more /etc/issue > $home/06002-2.txt
more /etc/issue.net > $home/06002-3.txt
more /etc/sysctl.conf > $home/06003.txt
more /etc/sysctl.conf > $home/06004.txt

env > $home/env.log
rpm -qa --last > $home/rpm-qa-last

cd $curdir 
rm -rf ./check-linux-new.sh
cd $home
echo "It's over."