#!/usr/bin/env bash
#Describe: Baseline check for CXMT
#Usage:
# sh $0
#Author:ZhongYi
#Date: 2024-03
#!/usr/bin/env bash
#REHL7.9 Standardization Settings
#Author: cx
#date:20240206
#Variable
#help usage: sh $0
#check:hostname & ipaddr
#ip_hostname_info.csv contents: ip,hostname
root_path=$(dirname $(readlink -f $0))
ip_hostname_file=${root_path}/ip_hostname_info.csv
check_error_log=${root_path}/check_list_error_$(date +%y%m%d).log
>${check_error_log}
ck_ip_hostname(){
hst=$(hostname)
ipaddr=$(cat /etc/sysconfig/network-scripts/ifcfg-bond0 | grep "IPADDR"| awk -F"=" '{print $2}')
cat ${ip_hostname_file} | awk -F',' '{print $1,$2}' |while read f1 f2
do
if [ x"${hst}" == x"${f2}" ] && [ x"${ipaddr}" == x"${f1}" ];then
break
else
echo "hostname or ipaddress config: ERROR" >>${check_error_log}
fi
done
}
#check:Disable NetworkManager Service
check_networkmanager(){
if [ x"$(systemctl is-enabled NetworkManager)" != x"disabled" ];then
echo "Disable NetworkManager Service:ERROR" >>${check_error_log}
fi
}
#check:Disable IPV6
check_ipv6(){
if [ $(cat /etc/sysctl.conf | grep "net.ipv6.conf.all.disable_ipv6 = 1"|wc -l ) -ne 1 ];then
echo "Disable IPV6:ERROR">>${check_error_log}
fi
if [ $(cat /etc/sysctl.conf | grep "net.ipv6.conf.default.disable_ipv6 = 1"|wc -l ) -ne 1 ];then
echo "Disable IPV6:ERROR">>${check_error_log}
fi
if [ $(cat /etc/sysctl.conf | grep "net.ipv6.conf.lo.disable_ipv6 = 1"|wc -l ) -ne 1 ];then
echo "Disable IPV6:ERROR">>${check_error_log}
fi
}
#check: DNS
check_dns(){
if [ $(cat /etc/sysconfig/network-scripts/ifcfg-bond0|grep "DNS"|grep "10.102.79.221" ) -ne 1 ];then
echo "DNS setup:ERROR" >>${check_error_log}
fi
if [ $(cat /etc/sysconfig/network-scripts/ifcfg-bond0|grep "DNS"|grep "10.102.79.222" ) -ne 1 ];then
echo "DNS setup:ERROR" >>${check_error_log}
fi
}
#check:zabbix_agent
check_zabbix_agent(){
hst=$(hostname)
[ !-f " /etc/zabbix/zabbix_agentd.conf" ] && echo "zabbix_agent file: ERROR" >>${check_error_log}
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "PidFile=/var/run/zabbix/zabbix_agentd.pid" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "PidFile=/var/run/zabbix/zabbix_agentd.pid" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "LogFileSize=0" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "ListenPort=10050" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "Server=10.2.27.71,10.2.27.72,10.2.27.73,10.2.27.74" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "ServerActive=10.2.27.71,10.2.27.72,10.2.27.73,10.2.27.74" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ $(cat /etc/zabbix/zabbix_agentd.conf| grep "Hostname=${hst}" | wc -l) -ne 1 ];then
echo "zabbix_agent config: ERROR" >>${check_error_log}
fi
if [ x"$(systemctl is-enabled zabbix-agent)" != x"enabled" ];then
echo "Enable zabbix-agent Service:ERROR" >>${check_error_log}
fi
}
#check:syslog(需调整,配置错误)
check_syslog(){
if [ $(cat /etc/rsyslog.conf | grep "local1.notice @10.128.255.121:514" | wc -l) -ne 1 ];then
echo "syslog setup: ERROR">>${check_error_log}
fi
if [ $(cat /etc/rsyslog.conf | grep "*.* @10.128.255.121:514" | wc -l) -ne 1 ];then
echo "syslog setup: ERROR">>${check_error_log}
fi
}
#check:user
check_user(){
#eg:
if [ $(id sa.svt| grep 6000| grep 7000| wc -l) -ne 1 ];then
echo "check sa.svt: ERROR" >>${check_error_log}
fi
}
#变量
BASE_PATH=$(dirname $(readlink -f $0))
LOGFILE=${BASE_PATH}/CXMT_BASE_SET_$(date +%Y%m%d%H%M%S).log
sysctl_file=/etc/sysctl.conf
bond0_file=
#日志格式
to_printf(){
level=$1
subject=$2
message="\t${level}\t${subject}"
echo -e "${message}" | tee -a ${LOGFILE}
}
#2.5 set hostname
set_hostname(){
hst=$1
hostnamectl set-hostname "${hst}"
[ $? -eq 0 ] && to_printf "INFO" "2.5 HostName Set Sucessfull" || to_printf "INFO" "2.5 HostName Set Failed"
}
#2.6 Network Bond set
set_bond(){
port1=$1
port=$2
ipmask=$3
gateway=$4
dns1=$5
dns2=$6
#创建bond0
nmcli connection add type bond con-name bond0 ifname bond0 mode 802.3ad 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.6.1 bond0 Create Sucessfull" || to_printf "ERROR" "bond0 Create Failed"
#添加bond-slave1
nmcli connection add type bond-slave con-name bond0-port1 ifname ${port1} master bond0 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.6.2 Add ${port1} to bond0 Sucessfull" || to_printf "ERROR" "2.6.2 Add ${port1} to bond0 Failed"
#添加bond-slave2
nmcli connection add type bond-slave con-name bond0-port2 ifname ${port2} master bond0 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.6.3 Add ${port2} to bond0 Sucessfull" || to_printf "ERROR" "2.6.3 Add ${port2} to bond0 Failed"
#配置bond0
nmcli connection modify bond0 ipv4.addresses ${ipmask} ipv4.gateway ${gateway} ipv4.dns ${dns1} +ipv4.dns ${dns2} ipv4.method manual connection.autoconnect yes
[ $? -eq 0 ] && to_printf "INFO" "2.6.4 bond0 set Sucessfull" || to_printf "ERROR" "2.6.4 bond0 set Failed"
}
#2.7 Disable NetworkManager Service
set_nms(){
systemctl stop NetworkManager 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.7.1 stop NetworkManager Sucessfull" || to_printf "ERROR" "2.7.1 stop NetworkManager Failed"
systemctl disable NetworkManager 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.7.2 Disable NetworkManager Sucessfull" || to_printf "ERROR" "2.7.2 Disable NetworkManager Failed"
}
chk_nms(){
to_printf "INFO" "###CHK:2.7 Disable NetworkManager Service###"
nms_run_status=$(systemctl is-active NetworkManager)
nms_auto_status=$(systemctl is-enabled NetworkManager)
[ x"${nms_run_status}" == x"inactive" ] && to_printf "INFO" "NetworkManager Service is ${nms_run_status},PASS" || to_printf "ERROR" "NetworkManager Service is ${nms_run_status},FAILED"
[ x"${nms_auto_status}" == x"disabled" ] && to_printf "INFO" "Auto Start NetworkManager Service Set to ${nms_auto_status},PASS" || to_printf "ERROR" "Auto Start NetworkManager Service Set to ${nms_auto_status},FAILED"
}
#2.8 Disable IPV6 And 2.21Set Kdump
set_sysctl_item(){
part=$1
sitem=$2
sitem_exist=$(cat ${sysctl_file} | grep ${sitem})
if [ -z "${sitem_exist}" ];then
sed -i "$ a ${sitem} = 1" ${sysctl_file}
[ $? -eq 0 ] && to_printf "INFO" "${part} ${sitem} Add Sucessfull" || to_printf "ERROR" "${part} ${sitem} Add Failed"
else
to_printf "INFO" "2.8. ${sitem} Already exists,Sucessfull"
fi
}
chk_ipv6z_item(){
citem=$1
regular="\s*${citem}\s*=\s*1\s*"
v6res=$(cat ${sysctl_file} | grep -E "${regular}")
v6line=$(echo ${v6res}| wc -l)
if [ ${v6line} -eq 1 ];then
to_printf "INFO" "${v6res},PASS"
else
to_printf "ERROR" "${v6res},FAILED"
fi
echo
}
#2.9 DNS Set
#已经在2.6章节中配置
#2.10 Zabbix-Agentd
#安装略
#zabbix agent配置文件采用替换配置的方式,然后修改HostName的值为主机名
set_zabbix(){
#安装
#rpm -vh ${zabbix_agent_package Name}
#[ $? -eq 0 ] && to_printf "INFO" "2.10.1 Install Zabbix-Agentd Sucessfull" || to_printf "ERROR" "2.10.1 Install Zabbix-Agentd Failed"
#配置
zfile=/etc/zabbix/zabbix_agentd.conf
if [ -f "${zfile}" ];then
sed -ri "s/(HostnameItem=)(.*)/\1${hst}/g" ${zfile}
[ $? -eq 0 ] && to_printf "INFO" "2.10.2 Config HostnameItem Sucessfull" || to_printf "ERROR" "2.10.2 Config HostnameItem Failed"
else
to_printf "ERROR" "2.10.2 Not Found ${zfile},Failed"
fi
#开启自启和运行
systemctl enable zabbix-agent 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.10.3 Zabbix set enable Sucessfull" || to_printf "ERROR" "2.10.3 Zabbix set enable Failed"
systemctl start zabbix-agent 2>&1 >/dev/null
[ $? -eq 0 ] && to_printf "INFO" "2.10.3 Zabbix-agent start Sucessfull" || to_printf "ERROR" "2.10.3 Zabbix-agent start Failed"
}
#2.11 Rsyslog Config
#略,未要求设置
#2.12 Add and Config User
set_user{
#按照文档复制即可
}
#2.13 User Profile
#采用替换对应版本的/etc/profile方法BASE_LINE_Set
原创
©著作权归作者所有:来自51CTO博客作者woonli的原创作品,请联系作者获取转载授权,否则将追究法律责任
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
