shell巡检脚本

[root@k8s-node03 sh]# cat ECS1_xunjian.sh #!/bin/bash # Author: hanye hz7726@163.com # BLOG: https://hanye.com [ $(id -u) -gt 0 ] && echo "使用root用户执行此脚本或者sudo执行" && exit 1 ###### 获取当前主机的内核版本 ###### function echoe() { echo -e echo -e } function getstatus() { echo -e "\033[32m###### 获取当前主机的内核版本 ######\033[0m" OS=lsb_release -is #系统 OS_Version=lsb_release -sr #系统版本 Kernel=uname -r #系统内核 Hostname=hostname #主机名称 default_Lang=echo $LANG #默认语言 Time=$(date +'%Y-%m-%d %H:%M:%S') #当前时间 Login_time=$(who -b | awk '{print $3,$4}') #此用户登录时间 Up_Time=$(uptime |awk '/up /{print $3,$4}'|sed 's@,@@') #服务器运行时间 echo "系统: $OS" echo "系统版本: $OS_Version" echo "系统内核: $Kernel" echo "主机名称: $Hostname" echo "默认语言: $default_Lang" echo "当前时间: $Time" echo "此用户登录时间: $Login_time" echo "服务器运行时间: $Up_Time" echoe } ###### 获取 当前主机ip地址 ###### function ipaddr() { IPADDR=$(ifconfig ens160|awk '/inet/{print $2}'|head -n1) echo "IP地址是: $IPADDR" echoe } ###### 获取 当前主机cpu信息 ##### function getCPUstatus() { echo -e echo -e "\033[32m###### 获取 当前主机cpu信息 #####\033[0m" Physical_CPUs=$(grep "physical id" /proc/cpuinfo| sort | uniq | wc -l) Virt_CPUs=$(grep "processor" /proc/cpuinfo | wc -l) CPU_cores=$(grep "cores" /proc/cpuinfo|uniq| awk -F":" '{print $NF}') CPU_Type=$(grep "model name" /proc/cpuinfo | awk -F":" '{print $2}') CPU_Arch=$(uname -m) echo "物理CPU个数: $Physical_CPUs" echo "逻辑CPU个数: $Virt_CPUs" echo "每CPU核心数: $CPU_cores" echo "CPU型号: $CPU_Type" echo "CPU架构: $CPU_Arch" echoe } ###### 获取磁盘大小 和INODE使用大小 ###### function getDISKstatus() { echo -e "\033[32m###### 磁盘使用情况 ###### \033[0m" IFS="
" for i in df -hP | sed 1d | awk '{print $(NF-1)"\t"$NF"\t"$(NF-2)}'; do DISK_UTILIZ=$(echo $i |awk '{print $1}') MOUNT_DISK=$(echo $i |awk '{print $2}') DISK_FREE=$(echo $i |awk '{print $3}') if [[ $(echo $DISK_UTILIZ | sed s/%//g) -gt 70 ]]; then echo "不正常""("$MOUNT_DISK"的使用率"$DISK_UTILIZ"较大,请注意"")" else continue fi done echo "磁盘具体使用情况:" df -hP | sed 1d | awk '{print $NF" ""分区"" ""剩余空间" ""$(NF-2),"使用率"" "$(NF-1)}' echoe } function getINODEstatus() { echo -e "\033[32m###### INODE使用情况 ###### \033[0m" IFS="
" for i in df -iP | sed 1d | awk '{print $(NF-1)"\t"$NF"\t"$(NF-2)}'; do INODE_UTILIZ=$(echo $i |awk '{print $1}') MOUNT_INODE=$(echo $i |awk '{print $2}') INODE_FREE=$(echo $i |awk '{print $3}') if [[ $(echo $DISK_UTILIZ | sed s/%//g) -gt 80 ]]; then echo "不正常""("$MOUNT_INODE" 的使用率 "$INODE_UTILIZ" 较大,请注意"")" else continue fi done echo "INODE具体使用情况:" df -iP | sed 1d | awk '{print $NF" " "分区"" " "剩余INODE"" "$(NF-2) ,"使用率" $(NF-1)}' echoe } ###### 获取CPU使用情况 ###### function getCPUSstatus() { echo -e "\033[32m######CPU使用情况######\033[0m" CPU_HARDWARE=$(cat /proc/cpuinfo | grep name |cut -f2 -d: | uniq -c) CPU_NUMBER=$(cat /proc/cpuinfo | grep name |cut -f2 -d: | uniq -c | awk '{print $1}') CPU_LOAD=$(uptime | awk '{for(i=6;i<=NF;i++) printf $i""FS;print ""}') CPU_LOAD_NUMBER=$(uptime | awk -F"load average:" '{print $2}' | awk -F"," '{print $1}' | awk -F"." '{print $1}' |sed 's/^[ \t]//g') CPU_UTILIZ=$(top -n 1 | grep "Cpu(s)") if [[ $CPU_LOAD_NUMBER -lt $CPU_NUMBER ]]; then CPU_STATUS=正常 else CPU_STATUS=不正常 fi echo "$CPU_STATUS("$CPU_HARDWARE,$CPU_LOAD,$CPU_UTILIZ")" echoe } ###### 获取内存大小 ###### function getMEMORYstatus() { echo -e "\033[32m###### 获取内存大小 ######\033[0m" MEM_TOTLE=$(free -m | grep "Mem:" | awk -F" " '{print $2}') MEM_FREE=$(free -m | grep "Mem:" | awk -F" " '{print $4}') MEM_TOTLE_M=$(free -m | grep "Mem:" | awk -F" " '{print $2"M"}') MEM_FREE_M=$(free -m | grep "Mem:" | awk -F" " '{print $4"M"}') MEM_USED=$(echo $(($MEM_TOTLE-$MEM_FREE))) PERCENT=$(printf "%d%%" $(($MEM_USED100/$MEM_TOTLE))) PERCENT7=$(echo $PERCENT|sed s/%//g) if [[ $PERCENT7 -lt 80 ]] then MEM_STATUS=正常 else MEM_STATUS=不正常 fi echo "$MEM_STATUS(""总内存大小"$MEM_TOTLE_M,"剩余内存大小"$MEM_FREE_M,"内存使用率"$PERCENT")" echoe } ###### 检查是否有命令被修改 ###### function getChkrootkit() { /usr/sbin/chkrootkit -n > /tmp/chkrootkit_$TIME.log if [ "grep 'INFECTED' /tmp/chkrootkit_$TIME.log" != "" ];then echo "服务器有命令植入 请查看/tmp/chkrootkit_$TIME.log 文件" else echo "服务器命令 安全" fi echoe } ###### 检查是否有暴力破解 ###### function getSSHdeny() { echo -e "\033[32m######系统基本操作是否正常######\033[0m" if [ "$(lsb_release -is)" == 'CentOS' ]; then SSH_SUM=$(cat /var/log/secure | grep "authentication failure" | wc -l) SSH_DIY=50 if [ $SSH_SUM -gt $SSH_DIY ]; then echo "有人在试您root密码，请注意" else echo "正常" fi elif [ "$(lsb_release -is)" == 'Debian' ]; then SSH_SUM=$(cat /var/log/auth.log | grep "authentication failure" | wc -l) SSH_DIY=50 if [ $SSH_SUM -gt $SSH_DIY ]; then echo "有人在试您root密码，请注意" else echo "正常" fi else echo "系统非是 debian和Centos和UBUNTU" fi echoe } ###### 防火墙检查 ###### function getIptables() { echo -e "\033[32m##### 防火墙检查 ######\033[0m" iptables -L -n echoe } ###### 检查服务启动情况 ###### function getServicestatus() { echo -e "\033[32m###### 检查服务启动情况 ######\033[0m" ####nginx netstat -nlp|grep ":80"|grep nginx > /dev/null status_nginx=echo $? ps -ef|grep "nginx: master" > /dev/null status_nginx2=echo $? code_status=curl -I -m 10 -o /dev/null -s -w %{http_code} http://hanye.com/index.php if [ $status_nginx -eq 0 -a $status_nginx2 -eq 0 -a $code_status -eq 200 ]; then echo "HTTP服务启动成功" else echo "HTTP服务启动不成功" fi echoe ####php-fpm ps -ef|grep "php-fpm: master"|grep -v grep > /dev/null status_php=echo $? code_status=curl -I -m 10 -o /dev/null -s -w %{http_code} http://hanye.com/index.php code=502 code1=200 if [ $code_status -eq $code1 -a $status_php -eq 0 ]; then echo "php-fpm服务启动成功" else echo "php-fpm服务启动不成功" fi echoe ####mysql #ps -ef|grep mysqld_safe|grep -v grep > /dev/null #status_mysql=echo $? #erp=mysql -uuser -ppass -hlocalhost -e "use database;select name from online where id=1"|tail -n1 #if [ $status_mysql -eq 0 -a '$erp' == "hanye" ]; then # echo "mysql服务启动成功" #else # echo "mysql服务启动不成功" #fi #echoe } ###### 检查开机自启任务 ###### function getAutoStartStatus() { echo -e "\033[32m###### 检查开机自启任务 ######\033[0m" conf=$(grep -v "^#" /etc/rc.d/rc.local| sed '/^$/d') echo "$conf" echoe } ###### 检查登录的用户和可登陆用户和未设置密码的用户 ###### function getUser() { ####登录用户 /usr/bin/w echoe ####可登陆用户 user=cat /etc/passwd|awk -F":" '$7 ~"/bin/bash"{print $1}' echo "可登陆用户: $user" echoe ####未设置密码用户 for i in $user; do cat /etc/shadow|grep $i|awk -F":" '$2 ~"!!"{print $1,$2}' done echoe } ###### 检查计划任务 ###### function getCron() { echo -e "\033[32m###### 检查计划任务 ######\033[0m" user=cat /etc/passwd|awk -F":" '$7 ~"/bin/bash"{print $1}' for cronuser in $user; do crontab -l -u $cronuser > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "$cronuser" echo "#########" crontab -l -u $cronuser|grep -vE "^#|^$" echo "########" fi done echoe } ##### 检查sudo权限用户 ###### function getSudo() { echo -e "\033[32m###### 检查sudo权限用户 ######\033[0m" sudo_user=$(grep -v "^#" /etc/sudoers| grep -v "^Defaults" | sed '/^$/d') for i in $sudo_user; do echo "########" echo "$i" echo "########" done echoe } ###### 进程检查 ###### function getProcess() { echo -e "\033[32m###### 进程检查 ######\033[0m" #ps aux | grep Zs | grep -v grep #ps -A -ostat,ppid,pid,cmd | grep -e '^[Zz]' if [ $(ps aux | grep Zs | grep -v grep|wc -l) -ge 1 ];then echo "僵尸进程存在" ps aux | grep Zs | grep -v grep
else echo "僵尸进程不存在" fi echo -e "\033[32m 内存-------------------\033[0m" ###### 占用内存前十个进程 ps aux | awk '{print $2, $4, $6, $11}' | sort -k3rn | head -n 10 echo -e "\033[32m cpu-------------------\033[0m" ###### 占用cpu前十个进程 top b -n1 | head -17 | tail -11 echoe } ###### 检查其他业务是否正常 ###### function getYeWu() { echoe } ###### 发送邮件 ###### function FromEmail() { EMAIL='/data/soft/sendEmail-v1.56/sendEmail' FEMAIL="hz7726@163.com" #发件邮箱 MAILP="PASSWDORD" MAILSMTP="smtp.exmail.qq.com" #发件邮箱的SMTP MAILT="hz7726@163.com" #收件邮箱 MAILmessage=" 巡检报告已经生成 请查看" $EMAIL -q -f $FEMAIL -t $MAILT -u " 巡检报告已经生成 请查看" -m "$MAILmessage" -s $MAILSMTP -o message-charset=utf-8 -xu $FEMAIL -xp $MAILP -o tls=no -a /tmp/ECS_xunjian.txt } function Email() { if [ ! -e /data/soft/sendEmail-v1.56/sendEmail ]; then wget http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.56.tar.gz tar xf sendEmail-v1.56.tar.gz -C /data/soft FromEmail else FromEmail fi }
function allstatus() { getstatus ipaddr getCPUstatus getDISKstatus getINODEstatus getCPUSstatus getMEMORYstatus getChkrootkit getSSHdeny getIptables getServicestatus getAutoStartStatus getUser getCron getProcess getYeWu } allstatus > /tmp/ECS_xunjian.txt Email