first commit
This commit is contained in:
commit
ba848e218d
1001 changed files with 152333 additions and 0 deletions
386
shell/检查列表/checklist.sh.md
Normal file
386
shell/检查列表/checklist.sh.md
Normal file
|
|
@ -0,0 +1,386 @@
|
|||
```
|
||||
#!/bin/bash
|
||||
|
||||
## Edit by wangsuipeng
|
||||
## Date 2017/03/02
|
||||
|
||||
## 需要与以下脚本配合使用
|
||||
## ldap安装脚本:sh_ldap_client:.sh
|
||||
## nagios安装脚本:nagios_client.sh
|
||||
## zabbix安装脚本:zabbix_agentd.sh
|
||||
## rsync安装脚本:rsync_server.sh
|
||||
|
||||
## 检查结果列表
|
||||
OUTPUT="`pwd`/output"
|
||||
LIST="$OUTPUT/list"
|
||||
SCRIPT="$OUTPUT/done.sh"
|
||||
DATE=`date +%Y-%m-%d`
|
||||
HOSTNAME=`hostname`
|
||||
|
||||
if [ ! -d $OUTPUT ];then
|
||||
mkdir -p $OUTPUT
|
||||
else
|
||||
if [ -f $LIST ];then
|
||||
echo > $LIST
|
||||
fi
|
||||
fi
|
||||
|
||||
## 生成缺省配置脚本
|
||||
DONE()
|
||||
{
|
||||
cat > $SCRIPT << EOF
|
||||
#!/bin/bash
|
||||
|
||||
## Edit by checklist
|
||||
## Date $DATE
|
||||
|
||||
INI="./list"
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
## 服务检查,主要是检查服务是否存在
|
||||
## 有两个参数,服务名与端口号
|
||||
SERVER()
|
||||
{
|
||||
server=`lsof -i:$2|awk '{print $9}'| grep -v NAME|grep $1|head -n1`
|
||||
if [ -n "$server" ];then
|
||||
echo "$1=yes" >> $LIST
|
||||
return 0
|
||||
else
|
||||
echo "$1=" >> $LIST
|
||||
echo -e "\033[31;49;1mThe snot startup or install !\033[31;49;0m"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
## 安装配置ldap客户端
|
||||
# -*- 脚本配置 -*-
|
||||
LDCONF()
|
||||
{
|
||||
cat >> $SCRIPT << EOF
|
||||
service autofs restart >/dev/null 2>&1 && service nslcd restart >/dev/null 2>&1
|
||||
if [ \$? -ne 0 ];then
|
||||
read -p "Ldap is not installed , Do you want to install it? yes or no ? [Default:yes]" LDC
|
||||
: \${LDC:='y'}
|
||||
case "\$LDC" in
|
||||
y|Y|YES|yes)
|
||||
bash ../sh_ldap_client.sh
|
||||
sed -i 's/ldap=/ldap=yes/' \$INI
|
||||
;;
|
||||
n|N|NO|no)
|
||||
echo -e '\033[31;49;1mldap will not be installed!\033[31;49;0m'
|
||||
;;
|
||||
*)
|
||||
echo -e 'You choose a bad option!'
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
EOF
|
||||
}
|
||||
|
||||
## 检查ldap服务状态
|
||||
LDAP()
|
||||
{
|
||||
echo "## The List of LDAP" >> $LIST
|
||||
echo "[ldap]" >> $LIST
|
||||
# -*- 脚本配置 -*-
|
||||
echo "## Config ldap" >> $SCRIPT
|
||||
|
||||
SERVER ldap 389
|
||||
if [ $? -ne 0 ];then
|
||||
# -*- 脚本配置 -*-
|
||||
LDCONF
|
||||
else
|
||||
# -*- 脚本配置 -*-
|
||||
echo "# -*- PASS -*-" >> $SCRIPT
|
||||
fi
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 安装配置Zabbix-agent
|
||||
# -*- 脚本配置 -*-
|
||||
ZBCONF()
|
||||
{
|
||||
cat >> $SCRIPT << EOF
|
||||
ZBAGENT="/etc/init.d/zabbix_agentd"
|
||||
if [ ! -f \$ZBAGENT ];then
|
||||
read -p "ZABBIX is not install.Do you want to install it?yes or no ? [Default:yes]" ZBC
|
||||
: \${ZBC:='y'}
|
||||
case "\$ZBC" in
|
||||
y|Y|YES|yes)
|
||||
bash ../zabbix_agentd.sh
|
||||
sed -i 's/zabbix=/zabbix=yes/' \$INI
|
||||
;;
|
||||
n|N|NO|no)
|
||||
echo -e '\033[31;49;1mzabbix will not be installed!\033[31;49;0m'
|
||||
;;
|
||||
*)
|
||||
echo -e 'You choose a bad option!'
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
else
|
||||
service zabbix_agentd restart >/dev/null 2>&1
|
||||
fi
|
||||
EOF
|
||||
}
|
||||
|
||||
## 检查zabbix服务状态,默认编译安装在/usr/local/zabbix中
|
||||
ZABBIX()
|
||||
{
|
||||
echo "## The List of ZABBIX" >> $LIST
|
||||
echo "[zabbix]" >> $LIST
|
||||
# -*- 脚本配置 -*-
|
||||
echo "## Config ldap" >> $SCRIPT
|
||||
|
||||
SERVER zabbix 10050
|
||||
if [ $? -ne 0 ];then
|
||||
# -*- 脚本配置 -*-
|
||||
ZBCONF
|
||||
else
|
||||
# -*- 脚本配置 -*-
|
||||
echo "# -*- PASS -*-" >> $SCRIPT
|
||||
fi
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 安装配置nagios客户端
|
||||
# -*- 脚本配置 -*-
|
||||
NGCONF()
|
||||
{
|
||||
cat >> $SCRIPT << EOF
|
||||
XINNRPE="/etc/xinetd.d/nrpe"
|
||||
if [ ! -f \$XINNRPE ];then
|
||||
read -p "Nagios is not install.Do you want to install it?yes or no ? [Default:yes]!" NGC
|
||||
: \${NGC:='y'}
|
||||
case "\$NGC" in
|
||||
y|Y|YES|yes)
|
||||
bash ../nagios_client.sh
|
||||
sed -i 's/nagios=/nagios=yes/' \$INI
|
||||
echo '\033[32;49;1mYou need config the server at 172.16.3.2\033[32;49;0m'
|
||||
;;
|
||||
n|N|NO|no)
|
||||
echo -e '\033[31;49;1mNagios will not be installed!\033[31;49;0m'
|
||||
;;
|
||||
*)
|
||||
echo -e 'You choose a bad option!'
|
||||
continue
|
||||
esac
|
||||
else
|
||||
if egrep -q 'disable = no' \$XINNRPE;then
|
||||
service xinetd restart > /dev/null 2>&1
|
||||
else
|
||||
sed -i "/disable/ s/yes/no/" \$XINNRPE
|
||||
service xinetd restart > /dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
EOF
|
||||
}
|
||||
|
||||
## 检查nagios服务状态,默认安装在/usr/local/nagios中
|
||||
NAGIOS()
|
||||
{
|
||||
echo "## The List of NAGIOS" >> $LIST
|
||||
echo "[nagios]" >> $LIST
|
||||
# -*- 脚本配置 -*-
|
||||
echo "## Config nagios" >> $SCRIPT
|
||||
|
||||
SERVER nrpe 5666
|
||||
if [ $? -ne 0 ];then
|
||||
NGCONF
|
||||
else
|
||||
# -*- 脚本配置 -*-
|
||||
echo "# -*- PASS -*-" >> $SCRIPT
|
||||
fi
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 安装rsync服务器端
|
||||
# -*- 脚本配置 -*-
|
||||
RSCONF()
|
||||
{
|
||||
cat >> $SCRIPT << EOF
|
||||
CONF="/etc/rsyncd.conf"
|
||||
if [ ! -f \$CONF ];then
|
||||
read -p "Rsync is not install.Do you want to install it?yes or no ? [Default:yes]!" RSC
|
||||
: \${RSC:='y'}
|
||||
case "\$RSC" in
|
||||
y|Y|YES|yes)
|
||||
bash ../rsync_server.sh
|
||||
sed -i 's/rsync=/rsync=yes/' \$INI
|
||||
echo '\033[32;49;1mYou need config the client\033[32;49;0m'
|
||||
;;
|
||||
n|N|NO|no)
|
||||
echo -e '\033[31;49;1mRsync will not be installed!\033[31;49;0m'
|
||||
;;
|
||||
*)
|
||||
echo -e 'You choose a bad option!'
|
||||
continue
|
||||
esac
|
||||
else
|
||||
service xinetd restart >>/dev/null 2>&1
|
||||
fi
|
||||
EOF
|
||||
}
|
||||
|
||||
## 检查rsync服务状态,默认rpm包安装
|
||||
RSYNC()
|
||||
{
|
||||
echo "## The List of RSYNC" >> $LIST
|
||||
echo "[rsync]" >> $LIST
|
||||
# -*- 脚本配置 -*-
|
||||
echo "## Config rsync" >> $SCRIPT
|
||||
|
||||
SERVER rsync 873
|
||||
if [ $? -ne 0 ];then
|
||||
RSCONF
|
||||
else
|
||||
# -*- 脚本配置 -*-
|
||||
echo "# -*- PASS -*-" >> $SCRIPT
|
||||
fi
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 时间同步
|
||||
# -*- 脚本配置 -*-
|
||||
NTPCONF()
|
||||
{
|
||||
cat >> $SCRIPT << EOF
|
||||
echo "00 01 * * * /usr/sbin/ntpdate -u 172.16.3.2 > /dev/null 2>&1" >> /var/spool/cron/root
|
||||
sed -i 's/ntp=/ntp=yes/' \$LIST
|
||||
EOF
|
||||
}
|
||||
|
||||
## 检查时间同步
|
||||
NTPDATE()
|
||||
{
|
||||
echo "## The List of ntp" >> $LIST
|
||||
echo "[ntp]" >> $LIST
|
||||
# -*- 脚本配置 -*-
|
||||
echo "## Config ntp" >> $SCRIPT
|
||||
|
||||
crontab -l | grep ntpdate|egrep '[^#]' > /dev/null 2>&1
|
||||
if [ $? -ne 0 ];then
|
||||
echo "ntp=" >> $LIST
|
||||
NTPCONF
|
||||
else
|
||||
echo "ntp=yes" >> $LIST
|
||||
# -*- 脚本配置 -*-
|
||||
echo "# -*- PASS -*-" >> $SCRIPT
|
||||
fi
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 检查hosts
|
||||
HOSTS()
|
||||
{
|
||||
echo "## The List of Hosts" >> $LIST
|
||||
echo "[hosts]" >> $LIST
|
||||
|
||||
echo "## /etc/hosts" >> $LIST
|
||||
cat /etc/hosts >> $LIST
|
||||
echo >> $LIST
|
||||
echo "## /etc/hosts.allow" >> $LIST
|
||||
cat /etc/hosts.allow >> $LIST
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 防火墙配置导出
|
||||
IPTABLES()
|
||||
{
|
||||
echo "## The List of iptables" >> $LIST
|
||||
echo "[iptables]" >> $LIST
|
||||
/etc/init.d/iptables status | grep "not running" >/dev/null 2>&1
|
||||
if [ $? -ne 0 ];then
|
||||
cat /etc/sysconfig/iptables >> $LIST
|
||||
else
|
||||
echo "## iptables is not running!" >> $LIST
|
||||
fi
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 系统优化主要配置导出
|
||||
OPTIMA()
|
||||
{
|
||||
echo "## The List of optimalize" >> $LIST
|
||||
echo "[optimalize]" >> $LIST
|
||||
|
||||
echo "## limits.conf" >> $LIST
|
||||
cat /etc/security/limits.conf >> $LIST
|
||||
echo >> $LIST
|
||||
echo "## sysctl.conf" >> $LIST
|
||||
cat /etc/sysctl.conf >> $LIST
|
||||
echo >> $LIST
|
||||
echo "## umask" >> $LIST
|
||||
grep '^umask' /etc/sysconfig/init >> $LIST
|
||||
echo >> $LIST
|
||||
}
|
||||
|
||||
## 加固检查
|
||||
FIRMED()
|
||||
{
|
||||
echo "## The firmed" >> $LIST
|
||||
echo "[firmed]" >> $LIST
|
||||
if egrep -q "^PermitRootLogin no|^LoginGraceTime 30|^ClientAliveInterval 3600|^ClientAliveCountMax 0|^UseDNS no" /etc/ssh/sshd_config;then
|
||||
echo "firmed=yes" >> $LIST
|
||||
else
|
||||
echo "firmed=" >> $LIST
|
||||
fi
|
||||
}
|
||||
|
||||
## 主程序
|
||||
if [ $# -eq 0 ];then
|
||||
echo "check the all programe"
|
||||
DONE
|
||||
LDAP
|
||||
ZABBIX
|
||||
NAGIOS
|
||||
RSYNC
|
||||
NTPDATE
|
||||
HOSTS
|
||||
IPTABLES
|
||||
OPTIMA
|
||||
FIRMED
|
||||
echo -e "\n\n## *** END ***" >> $LIST
|
||||
else
|
||||
case $1 in
|
||||
-h|--help|?)
|
||||
echo -e "usage:bash checklist.sh [-h][Function]\n\t-h:帮助文档\n\tFunction:检查项,一次只能检查一个,包括LDAP,ZABBIX,NAGIOS,RSYNC,NTPDATE,HOSTS,IPTABLES,OPTIMA,FIRMED\n\t无参数:默认执行所有的检查,并生成配置脚本done.sh\n"
|
||||
;;
|
||||
LDAP|ldap|Ldap)
|
||||
LDAP
|
||||
;;
|
||||
ZABBIX|zabbix|Zabbix)
|
||||
ZABBIX
|
||||
;;
|
||||
NAGIOS|nagios|Nagios)
|
||||
NAGIOS
|
||||
;;
|
||||
RSYNC|rsync|Rsync)
|
||||
RSYNC
|
||||
;;
|
||||
NTPDATE|ntpdate|Ntpdate)
|
||||
NTPDATE
|
||||
;;
|
||||
HOSTS|hosts|Hosts)
|
||||
HOSTS
|
||||
;;
|
||||
IPTABLES|iptables|Iptables)
|
||||
IPTABLES
|
||||
;;
|
||||
OPTIMA|optima|Optima|optimalize)
|
||||
OPTIMA
|
||||
;;
|
||||
FIRMED|firmed|Firmed)
|
||||
FIRME
|
||||
;;
|
||||
*)
|
||||
echo "please choose a invalid option!"
|
||||
esac
|
||||
fi
|
||||
|
||||
echo -e "检查列表为'$LIST'\n查漏脚本'$SCRIPT'"
|
||||
chmod +x $SCRIPT
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue