first commit

shell/tools/close-ports.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# 关闭端口
+# 未判断端口是否是数字
+# /usr/bin/firewall-cmd --zone=work --remove-port=xx/tcp --permanent
+
+if [ $# -eq 0 ];then
+	echo -e "\033[32;1mUSGE:$0 [port]\033[0m"
+	exit 1
+else
+	while [ $# -gt 0 ]; do
+		read -p "$1: TCP or UDP[default TCP]:" protocol
+		: ${protocol:=tcp}
+		case $protocol in
+			tcp|TCP)
+				protocol="tcp"
+				;;
+			udp|UDP)
+				protocol="udp"
+				;;
+			*)
+				echo -e "\033[31;1mCan not recognization the $protocol\033[0m"
+				;;
+		esac
+		port=`/usr/bin/firewall-cmd --zone=work --list-port | grep -o $1/$protocol`
+		if [[ -n $port ]];then
+			/usr/bin/firewall-cmd --zone=work --remove-port=$1/$protocol --permanent
+		else
+			echo -e "\033[31;1m$1/$protocol not open! \033[0m"
+		fi
+		shift
+	done
+	/usr/bin/firewall-cmd --reload
+fi 

shell/tools/crontab-add.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+## 定时任务
+if [ $# -le 5 ];then
+	echo -e "\033[32;1m格式错误\033[0m"
+	echo -e "\033[32;1mUSGE:$0 \"x x x x x [script]\"\033[0m"
+	exit 1
+else
+	read -p "Choose User Execute the task[default root]:" user
+	: ${user:=root}
+	u=`cat /etc/passwd | awk -F ':' '{print $1}' |grep $user`
+	if [ -n $u ];then
+		chattr -i /etc/crontab
+		chattr -i /etc/cron.d/
+		chattr -i /var/spool/cron/
+
+		echo $* >> /var/spool/cron/$user
+
+		chattr +i /etc/crontab
+		chattr +i /etc/cron.d/
+		chattr +i /var/spool/cron/
+	else
+		echo -e "\033[31;1m$user is not exists! \033[0m"
+		exit 1
+	fi
+fi

shell/tools/install-update-software.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+## 更新或安装软件
+# yum install/update -y [software]
+
+if [ $# -eq 0 ];then
+        echo -e "\033[31;1mUSGE:$0 [software]\033[0m"
+        exit 1
+else
+	# chattr -i
+	chattr -i /usr/bin
+	chattr -i /usr/sbin
+	chattr -i /usr/local/sbin
+	chattr -i /usr/local/bin
+	chattr -i /usr/libexec
+	chattr -i /sbin/
+	chattr -i /bin/
+	chattr -i /etc/yum.repos.d/
+
+        while [ $# -gt 0 ];do
+		soft=`/usr/bin/yum list $1 | grep Error`
+		if [ -n $soft ];then
+			/usr/bin/yum install -y $1
+		else
+			/usr/bin/yum update -y $1
+		fi
+                shift
+        done
+
+	# chattr +i
+	chattr +i /usr/bin
+	chattr +i /usr/sbin
+	chattr +i /usr/local/sbin
+	chattr +i /usr/local/bin
+	chattr +i /usr/libexec
+	chattr +i /sbin/
+	chattr +i /bin/
+	chattr +i /etc/yum.repos.d/
+fi

shell/tools/open-ports.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+## 开放端口
+# 未判断端口是否是数字
+# /usr/bin/firewall-cmd --zone=work --add-port=xx/tcp --permanent
+
+if [ $# -eq 0 ];then
+	echo -e "\033[32;1mUSGE:$0 [port]\033[0m"
+	exit 1
+else
+	while [ $# -gt 0 ]; do
+		read -p "$1: TCP or UDP[default TCP]:" protocol
+		: ${protocol:=tcp}
+		case $protocol in
+			tcp|TCP)
+				protocol="tcp"
+				;;
+			udp|UDP)
+				protocol="udp"
+				;;
+			*)
+				echo -e "\033[31;1mCan not recognization the $protocol\033[0m"
+				;;
+		esac
+		port=`/usr/bin/firewall-cmd --zone=work --list-port | grep -o $1/$protocol`
+		if [[ -n $port ]];then
+			echo -e "\033[31;1m$1/$protocol opened already! \033[0m"
+		else
+			/usr/bin/firewall-cmd --zone=work --add-port=$1/$protocol --permanent
+		fi
+		shift
+	done
+	/usr/bin/firewall-cmd --reload
+fi

shell/tools/unexpired-user.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+## 密码过期续期
+# /usr/bin/chage -M 180 [username]
+if [ $# -eq 0 ];then
+        echo -e "\033[31;1mUSGE:$0 [username]\033[0m"
+        exit 1
+else
+        while [ $# -gt 0 ];do
+                user=`cat /etc/passwd | awk -F ':' '{print $1}'| grep $1`
+                if [ $user == $1 ];then
+			/usr/bin/chage -M 180 $1
+                else
+                        echo -e "\033[31;1m$1 is not exists! \033[0m"
+                fi
+                shift
+        done
+fi

shell/tools/unlock-user.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# 解锁用户
+# /usr/sbin/pam_tally2 -r -u [username]
+
+if [ $# -eq 0 ];then
+	echo -e "\033[31;1mUSGE:$0 [username]\033[0m"
+	exit 1
+else
+	while [ $# -gt 0 ];do
+		user=`cat /etc/passwd | awk -F ':' '{print $1}'| grep $1`
+		if [ $user == $1 ];then
+			/usr/sbin/pam_tally2 -r -u $1
+		else
+			echo -e "\033[31;1m$1 is not exists! \033[0m"
+		fi
+		shift
+	done
+fi

shell/tools/user-add.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# 检查用户名是否已存在
+check_user()
+{
+	user=$1
+	u=`cat /etc/passwd | awk -F ':' '{print $1}'| grep $user`
+	if [ -n "$u" ];then
+		return 1
+	else
+		return 0
+	fi
+}
+
+# UID
+get_uid()
+{
+	g=`cat /etc/group |grep $1| awk -F ':' '{print $3}'`
+	if [ -z $g ];then
+		echo -e "\033[31;1m$1 not exists\033[0m"
+		exit 1
+	fi
+	max=$[g+500]
+	uids=`cat /etc/passwd | awk -F ':' '{print $3}'`
+	for uid in $uids;do
+		if [ $uid -gt $g -a $uid -lt $max ];then
+			g=$uid
+		fi
+	done
+	echo $[g+1]
+}
+
+## 添加用户
+if [ $# -eq 0 ];then
+	echo -e "\033[31;1mUSGE:$0 [username]\033[0m"
+else
+	# chattr -i
+	chattr -i /etc/passwd
+	chattr -i /etc/group
+
+	while [ $# -gt 0 ];do
+		echo -e "\033[32;1m++++++Group Lists++++++\033[0m"
+		echo -e "\033[32;1m\ta: devgroup\n\tb: ops\n\tc: appgroup\n\td: dbgroup\033[0m"
+		read -p "Choose Group for $1[default devgroup]:" group
+		: ${group:=devgroup}
+		
+		case $group in
+			a|A|devgroup)
+				echo -e "\033[31;1mAdd user for check logs! \033[0m"
+				Gid=1000
+				;;
+			b|B|ops)
+				echo -e "\033[31;1mAdd user for system manager! \033[0m"
+				Gid=10
+                                ;;
+			c|C|appgroup)
+				echo -e "\033[31;1mAdd user for app! \033[0m"
+				Gid=0
+				;;
+			d|D|dbgroup)
+				echo -e "\033[31;1mAdd user for database! \033[0m"
+				Gid=0
+				;;
+			*)
+				echo -e "\033[31;1mNo Support! \033[0m"
+				Gid=0
+				;;
+		esac
+		gid=`cat /etc/group |grep $group| awk -F ':' '{print $3}'`
+		if [[ `check_user $1` -eq 1 ]];then
+			echo -e "\033[31;1m$1 exists already! \033[0m"
+		else
+			u=`get_uid $group`
+			if [ $Gid -gt 0 ];then
+				/usr/sbin/useradd -u $u -g $gid -G $Gid $1			
+			else
+				/usr/sbin/useradd -u $u -g $gid $1
+			fi
+			password=`/usr/bin/openssl rand -base64 8`
+			echo -e "$1 password: \033[033;1m$password\033[0m"
+			echo $password | passwd --stdin $1
+		fi
+		shift
+	done
+	
+	# chattr +i
+	chattr +i /etc/passwd
+	chattr +i /etc/group
+
+fi