``` #!/bin/bash ## Edit by wangsuipeng ## Date 2017/03/02 ## 需要与以下脚本配合使用 ## ldap安装脚本:sh_ldap_client:.sh ## nagios安装脚本:nagios_client.sh ## zabbix安装脚本:zabbix_agentd.sh ## rsync安装脚本:rsync_server.sh ## 检查结果列表 OUTPUT="`pwd`/output" LIST="$OUTPUT/list" SCRIPT="$OUTPUT/done.sh" DATE=`date +%Y-%m-%d` HOSTNAME=`hostname` if [ ! -d $OUTPUT ];then mkdir -p $OUTPUT else if [ -f $LIST ];then echo > $LIST fi fi ## 生成缺省配置脚本 DONE() { cat > $SCRIPT << EOF #!/bin/bash ## Edit by checklist ## Date $DATE INI="./list" EOF } ## 服务检查,主要是检查服务是否存在 ## 有两个参数,服务名与端口号 SERVER() { server=`lsof -i:$2|awk '{print $9}'| grep -v NAME|grep $1|head -n1` if [ -n "$server" ];then echo "$1=yes" >> $LIST return 0 else echo "$1=" >> $LIST echo -e "\033[31;49;1mThe snot startup or install !\033[31;49;0m" return 1 fi } ## 安装配置ldap客户端 # -*- 脚本配置 -*- LDCONF() { cat >> $SCRIPT << EOF service autofs restart >/dev/null 2>&1 && service nslcd restart >/dev/null 2>&1 if [ \$? -ne 0 ];then read -p "Ldap is not installed , Do you want to install it? yes or no ? [Default:yes]" LDC : \${LDC:='y'} case "\$LDC" in y|Y|YES|yes) bash ../sh_ldap_client.sh sed -i 's/ldap=/ldap=yes/' \$INI ;; n|N|NO|no) echo -e '\033[31;49;1mldap will not be installed!\033[31;49;0m' ;; *) echo -e 'You choose a bad option!' continue ;; esac fi EOF } ## 检查ldap服务状态 LDAP() { echo "## The List of LDAP" >> $LIST echo "[ldap]" >> $LIST # -*- 脚本配置 -*- echo "## Config ldap" >> $SCRIPT SERVER ldap 389 if [ $? -ne 0 ];then # -*- 脚本配置 -*- LDCONF else # -*- 脚本配置 -*- echo "# -*- PASS -*-" >> $SCRIPT fi echo >> $LIST } ## 安装配置Zabbix-agent # -*- 脚本配置 -*- ZBCONF() { cat >> $SCRIPT << EOF ZBAGENT="/etc/init.d/zabbix_agentd" if [ ! -f \$ZBAGENT ];then read -p "ZABBIX is not install.Do you want to install it?yes or no ? [Default:yes]" ZBC : \${ZBC:='y'} case "\$ZBC" in y|Y|YES|yes) bash ../zabbix_agentd.sh sed -i 's/zabbix=/zabbix=yes/' \$INI ;; n|N|NO|no) echo -e '\033[31;49;1mzabbix will not be installed!\033[31;49;0m' ;; *) echo -e 'You choose a bad option!' continue ;; esac else service zabbix_agentd restart >/dev/null 2>&1 fi EOF } ## 检查zabbix服务状态,默认编译安装在/usr/local/zabbix中 ZABBIX() { echo "## The List of ZABBIX" >> $LIST echo "[zabbix]" >> $LIST # -*- 脚本配置 -*- echo "## Config ldap" >> $SCRIPT SERVER zabbix 10050 if [ $? -ne 0 ];then # -*- 脚本配置 -*- ZBCONF else # -*- 脚本配置 -*- echo "# -*- PASS -*-" >> $SCRIPT fi echo >> $LIST } ## 安装配置nagios客户端 # -*- 脚本配置 -*- NGCONF() { cat >> $SCRIPT << EOF XINNRPE="/etc/xinetd.d/nrpe" if [ ! -f \$XINNRPE ];then read -p "Nagios is not install.Do you want to install it?yes or no ? [Default:yes]!" NGC : \${NGC:='y'} case "\$NGC" in y|Y|YES|yes) bash ../nagios_client.sh sed -i 's/nagios=/nagios=yes/' \$INI echo '\033[32;49;1mYou need config the server at 172.16.3.2\033[32;49;0m' ;; n|N|NO|no) echo -e '\033[31;49;1mNagios will not be installed!\033[31;49;0m' ;; *) echo -e 'You choose a bad option!' continue esac else if egrep -q 'disable = no' \$XINNRPE;then service xinetd restart > /dev/null 2>&1 else sed -i "/disable/ s/yes/no/" \$XINNRPE service xinetd restart > /dev/null 2>&1 fi fi EOF } ## 检查nagios服务状态,默认安装在/usr/local/nagios中 NAGIOS() { echo "## The List of NAGIOS" >> $LIST echo "[nagios]" >> $LIST # -*- 脚本配置 -*- echo "## Config nagios" >> $SCRIPT SERVER nrpe 5666 if [ $? -ne 0 ];then NGCONF else # -*- 脚本配置 -*- echo "# -*- PASS -*-" >> $SCRIPT fi echo >> $LIST } ## 安装rsync服务器端 # -*- 脚本配置 -*- RSCONF() { cat >> $SCRIPT << EOF CONF="/etc/rsyncd.conf" if [ ! -f \$CONF ];then read -p "Rsync is not install.Do you want to install it?yes or no ? [Default:yes]!" RSC : \${RSC:='y'} case "\$RSC" in y|Y|YES|yes) bash ../rsync_server.sh sed -i 's/rsync=/rsync=yes/' \$INI echo '\033[32;49;1mYou need config the client\033[32;49;0m' ;; n|N|NO|no) echo -e '\033[31;49;1mRsync will not be installed!\033[31;49;0m' ;; *) echo -e 'You choose a bad option!' continue esac else service xinetd restart >>/dev/null 2>&1 fi EOF } ## 检查rsync服务状态,默认rpm包安装 RSYNC() { echo "## The List of RSYNC" >> $LIST echo "[rsync]" >> $LIST # -*- 脚本配置 -*- echo "## Config rsync" >> $SCRIPT SERVER rsync 873 if [ $? -ne 0 ];then RSCONF else # -*- 脚本配置 -*- echo "# -*- PASS -*-" >> $SCRIPT fi echo >> $LIST } ## 时间同步 # -*- 脚本配置 -*- NTPCONF() { cat >> $SCRIPT << EOF echo "00 01 * * * /usr/sbin/ntpdate -u 172.16.3.2 > /dev/null 2>&1" >> /var/spool/cron/root sed -i 's/ntp=/ntp=yes/' \$LIST EOF } ## 检查时间同步 NTPDATE() { echo "## The List of ntp" >> $LIST echo "[ntp]" >> $LIST # -*- 脚本配置 -*- echo "## Config ntp" >> $SCRIPT crontab -l | grep ntpdate|egrep '[^#]' > /dev/null 2>&1 if [ $? -ne 0 ];then echo "ntp=" >> $LIST NTPCONF else echo "ntp=yes" >> $LIST # -*- 脚本配置 -*- echo "# -*- PASS -*-" >> $SCRIPT fi echo >> $LIST } ## 检查hosts HOSTS() { echo "## The List of Hosts" >> $LIST echo "[hosts]" >> $LIST echo "## /etc/hosts" >> $LIST cat /etc/hosts >> $LIST echo >> $LIST echo "## /etc/hosts.allow" >> $LIST cat /etc/hosts.allow >> $LIST echo >> $LIST } ## 防火墙配置导出 IPTABLES() { echo "## The List of iptables" >> $LIST echo "[iptables]" >> $LIST /etc/init.d/iptables status | grep "not running" >/dev/null 2>&1 if [ $? -ne 0 ];then cat /etc/sysconfig/iptables >> $LIST else echo "## iptables is not running!" >> $LIST fi echo >> $LIST } ## 系统优化主要配置导出 OPTIMA() { echo "## The List of optimalize" >> $LIST echo "[optimalize]" >> $LIST echo "## limits.conf" >> $LIST cat /etc/security/limits.conf >> $LIST echo >> $LIST echo "## sysctl.conf" >> $LIST cat /etc/sysctl.conf >> $LIST echo >> $LIST echo "## umask" >> $LIST grep '^umask' /etc/sysconfig/init >> $LIST echo >> $LIST } ## 加固检查 FIRMED() { echo "## The firmed" >> $LIST echo "[firmed]" >> $LIST if egrep -q "^PermitRootLogin no|^LoginGraceTime 30|^ClientAliveInterval 3600|^ClientAliveCountMax 0|^UseDNS no" /etc/ssh/sshd_config;then echo "firmed=yes" >> $LIST else echo "firmed=" >> $LIST fi } ## 主程序 if [ $# -eq 0 ];then echo "check the all programe" DONE LDAP ZABBIX NAGIOS RSYNC NTPDATE HOSTS IPTABLES OPTIMA FIRMED echo -e "\n\n## *** END ***" >> $LIST else case $1 in -h|--help|?) echo -e "usage:bash checklist.sh [-h][Function]\n\t-h:帮助文档\n\tFunction:检查项,一次只能检查一个,包括LDAP,ZABBIX,NAGIOS,RSYNC,NTPDATE,HOSTS,IPTABLES,OPTIMA,FIRMED\n\t无参数:默认执行所有的检查,并生成配置脚本done.sh\n" ;; LDAP|ldap|Ldap) LDAP ;; ZABBIX|zabbix|Zabbix) ZABBIX ;; NAGIOS|nagios|Nagios) NAGIOS ;; RSYNC|rsync|Rsync) RSYNC ;; NTPDATE|ntpdate|Ntpdate) NTPDATE ;; HOSTS|hosts|Hosts) HOSTS ;; IPTABLES|iptables|Iptables) IPTABLES ;; OPTIMA|optima|Optima|optimalize) OPTIMA ;; FIRMED|firmed|Firmed) FIRME ;; *) echo "please choose a invalid option!" esac fi echo -e "检查列表为'$LIST'\n查漏脚本'$SCRIPT'" chmod +x $SCRIPT ```