8.5 KiB
8.5 KiB
#!/bin/bash
## Edit by wangsuipeng
## Date 2017/03/02
## 需要与以下脚本配合使用
## ldap安装脚本:sh_ldap_client:.sh
## nagios安装脚本:nagios_client.sh
## zabbix安装脚本:zabbix_agentd.sh
## rsync安装脚本:rsync_server.sh
## 检查结果列表
OUTPUT="`pwd`/output"
LIST="$OUTPUT/list"
SCRIPT="$OUTPUT/done.sh"
DATE=`date +%Y-%m-%d`
HOSTNAME=`hostname`
if [ ! -d $OUTPUT ];then
mkdir -p $OUTPUT
else
if [ -f $LIST ];then
echo > $LIST
fi
fi
## 生成缺省配置脚本
DONE()
{
cat > $SCRIPT << EOF
#!/bin/bash
## Edit by checklist
## Date $DATE
INI="./list"
EOF
}
## 服务检查,主要是检查服务是否存在
## 有两个参数,服务名与端口号
SERVER()
{
server=`lsof -i:$2|awk '{print $9}'| grep -v NAME|grep $1|head -n1`
if [ -n "$server" ];then
echo "$1=yes" >> $LIST
return 0
else
echo "$1=" >> $LIST
echo -e "\033[31;49;1mThe snot startup or install !\033[31;49;0m"
return 1
fi
}
## 安装配置ldap客户端
# -*- 脚本配置 -*-
LDCONF()
{
cat >> $SCRIPT << EOF
service autofs restart >/dev/null 2>&1 && service nslcd restart >/dev/null 2>&1
if [ \$? -ne 0 ];then
read -p "Ldap is not installed , Do you want to install it? yes or no ? [Default:yes]" LDC
: \${LDC:='y'}
case "\$LDC" in
y|Y|YES|yes)
bash ../sh_ldap_client.sh
sed -i 's/ldap=/ldap=yes/' \$INI
;;
n|N|NO|no)
echo -e '\033[31;49;1mldap will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
;;
esac
fi
EOF
}
## 检查ldap服务状态
LDAP()
{
echo "## The List of LDAP" >> $LIST
echo "[ldap]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config ldap" >> $SCRIPT
SERVER ldap 389
if [ $? -ne 0 ];then
# -*- 脚本配置 -*-
LDCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 安装配置Zabbix-agent
# -*- 脚本配置 -*-
ZBCONF()
{
cat >> $SCRIPT << EOF
ZBAGENT="/etc/init.d/zabbix_agentd"
if [ ! -f \$ZBAGENT ];then
read -p "ZABBIX is not install.Do you want to install it?yes or no ? [Default:yes]" ZBC
: \${ZBC:='y'}
case "\$ZBC" in
y|Y|YES|yes)
bash ../zabbix_agentd.sh
sed -i 's/zabbix=/zabbix=yes/' \$INI
;;
n|N|NO|no)
echo -e '\033[31;49;1mzabbix will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
;;
esac
else
service zabbix_agentd restart >/dev/null 2>&1
fi
EOF
}
## 检查zabbix服务状态,默认编译安装在/usr/local/zabbix中
ZABBIX()
{
echo "## The List of ZABBIX" >> $LIST
echo "[zabbix]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config ldap" >> $SCRIPT
SERVER zabbix 10050
if [ $? -ne 0 ];then
# -*- 脚本配置 -*-
ZBCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 安装配置nagios客户端
# -*- 脚本配置 -*-
NGCONF()
{
cat >> $SCRIPT << EOF
XINNRPE="/etc/xinetd.d/nrpe"
if [ ! -f \$XINNRPE ];then
read -p "Nagios is not install.Do you want to install it?yes or no ? [Default:yes]!" NGC
: \${NGC:='y'}
case "\$NGC" in
y|Y|YES|yes)
bash ../nagios_client.sh
sed -i 's/nagios=/nagios=yes/' \$INI
echo '\033[32;49;1mYou need config the server at 172.16.3.2\033[32;49;0m'
;;
n|N|NO|no)
echo -e '\033[31;49;1mNagios will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
esac
else
if egrep -q 'disable = no' \$XINNRPE;then
service xinetd restart > /dev/null 2>&1
else
sed -i "/disable/ s/yes/no/" \$XINNRPE
service xinetd restart > /dev/null 2>&1
fi
fi
EOF
}
## 检查nagios服务状态,默认安装在/usr/local/nagios中
NAGIOS()
{
echo "## The List of NAGIOS" >> $LIST
echo "[nagios]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config nagios" >> $SCRIPT
SERVER nrpe 5666
if [ $? -ne 0 ];then
NGCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 安装rsync服务器端
# -*- 脚本配置 -*-
RSCONF()
{
cat >> $SCRIPT << EOF
CONF="/etc/rsyncd.conf"
if [ ! -f \$CONF ];then
read -p "Rsync is not install.Do you want to install it?yes or no ? [Default:yes]!" RSC
: \${RSC:='y'}
case "\$RSC" in
y|Y|YES|yes)
bash ../rsync_server.sh
sed -i 's/rsync=/rsync=yes/' \$INI
echo '\033[32;49;1mYou need config the client\033[32;49;0m'
;;
n|N|NO|no)
echo -e '\033[31;49;1mRsync will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
esac
else
service xinetd restart >>/dev/null 2>&1
fi
EOF
}
## 检查rsync服务状态,默认rpm包安装
RSYNC()
{
echo "## The List of RSYNC" >> $LIST
echo "[rsync]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config rsync" >> $SCRIPT
SERVER rsync 873
if [ $? -ne 0 ];then
RSCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 时间同步
# -*- 脚本配置 -*-
NTPCONF()
{
cat >> $SCRIPT << EOF
echo "00 01 * * * /usr/sbin/ntpdate -u 172.16.3.2 > /dev/null 2>&1" >> /var/spool/cron/root
sed -i 's/ntp=/ntp=yes/' \$LIST
EOF
}
## 检查时间同步
NTPDATE()
{
echo "## The List of ntp" >> $LIST
echo "[ntp]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config ntp" >> $SCRIPT
crontab -l | grep ntpdate|egrep '[^#]' > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "ntp=" >> $LIST
NTPCONF
else
echo "ntp=yes" >> $LIST
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 检查hosts
HOSTS()
{
echo "## The List of Hosts" >> $LIST
echo "[hosts]" >> $LIST
echo "## /etc/hosts" >> $LIST
cat /etc/hosts >> $LIST
echo >> $LIST
echo "## /etc/hosts.allow" >> $LIST
cat /etc/hosts.allow >> $LIST
echo >> $LIST
}
## 防火墙配置导出
IPTABLES()
{
echo "## The List of iptables" >> $LIST
echo "[iptables]" >> $LIST
/etc/init.d/iptables status | grep "not running" >/dev/null 2>&1
if [ $? -ne 0 ];then
cat /etc/sysconfig/iptables >> $LIST
else
echo "## iptables is not running!" >> $LIST
fi
echo >> $LIST
}
## 系统优化主要配置导出
OPTIMA()
{
echo "## The List of optimalize" >> $LIST
echo "[optimalize]" >> $LIST
echo "## limits.conf" >> $LIST
cat /etc/security/limits.conf >> $LIST
echo >> $LIST
echo "## sysctl.conf" >> $LIST
cat /etc/sysctl.conf >> $LIST
echo >> $LIST
echo "## umask" >> $LIST
grep '^umask' /etc/sysconfig/init >> $LIST
echo >> $LIST
}
## 加固检查
FIRMED()
{
echo "## The firmed" >> $LIST
echo "[firmed]" >> $LIST
if egrep -q "^PermitRootLogin no|^LoginGraceTime 30|^ClientAliveInterval 3600|^ClientAliveCountMax 0|^UseDNS no" /etc/ssh/sshd_config;then
echo "firmed=yes" >> $LIST
else
echo "firmed=" >> $LIST
fi
}
## 主程序
if [ $# -eq 0 ];then
echo "check the all programe"
DONE
LDAP
ZABBIX
NAGIOS
RSYNC
NTPDATE
HOSTS
IPTABLES
OPTIMA
FIRMED
echo -e "\n\n## *** END ***" >> $LIST
else
case $1 in
-h|--help|?)
echo -e "usage:bash checklist.sh [-h][Function]\n\t-h:帮助文档\n\tFunction:检查项,一次只能检查一个,包括LDAP,ZABBIX,NAGIOS,RSYNC,NTPDATE,HOSTS,IPTABLES,OPTIMA,FIRMED\n\t无参数:默认执行所有的检查,并生成配置脚本done.sh\n"
;;
LDAP|ldap|Ldap)
LDAP
;;
ZABBIX|zabbix|Zabbix)
ZABBIX
;;
NAGIOS|nagios|Nagios)
NAGIOS
;;
RSYNC|rsync|Rsync)
RSYNC
;;
NTPDATE|ntpdate|Ntpdate)
NTPDATE
;;
HOSTS|hosts|Hosts)
HOSTS
;;
IPTABLES|iptables|Iptables)
IPTABLES
;;
OPTIMA|optima|Optima|optimalize)
OPTIMA
;;
FIRMED|firmed|Firmed)
FIRME
;;
*)
echo "please choose a invalid option!"
esac
fi
echo -e "检查列表为'$LIST'\n查漏脚本'$SCRIPT'"
chmod +x $SCRIPT