iProbe/Docs
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Docs/shell/检查列表/checklist.sh.md
iProbe ba848e218d first commit
2022-10-18 16:59:37 +08:00

386 lines
No EOL
8.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

```
#!/bin/bash
## Edit by wangsuipeng
## Date 2017/03/02
## 需要与以下脚本配合使用
## ldap安装脚本sh_ldap_client.sh
## nagios安装脚本nagios_client.sh
## zabbix安装脚本zabbix_agentd.sh
## rsync安装脚本rsync_server.sh
## 检查结果列表
OUTPUT="`pwd`/output"
LIST="$OUTPUT/list"
SCRIPT="$OUTPUT/done.sh"
DATE=`date +%Y-%m-%d`
HOSTNAME=`hostname`
if [ ! -d $OUTPUT ];then
mkdir -p $OUTPUT
else
if [ -f $LIST ];then
echo > $LIST
fi
fi
## 生成缺省配置脚本
DONE()
{
cat > $SCRIPT << EOF
#!/bin/bash
## Edit by checklist
## Date $DATE
INI="./list"
EOF
}
## 服务检查,主要是检查服务是否存在
## 有两个参数,服务名与端口号
SERVER()
{
server=`lsof -i:$2|awk '{print $9}'| grep -v NAME|grep $1|head -n1`
if [ -n "$server" ];then
echo "$1=yes" >> $LIST
return 0
else
echo "$1=" >> $LIST
echo -e "\033[31;49;1mThe snot startup or install !\033[31;49;0m"
return 1
fi
}
## 安装配置ldap客户端
# -*- 脚本配置 -*-
LDCONF()
{
cat >> $SCRIPT << EOF
service autofs restart >/dev/null 2>&1 && service nslcd restart >/dev/null 2>&1
if [ \$? -ne 0 ];then
read -p "Ldap is not installed , Do you want to install it? yes or no ? [Default:yes]" LDC
: \${LDC:='y'}
case "\$LDC" in
y|Y|YES|yes)
bash ../sh_ldap_client.sh
sed -i 's/ldap=/ldap=yes/' \$INI
;;
n|N|NO|no)
echo -e '\033[31;49;1mldap will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
;;
esac
fi
EOF
}
## 检查ldap服务状态
LDAP()
{
echo "## The List of LDAP" >> $LIST
echo "[ldap]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config ldap" >> $SCRIPT
SERVER ldap 389
if [ $? -ne 0 ];then
# -*- 脚本配置 -*-
LDCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 安装配置Zabbix-agent
# -*- 脚本配置 -*-
ZBCONF()
{
cat >> $SCRIPT << EOF
ZBAGENT="/etc/init.d/zabbix_agentd"
if [ ! -f \$ZBAGENT ];then
read -p "ZABBIX is not install.Do you want to install it?yes or no ? [Default:yes]" ZBC
: \${ZBC:='y'}
case "\$ZBC" in
y|Y|YES|yes)
bash ../zabbix_agentd.sh
sed -i 's/zabbix=/zabbix=yes/' \$INI
;;
n|N|NO|no)
echo -e '\033[31;49;1mzabbix will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
;;
esac
else
service zabbix_agentd restart >/dev/null 2>&1
fi
EOF
}
## 检查zabbix服务状态默认编译安装在/usr/local/zabbix中
ZABBIX()
{
echo "## The List of ZABBIX" >> $LIST
echo "[zabbix]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config ldap" >> $SCRIPT
SERVER zabbix 10050
if [ $? -ne 0 ];then
# -*- 脚本配置 -*-
ZBCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 安装配置nagios客户端
# -*- 脚本配置 -*-
NGCONF()
{
cat >> $SCRIPT << EOF
XINNRPE="/etc/xinetd.d/nrpe"
if [ ! -f \$XINNRPE ];then
read -p "Nagios is not install.Do you want to install it?yes or no ? [Default:yes]!" NGC
: \${NGC:='y'}
case "\$NGC" in
y|Y|YES|yes)
bash ../nagios_client.sh
sed -i 's/nagios=/nagios=yes/' \$INI
echo '\033[32;49;1mYou need config the server at 172.16.3.2\033[32;49;0m'
;;
n|N|NO|no)
echo -e '\033[31;49;1mNagios will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
esac
else
if egrep -q 'disable = no' \$XINNRPE;then
service xinetd restart > /dev/null 2>&1
else
sed -i "/disable/ s/yes/no/" \$XINNRPE
service xinetd restart > /dev/null 2>&1
fi
fi
EOF
}
## 检查nagios服务状态默认安装在/usr/local/nagios中
NAGIOS()
{
echo "## The List of NAGIOS" >> $LIST
echo "[nagios]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config nagios" >> $SCRIPT
SERVER nrpe 5666
if [ $? -ne 0 ];then
NGCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 安装rsync服务器端
# -*- 脚本配置 -*-
RSCONF()
{
cat >> $SCRIPT << EOF
CONF="/etc/rsyncd.conf"
if [ ! -f \$CONF ];then
read -p "Rsync is not install.Do you want to install it?yes or no ? [Default:yes]!" RSC
: \${RSC:='y'}
case "\$RSC" in
y|Y|YES|yes)
bash ../rsync_server.sh
sed -i 's/rsync=/rsync=yes/' \$INI
echo '\033[32;49;1mYou need config the client\033[32;49;0m'
;;
n|N|NO|no)
echo -e '\033[31;49;1mRsync will not be installed!\033[31;49;0m'
;;
*)
echo -e 'You choose a bad option!'
continue
esac
else
service xinetd restart >>/dev/null 2>&1
fi
EOF
}
## 检查rsync服务状态默认rpm包安装
RSYNC()
{
echo "## The List of RSYNC" >> $LIST
echo "[rsync]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config rsync" >> $SCRIPT
SERVER rsync 873
if [ $? -ne 0 ];then
RSCONF
else
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 时间同步
# -*- 脚本配置 -*-
NTPCONF()
{
cat >> $SCRIPT << EOF
echo "00 01 * * * /usr/sbin/ntpdate -u 172.16.3.2 > /dev/null 2>&1" >> /var/spool/cron/root
sed -i 's/ntp=/ntp=yes/' \$LIST
EOF
}
## 检查时间同步
NTPDATE()
{
echo "## The List of ntp" >> $LIST
echo "[ntp]" >> $LIST
# -*- 脚本配置 -*-
echo "## Config ntp" >> $SCRIPT
crontab -l | grep ntpdate|egrep '[^#]' > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "ntp=" >> $LIST
NTPCONF
else
echo "ntp=yes" >> $LIST
# -*- 脚本配置 -*-
echo "# -*- PASS -*-" >> $SCRIPT
fi
echo >> $LIST
}
## 检查hosts
HOSTS()
{
echo "## The List of Hosts" >> $LIST
echo "[hosts]" >> $LIST
echo "## /etc/hosts" >> $LIST
cat /etc/hosts >> $LIST
echo >> $LIST
echo "## /etc/hosts.allow" >> $LIST
cat /etc/hosts.allow >> $LIST
echo >> $LIST
}
## 防火墙配置导出
IPTABLES()
{
echo "## The List of iptables" >> $LIST
echo "[iptables]" >> $LIST
/etc/init.d/iptables status | grep "not running" >/dev/null 2>&1
if [ $? -ne 0 ];then
cat /etc/sysconfig/iptables >> $LIST
else
echo "## iptables is not running!" >> $LIST
fi
echo >> $LIST
}
## 系统优化主要配置导出
OPTIMA()
{
echo "## The List of optimalize" >> $LIST
echo "[optimalize]" >> $LIST
echo "## limits.conf" >> $LIST
cat /etc/security/limits.conf >> $LIST
echo >> $LIST
echo "## sysctl.conf" >> $LIST
cat /etc/sysctl.conf >> $LIST
echo >> $LIST
echo "## umask" >> $LIST
grep '^umask' /etc/sysconfig/init >> $LIST
echo >> $LIST
}
## 加固检查
FIRMED()
{
echo "## The firmed" >> $LIST
echo "[firmed]" >> $LIST
if egrep -q "^PermitRootLogin no|^LoginGraceTime 30|^ClientAliveInterval 3600|^ClientAliveCountMax 0|^UseDNS no" /etc/ssh/sshd_config;then
echo "firmed=yes" >> $LIST
else
echo "firmed=" >> $LIST
fi
}
## 主程序
if [ $# -eq 0 ];then
echo "check the all programe"
DONE
LDAP
ZABBIX
NAGIOS
RSYNC
NTPDATE
HOSTS
IPTABLES
OPTIMA
FIRMED
echo -e "\n\n## *** END ***" >> $LIST
else
case $1 in
-h|--help|?)
echo -e "usage:bash checklist.sh [-h][Function]\n\t-h:帮助文档\n\tFunction:检查项一次只能检查一个包括LDAP,ZABBIX,NAGIOS,RSYNC,NTPDATE,HOSTS,IPTABLES,OPTIMA,FIRMED\n\t无参数:默认执行所有的检查并生成配置脚本done.sh\n"
;;
LDAP|ldap|Ldap)
LDAP
;;
ZABBIX|zabbix|Zabbix)
ZABBIX
;;
NAGIOS|nagios|Nagios)
NAGIOS
;;
RSYNC|rsync|Rsync)
RSYNC
;;
NTPDATE|ntpdate|Ntpdate)
NTPDATE
;;
HOSTS|hosts|Hosts)
HOSTS
;;
IPTABLES|iptables|Iptables)
IPTABLES
;;
OPTIMA|optima|Optima|optimalize)
OPTIMA
;;
FIRMED|firmed|Firmed)
FIRME
;;
*)
echo "please choose a invalid option!"
esac
fi
echo -e "检查列表为'$LIST'\n查漏脚本'$SCRIPT'"
chmod +x $SCRIPT
```
Reference in a new issue View git blame Copy permalink