CheckLinux脚本

网友投稿 641 2022-10-10

CheckLinux脚本

CheckLinux脚本

#!/bin/sh################################################################################################################Script name: checkLinux.sh#Script description: Check Linux for sop#Current Release Version: 1.0.0#Script Owner: He ,Haibo#Latest editor: He, Haibo#Support platform: Linux OS for redhat and centos.#Change log:2021/8/19 add checkFileSystem function.#2021/8/20 add putCheckLogtoFtp function. #2021/8/23 add fpt command judgment.#2021/8/24 add TimeZone function.#2021/8/25 add checkUserExpires function.#2021/8/25 add checkSwapSize function.#2021/8/26 modification no ntp command wrongs and no user when encounter checkUserExpires function#2021/8/27 add checkSystemTime function.#2021/9/17 add checkKmod function.#Descript:date 2021/8/17#################################################################################################################export LANG=en_USosbox=`uname`RHversion=$(cat /proc/version | sed 's/[^0-9]//g' | cut -b -3)###Defile Ftp Server IpFtpServerIp=192.168.56.100FtpUser=ftpuserFtpUserPassword= DATE_N=`date "+%Y-%m-%d %H:%M:%S"` USER_N=`whoami` echo "${DATE_N} ${USER_N} execute

#!/bin/sh################################################################################################################Script name: checkLinux.sh#Script description: Check Linux for sop#Current Release Version: 1.0.0#Script Owner: He ,Haibo#Latest editor: He, Haibo#Support platform: Linux OS for redhat and centos.#Change log:2021/8/19 add checkFileSystem function.#2021/8/20 add putCheckLogtoFtp function. #2021/8/23 add fpt command judgment.#2021/8/24 add TimeZone function.#2021/8/25 add checkUserExpires function.#2021/8/25 add checkSwapSize function.#2021/8/26 modification no ntp command wrongs and no user when encounter checkUserExpires function#2021/8/27 add checkSystemTime function.#2021/9/17 add checkKmod function.#Descript:date 2021/8/17#################################################################################################################export LANG=en_USosbox=`uname`RHversion=$(cat /proc/version | sed 's/[^0-9]//g' | cut -b -3)###Defile Ftp Server IpFtpServerIp=192.168.56.100FtpUser=ftpuserFtpUserPassword= DATE_N=`date "+%Y-%m-%d %H:%M:%S"` USER_N=`whoami` echo "${DATE_N} ${USER_N} execute $0 [INFO] $@" }log_error(){ DATE_N=`date "+%Y-%m-%d %H:%M:%S"` USER_N=`whoami` echo -e "/033[41;37m ${DATE_N} ${USER_N} execute $0 [ERROR] $@ /033[0m" }fn_log(){ if [[ $? -eq 0 ]];then log_info "$@ sucessed." echo -e "/033[32m $@ sucessed. /033[0m" else log_error "$@ failed." echo -e "/033[41;37m $@ failed. /033[0m" fi}checkExecuteUser(){ uid=`id -u` if [[ $uid == 0 ]];then continue else fn_log "Current excute user is not root ,shell will exist." exit 1 fi}###Create /tmp/log if not exist.mkdirLogPath(){ if [[ ! -d /tmp/log ]];then mkdir -p /tmp/log chmod 767 /tmp/log fi CheckLinuxLogPath="/tmp/log" CheckLinuxLog=`hostname`_$(date +%y%m%d).txt }###Get OS Arch Linux or notgetOsArch(){ if [[ "$osbox" == "Linux" ]];then continue else fn_log "Current OS is $osbox,shell is exit now." echo 0 exit 0 fi}###Get redhat or centosgetOsCentosOrRedhat(){ cat /proc/version | grep -iE "redhat|centos" > /dev/null if [[ $? == 0 ]];then continue else echo "Current OS is not centos or redhat." echo 1 exit 1 fi}###Get OS VersiongetOsVerion(){ ###判断系统是否为Redhat,如果不是则退出,支持Redhat|Centos 7版本 cat /proc/version | grep -i redhat > /dev/null if [[ $? == 0 ]];then if [[ "$RHversion" -ge 310 ]];then OSVersion="redhat7" else echo "Current Rehat Version will not support." echo 1 exit 1 fi else if [[ "$RHversion" -ge 310 ]];then OSVersion="centos7" else echo "Current Rehat Version will not support." echo 1 exit 1 fi fi}###Get firewalld stopped or runningcheckFirewalld(){ echo "##########No.1 check firewalld stopped##########" > $CheckLinuxLogPath/$CheckLinuxLog if [[ $OSVersion == "redhat7" || $OSVersion == "centos7" ]];then systemctl status firewalld | grep -i running > /dev/null if [[ $? == 0 ]];then echo "Firewalld is started,Failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Firewalld is stopped,Success" >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}###Get firewalld enable or disabledcheckFirewalldisEnabled(){ echo "##########No.2 check firewalld disabled##########" >> $CheckLinuxLogPath/$CheckLinuxLog systemctl list-unit-files | grep firewalld | grep disabled > /dev/null if [[ $? == 0 ]];then echo "check firewalld disabled.check success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check firewalld disabled.check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}###Get SeLinux enforcing or notcheckSeLinux(){ echo "##########No.3 check SELINUX.##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/selinux/config | grep -w "SELINUX=enforcing" > /dev/null if [[ $? == 0 ]];then echo "Current SeLinux is started,Failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current SeLinux is stopped,Success." >> $CheckLinuxLogPath/$CheckLinuxLog fi}###Get YumRepocheckYumRepo(){ echo "##########No.4 check YumRepo.##########" >> $CheckLinuxLogPath/$CheckLinuxLog ping -c 3 -w 3 192.168.56.101 > /dev/null if [[ $? == 0 ]];then if [[ $OSVersion == "redhat7" ]];then if [[ ! -f /etc/yum.repos.d/Redhat7_9.repo ]];then echo "/etc/repos.d/Redhat7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "/etc/repos.d/Redhat7_9.repo exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/yum.repos.d/Redhat7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog fi fi if [[ $OSVersion == "centos7" ]];then if [[ ! -f /etc/yum.repos.d/CentOS7_9.repo ]];then echo "/etc/repos.d/CentOS7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "/etc/repos.d/CentOS7_9.repo exist,check success" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/yum.repos.d/CentOS7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog fi fi else echo "Cann't Ping 192.168.56.101,Check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkNtp(){ echo "##########No.5 check checkNtp##########" >> $CheckLinuxLogPath/$CheckLinuxLog nameServer1_1=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print $1'}` nameServer1_2=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print $2'}` if [[ ${nameServer1_1} == nameserver && ${nameServer1_2} == "192.168.56.100" ]];then echo "check 192.168.56.100 success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check 192.168.56.100 failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi nameServer2_1=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print $1'}` nameServer2_2=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print $2'}` if [[ ${nameServer2_1} == nameserver && ${nameServer2_2} == "192.168.56.101" ]];then echo "check 192.168.56.101 success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check 192.168.56.101 failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi oracle_1=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print $1'}` oracle_2=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print $2'}` if [[ ${oracle_1} == "search" && ${oracle_2} == "oracle.com" ]];then echo "check oracle.com,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check oracle.com,failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi nsswitch_1=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $1}'` nsswitch_2=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $2}'` nsswitch_3=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $3}'` if [[ ${nsswitch_1} == "hosts:" && ${nsswitch_2} == "files" && ${nsswitch_3} == "dns" ]];then echo "check /etc/nsswitch.conf,check sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check /etc/nsswitch.conf,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid" > /dev/null if [[ $? == 0 ]];then ntpd_OPTIONS=`cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid"`# echo "ntpd_OPTIONS is $ntpd_OPTIONS" if [[ ${ntpd_OPTIONS} == 'OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"' ]];then echo "Check /var/run/ntpd.pid success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep -w 'OPTIONS="-g"' | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo 'check OPTIONS="-g" failed.' >> $CheckLinuxLogPath/$CheckLinuxLog else echo 'check OPTIONS="-g" success.' >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep -w "SYNC_HWCLOCK=yes" > /dev/null if [[ $? == 0 ]];then echo "SYNC_HWCLOCK=yes,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "SYNC_HWCLOCK=yes,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/ntp.conf ]];then cat /etc/ntp.conf | grep "192.168.56.101" > /dev/null if [[ $? == 0 ]];then ntp1_1=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $1'}` ntp1_2=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $2'}` ntp1_3=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $3'}` if [[ ${ntp1_1} == "server" && ${ntp1_2} == "192.168.56.110" && ${ntp1_3} == "iburst" ]];then echo "check server 192.168.56.110 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check server 192.168.56.110 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /etc/ntp.conf 192.168.56.110,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/ntp.conf | grep "192.168.56.111" > /dev/null if [[ $? == 0 ]];then ntp2_1=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $1'}` ntp2_2=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $2'}` ntp2_3=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $3'}` if [[ ${ntp2_1} == "server" && ${ntp2_2} == "192.168.56.111" && ${ntp2_3} == "iburst" ]];then echo "check server 192.168.56.111 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check server 192.168.56.111 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /etc/ntp.conf 192.168.56.111,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo "check pool.ntp.org failed." >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check pool.ntp.org success." >> $CheckLinuxLogPath/$CheckLinuxLog fi chronyd=`systemctl list-unit-files | grep chronyd | awk -F ' ' {'print $2'}` if [[ ${chronyd} == "disabled" ]];then echo "chronyd is disabled,check success." >> $CheckLinuxLogPath/$CheckLinuxLog elif [[ ${chronyd} == "enabled" ]];then echo "chronyd is enabled,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "chronyd does not exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/ntp.conf,failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi# systemctl restart ntpd.service && systemctl enable ntpd.service which ntpq > /dev/null 2>&1 if [[ $? == 0 ]];then ntpq -p >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current OS does not have ntpq command. check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /var/spool/cron/root ]];then cat /var/spool/cron/root | grep "/usr/sbin/hwclock" > /dev/null if [[ $? == 0 ]];then hwclock_1=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $1'}` hwclock_2=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $2'}` hwclock_3=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $3'}` hwclock_4=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $4'}` hwclock_5=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $5'}` hwclock_6=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $6'}` hwclock_7=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $7'}` if [[ ${hwclock_1} == 10 && ${hwclock_2} == 10 && ${hwclock_3} == "*" && ${hwclock_4} == "*" && ${hwclock_5} == "*" && ${hwclock_6} == "/usr/sbin/hwclock" && ${hwclock_7} == "-w" ]];then echo "check /usr/sbin/hwclock success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have crontab,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkKdump(){ echo "##########No.6 check checkKump##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/sysctl.conf | grep "kernel.softlockup_panic" > /dev/null if [[ $? == 0 ]];then softlockup_panic_1=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print $1'} | sed 's/[ /t]//g'` softlockup_panic_2=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print $2'} | sed 's/[ /t]//g'` if [[ ${softlockup_panic_1} = "kernel.softlockup_panic" && ${softlockup_panic_2} == 1 ]];then echo "check kernel.softlockup_panic success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSecurity(){ echo "##########No.7 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" > /dev/null if [[ $? == 0 ]];then sudoers_root1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $1'}` sudoers_root2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $2'}` sudoers_root3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $3'}` if [[ ${sudoers_root1} == "root" && ${sudoers_root2} == "ALL=(ALL)" && ${sudoers_root3} == "ALL" ]];then echo "check root ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check root ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current root does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" > /dev/null if [[ $? == 0 ]];then sudoers_haibo1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $1'}` sudoers_haibo2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $2'}` sudoers_haibo3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $3'}` if [[ ${sudoers_haibo1} == "hbhe" && ${sudoers_haibo2} == "ALL=(ALL)" && ${sudoers_haibo3} == "ALL" ]];then echo "check hbhe ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check hbhe ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current hbhe does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSsh(){ echo "##########No.8 check checkSsh##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/ssh/sshd_config | grep -i "PermitRootLogin No" | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo "Current OS does not have PermitRootLogin,check success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current OS have PermitRootLogin,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkCtrlAltDel(){ echo "##########No.9 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog if [[ -f /usr/lib/systemd/system/ctrl-alt-del.target ]];then echo "Check Ctrl+Alt+Del failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check Ctrl+Alt+Del success" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkUsers(){ echo "##########No.11 check users##########" >> $CheckLinuxLogPath/$CheckLinuxLog id hbhe > /dev/null 2>&1 if [[ $? == 0 ]];then echo "check hbhe success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check hbhe failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkFileSystem(){ echo "##########No.12 check FileSystem##########" >> $CheckLinuxLogPath/$CheckLinuxLog FreeSize=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print $3}' | tr -d a-zA-Z` FreeUnit=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print $3}' | tr -d 0-9` if [[ $FreeUnit == "GB" ]];then if [[ $FreeSize -gt 10 ]];then echo "Check sda free size $FreeSize $FreeUnit failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkCommonInfo(){ echo "##########No.17 check checkCommonInfo##########" >> $CheckLinuxLogPath/$CheckLinuxLog product_name=`dmidecode |grep "Product Name"|head -n 1|awk -F: '{print $2}'` >> $CheckLinuxLogPath/$CheckLinuxLog serial_number=`dmidecode |grep "Serial Number"|head -n 1|awk -F: '{print $2}'` >> $CheckLinuxLogPath/$CheckLinuxLog echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog cores=`lscpu |grep "Core(s) per socket:"|awk -F: '{print $2}'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog socket=`lscpu |grep "Socket(s):"|awk -F: '{print $2}'| sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog cpu_model=`lscpu |grep "Model name:"|awk -F: '{print $2}'|sed 's/^[ /t]*//g'` >> $CheckLinuxLogPath/$CheckLinuxLog echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog total_mem=`lsmem|grep "Total online memory:"|awk -F: '{print $2}'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog echo "total memory: $total_mem" >> $CheckLinuxLogPath/$CheckLinuxLog kernel=`uname -a |awk '{print $3}'` host=`hostname` echo "hostname: $host" >> $CheckLinuxLogPath/$CheckLinuxLog echo "kernel: $kernel" >> $CheckLinuxLogPath/$CheckLinuxLog echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog}checkUserExpires(){ echo "##########No.14 check user expires##########" >> $CheckLinuxLogPath/$CheckLinuxLog id hbhe > /dev/null 2>&1 if [[ $? == 0 ]];then haibo_he_expires=`chage -l hbhe | grep -w "Password expires" | awk -F ":" {'print $2'} | sed 's/[ /t]//g'` if [[ $haibo_he_expires == "passwordmustbechanged" ]];then echo "Check hbhe password expires success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check hbhe password expires failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}checkSwap(){ echo "##########No.15 check swap Size##########" >> $CheckLinuxLogPath/$CheckLinuxLog totalSwapSize=`free -g | grep "Swap" | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'` dmidecode -s system-product-name | grep -i "virtual" > /dev/null if [[ $? == 0 ]];then if [[ $totalSwapSize -ge 6 ]] && [[ $totalSwapSize -le 10 ]];then echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else if [[ $totalSwapSize -ge 126 ]] && [[ $totalSwapSize -le 130 ]];then echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}checkTimeZone(){ echo "##########No.13 check TimeZone##########" >> $CheckLinuxLogPath/$CheckLinuxLog timeZone=`date -R | awk -F ' ' {'print $6'} | tr -cd 0-9"/n"` if [[ $timeZone == 0800 ]];then echo "Check TimeZone Success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current timeZone is $timeZone,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkKmod(){ echo "##########No.16 check Kmod##########" >> $CheckLinuxLogPath/$CheckLinuxLog kmodNum=`rpm -qa | grep -iE "kmod-i40e-2.12|kmod-megaraid_sas|kmod-elx-lpfc" | wc -l` if [[ $kmodNum == 3 ]];then echo "Check Kmod success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check Kmod failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSystemTime(){ echo "##########No.17 hwclock and date time##########" >> $CheckLinuxLogPath/$CheckLinuxLog dateZone=`date | awk -F ' ' {'print $5'} | sed 's/[ /t]//g'` dateYear=`date | awk -F ' ' {'print $6'} | sed 's/[ /t]//g'` dateMonth=`date | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'` dateDay=`date | awk -F ' ' {'print $3'} | sed 's/[ /t]//g'` dateHour=`date | awk -F ' ' {'print $4'} | awk -F ':' {'print $1'} | sed 's/[ /t]//g'` dateMin=`date | awk -F ' ' {'print $4'} | awk -F ':' {'print $2'} | sed 's/[ /t]//g'` hwclockZone=`hwclock | awk -F ' ' {'print $7'} | sed 's/[ /t]//g'` hwclockYear=`hwclock | awk -F ' ' {'print $4'} | sed 's/[ /t]//g'` hwclockMonth=`hwclock | awk -F ' ' {'print $3'} | sed 's/[ /t]//g'` hwclockDay=`hwclock | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'` hwclockNoon=`hwclock | awk -F ' ' {'print $6'} | sed 's/[ /t]//g'` hwclockHour=`hwclock | awk -F ' ' {'print $5'} | awk -F ':' {'print $1'} | sed 's/[ /t]//g'` hwclockMin=`hwclock | awk -F ' ' {'print $5'} | awk -F ':' {'print $2'} | sed 's/[ /t]//g'` if [[ ${hwclockNoon} == "PM" ]];then hwclockHour=`echo $(($hwclockHour+12))` fi if [[ ${dateZone} == ${hwclockZone} ]] && [[ ${dateYear} == ${hwclockYear} ]] && [[ ${dateMonth} == ${hwclockMonth} ]] && [[ ${dateDay} == ${hwclockDay} ]] && [[ ${dateHour} == ${hwclockHour} ]] && [[ ${dateMin} == ${hwclockMin} ]];then echo "check date and hwclock success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check date and hwclock failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}putCheckLogtoFtp(){ ping -c 3 -w 3 $FtpServerIp > /dev/null if [[ $? == 0 ]];then which ftp > /dev/null 2>&1 if [[ $? == 0 ]];thenftp -n<> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Can't Ping $FtpServerIp,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}main(){ checkExecuteUser getOsArch getOsCentosOrRedhat getOsVerion mkdirLogPath checkFirewalld checkFirewalldisEnabled checkSeLinux checkYumRepo checkNtp checkKdump checkSecurity checkSsh checkCtrlAltDel checkDsa checkUsers checkFileSystem checkTimeZone checkUserExpires checkSwap checkSystemTime checkKmod checkCommonInfo putCheckLogtoFtp} main

[INFO] $@" }log_error(){ DATE_N=`date "+%Y-%m-%d %H:%M:%S"` USER_N=`whoami` echo -e "/033[41;37m ${DATE_N} ${USER_N} execute

#!/bin/sh################################################################################################################Script name: checkLinux.sh#Script description: Check Linux for sop#Current Release Version: 1.0.0#Script Owner: He ,Haibo#Latest editor: He, Haibo#Support platform: Linux OS for redhat and centos.#Change log:2021/8/19 add checkFileSystem function.#2021/8/20 add putCheckLogtoFtp function. #2021/8/23 add fpt command judgment.#2021/8/24 add TimeZone function.#2021/8/25 add checkUserExpires function.#2021/8/25 add checkSwapSize function.#2021/8/26 modification no ntp command wrongs and no user when encounter checkUserExpires function#2021/8/27 add checkSystemTime function.#2021/9/17 add checkKmod function.#Descript:date 2021/8/17#################################################################################################################export LANG=en_USosbox=`uname`RHversion=$(cat /proc/version | sed 's/[^0-9]//g' | cut -b -3)###Defile Ftp Server IpFtpServerIp=192.168.56.100FtpUser=ftpuserFtpUserPassword= DATE_N=`date "+%Y-%m-%d %H:%M:%S"` USER_N=`whoami` echo "${DATE_N} ${USER_N} execute $0 [INFO] $@" }log_error(){ DATE_N=`date "+%Y-%m-%d %H:%M:%S"` USER_N=`whoami` echo -e "/033[41;37m ${DATE_N} ${USER_N} execute $0 [ERROR] $@ /033[0m" }fn_log(){ if [[ $? -eq 0 ]];then log_info "$@ sucessed." echo -e "/033[32m $@ sucessed. /033[0m" else log_error "$@ failed." echo -e "/033[41;37m $@ failed. /033[0m" fi}checkExecuteUser(){ uid=`id -u` if [[ $uid == 0 ]];then continue else fn_log "Current excute user is not root ,shell will exist." exit 1 fi}###Create /tmp/log if not exist.mkdirLogPath(){ if [[ ! -d /tmp/log ]];then mkdir -p /tmp/log chmod 767 /tmp/log fi CheckLinuxLogPath="/tmp/log" CheckLinuxLog=`hostname`_$(date +%y%m%d).txt }###Get OS Arch Linux or notgetOsArch(){ if [[ "$osbox" == "Linux" ]];then continue else fn_log "Current OS is $osbox,shell is exit now." echo 0 exit 0 fi}###Get redhat or centosgetOsCentosOrRedhat(){ cat /proc/version | grep -iE "redhat|centos" > /dev/null if [[ $? == 0 ]];then continue else echo "Current OS is not centos or redhat." echo 1 exit 1 fi}###Get OS VersiongetOsVerion(){ ###判断系统是否为Redhat,如果不是则退出,支持Redhat|Centos 7版本 cat /proc/version | grep -i redhat > /dev/null if [[ $? == 0 ]];then if [[ "$RHversion" -ge 310 ]];then OSVersion="redhat7" else echo "Current Rehat Version will not support." echo 1 exit 1 fi else if [[ "$RHversion" -ge 310 ]];then OSVersion="centos7" else echo "Current Rehat Version will not support." echo 1 exit 1 fi fi}###Get firewalld stopped or runningcheckFirewalld(){ echo "##########No.1 check firewalld stopped##########" > $CheckLinuxLogPath/$CheckLinuxLog if [[ $OSVersion == "redhat7" || $OSVersion == "centos7" ]];then systemctl status firewalld | grep -i running > /dev/null if [[ $? == 0 ]];then echo "Firewalld is started,Failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Firewalld is stopped,Success" >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}###Get firewalld enable or disabledcheckFirewalldisEnabled(){ echo "##########No.2 check firewalld disabled##########" >> $CheckLinuxLogPath/$CheckLinuxLog systemctl list-unit-files | grep firewalld | grep disabled > /dev/null if [[ $? == 0 ]];then echo "check firewalld disabled.check success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check firewalld disabled.check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}###Get SeLinux enforcing or notcheckSeLinux(){ echo "##########No.3 check SELINUX.##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/selinux/config | grep -w "SELINUX=enforcing" > /dev/null if [[ $? == 0 ]];then echo "Current SeLinux is started,Failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current SeLinux is stopped,Success." >> $CheckLinuxLogPath/$CheckLinuxLog fi}###Get YumRepocheckYumRepo(){ echo "##########No.4 check YumRepo.##########" >> $CheckLinuxLogPath/$CheckLinuxLog ping -c 3 -w 3 192.168.56.101 > /dev/null if [[ $? == 0 ]];then if [[ $OSVersion == "redhat7" ]];then if [[ ! -f /etc/yum.repos.d/Redhat7_9.repo ]];then echo "/etc/repos.d/Redhat7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "/etc/repos.d/Redhat7_9.repo exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/yum.repos.d/Redhat7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog fi fi if [[ $OSVersion == "centos7" ]];then if [[ ! -f /etc/yum.repos.d/CentOS7_9.repo ]];then echo "/etc/repos.d/CentOS7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "/etc/repos.d/CentOS7_9.repo exist,check success" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/yum.repos.d/CentOS7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog fi fi else echo "Cann't Ping 192.168.56.101,Check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkNtp(){ echo "##########No.5 check checkNtp##########" >> $CheckLinuxLogPath/$CheckLinuxLog nameServer1_1=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print $1'}` nameServer1_2=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print $2'}` if [[ ${nameServer1_1} == nameserver && ${nameServer1_2} == "192.168.56.100" ]];then echo "check 192.168.56.100 success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check 192.168.56.100 failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi nameServer2_1=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print $1'}` nameServer2_2=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print $2'}` if [[ ${nameServer2_1} == nameserver && ${nameServer2_2} == "192.168.56.101" ]];then echo "check 192.168.56.101 success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check 192.168.56.101 failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi oracle_1=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print $1'}` oracle_2=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print $2'}` if [[ ${oracle_1} == "search" && ${oracle_2} == "oracle.com" ]];then echo "check oracle.com,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check oracle.com,failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi nsswitch_1=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $1}'` nsswitch_2=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $2}'` nsswitch_3=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $3}'` if [[ ${nsswitch_1} == "hosts:" && ${nsswitch_2} == "files" && ${nsswitch_3} == "dns" ]];then echo "check /etc/nsswitch.conf,check sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check /etc/nsswitch.conf,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid" > /dev/null if [[ $? == 0 ]];then ntpd_OPTIONS=`cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid"`# echo "ntpd_OPTIONS is $ntpd_OPTIONS" if [[ ${ntpd_OPTIONS} == 'OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"' ]];then echo "Check /var/run/ntpd.pid success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep -w 'OPTIONS="-g"' | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo 'check OPTIONS="-g" failed.' >> $CheckLinuxLogPath/$CheckLinuxLog else echo 'check OPTIONS="-g" success.' >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep -w "SYNC_HWCLOCK=yes" > /dev/null if [[ $? == 0 ]];then echo "SYNC_HWCLOCK=yes,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "SYNC_HWCLOCK=yes,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/ntp.conf ]];then cat /etc/ntp.conf | grep "192.168.56.101" > /dev/null if [[ $? == 0 ]];then ntp1_1=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $1'}` ntp1_2=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $2'}` ntp1_3=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $3'}` if [[ ${ntp1_1} == "server" && ${ntp1_2} == "192.168.56.110" && ${ntp1_3} == "iburst" ]];then echo "check server 192.168.56.110 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check server 192.168.56.110 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /etc/ntp.conf 192.168.56.110,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/ntp.conf | grep "192.168.56.111" > /dev/null if [[ $? == 0 ]];then ntp2_1=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $1'}` ntp2_2=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $2'}` ntp2_3=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $3'}` if [[ ${ntp2_1} == "server" && ${ntp2_2} == "192.168.56.111" && ${ntp2_3} == "iburst" ]];then echo "check server 192.168.56.111 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check server 192.168.56.111 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /etc/ntp.conf 192.168.56.111,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo "check pool.ntp.org failed." >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check pool.ntp.org success." >> $CheckLinuxLogPath/$CheckLinuxLog fi chronyd=`systemctl list-unit-files | grep chronyd | awk -F ' ' {'print $2'}` if [[ ${chronyd} == "disabled" ]];then echo "chronyd is disabled,check success." >> $CheckLinuxLogPath/$CheckLinuxLog elif [[ ${chronyd} == "enabled" ]];then echo "chronyd is enabled,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "chronyd does not exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/ntp.conf,failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi# systemctl restart ntpd.service && systemctl enable ntpd.service which ntpq > /dev/null 2>&1 if [[ $? == 0 ]];then ntpq -p >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current OS does not have ntpq command. check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /var/spool/cron/root ]];then cat /var/spool/cron/root | grep "/usr/sbin/hwclock" > /dev/null if [[ $? == 0 ]];then hwclock_1=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $1'}` hwclock_2=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $2'}` hwclock_3=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $3'}` hwclock_4=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $4'}` hwclock_5=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $5'}` hwclock_6=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $6'}` hwclock_7=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $7'}` if [[ ${hwclock_1} == 10 && ${hwclock_2} == 10 && ${hwclock_3} == "*" && ${hwclock_4} == "*" && ${hwclock_5} == "*" && ${hwclock_6} == "/usr/sbin/hwclock" && ${hwclock_7} == "-w" ]];then echo "check /usr/sbin/hwclock success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have crontab,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkKdump(){ echo "##########No.6 check checkKump##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/sysctl.conf | grep "kernel.softlockup_panic" > /dev/null if [[ $? == 0 ]];then softlockup_panic_1=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print $1'} | sed 's/[ /t]//g'` softlockup_panic_2=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print $2'} | sed 's/[ /t]//g'` if [[ ${softlockup_panic_1} = "kernel.softlockup_panic" && ${softlockup_panic_2} == 1 ]];then echo "check kernel.softlockup_panic success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSecurity(){ echo "##########No.7 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" > /dev/null if [[ $? == 0 ]];then sudoers_root1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $1'}` sudoers_root2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $2'}` sudoers_root3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $3'}` if [[ ${sudoers_root1} == "root" && ${sudoers_root2} == "ALL=(ALL)" && ${sudoers_root3} == "ALL" ]];then echo "check root ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check root ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current root does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" > /dev/null if [[ $? == 0 ]];then sudoers_haibo1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $1'}` sudoers_haibo2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $2'}` sudoers_haibo3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $3'}` if [[ ${sudoers_haibo1} == "hbhe" && ${sudoers_haibo2} == "ALL=(ALL)" && ${sudoers_haibo3} == "ALL" ]];then echo "check hbhe ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check hbhe ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current hbhe does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSsh(){ echo "##########No.8 check checkSsh##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/ssh/sshd_config | grep -i "PermitRootLogin No" | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo "Current OS does not have PermitRootLogin,check success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current OS have PermitRootLogin,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkCtrlAltDel(){ echo "##########No.9 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog if [[ -f /usr/lib/systemd/system/ctrl-alt-del.target ]];then echo "Check Ctrl+Alt+Del failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check Ctrl+Alt+Del success" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkUsers(){ echo "##########No.11 check users##########" >> $CheckLinuxLogPath/$CheckLinuxLog id hbhe > /dev/null 2>&1 if [[ $? == 0 ]];then echo "check hbhe success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check hbhe failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkFileSystem(){ echo "##########No.12 check FileSystem##########" >> $CheckLinuxLogPath/$CheckLinuxLog FreeSize=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print $3}' | tr -d a-zA-Z` FreeUnit=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print $3}' | tr -d 0-9` if [[ $FreeUnit == "GB" ]];then if [[ $FreeSize -gt 10 ]];then echo "Check sda free size $FreeSize $FreeUnit failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkCommonInfo(){ echo "##########No.17 check checkCommonInfo##########" >> $CheckLinuxLogPath/$CheckLinuxLog product_name=`dmidecode |grep "Product Name"|head -n 1|awk -F: '{print $2}'` >> $CheckLinuxLogPath/$CheckLinuxLog serial_number=`dmidecode |grep "Serial Number"|head -n 1|awk -F: '{print $2}'` >> $CheckLinuxLogPath/$CheckLinuxLog echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog cores=`lscpu |grep "Core(s) per socket:"|awk -F: '{print $2}'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog socket=`lscpu |grep "Socket(s):"|awk -F: '{print $2}'| sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog cpu_model=`lscpu |grep "Model name:"|awk -F: '{print $2}'|sed 's/^[ /t]*//g'` >> $CheckLinuxLogPath/$CheckLinuxLog echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog total_mem=`lsmem|grep "Total online memory:"|awk -F: '{print $2}'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog echo "total memory: $total_mem" >> $CheckLinuxLogPath/$CheckLinuxLog kernel=`uname -a |awk '{print $3}'` host=`hostname` echo "hostname: $host" >> $CheckLinuxLogPath/$CheckLinuxLog echo "kernel: $kernel" >> $CheckLinuxLogPath/$CheckLinuxLog echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog}checkUserExpires(){ echo "##########No.14 check user expires##########" >> $CheckLinuxLogPath/$CheckLinuxLog id hbhe > /dev/null 2>&1 if [[ $? == 0 ]];then haibo_he_expires=`chage -l hbhe | grep -w "Password expires" | awk -F ":" {'print $2'} | sed 's/[ /t]//g'` if [[ $haibo_he_expires == "passwordmustbechanged" ]];then echo "Check hbhe password expires success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check hbhe password expires failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}checkSwap(){ echo "##########No.15 check swap Size##########" >> $CheckLinuxLogPath/$CheckLinuxLog totalSwapSize=`free -g | grep "Swap" | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'` dmidecode -s system-product-name | grep -i "virtual" > /dev/null if [[ $? == 0 ]];then if [[ $totalSwapSize -ge 6 ]] && [[ $totalSwapSize -le 10 ]];then echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else if [[ $totalSwapSize -ge 126 ]] && [[ $totalSwapSize -le 130 ]];then echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}checkTimeZone(){ echo "##########No.13 check TimeZone##########" >> $CheckLinuxLogPath/$CheckLinuxLog timeZone=`date -R | awk -F ' ' {'print $6'} | tr -cd 0-9"/n"` if [[ $timeZone == 0800 ]];then echo "Check TimeZone Success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current timeZone is $timeZone,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkKmod(){ echo "##########No.16 check Kmod##########" >> $CheckLinuxLogPath/$CheckLinuxLog kmodNum=`rpm -qa | grep -iE "kmod-i40e-2.12|kmod-megaraid_sas|kmod-elx-lpfc" | wc -l` if [[ $kmodNum == 3 ]];then echo "Check Kmod success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check Kmod failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSystemTime(){ echo "##########No.17 hwclock and date time##########" >> $CheckLinuxLogPath/$CheckLinuxLog dateZone=`date | awk -F ' ' {'print $5'} | sed 's/[ /t]//g'` dateYear=`date | awk -F ' ' {'print $6'} | sed 's/[ /t]//g'` dateMonth=`date | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'` dateDay=`date | awk -F ' ' {'print $3'} | sed 's/[ /t]//g'` dateHour=`date | awk -F ' ' {'print $4'} | awk -F ':' {'print $1'} | sed 's/[ /t]//g'` dateMin=`date | awk -F ' ' {'print $4'} | awk -F ':' {'print $2'} | sed 's/[ /t]//g'` hwclockZone=`hwclock | awk -F ' ' {'print $7'} | sed 's/[ /t]//g'` hwclockYear=`hwclock | awk -F ' ' {'print $4'} | sed 's/[ /t]//g'` hwclockMonth=`hwclock | awk -F ' ' {'print $3'} | sed 's/[ /t]//g'` hwclockDay=`hwclock | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'` hwclockNoon=`hwclock | awk -F ' ' {'print $6'} | sed 's/[ /t]//g'` hwclockHour=`hwclock | awk -F ' ' {'print $5'} | awk -F ':' {'print $1'} | sed 's/[ /t]//g'` hwclockMin=`hwclock | awk -F ' ' {'print $5'} | awk -F ':' {'print $2'} | sed 's/[ /t]//g'` if [[ ${hwclockNoon} == "PM" ]];then hwclockHour=`echo $(($hwclockHour+12))` fi if [[ ${dateZone} == ${hwclockZone} ]] && [[ ${dateYear} == ${hwclockYear} ]] && [[ ${dateMonth} == ${hwclockMonth} ]] && [[ ${dateDay} == ${hwclockDay} ]] && [[ ${dateHour} == ${hwclockHour} ]] && [[ ${dateMin} == ${hwclockMin} ]];then echo "check date and hwclock success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check date and hwclock failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}putCheckLogtoFtp(){ ping -c 3 -w 3 $FtpServerIp > /dev/null if [[ $? == 0 ]];then which ftp > /dev/null 2>&1 if [[ $? == 0 ]];thenftp -n<> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Can't Ping $FtpServerIp,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}main(){ checkExecuteUser getOsArch getOsCentosOrRedhat getOsVerion mkdirLogPath checkFirewalld checkFirewalldisEnabled checkSeLinux checkYumRepo checkNtp checkKdump checkSecurity checkSsh checkCtrlAltDel checkDsa checkUsers checkFileSystem checkTimeZone checkUserExpires checkSwap checkSystemTime checkKmod checkCommonInfo putCheckLogtoFtp} main

[ERROR] $@ /033[0m" }fn_log(){ if [[ $? -eq 0 ]];then log_info "$@ sucessed." echo -e "/033[32m $@ sucessed. /033[0m" else log_error "$@ failed." echo -e "/033[41;37m $@ failed. /033[0m" fi}checkExecuteUser(){ uid=`id -u` if [[ $uid == 0 ]];then continue else fn_log "Current excute user is not root ,shell will exist." exit 1 fi}###Create /tmp/log if not exist.mkdirLogPath(){ if [[ ! -d /tmp/log ]];then mkdir -p /tmp/log chmod 767 /tmp/log fi CheckLinuxLogPath="/tmp/log" CheckLinuxLog=`hostname`_$(date +%y%m%d).txt }###Get OS Arch Linux or notgetOsArch(){ if [[ "$osbox" == "Linux" ]];then continue else fn_log "Current OS is $osbox,shell is exit now." echo 0 exit 0 fi}###Get redhat or centosgetOsCentosOrRedhat(){ cat /proc/version | grep -iE "redhat|centos" > /dev/null if [[ $? == 0 ]];then continue else echo "Current OS is not centos or redhat." echo 1 exit 1 fi}###Get OS VersiongetOsVerion(){ ###判断系统是否为Redhat,如果不是则退出,支持Redhat|Centos 7版本 cat /proc/version | grep -i redhat > /dev/null if [[ $? == 0 ]];then if [[ "$RHversion" -ge 310 ]];then OSVersion="redhat7" else echo "Current Rehat Version will not support." echo 1 exit 1 fi else if [[ "$RHversion" -ge 310 ]];then OSVersion="centos7" else echo "Current Rehat Version will not support." echo 1 exit 1 fi fi}###Get firewalld stopped or runningcheckFirewalld(){ echo "##########No.1 check firewalld stopped##########" > $CheckLinuxLogPath/$CheckLinuxLog if [[ $OSVersion == "redhat7" || $OSVersion == "centos7" ]];then systemctl status firewalld | grep -i running > /dev/null if [[ $? == 0 ]];then echo "Firewalld is started,Failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Firewalld is stopped,Success" >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}###Get firewalld enable or disabledcheckFirewalldisEnabled(){ echo "##########No.2 check firewalld disabled##########" >> $CheckLinuxLogPath/$CheckLinuxLog systemctl list-unit-files | grep firewalld | grep disabled > /dev/null if [[ $? == 0 ]];then echo "check firewalld disabled.check success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check firewalld disabled.check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}###Get SeLinux enforcing or notcheckSeLinux(){ echo "##########No.3 check SELINUX.##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/selinux/config | grep -w "SELINUX=enforcing" > /dev/null if [[ $? == 0 ]];then echo "Current SeLinux is started,Failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current SeLinux is stopped,Success." >> $CheckLinuxLogPath/$CheckLinuxLog fi}###Get YumRepocheckYumRepo(){ echo "##########No.4 check YumRepo.##########" >> $CheckLinuxLogPath/$CheckLinuxLog ping -c 3 -w 3 192.168.56.101 > /dev/null if [[ $? == 0 ]];then if [[ $OSVersion == "redhat7" ]];then if [[ ! -f /etc/yum.repos.d/Redhat7_9.repo ]];then echo "/etc/repos.d/Redhat7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "/etc/repos.d/Redhat7_9.repo exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/yum.repos.d/Redhat7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog fi fi if [[ $OSVersion == "centos7" ]];then if [[ ! -f /etc/yum.repos.d/CentOS7_9.repo ]];then echo "/etc/repos.d/CentOS7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "/etc/repos.d/CentOS7_9.repo exist,check success" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/yum.repos.d/CentOS7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog fi fi else echo "Cann't Ping 192.168.56.101,Check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkNtp(){ echo "##########No.5 check checkNtp##########" >> $CheckLinuxLogPath/$CheckLinuxLog nameServer1_1=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print '}` nameServer1_2=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print '}` if [[ ${nameServer1_1} == nameserver && ${nameServer1_2} == "192.168.56.100" ]];then echo "check 192.168.56.100 success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check 192.168.56.100 failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi nameServer2_1=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print '}` nameServer2_2=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print '}` if [[ ${nameServer2_1} == nameserver && ${nameServer2_2} == "192.168.56.101" ]];then echo "check 192.168.56.101 success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check 192.168.56.101 failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi oracle_1=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print '}` oracle_2=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print '}` if [[ ${oracle_1} == "search" && ${oracle_2} == "oracle.com" ]];then echo "check oracle.com,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check oracle.com,failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi nsswitch_1=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print }'` nsswitch_2=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print }'` nsswitch_3=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print }'` if [[ ${nsswitch_1} == "hosts:" && ${nsswitch_2} == "files" && ${nsswitch_3} == "dns" ]];then echo "check /etc/nsswitch.conf,check sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check /etc/nsswitch.conf,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid" > /dev/null if [[ $? == 0 ]];then ntpd_OPTIONS=`cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid"`# echo "ntpd_OPTIONS is $ntpd_OPTIONS" if [[ ${ntpd_OPTIONS} == 'OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"' ]];then echo "Check /var/run/ntpd.pid success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep -w 'OPTIONS="-g"' | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo 'check OPTIONS="-g" failed.' >> $CheckLinuxLogPath/$CheckLinuxLog else echo 'check OPTIONS="-g" success.' >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/sysconfig/ntpd ]];then cat /etc/sysconfig/ntpd | grep -w "SYNC_HWCLOCK=yes" > /dev/null if [[ $? == 0 ]];then echo "SYNC_HWCLOCK=yes,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "SYNC_HWCLOCK=yes,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /etc/ntp.conf ]];then cat /etc/ntp.conf | grep "192.168.56.101" > /dev/null if [[ $? == 0 ]];then ntp1_1=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print '}` ntp1_2=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print '}` ntp1_3=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print '}` if [[ ${ntp1_1} == "server" && ${ntp1_2} == "192.168.56.110" && ${ntp1_3} == "iburst" ]];then echo "check server 192.168.56.110 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check server 192.168.56.110 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /etc/ntp.conf 192.168.56.110,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/ntp.conf | grep "192.168.56.111" > /dev/null if [[ $? == 0 ]];then ntp2_1=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print '}` ntp2_2=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print '}` ntp2_3=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print '}` if [[ ${ntp2_1} == "server" && ${ntp2_2} == "192.168.56.111" && ${ntp2_3} == "iburst" ]];then echo "check server 192.168.56.111 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check server 192.168.56.111 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /etc/ntp.conf 192.168.56.111,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo "check pool.ntp.org failed." >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check pool.ntp.org success." >> $CheckLinuxLogPath/$CheckLinuxLog fi chronyd=`systemctl list-unit-files | grep chronyd | awk -F ' ' {'print '}` if [[ ${chronyd} == "disabled" ]];then echo "chronyd is disabled,check success." >> $CheckLinuxLogPath/$CheckLinuxLog elif [[ ${chronyd} == "enabled" ]];then echo "chronyd is enabled,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "chronyd does not exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have /etc/ntp.conf,failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi# systemctl restart ntpd.service && systemctl enable ntpd.service which ntpq > /dev/null 2>&1 if [[ $? == 0 ]];then ntpq -p >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current OS does not have ntpq command. check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi if [[ -f /var/spool/cron/root ]];then cat /var/spool/cron/root | grep "/usr/sbin/hwclock" > /dev/null if [[ $? == 0 ]];then hwclock_1=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` hwclock_2=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` hwclock_3=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` hwclock_4=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` hwclock_5=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` hwclock_6=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` hwclock_7=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print '}` if [[ ${hwclock_1} == 10 && ${hwclock_2} == 10 && ${hwclock_3} == "*" && ${hwclock_4} == "*" && ${hwclock_5} == "*" && ${hwclock_6} == "/usr/sbin/hwclock" && ${hwclock_7} == "-w" ]];then echo "check /usr/sbin/hwclock success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current OS does not have crontab,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkKdump(){ echo "##########No.6 check checkKump##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/sysctl.conf | grep "kernel.softlockup_panic" > /dev/null if [[ $? == 0 ]];then softlockup_panic_1=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print '} | sed 's/[ /t]//g'` softlockup_panic_2=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print '} | sed 's/[ /t]//g'` if [[ ${softlockup_panic_1} = "kernel.softlockup_panic" && ${softlockup_panic_2} == 1 ]];then echo "check kernel.softlockup_panic success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSecurity(){ echo "##########No.7 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" > /dev/null if [[ $? == 0 ]];then sudoers_root1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print '}` sudoers_root2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print '}` sudoers_root3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print '}` if [[ ${sudoers_root1} == "root" && ${sudoers_root2} == "ALL=(ALL)" && ${sudoers_root3} == "ALL" ]];then echo "check root ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check root ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current root does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" > /dev/null if [[ $? == 0 ]];then sudoers_haibo1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print '}` sudoers_haibo2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print '}` sudoers_haibo3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print '}` if [[ ${sudoers_haibo1} == "hbhe" && ${sudoers_haibo2} == "ALL=(ALL)" && ${sudoers_haibo3} == "ALL" ]];then echo "check hbhe ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check hbhe ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Current hbhe does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSsh(){ echo "##########No.8 check checkSsh##########" >> $CheckLinuxLogPath/$CheckLinuxLog cat /etc/ssh/sshd_config | grep -i "PermitRootLogin No" | grep -v "#" > /dev/null if [[ $? == 0 ]];then echo "Current OS does not have PermitRootLogin,check success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current OS have PermitRootLogin,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkCtrlAltDel(){ echo "##########No.9 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog if [[ -f /usr/lib/systemd/system/ctrl-alt-del.target ]];then echo "Check Ctrl+Alt+Del failed" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check Ctrl+Alt+Del success" >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkUsers(){ echo "##########No.11 check users##########" >> $CheckLinuxLogPath/$CheckLinuxLog id hbhe > /dev/null 2>&1 if [[ $? == 0 ]];then echo "check hbhe success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check hbhe failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkFileSystem(){ echo "##########No.12 check FileSystem##########" >> $CheckLinuxLogPath/$CheckLinuxLog FreeSize=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print }' | tr -d a-zA-Z` FreeUnit=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print }' | tr -d 0-9` if [[ $FreeUnit == "GB" ]];then if [[ $FreeSize -gt 10 ]];then echo "Check sda free size $FreeSize $FreeUnit failed." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkCommonInfo(){ echo "##########No.17 check checkCommonInfo##########" >> $CheckLinuxLogPath/$CheckLinuxLog product_name=`dmidecode |grep "Product Name"|head -n 1|awk -F: '{print }'` >> $CheckLinuxLogPath/$CheckLinuxLog serial_number=`dmidecode |grep "Serial Number"|head -n 1|awk -F: '{print }'` >> $CheckLinuxLogPath/$CheckLinuxLog echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog cores=`lscpu |grep "Core(s) per socket:"|awk -F: '{print }'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog socket=`lscpu |grep "Socket(s):"|awk -F: '{print }'| sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog cpu_model=`lscpu |grep "Model name:"|awk -F: '{print }'|sed 's/^[ /t]*//g'` >> $CheckLinuxLogPath/$CheckLinuxLog echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog total_mem=`lsmem|grep "Total online memory:"|awk -F: '{print }'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog echo "total memory: $total_mem" >> $CheckLinuxLogPath/$CheckLinuxLog kernel=`uname -a |awk '{print }'` host=`hostname` echo "hostname: $host" >> $CheckLinuxLogPath/$CheckLinuxLog echo "kernel: $kernel" >> $CheckLinuxLogPath/$CheckLinuxLog echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog}checkUserExpires(){ echo "##########No.14 check user expires##########" >> $CheckLinuxLogPath/$CheckLinuxLog id hbhe > /dev/null 2>&1 if [[ $? == 0 ]];then haibo_he_expires=`chage -l hbhe | grep -w "Password expires" | awk -F ":" {'print '} | sed 's/[ /t]//g'` if [[ $haibo_he_expires == "passwordmustbechanged" ]];then echo "Check hbhe password expires success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check hbhe password expires failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}checkSwap(){ echo "##########No.15 check swap Size##########" >> $CheckLinuxLogPath/$CheckLinuxLog totalSwapSize=`free -g | grep "Swap" | awk -F ' ' {'print '} | sed 's/[ /t]//g'` dmidecode -s system-product-name | grep -i "virtual" > /dev/null if [[ $? == 0 ]];then if [[ $totalSwapSize -ge 6 ]] && [[ $totalSwapSize -le 10 ]];then echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi else if [[ $totalSwapSize -ge 126 ]] && [[ $totalSwapSize -le 130 ]];then echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi fi}checkTimeZone(){ echo "##########No.13 check TimeZone##########" >> $CheckLinuxLogPath/$CheckLinuxLog timeZone=`date -R | awk -F ' ' {'print '} | tr -cd 0-9"/n"` if [[ $timeZone == 0800 ]];then echo "Check TimeZone Success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Current timeZone is $timeZone,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkKmod(){ echo "##########No.16 check Kmod##########" >> $CheckLinuxLogPath/$CheckLinuxLog kmodNum=`rpm -qa | grep -iE "kmod-i40e-2.12|kmod-megaraid_sas|kmod-elx-lpfc" | wc -l` if [[ $kmodNum == 3 ]];then echo "Check Kmod success." >> $CheckLinuxLogPath/$CheckLinuxLog else echo "Check Kmod failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}checkSystemTime(){ echo "##########No.17 hwclock and date time##########" >> $CheckLinuxLogPath/$CheckLinuxLog dateZone=`date | awk -F ' ' {'print '} | sed 's/[ /t]//g'` dateYear=`date | awk -F ' ' {'print '} | sed 's/[ /t]//g'` dateMonth=`date | awk -F ' ' {'print '} | sed 's/[ /t]//g'` dateDay=`date | awk -F ' ' {'print '} | sed 's/[ /t]//g'` dateHour=`date | awk -F ' ' {'print '} | awk -F ':' {'print '} | sed 's/[ /t]//g'` dateMin=`date | awk -F ' ' {'print '} | awk -F ':' {'print '} | sed 's/[ /t]//g'` hwclockZone=`hwclock | awk -F ' ' {'print '} | sed 's/[ /t]//g'` hwclockYear=`hwclock | awk -F ' ' {'print '} | sed 's/[ /t]//g'` hwclockMonth=`hwclock | awk -F ' ' {'print '} | sed 's/[ /t]//g'` hwclockDay=`hwclock | awk -F ' ' {'print '} | sed 's/[ /t]//g'` hwclockNoon=`hwclock | awk -F ' ' {'print '} | sed 's/[ /t]//g'` hwclockHour=`hwclock | awk -F ' ' {'print '} | awk -F ':' {'print '} | sed 's/[ /t]//g'` hwclockMin=`hwclock | awk -F ' ' {'print '} | awk -F ':' {'print '} | sed 's/[ /t]//g'` if [[ ${hwclockNoon} == "PM" ]];then hwclockHour=`echo $(($hwclockHour+12))` fi if [[ ${dateZone} == ${hwclockZone} ]] && [[ ${dateYear} == ${hwclockYear} ]] && [[ ${dateMonth} == ${hwclockMonth} ]] && [[ ${dateDay} == ${hwclockDay} ]] && [[ ${dateHour} == ${hwclockHour} ]] && [[ ${dateMin} == ${hwclockMin} ]];then echo "check date and hwclock success" >> $CheckLinuxLogPath/$CheckLinuxLog else echo "check date and hwclock failed" >> $CheckLinuxLogPath/$CheckLinuxLog fi}putCheckLogtoFtp(){ ping -c 3 -w 3 $FtpServerIp > /dev/null if [[ $? == 0 ]];then which ftp > /dev/null 2>&1 if [[ $? == 0 ]];thenftp -n<> $CheckLinuxLogPath/$CheckLinuxLog fi else echo "Can't Ping $FtpServerIp,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog fi}main(){ checkExecuteUser getOsArch getOsCentosOrRedhat getOsVerion mkdirLogPath checkFirewalld checkFirewalldisEnabled checkSeLinux checkYumRepo checkNtp checkKdump checkSecurity checkSsh checkCtrlAltDel checkDsa checkUsers checkFileSystem checkTimeZone checkUserExpires checkSwap checkSystemTime checkKmod checkCommonInfo putCheckLogtoFtp} main

shell

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:FibJS- 协程应用开发框架(fibjs 兼容 node)
下一篇:elasticsearch索引创建create index集群matedata更新
相关文章

 发表评论

暂时没有评论,来抢沙发吧~