【Linux巡检脚本】

【Linux巡检脚本】

#!/bin/sh

##edit by ayp @ 2021.08.26##

curdir=$PWD

clearecho "Welcome to this document of check linux!"

mkdir -p /linux-out

export home=/linux-out

more /proc/version > $home/01001-1.txtuname -a > $home/01001-2.txtcat /etc/redhat-release > $home/01001-3.txtcat /etc/regflag-release > $home/01001-4.txt

df -k > $home/01002-1.txtdf -T > $home/01002-2.txtmore /proc/partitions > $home/01003-3.txt

hostname > $home/01003-1.txtifconfig -a > $home/01003-2.txtmore /etc/sysconfig/network > $home/01003-3.txtmore /etc/resolv.conf > $home/01003-4.txtmore /etc/sysconfig/network-scripts/ifcfg-eth0 > $home/01003-5.txtmore /etc/sysconfig/network-scripts/ifcfg-eth1 > $home/01003-6.txt

free > $home/01004-1.txtmore /proc/meminfo > $home/01004-2.txt

route > $home/01005-1.txtip route > $home/01005-2.txt

more /proc/cpuinfo > $home/01006-1.txtmore /proc/ioports > $home/01006-2.txtmore /proc/swaps > $home/01006-3.txtmore /proc/pci > $home/01006-4.txt

##  补丁暂时不做检查

more /etc/login.defs > $home/02001.txtmore /etc/passwd > $home/02002-1.txtmore /etc/group > $home/02002-2.txtmore /etc/shadow > $home/02002-3.txtgetent passwd | awk -F: '$3 == "0" { print $1 }' > $home/02003.txtawk -F: ' ( $2 == "" ) { print $1 }' /etc/shadow > $home/02004.txtmore /etc/passwd /etc/shadow /etc/group > $home/02005.txtlsattr /etc/passwd /etc/group /etc/shadow /etc/gshadow > $home/02006.txtls /home -l > $home/02007.txtls -la /etc/group /etc/gshadow /etc/passwd /etc/shadow > $home/02008.txtlsattr /etc/group /etc/gshadow /etc/passwd /etc/shadow > $home/02009.txt

netstat -an|grep LISTEN > $home/03001-1.txtnetstat -an > $home/03001-2.txtnetstat -s > $home/03001-3.txtnetstat -npa > $home/03001-4.txtps -ef > $home/03002-1.txtps aux > $home/03002-2.txt##top > $home/03002-3.txtmore /etc/inittab > $home/03003-1.txtls -l /etc/rc3.d/ > $home/03003-2.txtls -l /etc/rc2.d/ > $home/03003-3.txtmore /etc/rc.local > $home/03003-4.txtmore /etc/rc.sysinit > $home/03003-5.txt##crontab -e > $home/03004.txtchkconfig --list > $home/03005.txt

echo $PATH > $home/04001.txtfind / -name ".rhosts" -print > $home/04002-1.txtfind / -name "hosts.equiv" -print > $home/04002-2.txtls -l /etc/ftpusers > $home/04003.txtmore /etc/cron.d/cron.allow > $home/04004-1.txtmore /etc/cron.d/cron.deny > $home/04004-2.txtmore /etc/cron.d/at.allow > $home/04005-1.txtmore /etc/cron.d/at.deny > $home/04005-2.txtmore /default/login > $home/04006.txtmore /etc/inittab > $home/04007.txtumask > $home/04008.txt##find / -type f ( -perm -linux-04000 -o -perm -linux-02000 ) -print > $home/04009.txtfind / -type f -perm -2000 -exec ls -l {} \; > $home/04009-1.txtfind / -type f -perm -4000 -exec ls -l {} \; > $home/04009-2.txtmore /etc/ssh/sshd_config > $home/04010.txtfind /home -name ".*" -xdev -ls > $home/04011.txt

ps -ef|grep audit > $home/05001-1.txtls /lib/modules/$(uname -r)/kernel/fs  > $home/05001-2.txtmore /etc/fstab > $home/005001-3.txtls -la /var/log/audit.d > $home/05002-1.txtls -la /var/log/autid/autid.log > $home/05002.txtlast > $home/05003.txt##access-log  acct/pacct aculog messages sudolog syslog xferlog##who w last ##more /var/log/lastlog##more /var/adm/sulog##more /var/adm/loginlog

find / -nouser -print|xargs ls -l > $home/06001-1.txtfind / -nogroup -print|xargs ls -l > $home/06001-2.txtmore /etc/motd > $home/06002-1.txtmore /etc/issue > $home/06002-2.txtmore /etc/issue.net > $home/06002-3.txtmore /etc/sysctl.conf > $home/06003.txtmore /etc/sysctl.conf > $home/06004.txt

env > $home/env.logrpm -qa --last > $home/rpm-qa-last

cd $curdir rm -rf ./check-linux-new.shcd $homeecho "It's over."

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。