《Linux系统日常巡检脚本.docx》由会员分享,可在线阅读,更多相关《Linux系统日常巡检脚本.docx(11页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Linux系统常巡检脚本 背景:在我们的常作中,需要对服务器的各项性能指标进查看。以便排查风险,及时发现问题。该Linux 巡检脚本,内容包括了,磁盘,内存 cpu 进程 件更改 户登录等系列的操作,可以直接使,报告以邮件发送到邮箱 在log 下成巡检报告。PS:该脚本适于RHEL、CENTOS等系统脚本:#!/bin/bashIPADDR=$(ifconfig eth0|grep inet addr |awk -F : print $13)#环境变量PATH没设好,在cron执时有很多命令会找不到export PATH=/usr/local/sbin:/usr/local/bin:/sbin
2、:/bin:/usr/sbin:/usr/bin:/root/bin source /etc/profile $(id -u) -gt 0 & echo 请root户执此脚本! & exit 1 centosVersion=$(awk print $(NF-1) /etc/redhat-release) VERSION=2020-03-16#志相关PROGPATH=echo $0 | sed -e s,/*$, -f $PROGPATH & PROGPATH=. LOGPATH=$PROGPATH/log -e $LOGPATH | mkdir $LOGPATH RESULTFILE=$LOG
3、PATH/HostDailyCheck-$IPADDR-date +%Y%m%d.txt#定义报表的全局变量report_DateTime = # 期 ok report_Hostname = # 主 机 名 ok report_OSRelease = #发版本ok report_Kernel = # 内 核 ok report_Language = #语/编码 okreport_LastReboot = #最近启动时间ok report_Uptime = #运时间(天)ok report_CPUs= #CPU 数 量 ok report_CPUType = #CPU 类 型 ok repor
4、t_Arch = #CPU 架 构 ok report_MemTotal = #内存总容量(MB) ok report_MemFree = #内存剩余(MB) okreport_MemUsedPercent = #内存使率% ok report_DiskTotal = # 硬 盘 总 容 量 (GB) ok report_DiskFree = # 硬 盘 剩 余 (GB) ok report_DiskUsedPercent = #硬盘使率% ok report_InodeTotal = #Inode 总 量 ok report_InodeFree = #Inode 剩 余 ok report_
5、InodeUsedPercent = #Inode 使率ok report_IP = #IP地址 okreport_MAC = #MAC地址 okreport_Gateway = #默认关ok report_DNS= #DNS ok report_Listen = # 监 听 ok report_Selinux = #Selinux ok report_Firewall = # 防 墙 ok report_USERs= #户 okreport_USEREmptyPassword = #空密码户ok report_USERTheSameUID = #相同ID的户ok report_Passwor
6、dExpiry = #密码过期(天)ok report_RootUser = #root 户 ok report_Sudoers = #sudo 授 权 ok report_SSHAuthorized = #SSH信任主机okreport_SSHAuthorized = #SSH 信 任 主 机 ok report_SSHDProtocolVersion = #SSH 协 议 版 本 ok report_SSHDPermitRootLogin = #允许root远程登录ok report_DefunctProsess = # 僵 进 程 数 量 ok report_SelfInitiatedS
7、ervice = # 启 动 服 务 数 量 ok report_SelfInitiatedProgram = # 启 动 程 序 数 量 ok report_RuningService = # 运 中 服 务 数 ok report_Crontab = #计划任务数okreport_Syslog = #志服务okreport_SNMP= #SNMP OKreport_NTP = #NTP ok report_JDK= #JDK版本 ok function version()echo echo echo 系统巡检脚本:Version $VERSIONfunction getCpuStatus(
8、) echo echo echo # CPU 检 查 #Physical_CPUs=$(grep physical id /proc/cpuinfo | sort | uniq | wc -l) Virt_CPUs=$(grep processor /proc/cpuinfo | wc -l) CPU_Kernels=$(grep cores /proc/cpuinfo |uniq| awk -F : print $2)CPU_Type=$(grep model name /proc/cpuinfo | awk -F : print $2 | sort | uniq) CPU_Arch=$(u
9、name -m)echo 物理CPU个数:$Physical_CPUsecho 逻辑CPU个数:$Virt_CPUs echo 每CPU核数:$CPU_Kernels echo CPU型号:$CPU_Typeecho CPU架构:$CPU_Arch#报表信息report_CPUs=$Virt_CPUs #CPU数量report_CPUType =$CPU_Type #CPU类型report_Arch =$CPU_Arch #CPU架构function getMemStatus () echo echo echo # 内存检查 #if $centosVersion /tmp/inode df -
10、hTP | sed s/Mounted on/Mounted/ /tmp/diskjoin /tmp/disk /tmp/inode | awk print $1,$2,|,$3,$4,$5,$6,|,$8,$9,$10,$11,|,$12| column -t#报表信息diskdata=$(df -TP | sed 1d | awk $2!=tmpfsprint ) #KB disktotal=$(echo $diskdata | awk total+=$3ENDprint total ) #KB diskused=$(echo $diskdata | awk total+=$4ENDpri
11、nt total ) #KBdiskused=$(echo $diskdata | awk total+=$4ENDprint total ) #KBdiskfree=$(disktotal -diskused) #KBdiskusedpercent =$(echo $disktotal $diskused | awk if($1=0)printf 100elseprintf %.2f, $2*100/$1) inodedata =$(df -iTP | sed 1d | awk $2!=tmpfsprint )inodetotal =$(echo $inodedata | awk total
12、+=$3ENDprint total ) inodeused =$(echo $inodedata | awk total+=$4ENDprint total ) inodefree =$(inodetotal -inodeused)inodeusedpercent =$(echo $inodetotal $inodeused | awk if($1=0)printf 100elseprintf %.2f, $2*100/$1) report_DiskTotal =$(disktotal /1024/1024)GB #硬盘总容量(GB)report_DiskFree =$(diskfree /
13、1024/1024)GB #硬盘剩余(GB)report_DiskUsedPercent =$diskusedpercent % #硬盘使率% report_InodeTotal= $(inodetotal /1000)K #Inode 总量report_InodeFree= $(inodefree /1000)K #Inode 剩余report_InodeUsedPercent= $inodeusedpercent % #Inode 使率%function getSystemStatus() echo echo echo # 系统检查 #if -e /etc/sysconfig/i18n ;
14、thendefault_LANG=$(grep LANG= /etc/sysconfig/i18n | grep -v # | awk -F print $2) elsedefault_LANG=$LANG fiexport LANG=en_US.UTF-8Release=$(cat /etc/redhat-release 2 /dev/null) Kernel=$(uname -r)OS=$(uname -o) Hostname=$(uname -n)SELinux=$(/usr/sbin/sestatus | grep SELinux status: | awk print $3) Las
15、tReboot =$(who -b | awk print $3,$4)uptime=$(uptime | sed s/.*up (,*), .*/ 1/) echo 系统:$OSecho 发版本:$Releaseecho 内核:$Kernelecho 主机名:$Hostname echo SELinux:$SELinuxecho 语/编码:$default_LANG echo 当前时间:$(date +%F %T) echo 最 后 启 动 :$LastReboot echo 运时间:$uptime#报表信息report_DateTime =$(date +%F %T) #期report_H
16、ostname =$Hostname #主机名report_OSRelease =$Release #发版本report_Kernel =$Kernel #内核report_Language =$default_LANG #语/编码report_LastReboot =$LastReboot #最近启动时间report_Uptime =$uptime #运时间(天)report_Selinux =$SELinux export LANG=$default_LANG function getServiceStatus() echo echo echo # 服务检查 #echo if $cento
17、sVersion 7 ;thenconf=$(systemctl list-unit-files -type =service -state =enabled -no-pager | grep enabled ) process=$(systemctl list-units -type =service -state =running -no-pager | grep .service)#报表信息report_SelfInitiatedService =$(echo $conf | wc -l) #启动服务数量report_RuningService =$(echo $process | wc
18、 -l) #运中服务数量elseconf=$(/sbin/chkconfig | grep -E :on|:启)process=$(/sbin/service -status-all 2 /dev/null | grep -E is running| 正在运)#报表信息report_SelfInitiatedService =$(echo $conf | wc -l) #启动服务数量report_RuningService =$(echo $process | wc -l) #运中服务数量 fiecho 服务配置 echo echo $conf | column -t echo echo 正在
19、运的服务echo echo $processfunction getAutoStartStatus () echo echo echo # 启动检查 #conf=$(grep -v # /etc/rc.d/rc.local | sed /$/d ) echo $conf#报表信息report_SelfInitiatedProgram =$(echo $conf | wc -l) #启动程序数量function getLoginStatus () echo echo echo # 登录检查 #last | headfunction getNetworkStatus () echo echo ec
20、ho # 络检查 #if $centosVersion /dev/null 2&1status=$?if $status -eq 0 ;then echo $userecho crontab -l -u $userlet Crontab=Crontab+$(crontab -l -u $user | wc -l) echo fi done done#计划任务find /etc/cron* -type f | xargs -i ls -l | column -tlet Crontab=Crontab+$(find /etc/cron* -type f | wc -l)#报表信息report_Cr
21、ontab =$Crontab #计划任务数function getHowLongAgo ()# 计算个时间戳离现在有多久了datetime =$* -z $datetime & echo 错误的参数:getHowLongAgo() $* Timestamp =$(date +%s -d $datetime ) #转化为时间戳Now_Timestamp =$(date +%s)Difference_Timestamp =$($Now_Timestamp -$Timestamp) days=0;hours=0;minutes=0;sec_in_day=$(60*60*24); sec_in_ho
22、ur =$(60*60); sec_in_minute =60while ( $($Difference_Timestamp -$sec_in_day ) 1 ) dolet Difference_Timestamp =Difference_Timestamp-sec_in_day let days+donewhile ( $($Difference_Timestamp -$sec_in_hour ) 1 ) dolet Difference_Timestamp =Difference_Timestamp-sec_in_hour let hours+doneecho $days 天 $hour
23、s 时前function getUserLastLogin ()# 获取户最近次登录的时间,含年份# 很遗憾last命令不持显年份,只有last -t YYYYMMDDHHMMSS表某个时间之间的登录,我# 们只能最笨的法了,对今天之前和今年元旦之前(或者去年之前和前年之前)某个户 # 登录次数,如果登录统计次数有变化,则说明最近次登录是今年。username =$1: $username :=whoami thisYear=$(date +%Y)oldesYear=$(last | tail -n1 | awk print $NF) while( $thisYear = $oldesYear
24、 );dologinBeforeToday =$(last $username | grep $username | wc -l)loginBeforeNewYearsDayOfThisYear =$(last $username -t $thisYear 0101000000 | grep $username | wc -l)if $loginBeforeToday -eq 0 ;then echo 从未登录过breakelif $loginBeforeToday -gt $loginBeforeNewYearsDayOfThisYear ;thenlastDateTime =$(last
25、-i $username | head -n1 | awk for(i=4;i1print $2) for uid in $UIDs;doecho -n $uid; USERTheSameUID=$uidr=$(awk -F: ORS=;$3=$uidprint :,$1 /etc/passwd) echo $recho USERTheSameUID=$USERTheSameUID $r, done#报表信息report_USERs=$USERs #户report_USEREmptyPassword= $(echo $USEREmptyPassword | sed s/,/ ) report_
26、USERTheSameUID= $(echo $USERTheSameUID | sed s/,$/ )report_RootUser= $(echo $RootUser | sed s/,/ ) #特权户report_RootUser= $(echo $RootUser | sed s/,/ ) #特权户function getPasswordStatus echo echo echo # 密码检查 #pwdfile=$(cat /etc/passwd) echo echo 密码过期检查 echo result=for shell in $(grep -v /sbin/nologin /et
27、c/shells) ;dofor user in $(echo $pwdfile | grep $shell | cut -d: -f1) ;doget_expiry_date= $(/usr/bin/chage -l $user | grep Password expires | cut -d: -f2) if $get_expiry_date = never | $get_expiry_date = never ;thenprintf %-15s 永不过期n $userresult=$result,$user:neverelsepassword_expiry_date= $(date -d
28、 $get_expiry_date +%s) current_date= $(date +%s)diff=$($password_expiry_date -$current_date) let DAYS=$($diff /(60*60*24)printf %-15s %s天后过期n $user $DAYSresult=$result,$user:$DAYS daysfi done donereport_PasswordExpiry= $(echo $result | sed s/,/ )echo echo 密码策略检查 echo grep -v # /etc/login.defs | grep
29、 -E PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGEfunction getSudoersStatus() echo echo echo # Sudoers 检 查 #conf=$(grep -v # /etc/sudoers | grep -v Defaults | sed /$/d )echo $conf echo #报表信息report_Sudoers= $(echo $conf | wc -l)function getInstalledStatus() echo echo echo # 软件检查 #rpm -qa -las
30、t | head | column -tfunction getProcessStatus() echo echo echo # 进程检查 #if $(ps -ef | grep defunct | grep -v grep | wc -l) -ge 1 ;thenecho echo 僵进程; echo ps -ef | head -n1ps -ef | grep defunct | grep -v grep fiecho echo 内存占TOP10 echo echo -e PID %MEM RSS COMMAND$(ps aux | awk print $2, $4, $6, $11 | sort -k3rn | head -n 10 )| column -t echo echo CPU占TOP10echo top b -n1 | head -17 | tail -11 #报表信息report_DefunctProsess= $(ps -ef | grep defunct | grep -v grep|wc -l)function getJDKStatus() echo echo echo # JD