#!/bin/sh
. /etc/rc.d/init.d/functions
export LANG=zh_CN.UTF-8
#------------------------------------------全局变量区------------------
#更改挂载目录
kyh="/home/koukou"
k=$kyh
#------------------------------------------全局变量区------------------
#一级菜单
menu1()
{
curPath=$(dirname $(readlink -f "$0"))
clear
msgbox "pam" " ┌----------------------------------------┐";echo
msgbox "pam" " |**** ********【Centos7】********* ****|";echo
msgbox "pam" " |**** ****【xxxx】**** ****|";echo
msgbox "pam" " |**** 【 $curPath 】 ****|";echo
msgbox "pam" " └----------------------------------------┘";echo
cat < $backup_dir/mysql_quanliang_$dd.sql
echo "create $backup_dir/$database_name-$dd.dupm" >> $backup_dir/log-q.txt
echo "Backup Succeed Date:" $(date +"%Y-%m-%d %H:%M:%S")
}
mysqldanku()
{
read -p "请输入备份文件保存路径:" backup_dir
read -p "请输入mysql root用户的密码:" password
read -p "请输入单库备份将要备份的数据库实例名:" database_name
mysqlbin=/home/DB/mysql/bin/mysqldump
#设置备份保存路径
#backup_dir=/data/mysql_backup
#数据库用户名密码
username=root
#password=Kyh18700115585
#单库备份将要备份的数据库
#database_name=atsdb
#备份工具
tool=mysqldump
#日期
dd=`date +%Y-%m-%d-%H-%M-%S`
#如果文件夹不存在则创建
if [ ! -d $backup_dir ];
then
mkdir -p $backup_dir;
fi
chown mysql $backup_dir
chmod 777 $backup_dir
#简单写法 mysqldump -u root -p123456 users > /root/mysqlbackup/users-$filename.sql
$tool -u$username -p$password $database_name > $backup_dir/$database_name-$dd.sql
#写创建备份日志
echo "create $backup_dir/$database_name-$dd.dupm" >> $backup_dir/log-d.txt
echo "Backup Succeed Date:" $(date +"%Y-%m-%d %H:%M:%S")
}
mysqlyingshe()
{
read -p "请输入mysql的bin目录路径:" mysqlbin
msgbox "pam" "============开始映射到/usr/bin=====================";echo
ln -s $mysqlbin/mysqldump /usr/bin
msgbox "pam" "============已映射/usr/bin=====================";echo
}
#------------------------------------------------------------------------------------------------------------
wodishen()
{
y=1.25
yy=46
while [[ yy -gt 0 ]]; do
xx=-120
x=-1.14
while [[ 0 -gt xx ]]; do
cc=$(echo `awk -v a=${x} -v b=${y} 'BEGIN{printf "%.125f\n",a*a+b*b-1}'`)
bb=$(echo `awk -v a=${cc} -v b=${y} -v c=${x} 'BEGIN{printf "%.125f\n",a*a*a-c*c*b*b*b}'`)
ff=$(echo `awk -v a=${bb} 'BEGIN{printf "%.0f\n",a*10000000}'`)
if [[ ff -le 0 ]]; then
printf "\e[1;41m \e[0m"
else
printf " "
fi
x=$(echo `awk -v a=${x} -v b=0.02 'BEGIN{printf "%.125f\n",a+b}'`)
xx=$(echo `awk -v a=${xx} -v b=1 'BEGIN{printf "%.0f\n",a+b}'`)
done
printf "\n"
y=$(echo `awk -v a=${y} -v b=0.05 'BEGIN{printf "%.10f\n",a-b}'`)
yy=$(echo `awk -v a=${yy} -v b=1 'BEGIN{printf "%.0f\n",a-b}'`)
done
}
systeninformation()
{
echo "##########################################################################"
echo "# #"
echo "# health check script #"
echo "# #"
echo "#警告:本脚本只是一个检查的操作,未对服务器做任何修改,管理员可以根据此报告 #"
echo "#进行相应的安全整改 #"
echo "##########################################################################"
echo " "
#read -p "=====================Are You Ready,Please press enter=================="
echo " "
echo "##########################################################################"
echo "# #"
echo "# 主机安全检测 #"
echo "# #"
echo "##########################################################################"
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>系统基本信息<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
hostname=$(uname -n)
system=$(cat /etc/os-release | grep "^NAME" | awk -F\" '{print $2}')
version=$(cat /etc/redhat-release | awk '{print $4$5}')
kernel=$(uname -r)
platform=$(uname -p)
address=$(ip addr | grep inet | grep -v "inet6" | grep -v "127.0.0.1" | awk '{ print $2; }' | tr '\n' '\t' )
cpumodel=$(cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq)
cpu=$(cat /proc/cpuinfo | grep 'processor' | sort | uniq | wc -l)
machinemodel=$(dmidecode | grep "Product Name" | sed 's/^[ \t]*//g' | tr '\n' '\t' )
date=$(date)
echo "主机名: $hostname"
echo "系统名称: $system"
echo "系统版本: $version"
echo "内核版本: $kernel"
echo "系统类型: $platform"
echo "本机IP地址: $address"
echo "CPU型号: $cpumodel"
echo "CPU核数: $cpu"
echo "机器型号: $machinemodel"
echo "系统时间: $date"
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>资源使用情况<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
summemory=$(free -h |grep "Mem:" | awk '{print $2}')
freememory=$(free -h |grep "Mem:" | awk '{print $4}')
usagememory=$(free -h |grep "Mem:" | awk '{print $3}')
uptime=$(uptime | awk '{print $2" "$3" "$4" "$5}' | sed 's/,$//g')
loadavg=$(uptime | awk '{print $9" "$10" "$11" "$12" "$13}')
echo "总内存大小: $summemory"
echo "已使用内存大小: $usagememory"
echo "可使用内存大小: $freememory"
echo "系统运行时间: $uptime"
echo "系统负载: $loadavg"
echo "=============================dividing line================================"
echo "内存状态:"
vmstat 2 5
echo "=============================dividing line================================"
echo "僵尸进程:"
ps -ef | grep zombie | grep -v grep
if [ $? == 1 ];then
echo ">>>无僵尸进程"
else
echo ">>>有僵尸进程------[需调整]"
fi
echo "=============================dividing line================================"
echo "耗CPU最多的进程:"
ps auxf |sort -nr -k 3 |head -5
echo "=============================dividing line================================"
echo "耗内存最多的进程:"
ps auxf |sort -nr -k 4 |head -5
echo "=============================dividing line================================"
echo "环境变量:"
env
echo "=============================dividing line================================"
echo "路由表:"
route -n
echo "=============================dividing line================================"
echo "监听端口:"
netstat -tunlp
echo "=============================dividing line================================"
echo "当前建立的连接:"
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
echo "=============================dividing line================================"
echo "开机启动的服务:"
systemctl list-unit-files | grep enabled
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>系统用户情况<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "活动用户:"
w | tail -n +2
echo "=============================dividing line================================"
echo "系统所有用户:"
cut -d: -f1,2,3,4 /etc/passwd
echo "=============================dividing line================================"
echo "系统所有组:"
cut -d: -f1,2,3 /etc/group
echo "=============================dividing line================================"
echo "当前用户的计划任务:"
crontab -l
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>身份鉴别安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
grep -i "^password.*requisite.*pam_cracklib.so" /etc/pam.d/system-auth > /dev/null
if [ $? == 0 ];then
echo ">>>密码复杂度:已设置"
else
grep -i "pam_pwquality\.so" /etc/pam.d/system-auth > /dev/null
if [ $? == 0 ];then
echo ">>>密码复杂度:已设置"
else
echo ">>>密码复杂度:未设置,请加固密码--------[需调整]"
fi
fi
echo "=============================dividing line================================"
awk -F":" '{if($2!~/^!|^*/){print ">>>("$1")" " 是一个未被锁定的账户,请管理员检查是否是可疑账户--------[需调整]"}}' /etc/shadow
echo "=============================dividing line================================"
more /etc/login.defs | grep -E "PASS_MAX_DAYS" | grep -v "#" |awk -F' ' '{if($2!=90){print ">>>密码过期天数是"$2"天,请管理员改成90天------[需调整]"}}'
echo "=============================dividing line================================"
grep -i "^auth.*required.*pam_tally2.so.*$" /etc/pam.d/sshd > /dev/null
if [ $? == 0 ];then
echo ">>>登入失败处理:已开启"
else
echo ">>>登入失败处理:未开启,请加固登入失败锁定功能----------[需调整]"
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>访问控制安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "系统中存在以下非系统默认用户:"
more /etc/passwd |awk -F ":" '{if($3>500){print ">>>/etc/passwd里面的"$1 "的UID为"$3",该账户非系统默认账户,请管理员确认是否为可疑账户--------[需调整]"}}'
echo "=============================dividing line================================"
echo "系统特权用户:"
awk -F: '$3==0 {print $1}' /etc/passwd
echo "=============================dividing line================================"
echo "系统中空口令账户:"
awk -F: '($2=="!!") {print $1"该账户为空口令账户,请管理员确认是否为新增账户,如果为新建账户,请配置密码-------[需调整]"}' /etc/shadow
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>安全审计<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "正常情况下登录到本机30天内的所有用户的历史记录:"
last | head -n 30
echo "=============================dividing line================================"
echo "查看syslog日志审计服务是否开启:"
if service rsyslog status | egrep " active \(running";then
echo ">>>经分析,syslog服务已开启"
else
echo ">>>经分析,syslog服务未开启,建议通过service rsyslog start开启日志审计功能---------[需调整]"
fi
echo "=============================dividing line================================"
echo "查看syslog日志是否开启外发:"
if more /etc/rsyslog.conf | egrep "@...\.|@..\.|@.\.|\*.\* @...\.|\*\.\* @..\.|\*\.\* @.\.";then
echo ">>>经分析,客户端syslog日志已开启外发--------[需调整]"
else
echo ">>>经分析,客户端syslog日志未开启外发---------[无需调整]"
fi
echo "=============================dividing line================================"
echo "审计的要素和审计日志:"
more /etc/rsyslog.conf | grep -v "^[$|#]" | grep -v "^$"
echo "=============================dividing line================================"
echo "系统中关键文件修改时间:"
ls -ltr /bin/ls /bin/login /etc/passwd /bin/ps /etc/shadow|awk '{print ">>>文件名:"$9" ""最后修改时间:"$6" "$7" "$8}'
echo "
###############################################################################################
# ls文件:是存储ls命令的功能函数,被删除以后,就无法执行ls命令 #
# login文件:login是控制用户登录的文件,一旦被篡改或删除,系统将无法切换用户或登陆用户 #
# /etc/passwd是一个文件,主要是保存用户信息 #
# /bin/ps 进程查看命令功能支持文件,文件损坏或被更改后,无法正常使用ps命令 #
# /etc/shadow是/etc/passwd的影子文件,密码存放在该文件当中,并且只有root用户可读 #
###############################################################################################"
echo "=============================dividing line================================"
echo "检查重要日志文件是否存在:"
log_secure=/var/log/secure
log_messages=/var/log/messages
log_cron=/var/log/cron
log_boot=/var/log/boot.log
log_dmesg=/var/log/dmesg
if [ -e "$log_secure" ]; then
echo ">>>/var/log/secure日志文件存在"
else
echo ">>>/var/log/secure日志文件不存在------[需调整]"
fi
if [ -e "$log_messages" ]; then
echo ">>>/var/log/messages日志文件存在"
else
echo ">>>/var/log/messages日志文件不存在------[需调整]"
fi
if [ -e "$log_cron" ]; then
echo ">>>/var/log/cron日志文件存在"
else
echo ">>>/var/log/cron日志文件不存在--------[需调整]"
fi
if [ -e "$log_boot" ]; then
echo ">>>/var/log/boot.log日志文件存在"
else
echo ">>>/var/log/boot.log日志文件不存在--------[需调整]"
fi
if [ -e "$log_dmesg" ]; then
echo ">>>/var/log/dmesg日志文件存在"
else
echo ">>>/var/log/dmesg日志文件不存在--------[需调整]"
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>剩余信息保护<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "分区情况:"
echo "如果磁盘空间利用率过高,请及时调整---------[需调整]"
df -h
echo "=============================dividing line================================"
echo "可用块设备信息:"
lsblk
echo "=============================dividing line================================"
echo "文件系统信息:"
more /etc/fstab | grep -v "^#" | grep -v "^$"
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>入侵防范安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "系统入侵行为:"
more /var/log/secure |grep refused
if [ $? == 0 ];then
echo "有入侵行为,请分析处理--------[需调整]"
else
echo ">>>无入侵行为"
fi
echo "=============================dividing line================================"
echo "用户错误登入列表:"
lastb | head > /dev/null
if [ $? == 1 ];then
echo ">>>无用户错误登入列表"
else
echo ">>>用户错误登入--------[需调整]"
lastb | head
fi
echo "=============================dividing line================================"
echo "ssh暴力登入信息:"
more /var/log/secure | grep "Failed" > /dev/null
if [ $? == 1 ];then
echo ">>>无ssh暴力登入信息"
else
more /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print ">>>登入失败的IP和尝试次数: "$2"="$1"次---------[需调整]";}'
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>恶意代码防范<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "检查是否安装病毒软件:"
crontab -l | grep clamscan.sh > /dev/null
if [ $? == 0 ];then
echo ">>>已安装ClamAV杀毒软件"
crontab -l | grep freshclam.sh > /dev/null
if [ $? == 0 ];then
echo ">>>已部署定时更新病毒库"
fi
else
echo ">>>未安装ClamAV杀毒软件,请部署杀毒软件加固主机防护--------[无需调整]"
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>资源控制安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "查看是否开启了xinetd服务:"
if ps -elf |grep xinet |grep -v "grep xinet";then
echo ">>>xinetd服务正在运行,请检查是否可以把xinetd服务关闭--------[无需调整]"
else
echo ">>>xinetd服务未开启-------[无需调整]"
fi
echo "=============================dividing line================================"
echo "查看是否开启了ssh服务:"
if service sshd status | grep -E "listening on|active \(running\)"; then
echo ">>>SSH服务已开启"
else
echo ">>>SSH服务未开启--------[需调整]"
fi
echo "=============================dividing line================================"
echo "查看是否开启了Telnet-Server服务:"
if more /etc/xinetd.d/telnetd 2>&1|grep -E "disable=no"; then
echo ">>>Telnet-Server服务已开启"
else
echo ">>>Telnet-Server服务未开启--------[无需调整]"
fi
echo "=============================dividing line================================"
ps axu | grep iptables | grep -v grep || ps axu | grep firewalld | grep -v grep
if [ $? == 0 ];then
echo ">>>防火墙已启用"
iptables -nvL --line-numbers
else
echo ">>>防火墙未启用--------[需调整]"
fi
echo "=============================dividing line================================"
echo "查看系统SSH远程访问设置策略(host.deny拒绝列表):"
if more /etc/hosts.deny | grep -E "sshd"; then
echo ">>>远程访问策略已设置--------[需调整]"
else
echo ">>>远程访问策略未设置--------[无需调整]"
fi
echo "=============================dividing line================================"
echo "查看系统SSH远程访问设置策略(hosts.allow允许列表):"
if more /etc/hosts.allow | grep -E "sshd"; then
echo ">>>远程访问策略已设置--------[需调整]"
else
echo ">>>远程访问策略未设置--------[无需调整]"
fi
echo "=============================dividing line================================"
echo "当hosts.allow和host.deny相冲突时,以hosts.allow设置为准"
echo "=============================dividing line================================"
grep -i "TMOUT" /etc/profile /etc/bashrc
if [ $? == 0 ];then
echo ">>>已设置登入超时限制"
else
echo ">>>未设置登入超时限制,请设置,设置方法:在/etc/profile或者/etc/bashrc里面添加参数TMOUT=600 --------[需调整]"
fi
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>end<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
}
jichu()
{
# 获取系统cpu、内存、磁盘信息脚本
# 查看逻辑CPU的个数
CpuCount=`cat /proc/cpuinfo| grep "processor"| wc -l`
# 总内存大小GB
MemTotal=`awk '($1 == "MemTotal:"){printf "%.2f\n",$2/1024/1024}' /proc/meminfo`
# 磁盘大小GB,排除tmpfs类型
DiskTotal=`df -k | grep -v "tmpfs" | egrep -A 1 "mapper|sd" | awk 'NF>1{print $(NF-4)}' | awk -v used=0 '{used+=$1}END{printf "%.2f\n",used/1048576}'`
DiskUsed=`df -k | grep -v "tmpfs" | egrep -A 1 "mapper|sd" | awk 'NF>1{print $(NF-3)}' | awk -v used=0 '{used+=$1}END{printf "%.2f\n",used/1048576}'`
DiskAvail=`df -k | grep -v "tmpfs" | egrep -A 1 "mapper|sd" | awk 'NF>1{print $(NF-2)}' | awk -v used=0 '{used+=$1}END{printf "%.2f\n",used/1048576}'`
# 主机名
HostName=`hostname`
mkdir -p $k/lingshi/
cat > $k/lingshi/test.txt << EOF
{"CpuCount": "$CpuCount", "MemTotal": "$MemTotal", "DiskTotal": "$DiskTotal", "DiskUsed": "$DiskUsed", "DiskAvail": "$DiskAvail", "HostName": "$HostName"}
EOF
cat $k/lingshi/test.txt
rm -rf $k/lingshi/test.txt
}
xiaobai()
{
ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"
}
pythoninstall()
{
# 更新yum
yum -y update
# 一些必要的安装
yum -y install epel-release openssl-devel bzip2-devel libffi-devel xz-devel wget net-tools
# 创建python安装目录和临时文件夹
mkdir /usr/local/python3.9.10 /tempfolder
# 进入临时文件夹
cd /tempfolder
# 下载指定版本的Python包
wget http://npm.taobao.org/mirrors/python/3.9.10/Python-3.9.10.tgz
# 解压下载的Python包
tar xvf Python-3.9.10.tgz
# 进入解压后的Python文件夹
cd Python-3.9.10
# 配置编辑安装Python
./configure --with-ssl --prefix=/usr/local/python3.9.10 && make && make install
# 创建python和pip的软连接到/usr/bin/目录下
ln -s /usr/local/python3.9.10/bin/python3.9 /usr/bin/python3
ln -s /usr/local/python3.9.10/bin/pip3.9 /usr/bin/pip3
# 验证版本号是否正确
python3 -V
pip3 -V
配置pip下载镜像源:
# 创建文件夹
mkdir /root/.pip
# 创建编辑配置文件
cd /root/.pip/pip.conf
# 在pip.conf中写入以下3行内容:
aommand1='[global]'
sed -i "1 a $aommand1" pip.conf
aommand2='trusted-host = mirrors.aliyun.com'
sed -i "2 a $aommand2" pip.conf
aommand3='index-url = https://mirrors.aliyun.com/pypi/simple'
sed -i "3 a $aommand3" pip.conf
# 更新pip
pip3 install --upgrade pip
# 删除临时文件夹
rm -rf tempfolder
# 删除默认的
rm -rf /usr/bin/python
# 设置新的软连接
ln -s /usr/bin/python3 /usr/bin/python
}
#------------------------------------------------firewall相关------------------------------------------------------------------------
duankoufangxin()
{
read -p "请输入要放行的端口:" ip_s
echo "正在放行..."
firewall-cmd --zone=public --add-port=$ip_s/tcp --permanent
firewall-cmd --reload
echo "提示:端口: $ip_s 已放行"
msgbox "pam" "========================提示:端口: $ip_s 已放行========================";echo
firewall-cmd --zone=public --list-port
}
duankoujiance()
{
read -p "请输入要移除放行的端口:" ip_s
echo "正在移除放行..."
firewall-cmd --zone=public --remove-port=$ip_s/tcp --permanent
firewall-cmd --reload
echo "提示:端口: $ip_s 已放行"
msgbox "pam" "========================提示:端口: $ip_s 已移除放行========================";echo
firewall-cmd --zone=public --list-port
}
duankouchaxun()
{
msgbox "pam" "========================当前防火墙已开放列表为:========================";echo
firewall-cmd --zone=public --list-port
}
firewalldzhuangtai()
{
sudo systemctl status firewalld
msgbox "pam" "========================active (running)即为正常运行========================";echo
}
firewalldqidong()
{
sudo systemctl start firewalld
msgbox "pam" "========================firewalld已开启========================";echo
}
firewalldguanbi()
{
sudo systemctl stop firewalld
msgbox "pam" "========================firewalld已关闭========================";echo
}
gaojiefangxing()
{
read -p "请输入指定端口:" ip_saa
read -p "请输入指定ip:" ip_sab
echo "正在放行规则..."
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$ip_sab" port protocol="tcp" port="$ip_saa" accept"
firewall-cmd --reload
echo "提示:端口: $ip_sab 已放行"
}
gaojieyichu()
{
read -p "请输入指定端口:" ip_sac
read -p "请输入指定ip:" ip_sad
echo "正在移除规则..."
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="$ip_sad" port protocol="tcp" port="$ip_sac" accept"
firewall-cmd --reload
echo "提示:规则: $ip_sad 已移除"
}
gaojiechakan()
{
msgbox "pam" "========================已有规则如下========================";echo
firewall-cmd --zone=public --list-rich-rules
}
#------------------------------------------------firewall相关------------------------------------------------------------------------
#1.修改字符集
localeset()
{
echo "========================修改字符集========================="
cat > /etc/locale.conf </etc/security/limits.conf
ulimit -SHn 65535
echo "#cat /etc/security/limits.conf"
cat /etc/security/limits.conf
echo "#ulimit -Sn ; ulimit -Hn"
ulimit -Sn ; ulimit -Hn
action "完成修改文件描述符" /bin/true
echo "==========================================================="
sleep 2
}
#6.安装常用工具及修改yum源
yumset()
{
echo "=================安装常用工具及修改yum源==================="
yum install wget -y &> /dev/null
if [ $? -eq 0 ];then
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo.$(date +%F)
ping -c 1 mirrors.aliyun.com &> /dev/null
if [ $? -eq 0 ];then
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
yum clean all &> /dev/null
yum makecache &> /dev/null
else
echo "无法连接网络"
exit $?
fi
else
echo "wget安装失败"
exit $?
fi
yum -y install lsof lrzsz vim lrzsz tree nmap nc sysstat &> /dev/null
action "完成安装常用工具及修改yum源" /bin/true
echo "==========================================================="
sleep 2
}
#7. 优化系统内核
kernelset()
{
echo "======================优化系统内核========================="
chk_nf=`cat /etc/sysctl.conf | grep conntrack |wc -l`
if [ $chk_nf -eq 0 ];then
cat >>/etc/sysctl.conf< /dev/null
if [ $? -eq 0 ];then
/usr/sbin/ntpdate time.windows.com
echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" >> /var/spool/cron/root
else
echo "ntpdate安装失败"
exit $?
fi
action "完成设置时间同步" /bin/true
echo "==========================================================="
sleep 2
}
#11. history优化
historyset()
{
echo "========================history优化========================"
chk_his=`cat /etc/profile | grep HISTTIMEFORMAT |wc -l`
if [ $chk_his -eq 0 ];then
cat >> /etc/profile <<'EOF'
#设置history格式
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: "
#记录shell执行的每一条命令
export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
fi;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'
EOF
source /etc/profile
else
echo "优化项已存在。"
fi
action "完成history优化" /bin/true
echo "==========================================================="
sleep 2
}
##jdk安装
installjdk()
{
ipath="/usr/local"
installpath=$(cd `dirname $0`; pwd)
jdkpath=""
msgbox "pam" "========================jdk安装========================";echo
msgbox "pam" "========================判断是否已经部署jdk========================";echo
j=`whereis java`
java=$(echo ${j} | grep "jdk")
if [[ "$java" != "" ]]
then
msgbox "alert" "jdk已经安装了!!!";echo
else
msgbox "pam" "未检测jdk安装,继续进行安装";echo
msgbox "pam" "解压jdk中";echo
tar -zxvf $k/jdk-*-linux-x64.tar.gz >/dev/null 2>&1
cd jdk* && jdkname=`pwd | awk -F '/' '{print $NF}'`
msgbox "alert" "获取jdk版本: ${jdkname}";echo
msgbox "alert" "。。******。。";echo
cd ${installpath}
msgbox "alert" "获取当前目录:${installpath}";echo
if [ -d "${ipath}/${jdkname}" ];then
msgbox "alert" "检测到${ipath}${jdkname}目录已存在!!!!";echo
msgbox "alert" "停止并退出jdk安装";echo
jdkpath=${ipath}/${jdkname}
#测试
#jdkpath=${ipath}/${jdkname}
#echo ${jdkpath}
break
else
msgbox "pam" "未检测到${ipath}${jdkname}目录";echo
msgbox "pam" "开始进行转移${jdkname}文件到${ipath}安装目录";echo
mv ${jdkname} ${ipath}
msgbox "pam" "jdk安装完毕!!!!";echo
msgbox "pam" "jdk安装目录:【 ${ipath}/${jdkname} 】";echo
jdkpath=${ipath}/${jdkname}
#测试
#传递jdk安装路径参数
#jdkpath=${ipath}/${jdkname}
#echo ${jdkpath}
action "完成jdk程序安装" /bin/true
fi
msgbox "pam" "开始进行java环境变量安装检测!!!";echo
chk_nf=`cat /etc/profile | grep JAVA_HOME |wc -l`
if [ $chk_nf -eq 0 ];then
msgbox "pam" "JAVA_HOME路径【${jdkpath}】注入中......";echo
sleep 1
echo "#设置JAVA_HOME变量" >> /etc/profile
echo "export JAVA_HOME=${jdkpath}" >> /etc/profile
echo 'export JRE_HOME=${JAVA_HOME}/jre'>> /etc/profile
echo 'export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib' >> /etc/profile
echo 'export PATH=${JAVA_HOME}/bin:$PATH' >> /etc/profile
msgbox "pam" "JAVA_HOME路径【${jdkpath}】注入完毕......";echo
else
msgbox "alert" "jdk环境变量已存在,停止设置!!";echo
fi
fi
action "完成java环境变量配置" /bin/true
action "完成JAVA安装" /bin/true
msgbox "pam" "============手工运行【 source /etc/profile】生效环境变量=====================";echo
sleep 2
}
ftpinstall()
{
#ftp用户名
zz="ftp"
z=$zz
useradd $z
passwd $z
mkdir $k
mkdir $k/ftp
chown $z $k/ftp
chmod 777 -R $k/ftp
setenforce 0
yum install vsftpd -y
yum install ftp -y
cd /etc/vsftpd
cp vsftpd.conf vsftpd.conf.bak
cd /etc/vsftpd
sed -i "s/anonymous_enable=YES/anonymous_enable=NO/g" /etc/vsftpd/vsftpd.conf
sed -i "s/#chroot_local_user=YES/chroot_local_user=YES/g" /etc/vsftpd/vsftpd.conf
echo "local_root=$k/ftp" >> /etc/vsftpd/vsftpd.conf
echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "pasv_min_port=30000" >> /etc/vsftpd/vsftpd.conf
echo "pasv_max_port=30100" >> /etc/vsftpd/vsftpd.conf
echo "reverse_lookup_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
str1='auth required pam_shells.so'
str2="#auth required pam_shells.so"
command=s@$str1@$str2@
sed -i "$command" /etc/pam.d/vsftpd
str12='auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed'
str22="#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed"
command=s@$str12@$str22@
sed -i "$command" /etc/pam.d/vsftpd
firewall-cmd --zone=public --add-port=30000-30100/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --reload
systemctl start vsftpd
systemctl status vsftpd.service
}
function bash_os() {
# "系统基础信息"
#内核信息
kernel=$(uname -r)
#操作系统版本
release=$(cat /etc/redhat-release)
#主机名称
hostname=$HOSTNAME
#当前时间及运行时间
dateload=$(uptime | awk -F "," '{print $1}')
# 当前登录用户数
users=$(uptime | awk -F "," '{print $2}')
echo -e "\n\033[32m############## 系统基础信息 #######\033[0m\n"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|内核信息:\033[31m $kernel \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|操作系统版本:\033[31m $release \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|当前时间及运行时间:\033[31m $dateload \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|当前登录用户数:\033[31m $users \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
}
#####展示函数====================================
function msgbox()
{
case $1 in
text ) color="\e[34;1m"
;;
alert ) color="\e[31;1m"
;;
result ) color="\e[33;1m"
;;
jump ) color="\e[35;1m"
;;
pam ) color="\e[32;1m"
;;
normal ) color="\e[37;1m"
esac
echo -e "${color}${2}\e[0m\c"
}
function memory() {
# 内存相关数据统计`free -m`
#总内存容量
mem_total=$(free -m | awk '/Mem/{printf "%.2fG", $2/1024}')
# 用户程序占用内存量
mem_user=$(free -m | awk '/Mem/{printf "%.2fG", $3/1024}')
# 多进程共享占用内存量
mem_shared=$(free -m | awk '/Mem/{printf "%.2fG", $5/1024}')
#缓存占用内存量
mem_buff_cache=$(free -m | awk '/Mem/{printf "%.fMB", $(NF-1)}')
#空闲内存容量
mem_free=$(free -m | awk '/Mem/{printf "%.2fG", $4/1024 }')
# 剩余可用内存容量
mem_available=$(free -m | awk 'NR==2{printf "%.2fG",$NF/1024}')
# 可用内存使用占比
mem_percentage=$(free -m | awk '/Mem/{printf "%.2f", $NF/$2*100}')
#总的交换分区容量
swap_total=$(free -m | awk '/Swap/{printf "%.2fG", $2/1024}')
#用户使用的交换分区容量
swap_user=$(free -m | awk '/Swap/{printf "%.2fG",$3/1024}')
#剩余交换分区容量
swap_free=$(free -m | awk '/Swap/{printf "%.2fG",$4/1024}')
#可用交换分区占比
swap_percentage=$(free -m | awk '/Swap/{printf "%.2f",$4/$2*100}')
#占用内存资源最多的10个进程列表
top_proc_mem=$(ps --no-headers -eo rss,args | sort -k1 -n -r | head -10)
echo -e "\n\033[32m################## 内存 ############\033[0m\n"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|总内存容量:\033[31m $mem_total \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|用户程序内存量:\033[31m $mem_user \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|多进程共享内存量:\033[31m $mem_shared \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|缓存占用内存量:\033[31m $mem_buff_cache \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|空闲内存容量:\033[31m $mem_free \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|剩余可用内存容量:\033[31m $mem_available \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|可用内存百分比:\033[31m $mem_percentage% \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "\033[32m############## 交换分区 #############\033[0m\n"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "总的交换分区容量:\033[31m $swap_total \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|用户使用的交换分区容量:\033[31m $swap_user \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|剩余交换分区容量:\033[31m ${swap_free}"
echo -e "\033[32m------------------------------------\033[0m"
if [ $(free -m | awk '/Swap/{print $2}') -ne 0 ]; then
echo -e "|可用交换分区占比:\033[31m $swap_percentage% \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
fi
echo -e "|占用内存资源最多的10个进程列表:"
echo -e "\033[31m$top_proc_mem% \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
}
function cpukk() {
#CPU型号
cpu_info=$(LANG=C lscpu | awk -F: '/Model name/ {print $2}')
#CPU内核数量
cpu_core=$(awk '/processor/{core++} END{print core}' /proc/cpuinfo)
#CPU最近1/5/15分钟的平均负载
load1515=$(uptime | sed 's/,/ /g' | awk '{for(i=NF-2;i<=NF;i++)print $i }' | xargs)
#发生中断数量
irq=$(vmstat 1 1 | awk 'NR==3{print $11}')
#上下文切换数量
cs=$(vmstat 1 1 | awk 'NR==3{print $12}')
#占用CPU资源最多的10个进程列表
top_proc_cpu=$(ps --no-headers -eo %cpu,args | sort -k1 -n -r | head -10)
echo -e "\n\033[32m################## CPU 相关 ############\033[0m\n"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|CPU型号:\033[31m$cpu_info \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|CPU内核数量:\033[31m$cpu_core \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|CPU最近1/5/15分钟的平均负载:\033[31m$load1515 \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|CPU中断数量:\033[31m$irq \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|上下文切换数量:\033[31m$cs \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|占用CPU资源最多的10个进程列表:"
echo -e "\033[31m$top_proc_cpu \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
}
function disk_io() {
#分区挂载信息
disk=$(df -h)
# 磁盘总数
disk_total=$(vmstat -D | awk 'NR==1{print $1}')
# 分区总数
disk_sub=$(vmstat -D | awk 'NR==2{print $1}')
#磁盘分区信息
lsblk_=$(lsblk -n)
#写入磁盘的总块数
bo=$(vmstat 1 1 | awk 'NR==3{print $10}')
#从磁盘读出的块数
bi=$(vmstat 1 1 | awk 'NR==3{print $9}')
#每秒写磁盘块的速率
wa=$(vmstat 1 1 | awk 'NR==3{print $16}')
echo -e "\n\033[32m################## 磁盘IO 相关 ############\033[0m\n"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|磁盘总数:\033[31m$disk_total \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|分区总数:\033[31m$disk_sub \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|磁盘分区信息:"
echo -e "\033[31m$lsblk_ \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|写入磁盘的总块数:\033[31m$bo \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|从磁盘读出的块数:\033[31m$bi \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|每秒写磁盘块的速率:\033[31m$wa \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|分区挂载信息:"
echo -e "\033[31m$disk \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
}
function procs() {
#进程数量
procs=$(ps aux | wc -l)
#用户的最大进程数
ulimit_=$(ulimit -u)
#内核设置的最大进程数
pid_max=$(sysctl kernel.pid_max | awk '{print $3}')
echo -e "\n\033[32m################## 进程 相关 ############\033[0m\n"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|进程数量:\033[31m$procs \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|用户的最大进程数:\033[31m$ulimit_ \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|内核设置的最大进程数:\033[31m$pid_max \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
}
function network() {
#获取网卡流量信息,接收|发送的数据流量,单位为字节(bytes)
net_monitor=$(cat /proc/net/dev | tail -n +3 | awk 'BEGIN{ print "网卡名称 入站数据流量(bytes) 出站数据流量(bytes)"} {print $1,$2,$10}' | column -t)
#获取暴露端口信息
ip_port=$(ss -ntulpa)
#本地IP地址列表
localip=$(ip a s | awk '/inet /{print $2}' )
echo -e "\n\033[32m################## 网络 相关 ############\033[0m\n"
echo -e "|本地IP地址列表:"
echo -e "\033[31m$localip \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|获取网卡流量信息:"
echo -e "\033[31m$net_monitor \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
echo -e "|获取暴露端口信息:"
echo -e "\033[31m$ip_port \033[0m"
echo -e "\033[32m------------------------------------\033[0m"
}
#---------------------------------------------------------------------------------------------------
beifen()
{
dd=`date +%Y-%m-%d-%H-%M-%S`
#备份文件
read -p "请输入需要备份的文件夹路径:" kk
#备份目标路径
read -p "请输入备份输出的文件夹路径:" zz
source_folder=${kk}/
backup_folder=${zz}/backupdate
source_folder_name=`echo $kk |awk -F "/" '{print $3}'`-$dd.tar.gz
echo "source_folder:$source_folder"
echo "backup_folder: $backup_folder"
echo "source_folder_name: $source_folder_name"
#新建立文件夹
mkdir -p ${zz}
mkdir -p ${zz}/backupdate
#压缩命令
tar -zcvPf $backup_folder/$source_folder_name $source_folder
cd $backup_folder
tar -zxvf $source_folder_name
echo "$source_folder_name文件备份成功"
msgbox "pam" "============备份结束 路径为:${zz}/backupdate=====================";echo
}
rizhiqingli()
{
#//保留多少天之前
read -p "请输入日志保留天数:" mtime
read -p "请输入需要清理日志的文件夹路径:" kkrizhi
if [ -n "$1" ];then
mtime=$1
fi
echo "开始干 $mtime days 之前的日志 starting........."
#/
find ${kkrizhi}/ -mtime +$mtime -name "*.log" -print
find ${kkrizhi}/ -mtime +$mtime -name "*.log" -exec rm -rf {} \;
#
echo "已干完"
}
xlsqingli()
{
#//保留多少天之前
read -p "请输入xls保留天数:" mtime
read -p "请输入需要清理xls的文件夹路径:" kkrizhi
if [ -n "$1" ];then
mtime=$1
fi
echo "开始干 $mtime days 之前的日志 starting........."
#/
find ${kkrizhi}/ -mtime +$mtime -name "*.xls" -print
find ${kkrizhi}/ -mtime +$mtime -name "*.xls" -exec rm -rf {} \;
#
echo "已干完"
}
zipqingli()
{
#//保留多少天之前
read -p "请输入zip保留天数:" mtime
read -p "请输入需要清理zip的文件夹路径:" kkrizhi
if [ -n "$1" ];then
mtime=$1
fi
echo "开始干 $mtime days 之前的日志 starting........."
#/
find ${kkrizhi}/ -mtime +$mtime -name "*.zip" -print
find ${kkrizhi}/ -mtime +$mtime -name "*.zip" -exec rm -rf {} \;
#
echo "已干完"
}
#---------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------
#控制函数========================================
main()
{
menu1
case $num1 in
1)
#localeset
selinuxset
#firewalldset
chkset
limitset
yumset
kernelset
sshset
restartset
ntpdateset
historyset
;;
#--------------------------------------------------------------------------------------------------
2)
menu2
case $num2 in
1)
localeset
;;
2)
selinuxset
;;
3)
firewalldset
;;
4)
chkset
;;
5)
limitset
;;
6)
yumset
;;
7)
kernelset
;;
8)
sshset
;;
9)
restartset
;;
10)
ntpdateset
;;
11)
historyset
;;
12)
main
;;
13)
exit
;;
*)
echo '只能选 [1-13],不玩了退了.'
;;
esac
;;
#--------------------------------------------------------------------------------------------------
3)menu3
case $num3 in
1)
ftpinstall
;;
2)
pythoninstall
;;
3)
installjdk
;;
*)
echo '只能选 [1-3],不玩了退了.'
;;
esac
;;
#--------------------------------------------------------------------------------------------------
4)
wodishen
;;
#--------------------------------------------------------------------------------------------------
5)menu5
case $num5 in
1)
systeninformation
;;
2)
bash_os
;;
3)
memory
;;
4)
cpukk
;;
5)
disk_io
;;
6)
procs
;;
7)
network
;;
*)
echo '只能选 [1-7],不玩了退了.'
;;
esac
;;
#--------------------------------------------------------------------------------------------------
6)menu6
case $num6 in
1)
duankoufangxin
;;
2)
duankoujiance
;;
3)
duankouchaxun
;;
4)
firewalldzhuangtai
;;
5)
firewalldqidong
;;
6)
firewalldguanbi
;;
7)
gaojiefangxing
;;
8)
gaojieyichu
;;
9)
gaojiechakan
;;
*)
echo '只能选 [1-6],不玩了退了.'
;;
esac
;;
#--------------------------------------------------------------------------------------------------
7)menu7
case $num7 in
0)
mysqlyingshe
;;
1)
mysqlyingshe
;;
2)
mysqldanku
;;
3)
mysqlquanliang
;;
*)
echo '只能选 [1-3],不玩了退了.'
;;
esac
;;
#--------------------------------------------------------------------------------------------------
8)menu8
case $num8 in
1)
rizhiqingli
;;
2)
beifen
;;
3)
xlsqingli
;;
4)
zipqingli
;;
*)
echo '只能选 [1-3],不玩了退了.'
;;
esac
;;
#--------------------------------------------------------------------------------------------------
*)
msgbox "alert" "####别乱按,想搞事情???只能选【1-6】选项!!!!!";echo
sleep 3
main
;;
esac
}
#--------------------------------------------------------------------------------------------------
main $*
