Linux系统巡检、等保安全检查脚本

以下shell脚本适合linux分支中的redhat、centos使用,运行脚本将结果输出到自定义的文件中,可将巡检脚本以root用户登录放在/usr/local/sbin的目录下执行。

脚本只是一个检查的操作,不会对服务器做任何修改,可放心使用。

一、系统巡检

此检查脚本包含以下几块内容:

  • 系统信息巡检
  • 系统硬件巡检
  • 系统网络巡检
  • 系统资源巡检
  • 系统安全巡检
########################################################################################################
# @Scpript      该脚本用于系统日常巡检,仅供学习研究                                   #######################
########################################################################################################

function RED(){
  echo -e "\033[31m$@\033[0m"
}

function GRE(){
  echo -e "\033[36m$@\033[0m"
}

function OS_INFO(){
  # 系统名
  local OS_NAME=`uname -n`
  # 系统版本
  local OS_VERSION=`cat /etc/.kyinfo | grep dist_id | grep -oE "Kylin.*" 2>/dev/null || echo 获取信息失败`
  # 系统类型
  local OS_TYPE=`uname`
  # 主机序列号
  local OS_NUM=`dmidecode -t system | grep 'Serial Number' | awk '{print $3}'`
  # 系统内核版本
  local OS_KERNEL=`uname -r`
  # 系统机器码
  local OS_CODE=""
  # 系统语言环境
  local OS_LANG=`echo $LANG`
  # 系统时间
  local OS_DATE=`date +"%Y-%m-%d %H:%M:%S"`
  # 系统运行时间
  local OS_UPTIME=`uptime | awk -F',' '{sub(/.*up /,"",$1);print $1'} || echo 获取信息失败`
  # 系统上次重启时间
  local OS_LAST_REBOOT=`last reboot | head -1 | awk '{print $5,$6,$7,$8,$10}'`
  # 系统上次关机时间
  local OS_LAST_SHUTDOWN=`last -x | grep shutdown | head -1 | awk '{print $5,$6,$7,$8,$10}'`

  RED "################################# [ 系统信息巡检区 ] ######################################"
  GRE "主机名:$OS_NAME"
  GRE "主机类型:$OS_TYPE"
  GRE "主机序列号:${OS_NUM:-获取信息失败}"
  GRE "系统版本:$OS_VERSION"
  GRE "系统内核版本:$OS_KERNEL"
  GRE "系统机器码:${OS_CODE:-获取信息失败}"
  GRE "系统语言环境:${OS_LANG}"
  GRE "系统时间;$OS_DATE"
  GRE "系统已运行时间:$OS_UPTIME"
  GRE "系统上次重启时间:${OS_LAST_REBOOT:-获取信息失败}"
  GRE "系统上次关机时间:${OS_LAST_SHUTDOWN:-获取信息失败}"
}

function OS_HDWARE(){
  # CPU架构
  local CPU_ARCH=`uname -m`
  # CPU型号
  local CPU_TYPE=`cat /proc/cpuinfo | grep "model name" | uniq | awk -F':' '{sub(/ /,"",$2);print $2}'`
  # CPU个数
  local CPU_NUM=`cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l`
  # CPU 核数
  local CPU_CORE=`cat /proc/cpuinfo | grep cores | uniq | awk -F':' '{sub(/ /,"",$2);print $2}'`
  # CPU 频率
  local CPU_HZ=`cat /proc/cpuinfo | grep "cpu MHz" | uniq | awk -F':' '{sub(/ /,"",$2);printf "%s MHz\n",$2}'`

  # 内存容量
  local ME_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemTotal:' | awk '{print $2}'`/1048576"|bc)
  # 空闲内存
  local ME_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemFree:' | awk '{print $2}'`/1048576"|bc)
  # 可用内存
  local ME_FREEE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemAvailable:' | awk '{print $2}'`/1048576" | bc)
  # 内存使用率
  local ME_USE=$(awk 'BEGIN{printf "%.1f%\n",('$ME_SIZE'-'$ME_FREEE')/'$ME_SIZE'*100}')
  # SWAP大小
  local ME_SWAP_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapTotal:' | awk '{print $2}'`/1048576"|bc)
  # SWAP可用
  local ME_SWAP_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapFree:' | awk '{print $2}'`/1048576"|bc)
  # SWAP使用率
  local ME_SWAP_USE=$(awk 'BEGIN{printf "%.1f%\n",('$ME_SWAP_SIZE'-'$ME_SWAP_FREE')/'$ME_SWAP_SIZE'*100}')
  # Buffer大小
  local ME_BUF=$(cat /proc/meminfo | grep 'Buffers:' | awk '{printf "%s KB",$2}')
  # 内存Cache大小
  local ME_CACHE=$(cat /proc/meminfo | grep '^Cached:' | awk '{printf "%s KB",$2}')

  # 当前系统所有网卡
  local NET_DEVICE=(`cat /proc/net/dev | awk 'NR>2 && $1 !~/lo/ {sub(/:/,"");print $1}'`)

  RED "################################# [ 系统硬件巡检区 ] ######################################"
  GRE "CPU型号:$CPU_TYPE"
  GRE "CPU架构:$CPU_ARCH"
  GRE "CPU个数:$CPU_NUM"
  GRE "CPU核数: $CPU_CORE"
  GRE "CPU频率:$CPU_HZ"
  GRE "内存容量:${ME_SIZE} GB"
  GRE "内存空闲:${ME_FREE} GB"
  GRE "内存可用:${ME_FREEE} GB"
  GRE "内存使用率:${ME_USE}"
  GRE "SWAP容量:$ME_SWAP_SIZE GB"
  GRE "SWAP可用容量:$ME_SWAP_FREE GB"
  GRE "SWAP使用率:$ME_SWAP_USE"
  GRE "内存Buffer大小:${ME_BUF}"
  GRE "内存Cache大小:${ME_CACHE}"

  for i in ${NET_DEVICE[@]}
  do
    GRE "网卡:$i  状态: $(ip link show ens33 | awk 'NR==1{print $9}') RX: $(ethtool -g ens33 | grep "RX:" | tail -1 | awk '{print $2}') TX: $(ethtool -g ens33 | grep "TX:" | tail -1 | awk '{print $2}')"
  done
}

function OS_NETWORK(){
  # 系统IP
  local IP=$(hostname -I)
  # 网关地址
  local GATEWAY=$(ip route | grep default &>/dev/null && ip route | grep default | awk '{print $3}' || echo '未设置默认网关')
  # DNS地址
  local DNS=(`cat /etc/resolv.conf | grep nameserver | uniq | awk '{print $2}'`)

  RED "################################# [ 系统网络巡检区 ] ######################################"
  GRE "IP地址:$IP"
  GRE "网关地址:$GATEWAY"
  GRE "DNS地址:${DNS[@]}"
  GRE "网关[$GATEWAY]连接情况: $(ping -t 1 -i 1 -c 5 -W 1 192.168.0.2 &>/dev/null && echo '正常通信' || echo '无法通信')"
}

function OS_RESOURCE(){
  # 系统磁盘列表
  local DISK_LIST=(`lsblk | egrep "^[a-z].*" | grep -v "^sr" | awk '{print $1}'`)
  # 系统磁盘使用率情况
  local DISK_PER=(`df -h | awk 'NR>1 && $1 !~/sr/ {gsub(/%/,"",$5);print $5}'`)

  # CPU空闲率
  local CPU_FREE=$(top -d 1 -n 1 -b | awk 'NR==3{print $8}')
  # CPU使用率
  local CPU_USE=$(awk 'BEGIN{printf "%.1f%\n",100-'$CPU_FREE'}')
  # CPU_TOP_TEN
  local CPU_TOP_TEN=$(top -d 1 -n 1 -b | column -t | awk 'NR>=7 && NR<=15')

  # 当前进程数
  local CPU_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $2}')
  # 当前正在运行进程数
  local CPU_RUN_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $4}')
  # 当前正在休眠进程数
  local CPU_SL_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $6}')
  # 当前停止运行进程数
  local CPU_STOP_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print 8}')
  # 当前僵尸进程数
  local CPU_ZOM_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $10}')
  

  RED "################################# [ 系统资源巡检区 ] ######################################"
  GRE "CPU使用率:$CPU_USE"
  GRE "CPU使用率前十进程信息:"
  GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pcpu | head -n 10)"
  GRE "\n内存使用率前十进程信息:"
  GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pmem | head -n 10)"
  GRE "\n磁盘IO信息:$(iotop -bon 1 &>/dev/null || echo 'io top 未安装信息获取失败')"
  GRE "$(iotop -bon 1 &>/dev/null && iotop -bon 1 | head -n 13)"
  GRE "\n磁盘分区使用率是否正常:正常"
  for i in ${DISK_LIST[@]}
  do
    if [[ -z "$(lsblk --nodeps -no serial /dev/$i)" ]]; then
      GRE "磁盘:$i  磁盘序列号:获取信息失败"  
    else
      GRE "磁盘:$i  磁盘序列号:$(lsblk --nodeps -no serial /dev/$i)"
    fi
  done
  for i in ${DISK_PER[@]}
  do
    if [ $i -gt 80 ]; then
      RED "某分区磁盘使用率为:$i% > 80% 请及时扩容"
    fi
  done
  GRE "\n系统磁盘分区inode使用情况:"
  GRE "$(df -Thi)"
  GRE "\n系统当前进程数:$CPU_PROCESSORS"  
  GRE "系统当前进程运行数:$CPU_RUN_PROCESSORS"
  GRE "系统当前休眠进程数:$CPU_SL_PROCESSORS"
  GRE "系统当前停止进程数:$CPU_STOP_PROCESSORS"
  GRE "系统当前僵尸进程数:$CPU_ZOM_PROCESSORS"

  GRE "\n系统当前允许最大fd数量:$(cat /proc/sys/fs/file-nr | awk '{print $3}')"
  GRE "系统当前已打开fd数量:$(cat /proc/sys/fs/file-nr | awk '{print $1}')"
  GRE "系统单个进程运行打开fd数量:$(ulimit -n)"

  GRE "\n系统当前socket连接数:$(netstat -anp &>/dev/null && netstat -anp | wc -l || echo 'net-tools 未安装,获取信息失败')"
  GRE "系统 established socket数量: $(netstat -anp &>/dev/null && netstat -anp | grep "ESTABLISHED" | wc -l || echo 'net-tools 未安装,获取信息失败')"
  GRE "系统 sync socket数量:$(netstat -anp &>/dev/null && netstat -anp | grep "SYN" | wc -l || echo 'net-tools 未安装,获取信息失败')"
  GRE "系统当前已建立socket如下:"
  GRE "$(netstat -anp &>/dev/null && netstat -anp | grep ESTABLISHED | awk '{printf "  本地:%-20s <=>    外部:%-22s\n",$4,$5}' || echo '')"
}

function OS_SECURITY(){
  # 系统所有能登录的用户
  local OS_USER=(`cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}'`)
  # Selinux
  local OS_SELINUX=`getenforce`
  # 防火墙状态
  local OS_FIREWALLD=`service firewalld status &>/dev/null | grep "running" && echo on || echo off`

  RED "################################# [ 系统安全巡检区 ] ######################################"
  GRE "防火墙状态: $OS_FIREWALLD"
  GRE "Selinux状态:${OS_SELINUX}\n"
  GRE "系统可登录用户数:$(cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}' | wc -l)"
  GRE "系统可登录用户:${OS_USER[@]}"
  for i in ${OS_USER[@]}
  do
    GRE "用户 $i 最后1次登录信息: $(lastlog -u $i | awk 'NR==2')"
  done
  GRE "系统当前登录用户:"
  GRE "$(who | sed 's#[()]##g' | awk '{printf "   用户: %10s 终端: %7s 登录时间: %7s %7s 登录IP: %7s\n",$1,$2,$3,$4,$5}')"
}

function OS_SERVICE(){
  RED "################################# [ 系统服务巡检区 ] ######################################"
  GRE "自行添加"
}

if [ $(id -u -n) != "root" ]; then
  ERROR "请以ROOT用户运行这个脚本"
fi

OS_INFO
OS_HDWARE
OS_NETWORK
OS_RESOURCE
OS_SECURITY

  

二、等保安全检查

此检查脚本包含以下几块内容

  • 系统基本信息
  • 资源使用情况
  • 系统用户情况
  • 身份鉴别安全
  • 访问控制安全
  • 安全审计
  • 剩余信息保护
  • 入侵防范安全
  • 恶意代码防范
  • 资源控制安全
echo "##########################################################################"
echo "#                                                                        #"
echo "#                         health check script                            #"
echo "#                                                                        #"
echo "#警告:本脚本只是一个检查的操作,未对服务器做任何修改,管理员可以根据此报告 #"
echo "#进行相应的安全整改                                                      #"
echo "##########################################################################"
echo " "
#read -p "=====================Are You Ready,Please press enter=================="
echo " "
echo "##########################################################################"
echo "#                                                                        #"
echo "#                               主机安全检测                             #"
echo "#                                                                        #"
echo "##########################################################################"
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>系统基本信息<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
hostname=$(uname -n)
system=$(cat /etc/os-release | grep "^NAME" | awk -F\" '{print $2}')
version=$(cat /etc/redhat-release | awk '{print $4$5}')
kernel=$(uname -r)
platform=$(uname -p)
address=$(ip addr | grep inet | grep -v "inet6" | grep -v "127.0.0.1" | awk '{ print $2; }' | tr '\n' '\t' )
cpumodel=$(cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq)
cpu=$(cat /proc/cpuinfo | grep 'processor' | sort | uniq | wc -l)
machinemodel=$(dmidecode | grep "Product Name" | sed 's/^[ \t]*//g' | tr '\n' '\t' )
date=$(date)

echo "主机名:           $hostname"
echo "系统名称:         $system"
echo "系统版本:         $version"
echo "内核版本:         $kernel"
echo "系统类型:         $platform"
echo "本机IP地址:       $address"
echo "CPU型号:          $cpumodel"
echo "CPU核数:          $cpu"
echo "机器型号:         $machinemodel"
echo "系统时间:         $date"
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>资源使用情况<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
summemory=$(free -h |grep "Mem:" | awk '{print $2}')
freememory=$(free -h |grep "Mem:" | awk '{print $4}')
usagememory=$(free -h |grep "Mem:" | awk '{print $3}')
uptime=$(uptime | awk '{print $2" "$3" "$4" "$5}' | sed 's/,$//g')
loadavg=$(uptime | awk '{print $9" "$10" "$11" "$12" "$13}')

echo "总内存大小:           $summemory"
echo "已使用内存大小:       $usagememory"
echo "可使用内存大小:       $freememory"
echo "系统运行时间:         $uptime"
echo "系统负载:             $loadavg"
echo "=============================dividing line================================"
echo "内存状态:"
vmstat 2 5
echo "=============================dividing line================================"
echo "僵尸进程:"
ps -ef | grep zombie | grep -v grep
if [ $? == 1 ];then
    echo ">>>无僵尸进程"
else
    echo ">>>有僵尸进程------[需调整]"
fi
echo "=============================dividing line================================"
echo "耗CPU最多的进程:"
ps auxf |sort -nr -k 3 |head -5
echo "=============================dividing line================================"
echo "耗内存最多的进程:"
ps auxf |sort -nr -k 4 |head -5
echo "=============================dividing line================================"
echo  "环境变量:"
env
echo "=============================dividing line================================"
echo  "路由表:"
route -n
echo "=============================dividing line================================"
echo  "监听端口:"
netstat -tunlp
echo "=============================dividing line================================"
echo  "当前建立的连接:"
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
echo "=============================dividing line================================"
echo "开机启动的服务:"
systemctl list-unit-files | grep enabled
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>系统用户情况<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo  "活动用户:"
w | tail -n +2
echo "=============================dividing line================================"
echo  "系统所有用户:"
cut -d: -f1,2,3,4 /etc/passwd
echo "=============================dividing line================================"
echo  "系统所有组:"
cut -d: -f1,2,3 /etc/group
echo "=============================dividing line================================"
echo  "当前用户的计划任务:"
crontab -l
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>身份鉴别安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
grep -i "^password.*requisite.*pam_cracklib.so" /etc/pam.d/system-auth  > /dev/null
if [ $? == 0 ];then
    echo ">>>密码复杂度:已设置"
else
    grep -i "pam_pwquality\.so" /etc/pam.d/system-auth > /dev/null
    if [ $? == 0 ];then
	echo ">>>密码复杂度:已设置"
    else
	echo ">>>密码复杂度:未设置,请加固密码--------[需调整]"
    fi
fi
echo "=============================dividing line================================"
awk -F":" '{if($2!~/^!|^*/){print ">>>("$1")" " 是一个未被锁定的账户,请管理员检查是否是可疑账户--------[需调整]"}}' /etc/shadow
echo "=============================dividing line================================"
more /etc/login.defs | grep -E "PASS_MAX_DAYS" | grep -v "#" |awk -F' '  '{if($2!=90){print ">>>密码过期天数是"$2"天,请管理员改成90天------[需调整]"}}'
echo "=============================dividing line================================"
grep -i "^auth.*required.*pam_tally2.so.*$" /etc/pam.d/sshd  > /dev/null
if [ $? == 0 ];then
  echo ">>>登入失败处理:已开启"
else
  echo ">>>登入失败处理:未开启,请加固登入失败锁定功能----------[需调整]"
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>访问控制安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "系统中存在以下非系统默认用户:"
more /etc/passwd |awk -F ":" '{if($3>500){print ">>>/etc/passwd里面的"$1 "的UID为"$3",该账户非系统默认账户,请管理员确认是否为可疑账户--------[需调整]"}}'
echo "=============================dividing line================================"
echo "系统特权用户:"
awk -F: '$3==0 {print $1}' /etc/passwd
echo "=============================dividing line================================"
echo "系统中空口令账户:"
awk -F: '($2=="!!") {print $1"该账户为空口令账户,请管理员确认是否为新增账户,如果为新建账户,请配置密码-------[需调整]"}' /etc/shadow
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>安全审计<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "正常情况下登录到本机30天内的所有用户的历史记录:"
last | head -n 30
echo "=============================dividing line================================"
echo "查看syslog日志审计服务是否开启:"
if service rsyslog status | egrep " active \(running";then
  echo ">>>经分析,syslog服务已开启"
else
  echo ">>>经分析,syslog服务未开启,建议通过service rsyslog start开启日志审计功能---------[需调整]"
fi
echo "=============================dividing line================================"
echo "查看syslog日志是否开启外发:"
if more /etc/rsyslog.conf | egrep "@...\.|@..\.|@.\.|\*.\* @...\.|\*\.\* @..\.|\*\.\* @.\.";then
  echo ">>>经分析,客户端syslog日志已开启外发--------[需调整]"
else
  echo ">>>经分析,客户端syslog日志未开启外发---------[无需调整]"
fi
echo "=============================dividing line================================"
echo "审计的要素和审计日志:"
more /etc/rsyslog.conf  | grep -v "^[$|#]" | grep -v "^$"
echo "=============================dividing line================================"
echo "系统中关键文件修改时间:"
ls -ltr /bin/ls /bin/login /etc/passwd  /bin/ps /etc/shadow|awk '{print ">>>文件名:"$9"  ""最后修改时间:"$6" "$7" "$8}'
echo "
###############################################################################################
#   ls文件:是存储ls命令的功能函数,被删除以后,就无法执行ls命令                                 #
#   login文件:login是控制用户登录的文件,一旦被篡改或删除,系统将无法切换用户或登陆用户         #
#   /etc/passwd是一个文件,主要是保存用户信息                                                  #
#   /bin/ps 进程查看命令功能支持文件,文件损坏或被更改后,无法正常使用ps命令                    #
#   /etc/shadow是/etc/passwd的影子文件,密码存放在该文件当中,并且只有root用户可读              #
###############################################################################################"
echo "=============================dividing line================================"
echo "检查重要日志文件是否存在:"
log_secure=/var/log/secure
log_messages=/var/log/messages
log_cron=/var/log/cron
log_boot=/var/log/boot.log
log_dmesg=/var/log/dmesg
if [ -e "$log_secure" ]; then
  echo  ">>>/var/log/secure日志文件存在"
else
  echo  ">>>/var/log/secure日志文件不存在------[需调整]"
fi
if [ -e "$log_messages" ]; then
  echo  ">>>/var/log/messages日志文件存在"
else
  echo  ">>>/var/log/messages日志文件不存在------[需调整]"
fi
if [ -e "$log_cron" ]; then
  echo  ">>>/var/log/cron日志文件存在"
else
  echo  ">>>/var/log/cron日志文件不存在--------[需调整]"
fi
if [ -e "$log_boot" ]; then
  echo  ">>>/var/log/boot.log日志文件存在"
else
  echo  ">>>/var/log/boot.log日志文件不存在--------[需调整]"
fi
if [ -e "$log_dmesg" ]; then
  echo  ">>>/var/log/dmesg日志文件存在"
else
  echo  ">>>/var/log/dmesg日志文件不存在--------[需调整]"
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>剩余信息保护<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "分区情况:"
echo "如果磁盘空间利用率过高,请及时调整---------[需调整]"
df -h
echo "=============================dividing line================================"
echo "可用块设备信息:"
lsblk
echo "=============================dividing line================================"
echo "文件系统信息:"
more /etc/fstab  | grep -v "^#" | grep -v "^$"
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>入侵防范安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "系统入侵行为:"
more /var/log/secure |grep refused
if [ $? == 0 ];then
    echo "有入侵行为,请分析处理--------[需调整]"
else
    echo ">>>无入侵行为"
fi
echo "=============================dividing line================================"
echo "用户错误登入列表:"
lastb | head > /dev/null
if [ $? == 1 ];then
    echo ">>>无用户错误登入列表"
else
    echo ">>>用户错误登入--------[需调整]"
    lastb | head 
fi
echo "=============================dividing line================================"
echo "ssh暴力登入信息:"
more /var/log/secure | grep  "Failed" > /dev/null
if [ $? == 1 ];then
    echo ">>>无ssh暴力登入信息"
else
    more /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print ">>>登入失败的IP和尝试次数: "$2"="$1"次---------[需调整]";}'
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>恶意代码防范<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "检查是否安装病毒软件:"
crontab -l | grep clamscan.sh > /dev/null
if [ $? == 0 ];then
  echo ">>>已安装ClamAV杀毒软件"
  crontab -l | grep freshclam.sh > /dev/null
  if [ $? == 0 ];then
    echo ">>>已部署定时更新病毒库"
  fi
else
  echo ">>>未安装ClamAV杀毒软件,请部署杀毒软件加固主机防护--------[无需调整]"
fi
echo " "
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>资源控制安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "查看是否开启了xinetd服务:"
if ps -elf |grep xinet |grep -v "grep xinet";then
  echo ">>>xinetd服务正在运行,请检查是否可以把xinetd服务关闭--------[无需调整]"
else
  echo ">>>xinetd服务未开启-------[无需调整]"
fi
echo "=============================dividing line================================"
echo  "查看是否开启了ssh服务:"
if service sshd status | grep -E "listening on|active \(running\)"; then
  echo ">>>SSH服务已开启"
else
  echo ">>>SSH服务未开启--------[需调整]"
fi
echo "=============================dividing line================================"
echo "查看是否开启了Telnet-Server服务:"
if more /etc/xinetd.d/telnetd 2>&1|grep -E "disable=no"; then
  echo ">>>Telnet-Server服务已开启"
else
  echo ">>>Telnet-Server服务未开启--------[无需调整]"
fi
echo "=============================dividing line================================"
ps axu | grep iptables | grep -v grep || ps axu | grep firewalld | grep -v grep 
if [ $? == 0 ];then
  echo ">>>防火墙已启用"
iptables -nvL --line-numbers
else
  echo ">>>防火墙未启用--------[需调整]"
fi
echo "=============================dividing line================================"
echo  "查看系统SSH远程访问设置策略(host.deny拒绝列表):"
if more /etc/hosts.deny | grep -E "sshd"; then
  echo ">>>远程访问策略已设置--------[需调整]"
else
  echo ">>>远程访问策略未设置--------[无需调整]"
fi
echo "=============================dividing line================================"
echo "查看系统SSH远程访问设置策略(hosts.allow允许列表):"
if more /etc/hosts.allow | grep -E "sshd"; then
  echo ">>>远程访问策略已设置--------[需调整]"
else
  echo ">>>远程访问策略未设置--------[无需调整]"
fi
echo "=============================dividing line================================"
echo "当hosts.allow和host.deny相冲突时,以hosts.allow设置为准"
echo "=============================dividing line================================"
grep -i "TMOUT" /etc/profile /etc/bashrc
if [ $? == 0 ];then
    echo ">>>已设置登入超时限制"
else
    echo ">>>未设置登入超时限制,请设置,设置方法:在/etc/profile或者/etc/bashrc里面添加参数TMOUT=600 --------[需调整]"
fi
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>end<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"

  

posted @ 2023-03-07 14:12  LuckinAaron  阅读(366)  评论(0编辑  收藏  举报