Linux系统巡检、等保安全检查脚本

以下shell脚本适合linux分支中的redhat、centos使用，运行脚本将结果输出到自定义的文件中，可将巡检脚本以root用户登录放在/usr/local/sbin的目录下执行。

脚本只是一个检查的操作,不会对服务器做任何修改，可放心使用。

一、系统巡检

此检查脚本包含以下几块内容：

• 系统信息巡检
• 系统硬件巡检
• 系统网络巡检
• 系统资源巡检
• 系统安全巡检

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223

######################################################################################################## # @Scpript      该脚本用于系统日常巡检，仅供学习研究                                   ####################### ########################################################################################################   function RED(){   echo -e "\033[31m$@\033[0m" }   function GRE(){   echo -e "\033[36m$@\033[0m" }   function OS_INFO(){   # 系统名   local OS_NAME=`uname -n`   # 系统版本   local OS_VERSION=`cat /etc/.kyinfo | grep dist_id | grep -oE "Kylin.*" 2>/dev/null || echo 获取信息失败`   # 系统类型   local OS_TYPE=`uname`   # 主机序列号   local OS_NUM=`dmidecode -t system | grep 'Serial Number' | awk '{print $3}'`   # 系统内核版本   local OS_KERNEL=`uname -r`   # 系统机器码   local OS_CODE=""   # 系统语言环境   local OS_LANG=`echo $LANG`   # 系统时间   local OS_DATE=`date +"%Y-%m-%d %H:%M:%S"`   # 系统运行时间   local OS_UPTIME=`uptime | awk -F',' '{sub(/.*up /,"",$1);print $1'} || echo 获取信息失败`   # 系统上次重启时间   local OS_LAST_REBOOT=`last reboot | head -1 | awk '{print $5,$6,$7,$8,$10}'`   # 系统上次关机时间   local OS_LAST_SHUTDOWN=`last -x | grep shutdown | head -1 | awk '{print $5,$6,$7,$8,$10}'`     RED "################################# [ 系统信息巡检区 ] ######################################"   GRE "主机名：$OS_NAME"   GRE "主机类型：$OS_TYPE"   GRE "主机序列号：${OS_NUM:-获取信息失败}"   GRE "系统版本：$OS_VERSION"   GRE "系统内核版本：$OS_KERNEL"   GRE "系统机器码：${OS_CODE:-获取信息失败}"   GRE "系统语言环境：${OS_LANG}"   GRE "系统时间；$OS_DATE"   GRE "系统已运行时间：$OS_UPTIME"   GRE "系统上次重启时间：${OS_LAST_REBOOT:-获取信息失败}"   GRE "系统上次关机时间：${OS_LAST_SHUTDOWN:-获取信息失败}" }   function OS_HDWARE(){   # CPU架构   local CPU_ARCH=`uname -m`   # CPU型号   local CPU_TYPE=`cat /proc/cpuinfo | grep "model name" | uniq | awk -F':' '{sub(/ /,"",$2);print $2}'`   # CPU个数   local CPU_NUM=`cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l`   # CPU 核数   local CPU_CORE=`cat /proc/cpuinfo | grep cores | uniq | awk -F':' '{sub(/ /,"",$2);print $2}'`   # CPU 频率   local CPU_HZ=`cat /proc/cpuinfo | grep "cpu MHz" | uniq | awk -F':' '{sub(/ /,"",$2);printf "%s MHz\n",$2}'`     # 内存容量   local ME_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemTotal:' | awk '{print $2}'`/1048576"|bc)   # 空闲内存   local ME_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemFree:' | awk '{print $2}'`/1048576"|bc)   # 可用内存   local ME_FREEE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemAvailable:' | awk '{print $2}'`/1048576" | bc)   # 内存使用率   local ME_USE=$(awk 'BEGIN{printf "%.1f%\n",('$ME_SIZE'-'$ME_FREEE')/'$ME_SIZE'*100}')   # SWAP大小   local ME_SWAP_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapTotal:' | awk '{print $2}'`/1048576"|bc)   # SWAP可用   local ME_SWAP_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapFree:' | awk '{print $2}'`/1048576"|bc)   # SWAP使用率   local ME_SWAP_USE=$(awk 'BEGIN{printf "%.1f%\n",('$ME_SWAP_SIZE'-'$ME_SWAP_FREE')/'$ME_SWAP_SIZE'*100}')   # Buffer大小   local ME_BUF=$(cat /proc/meminfo | grep 'Buffers:' | awk '{printf "%s KB",$2}')   # 内存Cache大小   local ME_CACHE=$(cat /proc/meminfo | grep '^Cached:' | awk '{printf "%s KB",$2}')     # 当前系统所有网卡   local NET_DEVICE=(`cat /proc/net/dev | awk 'NR>2 && $1 !~/lo/ {sub(/:/,"");print $1}'`)     RED "################################# [ 系统硬件巡检区 ] ######################################"   GRE "CPU型号：$CPU_TYPE"   GRE "CPU架构：$CPU_ARCH"   GRE "CPU个数：$CPU_NUM"   GRE "CPU核数: $CPU_CORE"   GRE "CPU频率：$CPU_HZ"   GRE "内存容量：${ME_SIZE} GB"   GRE "内存空闲：${ME_FREE} GB"   GRE "内存可用：${ME_FREEE} GB"   GRE "内存使用率：${ME_USE}"   GRE "SWAP容量：$ME_SWAP_SIZE GB"   GRE "SWAP可用容量：$ME_SWAP_FREE GB"   GRE "SWAP使用率：$ME_SWAP_USE"   GRE "内存Buffer大小：${ME_BUF}"   GRE "内存Cache大小：${ME_CACHE}"     for i in ${NET_DEVICE[@]}   do     GRE "网卡：$i  状态: $(ip link show ens33 | awk 'NR==1{print $9}') RX: $(ethtool -g ens33 | grep "RX:" | tail -1 | awk '{print $2}') TX: $(ethtool -g ens33 | grep "TX:" | tail -1 | awk '{print $2}')"   done }   function OS_NETWORK(){   # 系统IP   local IP=$(hostname -I)   # 网关地址   local GATEWAY=$(ip route | grep default &>/dev/null && ip route | grep default | awk '{print $3}' || echo '未设置默认网关')   # DNS地址   local DNS=(`cat /etc/resolv.conf | grep nameserver | uniq | awk '{print $2}'`)     RED "################################# [ 系统网络巡检区 ] ######################################"   GRE "IP地址：$IP"   GRE "网关地址：$GATEWAY"   GRE "DNS地址：${DNS[@]}"   GRE "网关[$GATEWAY]连接情况: $(ping -t 1 -i 1 -c 5 -W 1 192.168.0.2 &>/dev/null && echo '正常通信' || echo '无法通信')" }   function OS_RESOURCE(){   # 系统磁盘列表   local DISK_LIST=(`lsblk | egrep "^[a-z].*" | grep -v "^sr" | awk '{print $1}'`)   # 系统磁盘使用率情况   local DISK_PER=(`df -h | awk 'NR>1 && $1 !~/sr/ {gsub(/%/,"",$5);print $5}'`)     # CPU空闲率   local CPU_FREE=$(top -d 1 -n 1 -b | awk 'NR==3{print $8}')   # CPU使用率   local CPU_USE=$(awk 'BEGIN{printf "%.1f%\n",100-'$CPU_FREE'}')   # CPU_TOP_TEN   local CPU_TOP_TEN=$(top -d 1 -n 1 -b | column -t | awk 'NR>=7 && NR<=15')     # 当前进程数   local CPU_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $2}')   # 当前正在运行进程数   local CPU_RUN_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $4}')   # 当前正在休眠进程数   local CPU_SL_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $6}')   # 当前停止运行进程数   local CPU_STOP_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print 8}')   # 当前僵尸进程数   local CPU_ZOM_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $10}')         RED "################################# [ 系统资源巡检区 ] ######################################"   GRE "CPU使用率：$CPU_USE"   GRE "CPU使用率前十进程信息:"   GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pcpu | head -n 10)"   GRE "\n内存使用率前十进程信息:"   GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pmem | head -n 10)"   GRE "\n磁盘IO信息:$(iotop -bon 1 &>/dev/null || echo 'io top 未安装信息获取失败')"   GRE "$(iotop -bon 1 &>/dev/null && iotop -bon 1 | head -n 13)"   GRE "\n磁盘分区使用率是否正常：正常"   for i in ${DISK_LIST[@]}   do     if [[ -z "$(lsblk --nodeps -no serial /dev/$i)" ]]; then       GRE "磁盘：$i  磁盘序列号：获取信息失败"      else       GRE "磁盘：$i  磁盘序列号：$(lsblk --nodeps -no serial /dev/$i)"     fi   done   for i in ${DISK_PER[@]}   do     if [ $i -gt 80 ]; then       RED "某分区磁盘使用率为：$i% > 80% 请及时扩容"     fi   done   GRE "\n系统磁盘分区inode使用情况："   GRE "$(df -Thi)"   GRE "\n系统当前进程数：$CPU_PROCESSORS"    GRE "系统当前进程运行数：$CPU_RUN_PROCESSORS"   GRE "系统当前休眠进程数：$CPU_SL_PROCESSORS"   GRE "系统当前停止进程数：$CPU_STOP_PROCESSORS"   GRE "系统当前僵尸进程数：$CPU_ZOM_PROCESSORS"     GRE "\n系统当前允许最大fd数量：$(cat /proc/sys/fs/file-nr | awk '{print $3}')"   GRE "系统当前已打开fd数量：$(cat /proc/sys/fs/file-nr | awk '{print $1}')"   GRE "系统单个进程运行打开fd数量：$(ulimit -n)"     GRE "\n系统当前socket连接数：$(netstat -anp &>/dev/null && netstat -anp | wc -l || echo 'net-tools 未安装,获取信息失败')"   GRE "系统 established socket数量: $(netstat -anp &>/dev/null && netstat -anp | grep "ESTABLISHED" | wc -l || echo 'net-tools 未安装,获取信息失败')"   GRE "系统 sync socket数量：$(netstat -anp &>/dev/null && netstat -anp | grep "SYN" | wc -l || echo 'net-tools 未安装,获取信息失败')"   GRE "系统当前已建立socket如下:"   GRE "$(netstat -anp &>/dev/null && netstat -anp | grep ESTABLISHED | awk '{printf "  本地:%-20s <=>    外部:%-22s\n",$4,$5}' || echo '')" }   function OS_SECURITY(){   # 系统所有能登录的用户   local OS_USER=(`cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}'`)   # Selinux   local OS_SELINUX=`getenforce`   # 防火墙状态   local OS_FIREWALLD=`service firewalld status &>/dev/null | grep "running" && echo on || echo off`     RED "################################# [ 系统安全巡检区 ] ######################################"   GRE "防火墙状态: $OS_FIREWALLD"   GRE "Selinux状态：${OS_SELINUX}\n"   GRE "系统可登录用户数：$(cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}' | wc -l)"   GRE "系统可登录用户：${OS_USER[@]}"   for i in ${OS_USER[@]}   do     GRE "用户 $i 最后1次登录信息: $(lastlog -u $i | awk 'NR==2')"   done   GRE "系统当前登录用户："   GRE "$(who | sed 's#[()]##g' | awk '{printf "   用户: %10s 终端: %7s 登录时间: %7s %7s 登录IP: %7s\n",$1,$2,$3,$4,$5}')" }   function OS_SERVICE(){   RED "################################# [ 系统服务巡检区 ] ######################################"   GRE "自行添加" }   if [ $(id -u -n) != "root" ]; then   ERROR "请以ROOT用户运行这个脚本" fi   OS_INFO OS_HDWARE OS_NETWORK OS_RESOURCE OS_SECURITY

　　

二、等保安全检查

此检查脚本包含以下几块内容

• 系统基本信息
• 资源使用情况
• 系统用户情况
• 身份鉴别安全
• 访问控制安全
• 安全审计
• 剩余信息保护
• 入侵防范安全
• 恶意代码防范
• 资源控制安全

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298

echo "##########################################################################" echo "#                                                                        #" echo "#                         health check script                            #" echo "#                                                                        #" echo "#警告:本脚本只是一个检查的操作,未对服务器做任何修改,管理员可以根据此报告 #" echo "#进行相应的安全整改                                                      #" echo "##########################################################################" echo " " #read -p "=====================Are You Ready,Please press enter==================" echo " " echo "##########################################################################" echo "#                                                                        #" echo "#                               主机安全检测                             #" echo "#                                                                        #" echo "##########################################################################" echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>系统基本信息<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" hostname=$(uname -n) system=$(cat /etc/os-release | grep "^NAME" | awk -F\" '{print $2}') version=$(cat /etc/redhat-release | awk '{print $4$5}') kernel=$(uname -r) platform=$(uname -p) address=$(ip addr | grep inet | grep -v "inet6" | grep -v "127.0.0.1" | awk '{ print $2; }' | tr '\n' '\t' ) cpumodel=$(cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq) cpu=$(cat /proc/cpuinfo | grep 'processor' | sort | uniq | wc -l) machinemodel=$(dmidecode | grep "Product Name" | sed 's/^[ \t]*//g' | tr '\n' '\t' ) date=$(date)   echo "主机名:           $hostname" echo "系统名称:         $system" echo "系统版本:         $version" echo "内核版本:         $kernel" echo "系统类型:         $platform" echo "本机IP地址:       $address" echo "CPU型号:          $cpumodel" echo "CPU核数:          $cpu" echo "机器型号:         $machinemodel" echo "系统时间:         $date" echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>资源使用情况<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" summemory=$(free -h |grep "Mem:" | awk '{print $2}') freememory=$(free -h |grep "Mem:" | awk '{print $4}') usagememory=$(free -h |grep "Mem:" | awk '{print $3}') uptime=$(uptime | awk '{print $2" "$3" "$4" "$5}' | sed 's/,$//g') loadavg=$(uptime | awk '{print $9" "$10" "$11" "$12" "$13}')   echo "总内存大小:           $summemory" echo "已使用内存大小:       $usagememory" echo "可使用内存大小:       $freememory" echo "系统运行时间:         $uptime" echo "系统负载:             $loadavg" echo "=============================dividing line================================" echo "内存状态:" vmstat 2 5 echo "=============================dividing line================================" echo "僵尸进程:" ps -ef | grep zombie | grep -v grep if [ $? == 1 ];then     echo ">>>无僵尸进程" else     echo ">>>有僵尸进程------[需调整]" fi echo "=============================dividing line================================" echo "耗CPU最多的进程:" ps auxf |sort -nr -k 3 |head -5 echo "=============================dividing line================================" echo "耗内存最多的进程:" ps auxf |sort -nr -k 4 |head -5 echo "=============================dividing line================================" echo  "环境变量:" env echo "=============================dividing line================================" echo  "路由表:" route -n echo "=============================dividing line================================" echo  "监听端口:" netstat -tunlp echo "=============================dividing line================================" echo  "当前建立的连接:" netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}' echo "=============================dividing line================================" echo "开机启动的服务:" systemctl list-unit-files | grep enabled echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>系统用户情况<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo  "活动用户:" w | tail -n +2 echo "=============================dividing line================================" echo  "系统所有用户:" cut -d: -f1,2,3,4 /etc/passwd echo "=============================dividing line================================" echo  "系统所有组:" cut -d: -f1,2,3 /etc/group echo "=============================dividing line================================" echo  "当前用户的计划任务:" crontab -l echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>身份鉴别安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" grep -i "^password.*requisite.*pam_cracklib.so" /etc/pam.d/system-auth  > /dev/null if [ $? == 0 ];then     echo ">>>密码复杂度:已设置" else     grep -i "pam_pwquality\.so" /etc/pam.d/system-auth > /dev/null     if [ $? == 0 ];then     echo ">>>密码复杂度:已设置"     else     echo ">>>密码复杂度:未设置,请加固密码--------[需调整]"     fi fi echo "=============================dividing line================================" awk -F":" '{if($2!~/^!|^*/){print ">>>("$1")" " 是一个未被锁定的账户,请管理员检查是否是可疑账户--------[需调整]"}}' /etc/shadow echo "=============================dividing line================================" more /etc/login.defs | grep -E "PASS_MAX_DAYS" | grep -v "#" |awk -F' '  '{if($2!=90){print ">>>密码过期天数是"$2"天,请管理员改成90天------[需调整]"}}' echo "=============================dividing line================================" grep -i "^auth.*required.*pam_tally2.so.*$" /etc/pam.d/sshd  > /dev/null if [ $? == 0 ];then   echo ">>>登入失败处理:已开启" else   echo ">>>登入失败处理:未开启,请加固登入失败锁定功能----------[需调整]" fi echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>访问控制安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo "系统中存在以下非系统默认用户:" more /etc/passwd |awk -F ":" '{if($3>500){print ">>>/etc/passwd里面的"$1 "的UID为"$3"，该账户非系统默认账户，请管理员确认是否为可疑账户--------[需调整]"}}' echo "=============================dividing line================================" echo "系统特权用户:" awk -F: '$3==0 {print $1}' /etc/passwd echo "=============================dividing line================================" echo "系统中空口令账户:" awk -F: '($2=="!!") {print $1"该账户为空口令账户，请管理员确认是否为新增账户，如果为新建账户，请配置密码-------[需调整]"}' /etc/shadow echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>安全审计<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo "正常情况下登录到本机30天内的所有用户的历史记录:" last | head -n 30 echo "=============================dividing line================================" echo "查看syslog日志审计服务是否开启:" if service rsyslog status | egrep " active \(running";then   echo ">>>经分析,syslog服务已开启" else   echo ">>>经分析,syslog服务未开启，建议通过service rsyslog start开启日志审计功能---------[需调整]" fi echo "=============================dividing line================================" echo "查看syslog日志是否开启外发:" if more /etc/rsyslog.conf | egrep "@...\.|@..\.|@.\.|\*.\* @...\.|\*\.\* @..\.|\*\.\* @.\.";then   echo ">>>经分析,客户端syslog日志已开启外发--------[需调整]" else   echo ">>>经分析,客户端syslog日志未开启外发---------[无需调整]" fi echo "=============================dividing line================================" echo "审计的要素和审计日志:" more /etc/rsyslog.conf  | grep -v "^[$|#]" | grep -v "^$" echo "=============================dividing line================================" echo "系统中关键文件修改时间:" ls -ltr /bin/ls /bin/login /etc/passwd  /bin/ps /etc/shadow|awk '{print ">>>文件名："$9"  ""最后修改时间："$6" "$7" "$8}' echo " ############################################################################################### #   ls文件:是存储ls命令的功能函数,被删除以后,就无法执行ls命令                                 # #   login文件:login是控制用户登录的文件,一旦被篡改或删除,系统将无法切换用户或登陆用户         # #   /etc/passwd是一个文件,主要是保存用户信息                                                  # #   /bin/ps 进程查看命令功能支持文件,文件损坏或被更改后,无法正常使用ps命令                    # #   /etc/shadow是/etc/passwd的影子文件,密码存放在该文件当中,并且只有root用户可读              # ###############################################################################################" echo "=============================dividing line================================" echo "检查重要日志文件是否存在:" log_secure=/var/log/secure log_messages=/var/log/messages log_cron=/var/log/cron log_boot=/var/log/boot.log log_dmesg=/var/log/dmesg if [ -e "$log_secure" ]; then   echo  ">>>/var/log/secure日志文件存在" else   echo  ">>>/var/log/secure日志文件不存在------[需调整]" fi if [ -e "$log_messages" ]; then   echo  ">>>/var/log/messages日志文件存在" else   echo  ">>>/var/log/messages日志文件不存在------[需调整]" fi if [ -e "$log_cron" ]; then   echo  ">>>/var/log/cron日志文件存在" else   echo  ">>>/var/log/cron日志文件不存在--------[需调整]" fi if [ -e "$log_boot" ]; then   echo  ">>>/var/log/boot.log日志文件存在" else   echo  ">>>/var/log/boot.log日志文件不存在--------[需调整]" fi if [ -e "$log_dmesg" ]; then   echo  ">>>/var/log/dmesg日志文件存在" else   echo  ">>>/var/log/dmesg日志文件不存在--------[需调整]" fi echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>剩余信息保护<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo "分区情况:" echo "如果磁盘空间利用率过高，请及时调整---------[需调整]" df -h echo "=============================dividing line================================" echo "可用块设备信息:" lsblk echo "=============================dividing line================================" echo "文件系统信息:" more /etc/fstab  | grep -v "^#" | grep -v "^$" echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>入侵防范安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo "系统入侵行为:" more /var/log/secure |grep refused if [ $? == 0 ];then     echo "有入侵行为，请分析处理--------[需调整]" else     echo ">>>无入侵行为" fi echo "=============================dividing line================================" echo "用户错误登入列表:" lastb | head > /dev/null if [ $? == 1 ];then     echo ">>>无用户错误登入列表" else     echo ">>>用户错误登入--------[需调整]"     lastb | head fi echo "=============================dividing line================================" echo "ssh暴力登入信息:" more /var/log/secure | grep  "Failed" > /dev/null if [ $? == 1 ];then     echo ">>>无ssh暴力登入信息" else     more /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print ">>>登入失败的IP和尝试次数: "$2"="$1"次---------[需调整]";}' fi echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>恶意代码防范<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo "检查是否安装病毒软件:" crontab -l | grep clamscan.sh > /dev/null if [ $? == 0 ];then   echo ">>>已安装ClamAV杀毒软件"   crontab -l | grep freshclam.sh > /dev/null   if [ $? == 0 ];then     echo ">>>已部署定时更新病毒库"   fi else   echo ">>>未安装ClamAV杀毒软件,请部署杀毒软件加固主机防护--------[无需调整]" fi echo " " echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>资源控制安全<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" echo "查看是否开启了xinetd服务:" if ps -elf |grep xinet |grep -v "grep xinet";then   echo ">>>xinetd服务正在运行，请检查是否可以把xinetd服务关闭--------[无需调整]" else   echo ">>>xinetd服务未开启-------[无需调整]" fi echo "=============================dividing line================================" echo  "查看是否开启了ssh服务:" if service sshd status | grep -E "listening on|active \(running\)"; then   echo ">>>SSH服务已开启" else   echo ">>>SSH服务未开启--------[需调整]" fi echo "=============================dividing line================================" echo "查看是否开启了Telnet-Server服务:" if more /etc/xinetd.d/telnetd 2>&1|grep -E "disable=no"; then   echo ">>>Telnet-Server服务已开启" else   echo ">>>Telnet-Server服务未开启--------[无需调整]" fi echo "=============================dividing line================================" ps axu | grep iptables | grep -v grep || ps axu | grep firewalld | grep -v grep if [ $? == 0 ];then   echo ">>>防火墙已启用" iptables -nvL --line-numbers else   echo ">>>防火墙未启用--------[需调整]" fi echo "=============================dividing line================================" echo  "查看系统SSH远程访问设置策略(host.deny拒绝列表):" if more /etc/hosts.deny | grep -E "sshd"; then   echo ">>>远程访问策略已设置--------[需调整]" else   echo ">>>远程访问策略未设置--------[无需调整]" fi echo "=============================dividing line================================" echo "查看系统SSH远程访问设置策略(hosts.allow允许列表):" if more /etc/hosts.allow | grep -E "sshd"; then   echo ">>>远程访问策略已设置--------[需调整]" else   echo ">>>远程访问策略未设置--------[无需调整]" fi echo "=============================dividing line================================" echo "当hosts.allow和host.deny相冲突时,以hosts.allow设置为准" echo "=============================dividing line================================" grep -i "TMOUT" /etc/profile /etc/bashrc if [ $? == 0 ];then     echo ">>>已设置登入超时限制" else     echo ">>>未设置登入超时限制,请设置,设置方法:在/etc/profile或者/etc/bashrc里面添加参数TMOUT=600 --------[需调整]" fi echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>end<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"

　　

__EOF__

作　　者：Aaron
出　　处：https://www.cnblogs.com/Williamls/p/17187968.html
关于博主：  谦谦君子 卑以自牧
版权声明：署名 - 非商业性使用 - 禁止演绎，协议普通文本 | 协议法律文本。
声援博主：如果您觉得文章对您有帮助，可以点击文章右下角【推荐】一下。您的鼓励是博主的最大动力！