检测工具lynis
wget https://gitee.com/zzhlinux911218/software/raw/master/linux-inspect2.sh;bash linux-inspect2.sh
检测系统安全中,请等待检测结果……
扫描结果 /var/log/lynis-log
结果详情 /var/log/lynis.log
执行命令:./lynis audit system -Q
#!bin/bash yum -y install wget unzip wget https://gitee.com/zzhlinux911218/software/raw/master/lynis-master.zip unzip lynis-master.zip > /dev/null mv lynis-master /etc/lynis cd /etc/lynis echo -e "\033[33m 检测系统安全中,请等待检测结果……\033[0m" ./lynis audit system |sed '1,/Results/d' > /var/log/lynis-log curl qq.com &> /dev/null if [ $? != 0 ];then echo -e "\033[31m 本机curl不通外网站点,请联系机房处理!!\033[0m" fi ping -c3 8.8.4.4 &> /dev/null if [ $? != 0 ];then echo -e "\033[31m 本机DNS不通,请联系机房处理!!\033[0m" fi AWS=`cat /var/log/lynis-log | grep Warnings | wc -l` if [ $AWS != 0 ];then echo "" echo -e "\033[31m 本机系统漏洞数量如下:\033[0m" cat /var/log/lynis-log | grep Warnings AWWS=`cat /var/log/lynis-log | grep Found | awk '{print $NF}' | awk -F"[" '{print $2}' | awk -F"]" '{print $1}'` for i in "$AWWS" do cd /etc/lynis echo "" echo -e "\033[33m 警告解决方案如下……\033[0m" ./lynis show details "$i" done echo "" echo "扫描结果 /var/log/lynis-log" echo "结果详情 /var/log/lynis.log" else echo -e "\033[33m 本机系统检测完毕,安全!\033[0m" fi
ln -s /etc/lynis/lynis /usr/bin/lynis
使用 lynis 进行主机扫描很简单,只需要带上参数 audit system 即可
lynis audit system