Shell百宝箱(命令)
获取随机字符串或数字
随机获取8位字符串
# 方法一
echo $RANDOM |md5sum |cut -c 1-8
d2614e90
# 方法二
openssl rand -base64 4
6kLKvQ==
# 方法3
cat /proc/sys/kernel/random/uuid |cut -c 1-8
获取随机8位数字
# 方法1:
echo $RANDOM |cksum |cut -c 1-8
62936468
# 方法2:
openssl rand -base64 4 |cksum |cut -c 1-8
17393369
# 方法3:
date +%N |cut -c 1-8
56937858
验证一系列域名访问状态码是否正常
#!/bin/bash
. /etc/init.d/functions
array=(
http://www.baidu.com
http://www.zcj.net.cn
http://www.taobao.com
)
for((i=0;i<${#array[*]};i++))
do
ret=`curl -I -s ${array[i]}|egrep "200|302"|wc -l`
if [ $ret -eq 1 ];then
action "`echo ${array[i]}|awk -F "/" '{print $3}'` is ok" /bin/true
else
action "`echo ${array[i]}|awk -F "/" '{print $3}'` is not ok" /bin/false
echo `echo ${array[i]} is not ok|mail -s "$(date +%F-%S)warning" 18621048481@163.com`
fi
done
# 执行脚本验证
bash test.sh
www.baidu.com is ok [ OK ]
www.zcj.net.cn is ok [ OK ]
www.taobao.com is not ok [FAILED]
批量创建系统账号并设置密码
#!/bin/sh
[ -f /etc/init.d/functions ]&& source /etc/init.d/functions
[ $UID -ne 0 ]&&{
echo "Ples sudo su - root"
exit 1
}
for user in youmen{01..10}
do
word=$(grep "\b$user\b" /etc/passwd|wc -l)
if [ $word -eq 1 ];then
action "Useradd $user already exists" /bin/false
continue
fi
pass=$(echo $RANDOM|md5sum|cut -c 1-8)
useradd $user && \
echo "$pass"|passwd --stdin $user &>/dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ];then
action "Useradd $user IS OK" /bin/true
fi
echo -e "$user\t$pass" >>/tmp/user.txt
done
检测软件包是否安装
#!/bin/bash
if rpm -q sysstat &>/dev/null; then
echo "sysstat is already installed."
else
echo "sysstat is not installed!"
fi
检查主机存活状态
#!/usr/bin/env bash
read -p "please input you pass key IP:[192.168.25]" ip
for i in `seq 2 254`
do
{
ping -c1 $ip.$i &> /dev/null
if [ $? -eq 0 ];then
echo "$ip.$i" >> ip.txt
fi
}&
done
wait
系统初始化脚本
#!/usr/bin/env bash
# Author: ZhouJian
# Mail: 18621048481@163.com
# Time: 2019-9-3
# Describe: CentOS 7 Initialization Script
clear
echo -ne "\\033[0;33m"
cat<<EOT
_oo0oo_
088888880
88" . "88
(| -_- |)
0\\ = /0
___/'---'\\___
.' \\\\\\\\| |// '.
/ \\\\\\\\||| : |||// \\\\
/_ ||||| -:- |||||- \\\\
| | \\\\\\\\\\\\ - /// | |
| \\_| ''\\---/'' |_/ |
\\ .-\\__ '-' __/-. /
___'. .' /--.--\\ '. .'___
."" '< '.___\\_<|>_/___.' >' "".
| | : '- \\'.;'\\ _ /';.'/ - ' : | |
\\ \\ '_. \\_ __\\ /__ _/ .-' / /
====='-.____'.___ \\_____/___.-'____.-'=====
'=---='
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
建议系统 CentOS7
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
EOT
echo -ne "\\033[m"
init_hostname() {
while read -p "请输入您想设定的主机名:" name
do
if [ -z "$name" ];then
echo -e "\033[31m 您没有输入内容,请重新输入 \033[0m"
continue
fi
read -p "您确认使用该主机名吗?[y/n]: " var
if [ $var == 'y' -o $var == 'yes' ];then
hostnamectl set-hostname $name
break
fi
done
}
init_security() {
systemctl stop firewalld
systemctl disable firewalld &>/dev/null
setenforce 0
sed -i '/^SELINUX=/ s/enforcing/disabled/' /etc/selinux/config
sed -i '/^GSSAPIAu/ s/yes/no/' /etc/ssh/sshd_config
sed -i '/^#UseDNS/ {s/^#//;s/yes/no/}' /etc/ssh/sshd_config
systemctl enable sshd crond &> /dev/null
echo -e "\033[32m [安全配置] ==> OK \033[0m"
}
init_yumsource() {
if [ ! -d /etc/yum.repos.d/backup ];then
mkdir /etc/yum.repos.d/backup
fi
mv /etc/yum.repos.d/* /etc/yum.repos.d/backup 2>/dev/null
if ! ping -c 2 baidu.com &>/dev/null
then
echo "您无法上外网,不能配置yum源"
exit
fi
curl -o /etc/yum.repos.d/163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo &>/dev/null
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &>/dev/null
timedatectl set-timezone Asia/Shanghai
echo "nameserver 114.114.114.114" > /etc/resolv.conf
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
chattr +i /etc/resolv.conf
echo -e "\033[32m [YUM Source] ==> OK \033[0m"
}
init_install_package() {
echo -e "\033[32m 安装系统需要的软件,请稍等~ ~ ~ \033[0m"
yum -y install lsof tree wget vim bash-completion lftp bind-utils &>/dev/null
yum -y install atop htop nethogs net-tools libcurl-devel libxml2-devel openssl-devel unzip psmisc ntpdate nslookup &>/dev/null
echo -e "\033[32m [安装常用工具] ==> OK \033[0m"
}
init_kernel_parameter() {
cat > /etc/sysctl.conf <<EOF
fs.file-max = 999999
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
vm.swappiness = 10
EOF
sysctl -p /etc/sysctl.conf >/dev/null 2>&1
echo -e "\033[32m [内核 优化] ==> OK \033[0m"
}
# **************************************************
init_system_limit() {
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65530
* hard nproc 65530
* soft nofile 65530
* hard nofile 65530
EOF
ulimit -n 65535
ulimit -u 20480
echo -e "\033[32m [ulimits 配置] ==> OK \033[0m"
cat >> /etc/profile <<EOF
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
EOF
source /etc/profile
}
main() {
init_hostname
init_security
init_yumsource
init_install_package
init_kernel_parameter
init_system_limit
}
main
检查主机存活状态并都公钥免密
#!/usr/bin/env bash
read -p "please input you pass key IP:[192.168.25]" ip
read -p "please input you pass keyIP password:" youpasswd
if [ ! -f /usr/bin/expect ];then
yum -y install expect
fi
sed -i 's/# *StrictHostKeyChecking *ask/StrictHostKeyChecking no/g' /etc/ssh/ssh_config
systemctl restart sshd
if [ ! -f /root/.ssh/id_rsa.pub ];then
cd /root/.ssh/
ssh-keygen -t rsa -N '' -f id_rsa -q
fi
for i in `seq 2 254`
do
{
ping -c1 $ip.$i &> /dev/null
if [ $? -eq 0 ];then
echo "$ip.$i" >> ip.txt
/usr/bin/expect <<-EOF
set timeout 10
spawn ssh-copy-id $ip.$i
expect {
"yes/no" { send "yes\r"; exp_continue }
"password:" { send "$youpasswd\r"}
}
expect eof
EOF
fi
}&
done
wait
监控CPU,内存和硬盘利用率
CPU
#!/bin/bash
DATE=$(date +%F" "%H:%M)
IP=`ip addr | grep "inet" | grep -v "127.0.0.1" | grep -v "inet6" | awk -F/ '{print $1}' | awk '{print $2}' `
MAIL="example@mail.com"
if ! which vmstat &>/dev/null; then
echo "vmstat command no found, Please install procps package."
exit 1
fi
US=$(vmstat |awk 'NR==3{print $13}')
SY=$(vmstat |awk 'NR==3{print $14}')
IDLE=$(vmstat |awk 'NR==3{print $15}')
WAIT=$(vmstat |awk 'NR==3{print $16}')
USE=$(($US+$SY))
echo $US $SY $IDLE $WAIT $USE
if [ $USE -ge 50 ]; then
echo "
Date: $DATE
Host: $IP
Problem: CPU utilization $USE
" | mail -s "CPU Monitor" $MAIL
fi
Memory
#!/bin/bash
DATE=$(date +%F" "%H:%M)
IP=`ip addr | grep "inet" | grep -v "127.0.0.1" | grep -v "inet6" | awk -F/ '{print $1}' | awk '{print $2}' `
MAIL="example@mail.com"
TOTAL=$(free -m |awk '/Mem/{print $2}')
USE=$(free -m |awk '/Mem/{print $3-$6-$7}')
FREE=$(($TOTAL-$USE))
# 内存小于1G发送报警邮件
if [ $FREE -lt 1024 ]; then
echo "
Date: $DATE
Host: $IP
Problem: Total=$TOTAL,Use=$USE,Free=$FREE
" | mail -s "Memory Monitor" $MAIL
fi
Disk
#!/bin/bash
DATE=$(date +%F" "%H:%M)
IP=`ip addr | grep "inet" | grep -v "127.0.0.1" | grep -v "inet6" | awk -F/ '{print $1}' | awk '{print $2}' `
MAIL="example@mail.com"
TOTAL=$(fdisk -l |awk -F'[: ]+' 'BEGIN{OFS="="}/^Disk \/dev/{printf "%s=%sG,",$2,$3}')
PART_USE=$(df -h |awk 'BEGIN{OFS="="}/^\/dev/{print $1,int($5),$6}')
echo $TOTAL
echo $PART_USE
for i in $PART_USE; do
PART=$(echo $i |cut -d"=" -f1)
USE=$(echo $i |cut -d"=" -f2)
MOUNT=$(echo $i |cut -d"=" -f3)
if [ $USE -gt 80 ]; then
echo "
Date: $DATE
Host: $IP
Total: $TOTAL
Problem: $PART=$USE($MOUNT)
" | mail -s "Disk Monitor" $MAIL
fi
done
# 批量主机磁盘利用率监控
#!/bin/bash
HOST_INFO=host.info
for IP in $(awk '/^[^#]/{print $1}' $HOST_INFO); do
USER=$(awk -v ip=$IP 'ip==$1{print $2}' $HOST_INFO)
PORT=$(awk -v ip=$IP 'ip==$1{print $3}' $HOST_INFO)
TMP_FILE=/tmp/disk.tmp
ssh -p $PORT $USER@$IP 'df -h' > $TMP_FILE
USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^\/dev/{print $1,int($5)}' $TMP_FILE)
for USE_RATE in $USE_RATE_LIST; do
PART_NAME=${USE_RATE%=*}
USE_RATE=${USE_RATE#*=}
if [ $USE_RATE -ge 80 ]; then
echo "Warning: $PART_NAME Partition usage $USE_RATE%!"
fi
done
done
python实现发邮件
#!/bin/bash
email='18621048481@163.com'
hostip=$(/usr/sbin/ifconfig eth0 |grep "inet"| cut -f 2 -d ":" |awk '{print $2}')
disk_use=`df -h |grep -w "/" |awk -F'%' '{print $1}'|awk '{print $NF}'| uniq`
if [ $disk_use -gt 10 ]
then
/data/SendEmail.py $email "$hostip" "$disk_use"
fi
# SendEmail.py
#!/usr/bin/python
# -*- coding:utf-8 -*-
import smtplib
from email.mime.text import MIMEText
import sys
mail_host = 'smtp.163.com'
mail_user = '18621048481@163.com'
mail_pass = '*******'
def send_mail(to_list, subject, content):
me = mail_user
msg = MIMEText(content, 'plain', 'utf-8')
msg['Subject'] = subject
msg['From'] = me
msg['to'] = to_list
try:
server = smtplib.SMTP_SSL(mail_host, 465)
server.login(mail_user, mail_pass)
server.sendmail(me, to_list, msg.as_string())
return True
except Exception as e:
print(e)
return False
if __name__ == "__main__":
send_mail(sys.argv[1], sys.argv[2], sys.argv[3])
find使用
# 删除30天前的文件
find ./logs/ -mtime +30 -exec rm -rf {} \;
sshpass
远程登录其他机器执行命令,之前一直用export 脚本的方式。现在感觉用这个更加方便一点,但是不安全,不建议在生产环境中使用此命令
安装
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum install sshpass -y
# 源码安装
wget http://sourceforge.net/projects/sshpass/files/latest/download -O sshpass.tar.gz
tar xf sshpass.tar.gz
cd sshpass-1.06/
./configure
make && make install
命令使用
sshpass -p 'password' ssh username@ip 'cmd'
# ssshpas -p '远程机器密码' 使用ssh 用户名@远程机器ip '要执行的命令'
# Example
[root@prometheus_106 opt]# sshpass -p 'youmen' ssh root@192.168.43.18 'ls /root'
memcached-1.5.9
memcached-1.5.9.tar.gz
memcached_exporter-0.6.0.linux-amd64
memcached_exporter-0.6.0.linux-amd64.tar.gz
# 但是注意,linux系统连接陌生机器会有一个秘钥认证,让你输入一个yes,会导致你使用sshpass返回上一次执行的结果,可以通过下面命令关掉
sed -i 's/# *StrictHostKeyChecking *ask/StrictHostKeyChecking no/g' /etc/ssh/ssh_config
systemctl restart sshd
# 自动登录
[root@prometheus_106 opt]# cat ip.txt
192.168.43.18:root:youmen
192.168.43.84:root:youmen
192.168.43.134:root:youmen
192.168.43.144:root:youmen
# -f指定密码文件
# -o 忽略密码提示
sshpass -f ip.txt ssh root@192.168.43.18 'hostnamectl'
# 批量主机操作
cat ip.txt
192.168.43.18
192.168.43.134
192.168.43.189
192.168.43.251
192.168.43.243
192.168.43.144
192.168.43.213
cat sshpass.sh
#!/bin/bash
username="root"
passwd="密码"
port="22"
timeout=3
cmd="hostname"
for host in `cat ip.txt`
do
result=""
result=`sshpass -p "$passwd" ssh -p $port -o StrictHostKeyChecking=no -o ConnectTimeout=$timeout $username@$host $cmd`
echo $result >> result.txt
done
[root@prometheus_106 opt]# bash sshpass.sh
[root@prometheus_106 opt]# cat result.txt
memcached
redis
mysql-101
rabbitmq-2
nginx-104
prometheus_106
rabbitmq-1
Expoct
expect是一种能够按照脚本内容里面设定的方式与交互式程序进行“会话”的程序。根据脚本内容,Expect可以知道程序会提示或反馈什么内容以及 什么是正确的应答。它是一种可以提供“分支和嵌套结构”来引导程序流程的解释型脚本语言。
shell功能很强大,但是不能实现有交互功能的多机器之前的操作,例如ssh和ftp.而expect可以帮助我们来实现.
安装expect
yum -y install expect
Example
#!/usr/bin/env bash
read -p "please input you pass key IP:[192.168.25]" ip
read -p "please input you pass keyIP password:" youpasswd
if [ ! -f /usr/bin/expect ];then
yum -y install expect
fi
sed -i 's/# *StrictHostKeyChecking *ask/StrictHostKeyChecking no/g' /etc/ssh/ssh_config
systemctl restart sshd
if [ ! -f /root/.ssh/id_rsa.pub ];then
cd /root/.ssh/
ssh-keygen -t rsa -N '' -f id_rsa -q
fi
for i in `seq 2 254`
do
{
ping -c1 $ip.$i &> /dev/null
if [ $? -eq 0 ];then
echo "$ip.$i" >> ip.txt
/usr/bin/expect <<-EOF
set timeout 10 # 设置超时时间
spawn ssh-copy-id $ip.$i # 发送ssh
expect { # 返回信息匹配
"yes/no" { send "yes\r"; exp_continue } # 第一次ssh连接会提示yes/no,继续
"password:" { send "$youpasswd\r"} # 出现密码提示,发送密码
}
expect eof
EOF
fi
}&
done
wait
sudo提权
chmod u+w /etc/sudoers &&echo "appmanager ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && chmod u-w /etc/sudoers
网络小命令
# 查看当前公网IP
youmen@youmendeMacBook-Pro ~ % curl cip.cc
IP : 221.217.106.253
地址 : 中国 北京
运营商 : 联通
数据二 : 北京市房山区 | 联通
数据三 :
URL : http://www.cip.cc/221.217.106.253
部署源码Nginx脚本
#! /usr/bin/env bash
# Author: ZhouJian
# Mail: 18621048481@163.com
# Time: 2019-9-3
# Describe: CentOS 7 Install Nginx Source Code Script
version="nginx-1.14.2.tar.gz"
user="nginx"
nginx=${version%.tar*}
path=/usr/local/src/$nginx
echo $path
if ! ping -c2 www.baidu.com &>/dev/null
then
echo "网络不通,无法安装"
exit
fi
yum install -y gcc gcc-c++ openssl-devel pcre-devel make zlib-devel wget psmisc
if [ ! -e $version ];then
wget http://nginx.org/download/$version
fi
if ! id $user &>/dev/null
then
useradd $user -M -s /sbin/nologin
fi
if [ ! -d /var/tmp/nginx ];then
mkdir -p /var/tmp/nginx/{client,proxy,fastcgi,uwsgi,scgi}
fi
tar xf $version -C /usr/local/src
cd $path
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_realip_module \
--http-client-body-temp-path=/var/tmp/nginx/client \
--http-proxy-temp-path=/var/tmp/nginx/proxy \
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-pcre \
--with-file-aio \
--with-http_secure_link_module && make && make install
if [ $? -ne 0 ];then
echo "nginx未安装成功"
exit
fi
killall nginx
/usr/local/nginx/sbin/nginx
#echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local
#chmod +x /etc/rc.local
#systemctl start rc-local
#systemctl enable rc-local
ss -antp |grep nginx
Sed常用案例
# 去掉文件所以以#开头的行
sed -i '/^ *#/d' 配置文件路径
# 去掉文件空行
sed -ri '/^[[:space:]]*(#|$)/d' 配置文件路径
# 查看指定端口程序打开的文件路径
ss -antlp |grep 5555
ll /proc/6010 |grep cwd
