#!/bin/bash
# -*- coding:utf-8 -*-
# @Time : 2021/11/25 10:24
# @Author: CharieSng
# @File : check.sh
DIR="/etc"
OS_V=`cat $DIR/redhat-release | awk -F 'release ' '{print $2}' | cut -c1`
OS_B=`getconf LONG_BIT`
echo "################################################################################"
echo "正在查看/etc/login.defs..."
sleep 3
##PASS_MAX_DAYS
max=`cat $DIR/login.defs |grep ^PASS_MAX_DAYS |awk '{print $2}'`
echo -n "最大期限:$max天"
if [ -z "$max" ] || [ $max -gt 90 ];then
echo -e ",建議小于等于\033[31m90\033[0m天\c"
fi
echo ""
##PASS_MIN_DAYS
min=`cat $DIR/login.defs |grep ^PASS_MIN_DAYS |awk '{print $2}'`
echo -n "最小期限:$min天"
if [ -z "$min" ] || [ $min -ne 0 ];then
echo -e ",建議等于\033[31m0\033[0m天\c"
fi
echo ""
##PASS_MIN_LEN
len=`cat $DIR/login.defs |grep ^PASS_MIN_LEN |awk '{print $2}'`
echo -n "口令長度:$len位"
if [ -z "$len" ] || [ $len -lt 8 ];then
echo -e "党饮,建議大于等于\033[31m8\033[0m位\c"
fi
echo ""
##PASS_WARN_AGE
warn=`cat $DIR/login.defs |grep ^PASS_WARN_AGE | awk '{print $2}'`
echo -n "警告天數(shù):$warn天"
if [ -z "$warn" ] || [ $warn -ne 7 ];then
echo -e ",建議等于\033[31m7\033[0m天\c"
fi
echo ""
echo "----------------------------------------"
echo "正在查看/etc/pam.d/system-auth..."
sleep 3
##minclass
class=`cat $DIR/pam.d/system-auth |grep minclass | awk -F 'minclass=' '{print $2}' | awk '{print $1}'`
echo -n "密碼復(fù)雜度:$class種"
if [ -z "$class" ] || [ $class -lt 3 ];then
echo -e "扇调,建議大于等于\033[31m3\033[0m種\c"
fi
echo ""
##retry
try=`cat $DIR/pam.d/system-auth |grep retry | awk -F 'retry=' '{print $2}' | awk '{print $1}'`
echo -n "密碼重試次數(shù):$try次"
if [ -z "$try" ] || [ $try -gt 3 ];then
echo -e ",建議小于等于\033[31m3\033[0m次\c"
fi
echo ""
echo "----------------------------------------"
echo "正在查看系統(tǒng)補丁..."
sleep 3
##patch
patch=`rpm -qa | grep ^patch | awk -F '-' {'print $2'}`
if [ -z "$patch" ];then
echo -e "\033[31m未\033[0m安裝系統(tǒng)補丁\c"
else
echo -n "系統(tǒng)補丁版本:$patch"
fi
echo ""
echo "----------------------------------------"
echo "正在查看用戶/etc/shadow..."
sleep 3
##shadow
user=`awk -F: '($2 == "") {print $1}' $DIR/shadow`
if [ "$user" ];then
echo -e "存在\033[31m空\033[0m密碼用戶:"
echo -n "$user"
else
echo -n "不存在空密碼用戶"
fi
echo ""
echo "----------------------------------------"
echo "正在查看用戶/etc/passwd..."
sleep 3
##passwd
pass=`awk -F: '($3 == 0) { print $1 }' $DIR/passwd | grep -v root`
if [ "$pass" ];then
echo -e "存在具有\(zhòng)033[31mroot\033[0m權(quán)限帳號:"
echo -n "$pass"
else
echo -n "不存在具有root權(quán)限帳號"
fi
echo ""
echo "----------------------------------------"
echo "正在查看文件共享..."
sleep 3
##samba
samba=`rpm -qi samba | grep -v "not installed"`
if [ "$samba" ];then
echo -e "建議\033[31m關(guān)閉\033[0msamba文件共享\c"
else
echo -n "未開啟samba文件共享"
fi
echo ""
echo "----------------------------------------"
echo "正在查看服務(wù)..."
sleep 3
##systemctl
if [ $OS_V -eq 6 ];then
service=`service --status-all | grep "正在運行"`
else
service=`systemctl list-units | grep "running"`
fi
echo -n "$service"
echo ""
echo "----------------------------------------"
echo "正在查看審計服務(wù)..."
sleep 3
##auditd
audit=`echo "$service" | grep auditd`
if [ -z "$audit" ];then
echo -e "審計服務(wù)已\033[31m關(guān)閉\033[0m\c"
else
echo -n "審計服務(wù)已開啟"
fi
echo ""
echo "----------------------------------------"
echo "正在查看日志服務(wù)..."
sleep 3
##rsyslog
syslog=`echo "$service" | grep rsyslog`
if [ -z "$syslog" ];then
echo -e "日志服務(wù)已\033[31m關(guān)閉\033[0m\c"
else
echo -n "日志服務(wù)已開啟"
fi
echo ""
echo "----------------------------------------"
echo "正在查看日志策略/etc/logrotate.conf..."
sleep 3
##logrotate
logrotate=`cat $DIR/logrotate.conf | awk '/rotate log files/{getline;print}'`
backlog=`cat $DIR/logrotate.conf | awk '/backlogs/{getline;print $2}'`
case $logrotate in
'daily')
logrotate='天'
day=1
;;
'weekly')
logrotate='周'
day=7
;;
'monthly')
logrotate='月'
day=30
esac
echo "日志按$logrotate轉(zhuǎn)儲火惊,保留$backlog個備份春锋,保存$((day*backlog))天"
if [ $[day*backlog] -lt 180 ];then
echo -e "建議大于等于\033[31m180\033[0m天\c"
fi
echo ""
echo "----------------------------------------"
echo "正在查看日志權(quán)限..."
sleep 3
##permission
perm=`ls -lR /var/log/ | grep ^-rw-------`
message=`echo "$perm" | grep messages`
secure=`echo "$perm" | grep secure`
audit=`echo "$perm" | grep audit.log`
if [ -z "$message" ];then
echo -e "messages日志權(quán)限\033[31m非\033[0m600\c"
else
echo -n "messages日志權(quán)限為600"
fi
echo ""
if [ -z "$secure" ];then
echo -e "secure日志權(quán)限\033[31m非\033[0m600\c"
else
echo -n "secure日志權(quán)限為600"
fi
echo ""
if [ -z "$audit" ];then
echo -e "audit日志權(quán)限\033[31m非\033[0m600\c"
else
echo -n "audit日志權(quán)限為600"
fi
echo ""
echo "################################################################################"
主機檢查
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
- 文/潘曉璐 我一進店門眶拉,熙熙樓的掌柜王于貴愁眉苦臉地迎上來千埃,“玉大人,你說我怎么就攤上這事忆植》趴桑” “怎么了谒臼?”我有些...
- 文/不壞的土叔 我叫張陵,是天一觀的道長耀里。 經(jīng)常有香客問我蜈缤,道長,這世上最難降的妖魔是什么备韧? 我笑而不...
- 正文 為了忘掉前任,我火速辦了婚禮痪枫,結(jié)果婚禮上织堂,老公的妹妹穿的比我還像新娘。我一直安慰自己奶陈,他們只是感情好易阳,可當我...
- 文/花漫 我一把揭開白布。 她就那樣靜靜地躺著吃粒,像睡著了一般潦俺。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上徐勃,一...
- 文/蒼蘭香墨 我猛地睜開眼,長吁一口氣:“原來是場噩夢啊……” “哼揉稚!你這毒婦竟也來了秒啦?” 一聲冷哼從身側(cè)響起,我...
- 正文 年R本政府宣布芜飘,位于F島的核電站务豺,受9級特大地震影響,放射性物質(zhì)發(fā)生泄漏嗦明。R本人自食惡果不足惜笼沥,卻給世界環(huán)境...
- 文/蒙蒙 一、第九天 我趴在偏房一處隱蔽的房頂上張望娶牌。 院中可真熱鬧奔浅,春花似錦、人聲如沸诗良。這莊子的主人今日做“春日...
- 文/蒼蘭香墨 我抬頭看了看天上的太陽鉴裹。三九已至舞骆,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間径荔,已是汗流浹背督禽。 一陣腳步聲響...
推薦閱讀更多精彩內(nèi)容
- 1菠红、主機檢查一直在準備preparing第岖,查看ambari-server日志,提示Error executing ...
- 把CDN關(guān)了試試 :-D
- 今晚突然發(fā)生ping不通npm或cnpm中央倉庫,可是卻ping的通其他網(wǎng)站 這里提供一個我成功解決的情況: (1...
- 什么是主機安全 說明:本次文檔是根據(jù)某廠的主機合規(guī)分析報告內(nèi)容進行整改的遇绞,整改后評分達到90分键袱。本次試驗環(huán)境為Ce...
- 上傳文件到服務(wù)器蹄咖,能正常瀏覽,但死活不能通過嘗試過更改路徑付鹿,更改域名澜汤,關(guān)閉CDN都不行最后的通過蚜迅。。多點幾次提交就...
