系统检查脚本 LinuxSysCheck-v2.0.sh

年底了需要巡检机器
做个参考
输出内容有点多
适当减少

#!/bin/sh
echo "1.开关状态类检查项目:（检查通过不打印，不通过有提示）"

echo "===> 系统为64位系统"
uname -i|grep -q 'x86_64'
if [[ $? -ne 0 ]]
then
	uname -i
fi
echo "===> 禁用iptables"
iptables-save

echo "===> 禁用firewalld"
systemctl status firewalld.service &>/dev/null && echo "未禁用"

echo "===> 停用SElinux"
getenforce | grep -q  Disabled
if [[ $? -ne 0 ]]
then
	getenforce
	grep '^SELINUX=' /etc/selinux/config
fi

echo "===> 默认的语言/编码是UTF-8"
locale | grep -q UTF-8
if [[ $? -ne 0 ]]
then
	locale
fi

echo "===> 时间同步"
timedatectl status|grep -q 'synchronized: yes'
if [[ $? -ne 0 ]]
then
	timedatectl status|grep  'synchronized' || ntpstat
fi
echo "===> ntpd/chronyd服务运行"
Count=`ps -ef | egrep "chrony[d]|ntp[d]" |wc -l`
if [[ $Count -eq 0 ]]
then
	echo "时间同步服务未启动"
fi

echo "===> 停用swap分区"
if [[ $(swapon -s | wc -l) -ne 0 ]]
then
	free -h
fi

echo "===> sysctl 配置有效性检查"
sysctl -p > sysCheckP.txt 2>sysCheckP.err
for x in $(awk -F'=' '/=/{print $1}' sysCheckP.txt|sed 's#\.#/#g')
do
	echo -n "/proc/sys/$x" "= "
	cat /proc/sys/$x
done > sysCheck.tmp

awk -F'/proc/sys/' '{print $2}' sysCheck.tmp |sed  's#/#\.#g' > sysCheck.result

Dif=`diff -b sysCheck.result sysCheckP.txt |wc -l`
# -b忽略空格数量
if [[ $Dif -ne 0 ]]
then
	diff -b sysCheck.result sysCheckP.txt
fi
rm -f sysCheck*

echo "===> 内存使用率低于70%"
free -m|awk 'NR==2{if ( $3 > $2*0.7) print "内存使用超过70%" }'


echo "===> 允许root远程登录"
grep -q '^PermitRootLogin yes' /etc/ssh/sshd_config
if [[ $? -ne 0 ]]
then
	grep '^PermitRootLogin ' /etc/ssh/sshd_config
fi

echo "===> 禁用免密ssh登陆"
grep -q 'PermitEmptyPasswords.*yes' /etc/ssh/sshd_config
if [[ $? -eq 0 ]]
then
	grep  'PermitEmptyPasswords' /etc/ssh/sshd_config
fi

echo "===> 隐藏的特权用户"
Count=`awk -F: '$3==0{print $0}' /etc/passwd |wc -l`
if [[ $Count -ne 1 ]]
then
	awk -F: '$3==0{print $0}' /etc/passwd
fi

echo "===> 空密码用户"
Count=`grep -v ":x:" /etc/passwd | wc -l`
if [[ $Count -ne 0 ]]
then
	grep -v ":x:" /etc/passwd
fi

echo "===> 内核/硬件报错日志"
Count=grep -i error /var/log/messages | wc -l
if [[ $Count -ne 0 ]]
then
	echo "/var/log/messages有error日志"
fi

echo "===> 磁盘使用率不超过80%"
df -Th|egrep -v 'docker|kube' | egrep "[8-9].%|100%"

echo "===> Inode使用率不超过80%"
df -i|egrep -v 'docker|kube' | egrep "[8-9].%|100%"



echo -e "\n\n2.信息打印类"

echo "===> 检查内存占用TOP10"
top -b -n1 -o%CPU|head -17
echo "===> 检查CPU占用TOP10"
top -b -n1 -o%MEM|head -17
echo "===> 检查僵尸进程"
top -b -n1 |grep zombie
ps -e -o stat,ppid,pid,cmd|egrep "^[Zz]"

echo "===> 检查自启动服务"
test -e /usr/bin/systemctl
if [[ $? -eq 0 ]]
then
	systemctl list-unit-files |grep enabled
else
	chkconfig --list |egrep '3:on|3:启用' #centos6
fi
echo "===> 检查正在运行的服务"
systemctl list-units|awk '/running/{print $4,$1}'

echo "===> 检查最近10次登录情况"
last -n30 |grep pts| egrep -v 'root|mtime|rd|jumpser'

echo "===> 检查系统计划任务"
cat /etc/crontab
echo "===> 检查用户计划任务"
grep '^[^#]' /var/spool/cron/*

echo "===> 检查/etc/passwd最后修改时间"
stat /etc/passwd
echo "===> 检查相同UID的用户"
grep ':'$(awk -F: '{print $3}' /etc/passwd | uniq -c | sort -r | awk '$1>1{print $2}')':' /etc/passwd |grep -v '::'
# 加':'防止awk结果为NULL时，grep夯住

echo "===> 有sudo权限的用户"
grep -r 'ALL=(ALL)' /etc/sudoers /etc/sudoers.d/ |grep -v root

echo "===> jdk信息"
java -version

echo "===> 硬件时间、系统时间是否一致"
hwclock ; date '+%a %d %b %Y %r %Z'

#因hwclock与date两个命令执行时间有快有慢，直接grep可能匹配失败
#hwclock | grep -q "$(date '+%a %d %b %Y %r %Z')"

echo "===> 检查CPU类型"
lscpu |egrep "Architecture|GHz"
echo "===> 检查CPU个数"
lscpu |grep Socket
echo "===> 检查CPU核心数"
lscpu |grep "^CPU(s):"


echo "===> 检查IP地址"
hostname -I
echo "===> 检查MAC地址"
cat /sys/class/net/e[a-z][a-z]*/address
echo "===> 检查网关"
ip route show
echo "===> 检查本地Host"
grep -v localhost /etc/hosts
echo "===> 检查网卡/bond0状态"
echo -n "当前的启用网卡："  && echo $(/sbin/ip -o link show up | awk -F ": " '{ print $2}')
##不建议使用 /etc/init.d/network status 可能导致rundeck job 夯住

exit