#!/bin/sh
###############################################################################################################
#Script name: checkLinux.sh
#Script description: Check Linux for sop
#Current Release Version: 1.0.0
#Script Owner: He ,Haibo
#Latest editor: He, Haibo
#Support platform: Linux OS for redhat and centos.
#Change log:2021/8/19 add checkFileSystem function.
#2021/8/20 add putCheckLogtoFtp function.
#2021/8/23 add fpt command judgment.
#2021/8/24 add TimeZone function.
#2021/8/25 add checkUserExpires function.
#2021/8/25 add checkSwapSize function.
#2021/8/26 modification no ntp command wrongs and no user when encounter checkUserExpires function
#2021/8/27 add checkSystemTime function.
#2021/9/17 add checkKmod function.
#Descript:date 2021/8/17
#
#
###############################################################################################################
export LANG=en_US
osbox=`uname`
RHversion=$(cat /proc/version | sed 's/[^0-9]//g' | cut -b -3)
###Defile Ftp Server Ip
FtpServerIp=192.168.56.100
FtpUser=ftpuser
FtpUserPassword=wwwwww
###打印日志函数
log_info(){
DATE_N=`date "+%Y-%m-%d %H:%M:%S"`
USER_N=`whoami`
echo "${DATE_N} ${USER_N} execute $0 [INFO] $@"
}
log_error(){
DATE_N=`date "+%Y-%m-%d %H:%M:%S"`
USER_N=`whoami`
echo -e "/033[41;37m ${DATE_N} ${USER_N} execute $0 [ERROR] $@ /033[0m"
}
fn_log(){
if [[ $? -eq 0 ]];then
log_info "$@ sucessed."
echo -e "/033[32m $@ sucessed. /033[0m"
else
log_error "$@ failed."
echo -e "/033[41;37m $@ failed. /033[0m"
fi
}
checkExecuteUser(){
uid=`id -u`
if [[ $uid == 0 ]];then
continue
else
fn_log "Current excute user is not root ,shell will exist."
exit 1
fi
}
###Create /tmp/log if not exist.
mkdirLogPath(){
if [[ ! -d /tmp/log ]];then
mkdir -p /tmp/log
chmod 767 /tmp/log
fi
CheckLinuxLogPath="/tmp/log"
CheckLinuxLog=`hostname`_$(date +%y%m%d).txt
}
###Get OS Arch Linux or not
getOsArch(){
if [[ "$osbox" == "Linux" ]];then
continue
else
fn_log "Current OS is $osbox,shell is exit now."
echo 0
exit 0
fi
}
###Get redhat or centos
getOsCentosOrRedhat(){
cat /proc/version | grep -iE "redhat|centos" > /dev/null
if [[ $? == 0 ]];then
continue
else
echo "Current OS is not centos or redhat."
echo 1
exit 1
fi
}
###Get OS Version
getOsVerion(){
###判断系统是否为Redhat,如果不是则退出,支持Redhat|Centos 7版本
cat /proc/version | grep -i redhat > /dev/null
if [[ $? == 0 ]];then
if [[ "$RHversion" -ge 310 ]];then
OSVersion="redhat7"
else
echo "Current Rehat Version will not support."
echo 1
exit 1
fi
else
if [[ "$RHversion" -ge 310 ]];then
OSVersion="centos7"
else
echo "Current Rehat Version will not support."
echo 1
exit 1
fi
fi
}
###Get firewalld stopped or running
checkFirewalld(){
echo "##########No.1 check firewalld stopped##########" > $CheckLinuxLogPath/$CheckLinuxLog
if [[ $OSVersion == "redhat7" || $OSVersion == "centos7" ]];then
systemctl status firewalld | grep -i running > /dev/null
if [[ $? == 0 ]];then
echo "Firewalld is started,Failed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Firewalld is stopped,Success" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
fi
}
###Get firewalld enable or disabled
checkFirewalldisEnabled(){
echo "##########No.2 check firewalld disabled##########" >> $CheckLinuxLogPath/$CheckLinuxLog
systemctl list-unit-files | grep firewalld | grep disabled > /dev/null
if [[ $? == 0 ]];then
echo "check firewalld disabled.check success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check firewalld disabled.check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
###Get SeLinux enforcing or not
checkSeLinux(){
echo "##########No.3 check SELINUX.##########" >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/selinux/config | grep -w "SELINUX=enforcing" > /dev/null
if [[ $? == 0 ]];then
echo "Current SeLinux is started,Failed." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Current SeLinux is stopped,Success." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
###Get YumRepo
checkYumRepo(){
echo "##########No.4 check YumRepo.##########" >> $CheckLinuxLogPath/$CheckLinuxLog
ping -c 3 -w 3 192.168.56.101 > /dev/null
if [[ $? == 0 ]];then
if [[ $OSVersion == "redhat7" ]];then
if [[ ! -f /etc/yum.repos.d/Redhat7_9.repo ]];then
echo "/etc/repos.d/Redhat7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "/etc/repos.d/Redhat7_9.repo exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/yum.repos.d/Redhat7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog
fi
fi
if [[ $OSVersion == "centos7" ]];then
if [[ ! -f /etc/yum.repos.d/CentOS7_9.repo ]];then
echo "/etc/repos.d/CentOS7_9.repo,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "/etc/repos.d/CentOS7_9.repo exist,check success" >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/yum.repos.d/CentOS7_9.repo >> $CheckLinuxLogPath/$CheckLinuxLog
fi
fi
else
echo "Cann't Ping 192.168.56.101,Check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkNtp(){
echo "##########No.5 check checkNtp##########" >> $CheckLinuxLogPath/$CheckLinuxLog
nameServer1_1=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print $1'}`
nameServer1_2=`cat /etc/resolv.conf | grep 192.168.56.100 | awk -F " " {'print $2'}`
if [[ ${nameServer1_1} == nameserver && ${nameServer1_2} == "192.168.56.100" ]];then
echo "check 192.168.56.100 success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check 192.168.56.100 failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
nameServer2_1=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print $1'}`
nameServer2_2=`cat /etc/resolv.conf | grep 192.168.56.101 | awk -F " " {'print $2'}`
if [[ ${nameServer2_1} == nameserver && ${nameServer2_2} == "192.168.56.101" ]];then
echo "check 192.168.56.101 success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check 192.168.56.101 failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
oracle_1=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print $1'}`
oracle_2=`cat /etc/resolv.conf | grep -w "oracle.com" | awk -F " " {'print $2'}`
if [[ ${oracle_1} == "search" && ${oracle_2} == "oracle.com" ]];then
echo "check oracle.com,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check oracle.com,failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
nsswitch_1=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $1}'`
nsswitch_2=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $2}'`
nsswitch_3=`cat /etc/nsswitch.conf | grep -i hosts | grep -v "^[[:space:]]*#" | sed 's/[[:space:]][[:space:]]*/ /g' | grep -v "^[[:space:]]*$" | tail -1 | awk -F ' ' '{print $3}'`
if [[ ${nsswitch_1} == "hosts:" && ${nsswitch_2} == "files" && ${nsswitch_3} == "dns" ]];then
echo "check /etc/nsswitch.conf,check sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check /etc/nsswitch.conf,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
if [[ -f /etc/sysconfig/ntpd ]];then
cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid" > /dev/null
if [[ $? == 0 ]];then
ntpd_OPTIONS=`cat /etc/sysconfig/ntpd | grep "OPTIONS" | grep "/var/run/ntpd.pid"`
# echo "ntpd_OPTIONS is $ntpd_OPTIONS"
if [[ ${ntpd_OPTIONS} == 'OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"' ]];then
echo "Check /var/run/ntpd.pid success" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Check /var/run/ntpd.pid failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
if [[ -f /etc/sysconfig/ntpd ]];then
cat /etc/sysconfig/ntpd | grep -w 'OPTIONS="-g"' | grep -v "#" > /dev/null
if [[ $? == 0 ]];then
echo 'check OPTIONS="-g" failed.' >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo 'check OPTIONS="-g" success.' >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
if [[ -f /etc/sysconfig/ntpd ]];then
cat /etc/sysconfig/ntpd | grep -w "SYNC_HWCLOCK=yes" > /dev/null
if [[ $? == 0 ]];then
echo "SYNC_HWCLOCK=yes,sucessed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "SYNC_HWCLOCK=yes,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current OS does not have /etc/sysconfig/ntpd,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
if [[ -f /etc/ntp.conf ]];then
cat /etc/ntp.conf | grep "192.168.56.101" > /dev/null
if [[ $? == 0 ]];then
ntp1_1=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $1'}`
ntp1_2=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $2'}`
ntp1_3=`cat /etc/ntp.conf | grep "192.168.56.110" | awk -F " " {'print $3'}`
if [[ ${ntp1_1} == "server" && ${ntp1_2} == "192.168.56.110" && ${ntp1_3} == "iburst" ]];then
echo "check server 192.168.56.110 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check server 192.168.56.110 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "check /etc/ntp.conf 192.168.56.110,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
cat /etc/ntp.conf | grep "192.168.56.111" > /dev/null
if [[ $? == 0 ]];then
ntp2_1=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $1'}`
ntp2_2=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $2'}`
ntp2_3=`cat /etc/ntp.conf | grep "192.168.56.111" | awk -F " " {'print $3'}`
if [[ ${ntp2_1} == "server" && ${ntp2_2} == "192.168.56.111" && ${ntp2_3} == "iburst" ]];then
echo "check server 192.168.56.111 iburst success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check server 192.168.56.111 iburst failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "check /etc/ntp.conf 192.168.56.111,check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" > /dev/null
if [[ $? == 0 ]];then
echo "check pool.ntp.org failed." >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/ntp.conf | grep "pool.ntp.org" | grep -v "#" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check pool.ntp.org success." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
chronyd=`systemctl list-unit-files | grep chronyd | awk -F ' ' {'print $2'}`
if [[ ${chronyd} == "disabled" ]];then
echo "chronyd is disabled,check success." >> $CheckLinuxLogPath/$CheckLinuxLog
elif [[ ${chronyd} == "enabled" ]];then
echo "chronyd is enabled,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "chronyd does not exist,check success." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current OS does not have /etc/ntp.conf,failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
# systemctl restart ntpd.service && systemctl enable ntpd.service
which ntpq > /dev/null 2>&1
if [[ $? == 0 ]];then
ntpq -p >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Current OS does not have ntpq command. check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
if [[ -f /var/spool/cron/root ]];then
cat /var/spool/cron/root | grep "/usr/sbin/hwclock" > /dev/null
if [[ $? == 0 ]];then
hwclock_1=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $1'}`
hwclock_2=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $2'}`
hwclock_3=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $3'}`
hwclock_4=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $4'}`
hwclock_5=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $5'}`
hwclock_6=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $6'}`
hwclock_7=`cat /var/spool/cron/root | grep "/usr/sbin/hwclock" | awk -F ' ' {'print $7'}`
if [[ ${hwclock_1} == 10 && ${hwclock_2} == 10 && ${hwclock_3} == "*" && ${hwclock_4} == "*" && ${hwclock_5} == "*" && ${hwclock_6} == "/usr/sbin/hwclock" && ${hwclock_7} == "-w" ]];then
echo "check /usr/sbin/hwclock success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "check /usr/sbin/hwclock failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current OS does not have crontab,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkKdump(){
echo "##########No.6 check checkKump##########" >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/sysctl.conf | grep "kernel.softlockup_panic" > /dev/null
if [[ $? == 0 ]];then
softlockup_panic_1=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print $1'} | sed 's/[ /t]//g'`
softlockup_panic_2=`cat /etc/sysctl.conf | grep "kernel.softlockup_panic" | awk -F '=' {'print $2'} | sed 's/[ /t]//g'`
if [[ ${softlockup_panic_1} = "kernel.softlockup_panic" && ${softlockup_panic_2} == 1 ]];then
echo "check kernel.softlockup_panic success" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "check kernel.softlockup_panic failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkSecurity(){
echo "##########No.7 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" > /dev/null
if [[ $? == 0 ]];then
sudoers_root1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $1'}`
sudoers_root2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $2'}`
sudoers_root3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep root | grep -Ev "#|%" | awk -F ' ' {'print $3'}`
if [[ ${sudoers_root1} == "root" && ${sudoers_root2} == "ALL=(ALL)" && ${sudoers_root3} == "ALL" ]];then
echo "check root ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check root ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current root does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" > /dev/null
if [[ $? == 0 ]];then
sudoers_haibo1=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $1'}`
sudoers_haibo2=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $2'}`
sudoers_haibo3=`cat /etc/sudoers | grep "ALL=(ALL)" | grep "hbhe" | grep -Ev "#|%" | awk -F ' ' {'print $3'}`
if [[ ${sudoers_haibo1} == "hbhe" && ${sudoers_haibo2} == "ALL=(ALL)" && ${sudoers_haibo3} == "ALL" ]];then
echo "check hbhe ALL=(ALL) ALL success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check hbhe ALL=(ALL) ALL failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Current hbhe does not have User Security. check failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkSsh(){
echo "##########No.8 check checkSsh##########" >> $CheckLinuxLogPath/$CheckLinuxLog
cat /etc/ssh/sshd_config | grep -i "PermitRootLogin No" | grep -v "#" > /dev/null
if [[ $? == 0 ]];then
echo "Current OS does not have PermitRootLogin,check success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Current OS have PermitRootLogin,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkCtrlAltDel(){
echo "##########No.9 check checkSecurity##########" >> $CheckLinuxLogPath/$CheckLinuxLog
if [[ -f /usr/lib/systemd/system/ctrl-alt-del.target ]];then
echo "Check Ctrl+Alt+Del failed" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check Ctrl+Alt+Del success" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkUsers(){
echo "##########No.11 check users##########" >> $CheckLinuxLogPath/$CheckLinuxLog
id hbhe > /dev/null 2>&1
if [[ $? == 0 ]];then
echo "check hbhe success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check hbhe failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkFileSystem(){
echo "##########No.12 check FileSystem##########" >> $CheckLinuxLogPath/$CheckLinuxLog
FreeSize=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print $3}' | tr -d a-zA-Z`
FreeUnit=`parted /dev/sda print free | grep -i "free" |tail -1|awk -F ' ' '{print $3}' | tr -d 0-9`
if [[ $FreeUnit == "GB" ]];then
if [[ $FreeSize -gt 10 ]];then
echo "Check sda free size $FreeSize $FreeUnit failed." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Check sda free size $FreeSize $FreeUnit success." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkCommonInfo(){
echo "##########No.17 check checkCommonInfo##########" >> $CheckLinuxLogPath/$CheckLinuxLog
product_name=`dmidecode |grep "Product Name"|head -n 1|awk -F: '{print $2}'` >> $CheckLinuxLogPath/$CheckLinuxLog
serial_number=`dmidecode |grep "Serial Number"|head -n 1|awk -F: '{print $2}'` >> $CheckLinuxLogPath/$CheckLinuxLog
echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog
cores=`lscpu |grep "Core(s) per socket:"|awk -F: '{print $2}'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog
socket=`lscpu |grep "Socket(s):"|awk -F: '{print $2}'| sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog
cpu_model=`lscpu |grep "Model name:"|awk -F: '{print $2}'|sed 's/^[ /t]*//g'` >> $CheckLinuxLogPath/$CheckLinuxLog
echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog
total_mem=`lsmem|grep "Total online memory:"|awk -F: '{print $2}'|sed s/[[:space:]]//g ` >> $CheckLinuxLogPath/$CheckLinuxLog
echo "total memory: $total_mem" >> $CheckLinuxLogPath/$CheckLinuxLog
kernel=`uname -a |awk '{print $3}'`
host=`hostname`
echo "hostname: $host" >> $CheckLinuxLogPath/$CheckLinuxLog
echo "kernel: $kernel" >> $CheckLinuxLogPath/$CheckLinuxLog
echo "Server: $product_name Serial: $serial_number" >> $CheckLinuxLogPath/$CheckLinuxLog
echo "CPU: $socket * $cores CORE $cpu_model" >> $CheckLinuxLogPath/$CheckLinuxLog
}
checkUserExpires(){
echo "##########No.14 check user expires##########" >> $CheckLinuxLogPath/$CheckLinuxLog
id hbhe > /dev/null 2>&1
if [[ $? == 0 ]];then
haibo_he_expires=`chage -l hbhe | grep -w "Password expires" | awk -F ":" {'print $2'} | sed 's/[ /t]//g'`
if [[ $haibo_he_expires == "passwordmustbechanged" ]];then
echo "Check hbhe password expires success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check hbhe password expires failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
fi
}
checkSwap(){
echo "##########No.15 check swap Size##########" >> $CheckLinuxLogPath/$CheckLinuxLog
totalSwapSize=`free -g | grep "Swap" | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'`
dmidecode -s system-product-name | grep -i "virtual" > /dev/null
if [[ $? == 0 ]];then
if [[ $totalSwapSize -ge 6 ]] && [[ $totalSwapSize -le 10 ]];then
echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
if [[ $totalSwapSize -ge 126 ]] && [[ $totalSwapSize -le 130 ]];then
echo "Check swap $totalSwapSize"G" Size success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check swap $totalSwapSize"G" Size failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
fi
}
checkTimeZone(){
echo "##########No.13 check TimeZone##########" >> $CheckLinuxLogPath/$CheckLinuxLog
timeZone=`date -R | awk -F ' ' {'print $6'} | tr -cd 0-9"/n"`
if [[ $timeZone == 0800 ]];then
echo "Check TimeZone Success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Current timeZone is $timeZone,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkKmod(){
echo "##########No.16 check Kmod##########" >> $CheckLinuxLogPath/$CheckLinuxLog
kmodNum=`rpm -qa | grep -iE "kmod-i40e-2.12|kmod-megaraid_sas|kmod-elx-lpfc" | wc -l`
if [[ $kmodNum == 3 ]];then
echo "Check Kmod success." >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "Check Kmod failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
checkSystemTime(){
echo "##########No.17 hwclock and date time##########" >> $CheckLinuxLogPath/$CheckLinuxLog
dateZone=`date | awk -F ' ' {'print $5'} | sed 's/[ /t]//g'`
dateYear=`date | awk -F ' ' {'print $6'} | sed 's/[ /t]//g'`
dateMonth=`date | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'`
dateDay=`date | awk -F ' ' {'print $3'} | sed 's/[ /t]//g'`
dateHour=`date | awk -F ' ' {'print $4'} | awk -F ':' {'print $1'} | sed 's/[ /t]//g'`
dateMin=`date | awk -F ' ' {'print $4'} | awk -F ':' {'print $2'} | sed 's/[ /t]//g'`
hwclockZone=`hwclock | awk -F ' ' {'print $7'} | sed 's/[ /t]//g'`
hwclockYear=`hwclock | awk -F ' ' {'print $4'} | sed 's/[ /t]//g'`
hwclockMonth=`hwclock | awk -F ' ' {'print $3'} | sed 's/[ /t]//g'`
hwclockDay=`hwclock | awk -F ' ' {'print $2'} | sed 's/[ /t]//g'`
hwclockNoon=`hwclock | awk -F ' ' {'print $6'} | sed 's/[ /t]//g'`
hwclockHour=`hwclock | awk -F ' ' {'print $5'} | awk -F ':' {'print $1'} | sed 's/[ /t]//g'`
hwclockMin=`hwclock | awk -F ' ' {'print $5'} | awk -F ':' {'print $2'} | sed 's/[ /t]//g'`
if [[ ${hwclockNoon} == "PM" ]];then
hwclockHour=`echo $(($hwclockHour+12))`
fi
if [[ ${dateZone} == ${hwclockZone} ]] && [[ ${dateYear} == ${hwclockYear} ]] && [[ ${dateMonth} == ${hwclockMonth} ]] && [[ ${dateDay} == ${hwclockDay} ]] && [[ ${dateHour} == ${hwclockHour} ]] && [[ ${dateMin} == ${hwclockMin} ]];then
echo "check date and hwclock success" >> $CheckLinuxLogPath/$CheckLinuxLog
else
echo "check date and hwclock failed" >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
putCheckLogtoFtp(){
ping -c 3 -w 3 $FtpServerIp > /dev/null
if [[ $? == 0 ]];then
which ftp > /dev/null 2>&1
if [[ $? == 0 ]];then
ftp -n<<!
open $FtpServerIp
user $FtpUser $FtpUserPassword
binary
cd /home/ftpuser
lcd /tmp/log
prompt
put $CheckLinuxLog
close
bye
!
else
echo "Current OS does not have ftp command." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
else
echo "Can't Ping $FtpServerIp,check failed." >> $CheckLinuxLogPath/$CheckLinuxLog
fi
}
main(){
checkExecuteUser
getOsArch
getOsCentosOrRedhat
getOsVerion
mkdirLogPath
checkFirewalld
checkFirewalldisEnabled
checkSeLinux
checkYumRepo
checkNtp
checkKdump
checkSecurity
checkSsh
checkCtrlAltDel
checkDsa
checkUsers
checkFileSystem
checkTimeZone
checkUserExpires
checkSwap
checkSystemTime
checkKmod
checkCommonInfo
putCheckLogtoFtp
}
main
版权声明:本文为博主原创文章,未经博主允许不得转载。
shell
