buying_linuxcheck.sh一款linux运维检查脚本

测试了下这个脚本,还不错的感觉吧

文章参考:https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247489990&idx=1&sn=db37670d24a97e33b58d30e8f653a909&chksm=ec1e29eedb69a0f8b561d32a08161958f1d340d43046ae8ff63ea4cad51c3494e8f864b30e82&mpshare=1&scene=23&srcid=#rd

脚本链接:https://github.com/T0xst/linux

通过对.sh脚本处理可以看到执行了哪些命令来进行检测

自写简单处理脚本:

#coding=utf-8
f=open("test5.py")
s=[]
for i in f.readlines():
if "$(" in i and i.strip():
i=i.split("$(")[1].rstrip(')\n')
s.append(i)
f.close()
with open("test5.py","w+") as f:
for i in s:
f.write(i)
f.write("\n")
f.close()

命令:

date +%Y%m%d
ifconfig -a | grep -w inet | grep -v 127.0.0.1 | awk 'NR==1{print $2}'
whoami) != "root" ];then
ifconfig -a | grep -w inet | awk '{print $2}'
uname -a
cat /etc/redhat-release
arp -a -n
arp -a -n | awk '{++S[$4]} END {for(a in S) {if($2>1) print $2,a,S[a]}}'
netstat -anltp | grep LISTEN | awk '{print $4,$7}' | sed 's/:/ /g' | awk '{print $2,$3}' | sed 's/\// /g' | awk '{printf "%-20s%-10s\n",$1,$NF}' | sort -n | uniq
netstat -anltp | grep LISTEN | awk '{print $4,$7}' | egrep "(0.0.0.0|:::)" | sed 's/:/ /g' | awk '{print
netstat -anlup | awk '{print $4,$NF}' | grep : | sed 's/:/ /g' | awk '{print $2,$3}' | sed 's/\// /g' | awk '{printf "%-20s%-10s\n",$1,$NF}' | sort -n | uniq
netstat -anlup | awk '{print $4}' | egrep "(0.0.0.0|:::)" | awk -F: '{print $NF}' | sort -n | uniq
netstat -anlp | grep ESTABLISHED
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
ifconfig -a | grep flags | awk -F '[: = < >]' '{print "网卡:",$1,"模式:",$5}'
chkconfig --list | grep -E ":on|启用" | awk '{print $1}'
systemctl list-unit-files | grep enabled | awk '{print $1}'
chkconfig --list | grep -E ":on|启用" | awk '{print $1}' | grep -E "\.(sh|per|py)$"
more /etc/crontab | grep -v "# run-parts" | grep run-parts
egrep "((chmod|useradd|groupadd|chattr)|((wget|curl)*\.(sh|pl|py)$))" /etc/cron*/* /var/spool/cron/*
crontab -l
crontab -l | egrep "((chmod|useradd|groupadd|chattr)|((wget|curl).*\.(sh|pl|py)))"
route -n
ps -aux
more /etc/resolv.conf | grep ^nameserver | awk '{print $NF}'
more /etc/hosts
systemctl | grep -E "\.service.*running" | awk -F. '{print $1}'
grep "^UID_MIN" /etc/login.defs | awk '{print $2}'
cat /etc/passwd | grep -E "/bin/bash$" | awk -F: '{print $1}'
gawk -F: '($2=="") {print $1}' /etc/shadow
cat /etc/ssh/sshd_config | grep -w "^PermitEmptyPasswords yes"
awk -F: '{if($2!="x") {print $1}}' /etc/passwd
more /etc/group | grep -v '^#' | gawk -F: '{if ($1!="root"&&$3==0) print $1}'
more /etc/group | grep -v "^$" | awk -F: '{print $3}' | uniq -d
more /etc/group | grep -v "^$" | awk -F: '{print $1}' | uniq -d
ls -l / | grep etc | awk '{print $1}'
ls -l /etc/shadow | awk '{print $1}'
ls -l /etc/passwd | awk '{print $1}'
ls -l /etc/group | awk '{print $1}'
ls -l /etc/securetty | awk '{print $1}'
ls -l /etc/services | awk '{print $1}'
ls -l /etc/grub.conf | awk '{print $1}'
ls -l /etc/xinetd.conf | awk '{print $1}'
ls -l /etc/lilo.conf | awk '{print $1}'
more /root/.bash_history
more /root/.bash_history | grep -E "((wget|curl).*\.(sh|pl|py)$)" | grep -v grep
history | egrep "(useradd|groupadd)" | grep -v grep
history | egrep "(userdel|groupdel)" | grep -v grep
history | grep -E "(whois|sqlmap|nmap|beef|nikto|john|ettercap|backdoor|proxy|msfconsole|msf)" | grep -v grep
history | grep sz | grep -v grep | awk '{print $3}'
more /root/.mysql_history
systemctl status firewalld | grep "active (running)"
iptables -L | grep "\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}"
more /etc/hosts.allow | grep -v '#'
more /etc/hosts.deny | grep -v '#'
cat /etc/login.defs | grep PASS_MAX_DAYS | grep -v ^# | awk '{print $2}'
cat /etc/login.defs | grep PASS_MIN_DAYS | grep -v ^# | awk '{print $2}'
cat /etc/login.defs | grep PASS_MIN_LEN | grep -v ^# | awk '{print $2}'
cat /etc/login.defs | grep PASS_WARN_AGE | grep -v ^# | awk '{print $2}'
date "+%s"
(${NOW}/86400
grep -v ":[\!\*x]([\*\!])?:" /etc/shadow | awk -v today=${day} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}'
cat /etc/grub.conf | grep password
cat /etc/lilo.conf | grep password 2> /dev/null
more /etc/ssh/sshd_config | egrep -v "#|^$"
cat /etc/ssh/sshd_config | grep -w "^PermitEmptyPasswords yes"
more /etc/ssh/sshd_config | grep -v ^$ | grep Protocol | awk '{print $2}'
more /etc/nsswitch.conf | egrep -v '#|^$'
whereis nginx | awk -F: '{print $2}'
whereis nginx | awk -F: '{print $2}'
more $nginx/conf/nginx.conf | egrep "listen|server |server_name |upstream|proxy_pass|location"| grep -v \#
cat /etc/snmp/snmpd.conf | grep public | grep -v ^# | awk '{print $4}'
cat /etc/snmp/snmpd.conf | grep private | grep -v ^# | awk '{print $4}'
find / *.* | egrep "\.(py|sh|per|pl)$" | egrep -v "/usr|/etc|/var"
more /etc/rsyslog.conf | egrep -v "#|^$"
ls -l /var/log/
more /var/log/secure* | grep "Accepted password" | awk '{print $1,$2,$3,$9,$11}'
more /var/log/secure* | grep "Failed password" | awk '{print $1,$2,$3,$9,$11}'
more /var/log/secure* | grep -E "sshd:session.*session opened" | awk '{print $1,$2,$3,$11}'
more /var/log/secure* | grep "new user" | awk -F '[=,]' '{print $1,$2}' | awk '{print $1,$2,$3,$9}'
more /var/log/secure* | grep "new group" | awk -F '[=,]' '{print $1,$2}' | awk '{print $1,$2,$3,$9}'
more /var/log/message* | grep "ZMODEM:.*BPS"
more /var/log/messages* | grep "using nameserver" | awk '{print $NF}' | awk -F# '{print $1}' | sort | uniq
more /var/log/cron* | grep "wget|curl"
more /var/log/cron* | grep -E "\.py$|\.sh$|\.pl$"
more /var/log/yum* | grep Installed | awk '{print $NF}' | sort | uniq
more /var/log/yum* | grep Installed | grep -E "(\.sh$\.py$|\.pl$)" | awk '{print $NF}' | sort | uniq
more /var/log/yum* | grep Erased
more /var/log/yum* | awk -F: '{print $NF}' | awk -F '[-]' '{print $1}' | sort | uniq | grep -E "(^nc|sqlmap|nmap|beef|nikto|john|ettercap|backdoor|proxy|msfconsole|msf)"
dmesg
lastb
lastlog
last | grep pts | grep -vw :0
lsmod
lsmod | grep -Ev "ablk_helper|ac97_bus|acpi_power_meter|aesni_intel|ahci|ata_generic|ata_piix|auth_rpcgss|binfmt_misc|bluetooth|bnep|bnx2|bridge|cdrom|cirrus|coretemp|crc_t10dif|crc32_pclmul|crc32c_intel|crct10dif_common|crct10dif_generic|crct10dif_pclmul|cryptd|dca|dcdbas|dm_log|dm_mirror|dm_mod|dm_region_hash|drm|drm_kms_helper|drm_panel_orientation_quirks|e1000|ebtable_broute|ebtable_filter|ebtable_nat|ebtables|edac_core|ext4|fb_sys_fops|floppy|fuse|gf128mul|ghash_clmulni_intel|glue_helper|grace|i2c_algo_bit|i2c_core|i2c_piix4|i7core_edac|intel_powerclamp|ioatdma|ip_set|ip_tables|ip6_tables|ip6t_REJECT|ip6t_rpfilter|ip6table_filter|ip6table_mangle|ip6table_nat|ip6table_raw|ip6table_security|ipmi_devintf|ipmi_msghandler|ipmi_si|ipmi_ssif|ipt_MASQUERADE|ipt_REJECT|iptable_filter|iptable_mangle|iptable_nat|iptable_raw|iptable_security|iTCO_vendor_support|iTCO_wdt|jbd2|joydev|kvm|kvm_intel|libahci|libata|libcrc32c|llc|lockd|lpc_ich|lrw|mbcache|megaraid_sas|mfd_core|mgag200|Module|mptbase|mptscsih|mptspi|nf_conntrack|nf_conntrack_ipv4|nf_conntrack_ipv6|nf_defrag_ipv4|nf_defrag_ipv6|nf_nat|nf_nat_ipv4|nf_nat_ipv6|nf_nat_masquerade_ipv4|nfnetlink|nfnetlink_log|nfnetlink_queue|nfs_acl|nfsd|parport|parport_pc|pata_acpi|pcspkr|ppdev|rfkill|sch_fq_codel|scsi_transport_spi|sd_mod|serio_raw|sg|shpchp|snd|snd_ac97_codec|snd_ens1371|snd_page_alloc|snd_pcm|snd_rawmidi|snd_seq|snd_seq_device|snd_seq_midi|snd_seq_midi_event|snd_timer|soundcore|sr_mod|stp|sunrpc|syscopyarea|sysfillrect|sysimgblt|tcp_lp|ttm|tun|uvcvideo|videobuf2_core|videobuf2_memops|videobuf2_vmalloc|videodev|virtio|virtio_balloon|virtio_console|virtio_net|virtio_pci|virtio_ring|virtio_scsi|vmhgfs|vmw_balloon|vmw_vmci|vmw_vsock_vmci_transport|vmware_balloon|vmwgfx|vsock|xfs|xt_CHECKSUM|xt_conntrack|xt_state"
rpm -qa | awk -F- '{print $1,$2}' | sort -nr -k2 | uniq
rpm -qa | awk -F- '{print $1}' | sort | uniq | grep -E "^(ncat|sqlmap|nmap|beef|nikto|john|ettercap|backdoor|proxy|msfconsole|msf)$"
env
df -h | awk 'NR!=1{print $1,$5}' | awk -F% '{print $1}' | awk '{if ($2>70) print $1,$2}'
ps -aux | sort -nr -k 3 | head -5 | awk '{if($3>=20) print $0}'
ps -aux | sort -nr -k 4 | head -5 | awk '{if($4>=2) print $0}'
netstat -anlp | grep ESTABLISHED
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
exportfs

2019.5.19