1、自动化登录服务器操作:
第一种方式:(login.vbs文件)
Sub Main
xsh.Screen.Send “ssh root@10.99.202.54”
xsh.Screen.Send VbCr
xsh.Screen.WaitForString “password: ”
xsh.Screen.Send “TOYxmx$Hpv”
xsh.Screen.Send VbCr
xsh.Screen.Send “ifconfig”
xsh.Screen.Send VbCr
End Sub
第二种方式:建立会话实现点击登录
2、执行命令的脚本文件(basci.vbs文件)
Sub Main
xsh.Screen.Send “yum install lrzsz -y”
xsh.Screen.Send VbCr
xsh.Screen.Send “yum -y install psmisc”
xsh.Screen.Send VbCr
xsh.Screen.Send “yum install -y ntp”
xsh.Screen.Send VbCr
xsh.Screen.Send “service ntpd start”
xsh.Screen.Send VbCr
xsh.Screen.Send “cd /home”
xsh.Screen.Send VbCr
xsh.Screen.Send “mkdir securityCheck”
xsh.Screen.Send VbCr
xsh.Screen.Send “cd /home/securityCheck”
xsh.Screen.Send VbCr
End Sub
3、上传文件
rz (enter)
4、执行脚本文件(查询信息,生成TXT文件并且导出到本地)run.vbs文件
Sub Main
xsh.Screen.Send “chmod +x securityCheck.sh”
xsh.Screen.Send VbCr
xsh.Screen.Send “./securityCheck.sh”
xsh.Screen.Send VbCr
xsh.Screen.Send “sz securityReport.txt”
xsh.Screen.Send VbCr
xsh.Screen.Send VbCr
End Sub
5、脚本文件具体内容(securityCheck.sh文件)
!/bin/bash
echo “————————网络安全检查开始———————-” >> /home/securityCheck/securityReport.txt
echo “——————第一部分——网卡配置查询——————–” >> /home/securityCheck/securityReport.txt
01-网卡配置——查询命令总结
network_scripts=cat /etc/sysconfig/network-scripts/ifcfg-ens192
echo “1.1 系统网卡配置信息ifcfg-ens192:” >> /home/securityCheck/securityReport.txt
echo “$network_scripts” >> /home/securityCheck/securityReport.txt
ifconfig=ifconfig
echo “1.2 系统网卡ifconfig具体信息:” >> /home/securityCheck/securityReport.txt
echo “$ifconfig” >> /home/securityCheck/securityReport.txt
02-DNS文件配置——查询命令
echo “——————第二部分——DNS配置查询——————–” >> /home/securityCheck/securityReport.txt
DNS=cat /etc/resolv.conf
echo “2.1 系统DNS配置信息:” >> /home/securityCheck/securityReport.txt
echo “$DNS” >> /home/securityCheck/securityReport.txt
03-核查NTP文件配置-查询命令
echo “——————第三部分——NTP配置查询——————–” >> /home/securityCheck/securityReport.txt
查询NTP文件配置
NTP=ntpq -p
echo “3.1 系统NTP配置信息” >> /home/securityCheck/securityReport.txt
echo “$NTP” >> /home/securityCheck/securityReport.txt
显示网络时间同步状态
NTPstat=ntpstat
echo “3.2 系统网络时间同步状态信息” >> /home/securityCheck/securityReport.txt
echo “$NTPstat” >> /home/securityCheck/securityReport.txt
04-端口检查-查询命令
echo “——————第四部分——端口信息查询——————–” >> /home/securityCheck/securityReport.txt
所有端口检查
PORT=netstat -tunlp
echo “4.1 系统所有端口信息” >> /home/securityCheck/securityReport.txt
echo “$PORT” >> /home/securityCheck/securityReport.txt
查看所有的服务和端口
AllPORT=netstat -anlp
echo “4.2 系统所有的服务及端口信息” >> /home/securityCheck/securityReport.txt
echo “$AllPORT” >> /home/securityCheck/securityReport.txt
查看服务占用的端口(比如Nginx,mysqld)
JAVA=netstat -ntulp | grep java
echo “4.3-1 java服务占用的端口信息” >> /home/securityCheck/securityReport.txt
echo “$JAVA” >> /home/securityCheck/securityReport.txt
NGINX=netstat -ntulp | grep nginx
echo “4.3-2 nginx服务占用的端口信息” >> /home/securityCheck/securityReport.txt
echo “$NGINX” >> /home/securityCheck/securityReport.txt
REDIS=netstat -ntulp | grep redis
echo “4.3-3 redis服务占用的端口信息” >> /home/securityCheck/securityReport.txt
echo “$REDIS” >> /home/securityCheck/securityReport.txt
ssh服务器端/etc/ssh/sshd_conf配置文件详解
SSH=cat /etc/ssh/sshd_config
echo “4.4 SSH服务的具体配置信息” >> /home/securityCheck/securityReport.txt
echo “$SSH” >> /home/securityCheck/securityReport.txt
echo “——————第五部分——防火墙信息查询——————–” >> /home/securityCheck/securityReport.txt
05-核查防火墙-查询命令
查看防火墙的状态
FIREWALL=firewall-cmd --state
echo “5.1 防火墙的具体信息” >> /home/securityCheck/securityReport.txt
echo “$FIREWALL” >> /home/securityCheck/securityReport.txt
查看防火墙的规则
FIRERULE=firewall-cmd --list-all
echo “5.2 防火墙的具体信息” >> /home/securityCheck/securityReport.txt
echo “$FIRERULE” >> /home/securityCheck/securityReport.txt
echo “——————第六部分——系统用户信息查询——————–” >> /home/securityCheck/securityReport.txt
06-核查系统用户-查询命令
查询系统用户列表
SYSTEMUSER=cat /etc/passwd
echo “6.1 系统的用户状态信息” >> /home/securityCheck/securityReport.txt
echo “$SYSTEMUSER” >> /home/securityCheck/securityReport.txt
查询系统用户密码列表
USERPASSWORD=cat /etc/shadow
echo “6.2 系统的用户密码信息” >> /home/securityCheck/securityReport.txt
echo “$USERPASSWORD” >> /home/securityCheck/securityReport.txt
查看系统中有哪些用户
USER=cut -d : -f 1 /etc/passwd
echo “6.3 系统的用户列表” >> /home/securityCheck/securityReport.txt
echo “$USER” >> /home/securityCheck/securityReport.txt
查看可以登录系统的用户
LOGINUSER=cat /etc/passwd | grep -v /sbin/nologin | cut -d : -f 1
echo “6.4 系统中具有登录权限的用户信息” >> /home/securityCheck/securityReport.txt
echo “$LOGINUSER” >> /home/securityCheck/securityReport.txt
echo “——————第七部分——系统进程信息查询——————–” >> /home/securityCheck/securityReport.txt
07-核查进程-查询命令
查询系统的所有进程
PROCESS=ps aux --sort=-%mem
echo “7.1 系统所有的进程信息(按照占用内存大小排序)” >> /home/securityCheck/securityReport.txt
echo “$PROCESS” >> /home/securityCheck/securityReport.txt
查询所有正在运行中的进程
PROCESSING=ps aux | less
echo “7.2 系统中正在运行的进程信息” >> /home/securityCheck/securityReport.txt
echo “$PROCESSING” >> /home/securityCheck/securityReport.txt
显示系统所有进程的进程树
PTREE=pstree
echo “7.3 系统整体进程树信息” >> /home/securityCheck/securityReport.txt
echo “$PTREE” >> /home/securityCheck/securityReport.txt
查询特定服务的进程树
PTREE_JAVA=pstree -aup | grep java
echo “7.4.1 系统中java服务的进程树信息” >> /home/securityCheck/securityReport.txt
echo “$PTREE_JAVA” >> /home/securityCheck/securityReport.txt
PTREE_REDIS=pstree -aup | grep redis
echo “7.4.2 系统中redis服务的进程树信息” >> /home/securityCheck/securityReport.txt
echo “$PTREE_REDIS” >> /home/securityCheck/securityReport.txt
PTREE_NGINX=pstree -aup | grep nginx
echo “7.4.3 系统中nginx服务的进程树信息” >> /home/securityCheck/securityReport.txt
echo “$PTREE_NGINX” >> /home/securityCheck/securityReport.txt
PTREE_SSH=pstree -aup | grep ssh
echo “7.4.4 系统中SSH服务的进程树信息” >> /home/securityCheck/securityReport.txt
echo “$PTREE_SSH” >> /home/securityCheck/securityReport.txt
查询某一个服务的进程数
PROCESS_COUNT_JAVA=ps -ef | grep java | wc -l
echo “7.5.1 系统中java服务的进程数” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_COUNT_JAVA” >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_REDIS=ps -ef | grep redis | wc -l
echo “7.5.2 系统中redis服务的进程数” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_COUNT_JAVA” >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_NGINX=ps -ef | grep nginx | wc -l
echo “7.5.3 系统中nignx服务的进程数” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_COUNT_NGINX” >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_SSH=ps -ef | grep ssh | wc -l
echo “7.5.4 系统中ssh服务的进程数” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_COUNT_SSH” >> /home/securityCheck/securityReport.txt
查询某一个服务的进程详细信息
PROCESS_DETAIL_JAVA=ps -ef | grep java
echo “7.6.1 系统中java服务的具体进程信息” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_DETAIL_JAVA” >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_REDIS=ps -ef | grep redis
echo “7.6.2 系统中redis服务的具体进程信息” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_DETAIL_REDIS” >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_NGINX=ps -ef | grep nginx
echo “7.6.3 系统中nignx服务的具体进程信息” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_DETAIL_NGINX” >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_SSH=ps -ef | grep ssh
echo “7.6.4 系统中ssh服务的具体进程信息” >> /home/securityCheck/securityReport.txt
echo “$PROCESS_DETAIL_SSH” >> /home/securityCheck/securityReport.txt
echo “——————第八部分——系统CPU信息查询——————–” >> /home/securityCheck/securityReport.txt
08-核查CPU信息-查询命令
cpu逻辑核个数
CPU_NUMBER_logistic=cat /proc/cpuinfo | grep "processor" | wc -l
echo “8.1 系统CPU逻辑核个数” >> /home/securityCheck/securityReport.txt
echo “$CPU_NUMBER_logistic” >> /home/securityCheck/securityReport.txt
cpu物理核个数
CPU_NUMBER_physical=cat /proc/cpuinfo | grep "cpu cores" | uniq
echo “8.2 系统CPU物理核个数” >> /home/securityCheck/securityReport.txt
echo “$CPU_NUMBER_physical” >> /home/securityCheck/securityReport.txt
cpu个数
CPU_NUMBER=cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l
echo “8.3 系统CPU的个数” >> /home/securityCheck/securityReport.txt
echo “$CPU_NUMBER” >> /home/securityCheck/securityReport.txt
cpu是否启用超线程(siblings 大于 cpu cores,说明启用了超线程)
CHAO_THREAD=cat /proc/cpuinfo | grep -e "cpu cores" -e "siblings" | sort | uniq
echo “8.4 系统的超线程情况信息” >> /home/securityCheck/securityReport.txt
echo “$CHAO_THREAD” >> /home/securityCheck/securityReport.txt
cpu的具体信息查询
CPU_DETAIL=cat /proc/cpuinfo
echo “8.5 系统CPU的具体信息” >> /home/securityCheck/securityReport.txt
echo “$CPU_DETAIL” >> /home/securityCheck/securityReport.txt
查询CPU的主频
CPU_HZ=cat /proc/cpuinfo |grep MHz|uniq
echo “8.6 系统CPU的主频信息” >> /home/securityCheck/securityReport.txt
echo “$CPU_HZ” >> /home/securityCheck/securityReport.txt
查询内存的基本信息
RAM=cat /proc/meminfo
echo “8.7 系统内存信息” >> /home/securityCheck/securityReport.txt
echo “$RAM” >> /home/securityCheck/securityReport.txt
查看CPU的型号
CPU_TYPE=dmidecode -s processor-version
echo “8.7 系统内存信息” >> /home/securityCheck/securityReport.txt
echo “$CPU_TYPE” >> /home/securityCheck/securityReport.txt
echo “————————网络安全检查结束———————-” >> /home/securityCheck/securityReport.txt
6、结束脚本内容(end.vbs)
Sub Main
xsh.Screen.Send “cd /home”
xsh.Screen.Send VbCr
xsh.Screen.Send “rm -rf securityCheck”
xsh.Screen.Send VbCr
xsh.Screen.Send “ll”
xsh.Screen.Send VbCr
End Sub
综合以上脚本内容和执行顺序,具体的文件如下所示:
Original: https://www.cnblogs.com/Yanjy-OnlyOne/p/15669176.html
Author: The-Chosen-One
Title: XShell实现自动化执行脚本.sh文件)(网络安全检查)
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/529609/
转载文章受原作者版权保护。转载请注明原作者出处!