服务器日常运行状态报告脚本
in with 0 comment

服务器日常运行状态报告脚本

in with 0 comment

服务器日常运行状态报告脚本

此脚本是在使用的 鸟哥 Linux 私房菜的 CentOs 7 的状态报告脚本

下载地址

使用方法

$ sudo tar -zxvf logfile_centos7.tar.gz -C /   # 没错就是解压到根目录
# 此脚本会在 `/etc/cron.d/` 新建 `vbirdlogfile` 文件    此文件的作用是添加定时任务
# 新建 `/root/bin/logfile` 目录     此目录是脚本执行环境

主脚本介绍

脚本的一些繁体字我翻译成简体中文了、具体每个步骤的作用你可以参考一下

#!/bin/bash
#
##########################################################################################
# YOU MUST KEYIN SOME PARAMETERS HERE!!
# 底下的资料是您必須要填写的!
email="youremail@example.com"		# 这是你想将 logfile 邮寄的 email 地址
				# 你也可以将这些资料寄给许多邮件地址,可以使用底下的格式:
				# email="root@localhost,yourID@hostname"
				# 每个 email 用逗号隔开,不要加空白鍵!

basedir="/dev/shm/logfile/"	# 这个是 logfile.sh 生成的 logfile_mail.txt 存放目录 
funcdir="/root/bin/logfile" # 这个是 logfile.sh 这个脚本的存放目录

outputall="no"		# 这个是『是否要將所有的登录档內容都印出來?
			# 对于一般新手來說,只要看汇整的资讯即可,
			# 所以这里选择 "no" ,如果想要知道所有的登陆讯息,则可以设定为 "yes" 

##########################################################################################
# 底下的资料看看就好,因为不需要更动,程式已经设计好了!
# 如果您有其他的额外发现,可以进行进一步的修改喔! ^_^
export email basedir outputall funcdir
[ ! -d $basedir ] && mkdir $basedir


##########################################################################################
# 0. 设定一些基本的变数內容与检验 basedir 是否存在
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
#LANG=zh_TW.utf8
LANG=C
export PATH LANG LANGUAGE LC_TIME
localhostname=$(hostname)

# 修改使用者邮件位址!
temp=$(echo $email | cut -d '@' -f2)
if [ "$temp" == "localhost" ]; then
	email=$(echo $email | cut -d '@' -f1)\@"$localhostname"
fi

# 检测 awk 与 sed 与 egrep 等会使用到的程式 是否存在
errormesg=""
programs="awk sed egrep ps cat cut tee netstat df uptime journalctl"
for profile in $programs
do
	which $profile > /dev/null 2>&1
	if [ "$?" != "0" ]; then
		echo -e "您的系统并沒有包含 $profile 程式;(Your system do not have $profile )"
		errormesg="yes"
	fi
done
if [ "$errormesg" == "yes" ]; then
	echo "您的系统缺乏本程式执行所需要的系统执行档, $0 将停止作业"
	exit 1
fi

# 测验暂存目录是否存在!
temp=$(ps -aux 2> /dev/null | grep systemd-journal | grep -v grep)
if [ "$temp" == "" ]; then
	echo -e "您的系统沒有启动 systemd-journald 这个 daemon ,"
	echo -e "本程式主要针对 systemd-journald 产生的 logfile 來分析,"
	echo -e "因此,沒有 systemd-journald 则本程式沒有执行之必要。"
	exit 0
fi

# 測驗暫存目錄是否存在!
if [ ! -d "$basedir" ]; then
	echo -e "$basedir 此目录并不存在,本程式 $0 无法进行工作!"
	exit 1
fi


##########################################################################################
# 0.1 设定版本咨询,以及相关的 log files 內容表格!
lastdate="2015-08-20"
versions="Version 0.3"
hosthome=$(hostname)
logfile="$basedir/logfile_mail.txt"
declare -i datenu=$(date +%k)
if [ "$datenu" -le "6" ]; then
	date --date='1 day ago' +%b' '%e   > "$basedir/dattime"
	date --date='1 day ago' +%Y-%m-%d  > "$basedir/dattime2"
else
	date +%b' '%e   > "$basedir/dattime"
	date +%Y-%m-%d  > "$basedir/dattime2"
fi
y="`cat $basedir/dattime`"
y2="`cat $basedir/dattime2`"
export lastdate hosthome logfile y

# 0.1.1 secure file
log=$(journalctl SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 --since yesterday --until today | grep -v "^\-\-")
if [ "$log" != "" ]; then
	journalctl SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 --since yesterday --until today | grep -v "^\-\-" > "$basedir/securelog"
fi

# 0.1.2 maillog file
log=$(journalctl SYSLOG_FACILITY=2 --since yesterday --until today | grep -v "^\-\-")
if [ "$log" != "" ]; then
	journalctl SYSLOG_FACILITY=2 --since yesterday --until today | grep -v "^\-\-" > "$basedir/maillog"
fi

# 0.1.3 messages file
journalctl SYSLOG_FACILITY=0 SYSLOG_FACILITY=1 SYSLOG_FACILITY=3 SYSLOG_FACILITY=5 \
      SYSLOG_FACILITY=6 SYSLOG_FACILITY=7 SYSLOG_FACILITY=8 SYSLOG_FACILITY=11 SYSLOG_FACILITY=16 \
      SYSLOG_FACILITY=17 SYSLOG_FACILITY=18 SYSLOG_FACILITY=19 SYSLOG_FACILITY=20 SYSLOG_FACILITY=21 \
      SYSLOG_FACILITY=22 SYSLOG_FACILITY=23 --since yesterday --until today | grep -v "^\-\-" > "$basedir/messageslog"
touch "$basedir/securelog"
touch "$basedir/maillog"
touch "$basedir/messageslog"

# The following lines are detecting your PC live?
  timeset1=`uptime | grep day`
  timeset2=`uptime | grep min`
  if [ "$timeset1" == "" ]; then
        if [ "$timeset2" == "" ]; then
                UPtime=`uptime | awk '{print $3}'`
        else
                UPtime=`uptime | awk '{print $3 " " $4}'`
        fi
  else
        if [ "$timeset2" == "" ]; then
                UPtime=`uptime | awk '{print $3 " " $4 " " $5}'`
        else
                UPtime=`uptime | awk '{print $3 " " $4 " " $5 " " $6}'`
        fi
  fi

# 显示出本主机的 IP !
IPs=$(echo $(ifconfig | grep 'inet '| awk '{print $2}' | grep -v '127.0.0.'))


##########################################################################################
# 1. 建立欢迎页面通知,以及系統的资料整理!
echo "" > $logfile
/sbin/restorecon -Rv $logfile
echo "=============== system summary =================================" >> $logfile
echo "Linux kernel  :  $(cat /proc/version | \
	awk '{print $1 " " $2 " " $3 " " $4}')" 			>> $logfile
echo "CPU informatin: $(cat /proc/cpuinfo |grep 'model name' | sed 's/model name.*://' | \
	uniq -c | sed 's/[[:space:]][[:space:]]*/ /g')"			>> $logfile
echo "CPU speed     : $( cat /proc/cpuinfo | grep "cpu MHz" | \
	sort | tail -n 1 | cut -d ':' -f2-) MHz" 			>> $logfile
echo "hostname is   :  $(hostname)" 					>> $logfile
echo "Network IP    :  ${IPs}"						>> $logfile
echo "Check time    :  $(date +%Y/%B/%d' '%H:%M:%S' '\(' '%A' '\))" 	>> $logfile
echo "Summary date  :  $(cat $basedir/dattime)"				>> $logfile
echo "Up times      :  $(echo $UPtime)" 				>> $logfile
echo "Filesystem summary: "						>> $logfile
df -Th	| sed 's/^/       /'				>> $logfile
if [ -x /opt/MegaRAID/MegaCli/MegaCli64 ]; then
	cd /root
	echo 								>> $logfile
	echo "Test the RAID card Volumes informations:"			>> $logfile
	/opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -LALL -aAll | \
	grep -E '^Name|^Size|^State'					>> $logfile
	echo 								>> $logfile
	echo "Test RAID devices"					>> $logfile
	/opt/MegaRAID/MegaCli/MegaCli64 -PDList -aAll | \
	grep -E '^Firmware|^Slot|^Media Error|^Other Error'		>> $logfile
	cd -
fi
echo " "						>> $logfile
echo " "						>> $logfile

# 1.1 Port 分析
if [ -f $funcdir/function/ports ]; then
	source $funcdir/function/ports
fi


##########################################################################################
# 2 开始测试需要进行的模组!
# 2.1 测试 ssh 是否存在?
input=`cat $basedir/netstat.tcp.output |egrep '(22|sshd)'`
if [ "$input" != "" ]; then
	source $funcdir/function/ssh
	funcssh
	echo " "	>> $logfile
fi

# 2.2 测试 FTP 的玩意儿~
input=`cat $basedir/netstat.tcp.output |egrep '(21|ftp)'`
if [ "$input" != "" ]; then
	if [ -f /etc/ftpaccess ]; then
		source $funcdir/function/wuftp
		funcwuftp
	fi
	proftppro=`which proftpd 2> /dev/null`
	if [ "$proftppro" != "" ]; then
		source $funcdir/function/proftp
		funcproftp
	fi
fi

# 2.3 pop3 测试
input=`cat $basedir/netstat.tcp.output | grep 110`
if [ "$input" != "" ]; then
	dovecot=`cat $basedir/netstat.tcp.output | grep dovecot`
	if [ "$dovecot" != "" ]; then
		source $funcdir/function/dovecot
		funcdovecot
		echo " " >> $logfile
	else
		source $funcdir/function/pop3
		funcpop3
		echo " "	>> $logfile
	fi
fi

# 2.4 Mail 测试
input=`cat $basedir/netstat.tcp.output $basedir/netstat.tcp.local 2> /dev/null |grep 25`
if [ "$input" != "" ]; then
	postfixtest=`netstat -tlnp 2> /dev/null |grep ':25'|grep master`
	#sendmailtest=`ps -aux 2> /dev/null |grep sendmail| grep -v 'grep'`
	if [ "$postfixtest" != "" ] ;  then
		source $funcdir/function/postfix
		funcpost
	else
		source $funcdir/function/sendmail
		funcsendmail
	fi
	procmail=`/bin/ls /var/log| grep procmail| head -n 1`
	if [ "$procmail" != "" ] ; then
		source $funcdir/function/procmail
		funcprocmail
	fi

	openwebmail=`ls /var/log | grep openwebmail | head -n 1`
	if [ "$openwebmail" != "" ]; then
		source $funcdir/function/openwebmail
		funcopenwebmail
	fi
fi

# 2.5 samba 测试
input=`cat $basedir/netstat.tcp.output  2> /dev/null |grep 139|grep smbd`
if [ "$input" != "" ]; then
	source $funcdir/function/samba
	funcsamba
fi

#####################################################################
# 10. 全部的资讯列出給人瞧一瞧!
if [ "$outputall" == "yes" ] || [ "$outputall" == "YES" ] ; then
	echo "  "                                  				>> $logfile
	echo "================= 全部的登录日志归档 ======================="	>> $logfile
	echo "1. 重要的登录记录档 ( Secure file )"           >> $logfile
	echo "   说明:已经取消了 pop3 的资讯!"	     >> $logfile
	grep -v 'pop3' $basedir/securelog 		     >> $logfile 
	echo " "                                             >> $logfile
	echo "2. 使用 last 这个指令输出的结果"               >> $logfile
	last -20                                             >> $logfile
	echo " "                                             >> $logfile
	echo "3. 将特重要的 /var/log/messages 列出來瞧一瞧!"  >> $logfile
	cat $basedir/messageslog 			     >> $logfile
	echo " "					     >> $logfile
	if [ -f /var/log/knockd.log ]; then
		echo "4. 开始分析 knockd 这个服务的相关资料" >> $logfile
		echo "4.1 正常登入主机的指令运作"	     >> $logfile
		grep "$y2" /var/log/knockd.log | grep 'iptables'     >> $logfile
		echo ""
		echo "4.2 因为某些原因,导致无法登入的 IP 与状态!"  >> $logfile
		grep "$y2" /var/log/knockd.log | grep 'sequence timeout' >> $logfile
	fi
fi

# At last! we send this mail to you!
export LANG=zh_TW.utf8
export LC_ALL=zh_TW.utf8
if [ -x /usr/bin/uuencode ]; then
	uuencode $logfile logfile.html | mail -s "$hosthome logfile analysis results" $email 
else
	mail -s "$hosthome logfile analysis results" $email < $logfile
fi