forked from al0ne/LinuxCheck
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathLinuxCheck.sh
330 lines (322 loc) · 8.75 KB
/
LinuxCheck.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
#!/bin/bash
echo ""
echo " ========================================================= "
echo " \ Linux信息搜集脚本 V1.2 / "
echo " ========================================================= "
echo " # 支持Centos、Debian系统检测 "
echo " # author:al0ne "
echo -e "\n"
if [ $UID -ne 0 ]; then
echo "请使用root权限运行!!!"
exit 1
fi
source /etc/os-release
if ag -V >/dev/null 2>&1; then
echo -n
else
case ${ID} in
"debian" | "ubuntu" | "devuan")
apt-get -y install silversearcher-ag >/dev/null 2>&1
;;
"centos" | "rhel fedora" | "rhel")
yum -y install the_silver_searcher >/dev/null 2>&1
;;
*)
exit 1
;;
esac
fi
#Centos安装net-tools
if ifconfig >/dev/null 2>&1; then
echo -n
else
case ${ID} in
"centos" | "rhel fedora" | "rhel")
yum -y install net-tools >/dev/null 2>&1
;;
*)
exit 1
;;
esac
fi
#Centos安装lsof
if lsof >/dev/null 2>&1; then
echo -n
else
case ${ID} in
"centos" | "rhel fedora" | "rhel")
yum -y install lsof >/dev/null 2>&1
;;
*)
exit 1
;;
esac
fi
echo -e "\e[00;31m[+]系统改动\e[00m"
if debsums --help >/dev/null 2>&1; then
debsums -e | ag -v 'OK'
else
case ${ID} in
"debian" | "ubuntu" | "devuan")
apt install -y debsums >/dev/null 2>&1
debsums -e | ag -v 'OK'
;;
"centos" | "rhel fedora" | "rhel")
rpm -Va
;;
*)
exit 1
;;
esac
fi
echo -e "\n"
echo -e "\e[00;31m[+]系统信息\e[00m"
#当前用户
echo -e "USER:\t\t" $(whoami) 2>/dev/null
#版本信息
echo -e "OS Version:\t" ${PRETTY_NAME}
#主机名
echo -e "Hostname: \t" $(hostname -s)
#uptime
echo -e "uptime: \t" $(uptime | awk -F ',' '{print $1}')
#cpu信息
echo -e "CPU info:\t" $(cat /proc/cpuinfo | ag -o '(?<=model name\t: ).*' | head -n 1)
# ipaddress
ipaddress=$(ifconfig | ag -o '(?<=inet |inet addr:)\d+\.\d+\.\d+\.\d+' | ag -v '127.0.0.1') >/dev/null 2>&1
echo -e "IPADDR:\t\t${ipaddress}" | sed ":a;N;s/\n/ /g;ta"
echo -e "\n"
echo -e "\e[00;31m[+]CPU使用率: \e[00m"
awk '$0 ~/cpu[0-9]/' /proc/stat 2>/dev/null | while read line; do
echo "$line" | awk '{total=$2+$3+$4+$5+$6+$7+$8;free=$5;\
print$1" Free "free/total*100"%",\
"Used " (total-free)/total*100"%"}'
done
echo -e "\n"
#CPU占用
cpu=$(ps aux | grep -v ^'USER' | sort -rn -k3 | head -10) 2>/dev/null
echo -e "\e[00;31m[+]CPU TOP10: \e[00m\n${cpu}\n"
#内存占用
echo -e "\e[00;31m[+]内存占用\e[00m"
free -mh
echo -e "\n"
#剩余空间
echo -e "\e[00;31m[+]剩余空间\e[00m"
df -mh
echo -e "\n"
echo -e "\e[00;31m[+]硬盘挂载\e[00m"
cat /etc/fstab | ag -v "#" | awk '{print $1,$2,$3}'
echo -e "\n"
#ifconfig
echo -e "\e[00;31m[+]ifconfig\e[00m"
/sbin/ifconfig -a
echo -e "\n"
#网络流量
echo -e "\e[00;31m[+]网络流量 \e[00m"
echo "Interface ByteRec PackRec ByteTran PackTran"
awk ' NR>2' /proc/net/dev | while read line; do
echo "$line" | awk -F ':' '{print " "$1" " $2}' | \
awk '{print $1" "$2 " "$3" "$10" "$11}'
done
echo -e "\n"
#端口监听
echo -e "\e[00;31m[+]端口监听\e[00m"
netstat -tulpen | ag 'tcp|udp.*' --nocolor
echo -e "\n"
#对外开放端口
echo -e "\e[00;31m[+]对外开放端口\e[00m"
netstat -tulpen | awk '{print $1,$4}' | ag -o '.*0.0.0.0:(\d+)' --nocolor
echo -e "\n"
#网络连接
echo -e "\e[00;31m[+]网络连接\e[00m"
netstat -antop | ag ESTAB --nocolor
echo -e "\n"
#路由表
echo -e "\e[00;31m[+]路由表\e[00m"
/sbin/route -nee
echo -e "\n"
#DNS
echo -e "\e[00;31m[+]DNS Server\e[00m"
cat /etc/resolv.conf | ag -o '\d+\.\d+\.\d+\.\d+' --nocolor
echo -e "\n"
#混杂模式
echo -e "\e[00;31m[+]网卡混杂模式\e[00m"
if ip link | ag PROMISC >/dev/null 2>&1; then
echo "网卡存在混杂模式!"
else
echo "网卡不存在混杂模式"
fi
echo -e "\n"
#安装软件
echo -e "\e[00;31m[+]常用软件\e[00m"
cmdline=(
"which perl"
"which gcc"
"which g++"
"which python"
"which php"
"which cc"
"which go"
"which node"
"which clang"
"which ruby"
"which curl"
"which wget"
"which mysql"
"which redis"
"which apache"
"which nginx"
"which git"
"which mongodb"
"which docker"
"which tftp"
"which psql"
)
for prog in "${cmdline[@]}"; do
soft=$($prog)
if [ "$soft" ] 2>/dev/null; then
echo -e "$soft" | ag -o '\w+$' --nocolor
fi
done
echo -e "\n"
#crontab
echo -e "\e[00;31m[+]Crontab\e[00m"
crontab -u root -l | ag -v '#' --nocolor
ls -al /etc/cron.*/*
echo -e "\n"
#env
echo -e "\e[00;31m[+]env\e[00m"
env
echo -e "\n"
#LD_PRELOAD
echo -e "\e[00;31m[+]LD_PRELOAD\e[00m"
echo ${LD_PRELOAD}
echo -e "\n"
#passwd信息
echo -e "\e[00;31m[+]可登陆用户\e[00m"
cat /etc/passwd | ag -v 'nologin$|false$'
echo -e "passwd文件修改日期:" $(stat /etc/passwd | ag -o '(?<=Modify: ).*' --nocolor)
echo -e "\n"
echo -e "\e[00;31m[+]sudoers(请注意NOPASSWD)\e[00m"
cat /etc/sudoers | ag -v '#' | sed -e '/^$/d' | ag ALL --nocolor
echo -e "\n"
#防火墙
echo -e "\e[00;31m[+]IPTABLES防火墙\e[00m"
iptables -L
echo -e "\n"
#登陆信息
echo -e "\e[00;31m[+]登录信息\e[00m"
w
echo -e "\n"
last
echo -e "\n"
lastlog
echo "登陆ip:" $(ag -a accepted /var/log/secure /var/log/auth.* 2>/dev/null | ag -o '\d+\.\d+\.\d+\.\d+' | sort | uniq)
echo -e "\n"
#运行服务
echo -e "\e[00;31m[+]Service \e[00m"
case ${ID} in
"debian" | "ubuntu" | "devuan")
service --status-all | ag -Q '+' --nocolor
;;
"centos" | "rhel fedora" | "rhel")
service --status-all | ag -Q 'is running' --nocolor
;;
*)
exit 1
;;
esac
echo -e "\n"
#查看history文件
echo -e "\e[00;31m[+]History\e[00m"
ls -la ~/.*_history
ls -la /root/.*_history
echo -e "\n"
cat ~/.*history | ag '(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])|http://|https://|ssh|scp|tar' --nocolor
echo -e "\n"
#HOSTS
echo -e "\e[00;31m[+]/etc/hosts \e[00m"
cat /etc/hosts | ag -v "#"
echo -e "\n"
#/etc/profile
echo -e "\e[00;31m[+]/etc/profile \e[00m"
cat /etc/profile | ag -v '#'
echo -e "\n"
#/etc/rc.local
echo -e "\e[00;31m[+]/etc/rc.local \e[00m"
cat /etc/rc.local | ag -v '#'
echo -e "\n"
#~/.bash_profile
echo -e "\e[00;31m[+]~/.bash_profile \e[00m"
cat ~/.bash_profile | ag -v '#'
echo -e "\n"
#~/.bashrc
echo -e "\e[00;31m[+]~/.bashrc \e[00m"
cat ~/.bashrc | ag -v '#'
echo -e "\n"
#bash反弹shell
echo -e "\e[00;31m[+]bash反弹shell \e[00m"
ps -ef | ag 'bash -i' | ag -v 'ag' | awk '{print $2}' | xargs -i{} lsof -p {} | ag 'ESTAB' --nocolor
echo -e "\n"
#...隐藏文件
echo -e "\e[00;31m[+]...隐藏文件 \e[00m"
find / ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/boot/*" -name ".*."
echo -e "\n"
#tmp目录
echo -e "\e[00;31m[+]/tmp \e[00m"
ls /tmp /var/tmp /dev/shm -alh
echo -e "\n"
#alias 别名
echo -e "\e[00;31m[+]alias \e[00m"
alias|ag -v 'git'
echo -e "\n"
#SUID
echo -e "\e[00;31m[+]SUID \e[00m"
find / ! -path "/proc/*" -perm -004000 -type f | ag -v 'snap|docker'
echo -e "\n"
#lsof -L1
echo -e "\e[00;31m[+]lsof -L1 \e[00m"
lsof +L1
echo -e "\n"
#近7天改动
echo -e "\e[00;31m[+]近七天文件改动 \e[00m"
find /etc /bin /sbin /dev /root/ /home /tmp -mtime -7 -type f | ag -v 'cache|vim|/share/|/lib/|.zsh|.gem' | xargs -i{} ls -alh {}
echo -e "\n"
#大文件100mb
echo -e "\e[00;31m[+]大文件>100mb \e[00m"
find / ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/boot/*" -size +100M -print 2>/dev/null | xargs -i{} ls -alh {} | ag '\.gif|\.jpeg|\.jpg|\.png|\.zip|\.tar.gz|\.tgz|\.7z|\.log|\.xz|\.rar|\.bak|\.old|\.sql|\.1|\.txt|\.tar|\.db|/\w+$' --nocolor
echo -e "\n"
#lsmod 查看模块
echo -e "\e[00;31m[+]lsmod模块\e[00m"
sudo lsmod
echo -e "\n"
#检查ssh key
echo -e "\e[00;31m[+]SSH key\e[00m"
sshkey=${HOME}/.ssh/authorized_keys
if [ -e "${sshkey}" ]; then
cat ${sshkey}
else
echo -e "SSH key文件不存在\n"
fi
echo -e "\n"
#PHP webshell查杀
echo -e "\e[00;31m[+]PHP webshell查杀\e[00m"
ag --php -l -s 'assert\(|phpspy|c99sh|milw0rm|eval?\(|\(gunerpress|\(base64_decoolcode|spider_bc|shell_exec\(|passthru\(|base64_decode\s?\(|gzuncompress\s?\(|\(\$\$\w+|call_user_func\(|preg_replace_callback\(|preg_replace\(|register_shutdown_function\(|register_tick_function\(|mb_ereg_replace_callback\(|filter_var\(|ob_start\(|usort\(|uksort\(|GzinFlate\s?\(|\$\w+\(\d+\)\.\$\w+\(\d+\)\.|\$\w+=str_replace\(|eval\/\*.*\*\/\(' /
echo -e "\n"
rkhuntercheck() {
if rkhunter >/dev/null 2>&1; then
rkhunter --checkall --sk | ag -v 'OK|Not found|None found'
else
wget 'https://astuteinternet.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz' -O /tmp/rkhunter.tar.gz >/dev/null 2>&1
tar -zxvf /tmp/rkhunter.tar.gz -C /tmp >/dev/null 2>&1
cd /tmp/rkhunter-1.4.6/
./installer.sh --install >/dev/null 2>&1
rkhunter --checkall --sk | ag -v 'OK|Not found|None found'
fi
}
ping -c 1 114.114.114.114 >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo -e "\e[00;31m[+]RKhunter\e[00m"
rkhuntercheck
else
echo -e '\n'
fi