搜索到
25
篇与
Linux
相关的结果
-
WAF防护Linux交互式脚本 代码#!/bin/bash # WAF防护配置脚本 # 作者: 系统安全助手 # 版本: 2.0 # 功能: 全面的Linux Web应用防火墙配置 # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # 脚本目录 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" CONFIG_DIR="$SCRIPT_DIR/waf_configs" LOGS_DIR="$SCRIPT_DIR/waf_logs" BACKUP_DIR="$SCRIPT_DIR/waf_backups" RULES_DIR="$SCRIPT_DIR/waf_rules" # 创建必要的目录 mkdir -p "$CONFIG_DIR" "$LOGS_DIR" "$BACKUP_DIR" "$RULES_DIR" # 配置文件 MAIN_CONFIG="$CONFIG_DIR/waf_main.conf" NGINX_CONFIG="$CONFIG_DIR/waf_nginx.conf" APACHE_CONFIG="$CONFIG_DIR/waf_apache.conf" CUSTOM_RULES="$RULES_DIR/custom_rules.conf" # 日志文件 INSTALL_LOG="$LOGS_DIR/install.log" ACCESS_LOG="$LOGS_DIR/waf_access.log" BLOCK_LOG="$LOGS_DIR/waf_block.log" # 备份文件 BACKUP_PREFIX="$BACKUP_DIR/waf_backup_$(date +%Y%m%d_%H%M%S)" # 当前配置状态 CURRENT_CONFIG="" # 显示横幅 show_banner() { clear echo -e "${CYAN}" echo "╔════════════════════════════════════════════════════════════╗" echo "║ 高级WAF防护配置脚本 v2.0 ║" echo "║ 全面Linux Web应用防火墙 ║" echo "╚════════════════════════════════════════════════════════════╝" echo -e "${NC}" echo -e "${YELLOW}脚本目录: $SCRIPT_DIR${NC}" echo -e "${YELLOW}配置目录: $CONFIG_DIR${NC}" echo -e "${YELLOW}日志目录: $LOGS_DIR${NC}" echo "════════════════════════════════════════════════════════════" echo } # 日志记录函数 log_message() { local level=$1 local message=$2 local timestamp=$(date '+%Y-%m-%d %H:%M:%S') case $level in "INFO") echo -e "${GREEN}[INFO]${NC} $message" ;; "WARN") echo -e "${YELLOW}[WARN]${NC} $message" ;; "ERROR") echo -e "${RED}[ERROR]${NC} $message" ;; "DEBUG") echo -e "${BLUE}[DEBUG]${NC} $message" ;; esac echo "[$timestamp] [$level] $message" >> "$INSTALL_LOG" } # 检查依赖 check_dependencies() { log_message "INFO" "检查系统依赖..." local missing_deps=() # 检查常用工具 for cmd in curl wget grep awk sed iptables; do if ! command -v $cmd &> /dev/null; then missing_deps+=($cmd) fi done # 检查Web服务器 if systemctl is-active --quiet nginx 2>/dev/null; then WEB_SERVER="nginx" log_message "INFO" "检测到Nginx服务器" elif systemctl is-active --quiet apache2 2>/dev/null || systemctl is-active --quiet httpd 2>/dev/null; then WEB_SERVER="apache" log_message "INFO" "检测到Apache服务器" else log_message "WARN" "未检测到运行中的Web服务器" WEB_SERVER="unknown" fi if [ ${#missing_deps[@]} -gt 0 ]; then log_message "WARN" "缺少以下依赖: ${missing_deps[*]}" read -p "是否安装缺少的依赖? (y/n): " choice if [ "$choice" = "y" ]; then if [ -f /etc/debian_version ]; then sudo apt-get update sudo apt-get install -y ${missing_deps[@]} elif [ -f /etc/redhat-release ]; then sudo yum install -y ${missing_deps[@]} else log_message "ERROR" "无法确定系统发行版,请手动安装依赖" fi fi fi return 0 } # 备份当前配置 backup_config() { log_message "INFO" "备份当前配置..." # 备份iptables规则 sudo iptables-save > "${BACKUP_PREFIX}_iptables.rules" 2>/dev/null # 备份系统文件 local files_to_backup=( "/etc/sysctl.conf" "/etc/hosts.allow" "/etc/hosts.deny" "/etc/security/limits.conf" ) for file in "${files_to_backup[@]}"; do if [ -f "$file" ]; then sudo cp "$file" "${BACKUP_PREFIX}_$(basename $file)" fi done # 备份Web服务器配置 if [ "$WEB_SERVER" = "nginx" ] && [ -f "/etc/nginx/nginx.conf" ]; then sudo cp /etc/nginx/nginx.conf "${BACKUP_PREFIX}_nginx.conf" elif [ "$WEB_SERVER" = "apache" ]; then if [ -f "/etc/apache2/apache2.conf" ]; then sudo cp /etc/apache2/apache2.conf "${BACKUP_PREFIX}_apache.conf" elif [ -f "/etc/httpd/conf/httpd.conf" ]; then sudo cp /etc/httpd/conf/httpd.conf "${BACKUP_PREFIX}_httpd.conf" fi fi log_message "INFO" "配置已备份到: $BACKUP_DIR" } # 加载配置 load_config() { if [ -f "$MAIN_CONFIG" ]; then source "$MAIN_CONFIG" log_message "INFO" "加载现有配置" else # 默认配置 ENABLE_SQL_INJECTION="true" ENABLE_XSS="true" ENABLE_RFI_LFI="true" ENABLE_COMMAND_INJECTION="true" ENABLE_BRUTE_FORCE="true" ENABLE_DDOS="true" ENABLE_BOT_PROTECTION="true" ENABLE_FILE_UPLOAD="true" ENABLE_HOTLINKING="true" ENABLE_SENSITIVE_DATA="true" BLOCK_THRESHOLD=10 BAN_TIME=3600 RATE_LIMIT=100 MAX_CONNECTIONS=50 log_message "INFO" "使用默认配置" fi } # 保存配置 save_config() { cat > "$MAIN_CONFIG" << EOF # WAF主配置文件 # 生成时间: $(date) # 防护模块开关 ENABLE_SQL_INJECTION="$ENABLE_SQL_INJECTION" ENABLE_XSS="$ENABLE_XSS" ENABLE_RFI_LFI="$ENABLE_RFI_LFI" ENABLE_COMMAND_INJECTION="$ENABLE_COMMAND_INJECTION" ENABLE_BRUTE_FORCE="$ENABLE_BRUTE_FORCE" ENABLE_DDOS="$ENABLE_DDOS" ENABLE_BOT_PROTECTION="$ENABLE_BOT_PROTECTION" ENABLE_FILE_UPLOAD="$ENABLE_FILE_UPLOAD" ENABLE_HOTLINKING="$ENABLE_HOTLINKING" ENABLE_SENSITIVE_DATA="$ENABLE_SENSITIVE_DATA" # 防护参数 BLOCK_THRESHOLD="$BLOCK_THRESHOLD" BAN_TIME="$BAN_TIME" RATE_LIMIT="$RATE_LIMIT" MAX_CONNECTIONS="$MAX_CONNECTIONS" # 自定义规则文件 CUSTOM_RULES_FILE="$CUSTOM_RULES" # 日志文件 ACCESS_LOG="$ACCESS_LOG" BLOCK_LOG="$BLOCK_LOG" EOF log_message "INFO" "配置已保存到: $MAIN_CONFIG" } # 显示当前配置 show_current_config() { echo -e "${CYAN}════════════════════ 当前WAF配置 ════════════════════${NC}" echo -e "${YELLOW}防护模块:${NC}" echo -e " SQL注入防护: ${GREEN}$ENABLE_SQL_INJECTION${NC}" echo -e " XSS防护: ${GREEN}$ENABLE_XSS${NC}" echo -e " RFI/LFI防护: ${GREEN}$ENABLE_RFI_LFI${NC}" echo -e " 命令注入防护: ${GREEN}$ENABLE_COMMAND_INJECTION${NC}" echo -e " 暴力破解防护: ${GREEN}$ENABLE_BRUTE_FORCE${NC}" echo -e " DDoS防护: ${GREEN}$ENABLE_DDOS${NC}" echo -e " 机器人防护: ${GREEN}$ENABLE_BOT_PROTECTION${NC}" echo -e " 文件上传防护: ${GREEN}$ENABLE_FILE_UPLOAD${NC}" echo -e " 盗链防护: ${GREEN}$ENABLE_HOTLINKING${NC}" echo -e " 敏感数据防护: ${GREEN}$ENABLE_SENSITIVE_DATA${NC}" echo echo -e "${YELLOW}防护参数:${NC}" echo -e " 阻断阈值: ${BLUE}$BLOCK_THRESHOLD${NC} 次/分钟" echo -e " 封禁时间: ${BLUE}$BAN_TIME${NC} 秒" echo -e " 速率限制: ${BLUE}$RATE_LIMIT${NC} 请求/秒" echo -e " 最大连接数: ${BLUE}$MAX_CONNECTIONS${NC}" echo -e "${CYAN}════════════════════════════════════════════════════${NC}" } # 自定义配置菜单 custom_config_menu() { while true; do clear show_banner show_current_config echo -e "${PURPLE}════════════════════ 自定义配置 ════════════════════${NC}" echo " 1) 切换SQL注入防护 [$ENABLE_SQL_INJECTION]" echo " 2) 切换XSS防护 [$ENABLE_XSS]" echo " 3) 切换RFI/LFI防护 [$ENABLE_RFI_LFI]" echo " 4) 切换命令注入防护 [$ENABLE_COMMAND_INJECTION]" echo " 5) 切换暴力破解防护 [$ENABLE_BRUTE_FORCE]" echo " 6) 切换DDoS防护 [$ENABLE_DDOS]" echo " 7) 切换机器人防护 [$ENABLE_BOT_PROTECTION]" echo " 8) 切换文件上传防护 [$ENABLE_FILE_UPLOAD]" echo " 9) 切换盗链防护 [$ENABLE_HOTLINKING]" echo "10) 切换敏感数据防护 [$ENABLE_SENSITIVE_DATA]" echo "11) 修改防护参数" echo "12) 管理自定义规则" echo "13) 保存配置并返回主菜单" echo "14) 返回主菜单(不保存)" echo -e "${PURPLE}════════════════════════════════════════════════════${NC}" read -p "请选择选项 [1-14]: " choice case $choice in 1) [ "$ENABLE_SQL_INJECTION" = "true" ] && ENABLE_SQL_INJECTION="false" || ENABLE_SQL_INJECTION="true" ;; 2) [ "$ENABLE_XSS" = "true" ] && ENABLE_XSS="false" || ENABLE_XSS="true" ;; 3) [ "$ENABLE_RFI_LFI" = "true" ] && ENABLE_RFI_LFI="false" || ENABLE_RFI_LFI="true" ;; 4) [ "$ENABLE_COMMAND_INJECTION" = "true" ] && ENABLE_COMMAND_INJECTION="false" || ENABLE_COMMAND_INJECTION="true" ;; 5) [ "$ENABLE_BRUTE_FORCE" = "true" ] && ENABLE_BRUTE_FORCE="false" || ENABLE_BRUTE_FORCE="true" ;; 6) [ "$ENABLE_DDOS" = "true" ] && ENABLE_DDOS="false" || ENABLE_DDOS="true" ;; 7) [ "$ENABLE_BOT_PROTECTION" = "true" ] && ENABLE_BOT_PROTECTION="false" || ENABLE_BOT_PROTECTION="true" ;; 8) [ "$ENABLE_FILE_UPLOAD" = "true" ] && ENABLE_FILE_UPLOAD="false" || ENABLE_FILE_UPLOAD="true" ;; 9) [ "$ENABLE_HOTLINKING" = "true" ] && ENABLE_HOTLINKING="false" || ENABLE_HOTLINKING="true" ;; 10) [ "$ENABLE_SENSITIVE_DATA" = "true" ] && ENABLE_SENSITIVE_DATA="false" || ENABLE_SENSITIVE_DATA="true" ;; 11) modify_parameters ;; 12) manage_custom_rules ;; 13) save_config log_message "INFO" "配置已保存" sleep 2 return 0 ;; 14) read -p "确定放弃修改? (y/n): " confirm if [ "$confirm" = "y" ]; then load_config # 重新加载配置 return 0 fi ;; *) echo -e "${RED}无效选项${NC}" sleep 1 ;; esac done } # 修改防护参数 modify_parameters() { echo -e "${CYAN}════════════════════ 修改防护参数 ════════════════════${NC}" echo -e "当前阻断阈值: ${BLUE}$BLOCK_THRESHOLD${NC} 次/分钟" read -p "新的阻断阈值 (默认10): " new_threshold [ -n "$new_threshold" ] && BLOCK_THRESHOLD=$new_threshold echo -e "当前封禁时间: ${BLUE}$BAN_TIME${NC} 秒" read -p "新的封禁时间 (默认3600): " new_ban [ -n "$new_ban" ] && BAN_TIME=$new_ban echo -e "当前速率限制: ${BLUE}$RATE_LIMIT${NC} 请求/秒" read -p "新的速率限制 (默认100): " new_rate [ -n "$new_rate" ] && RATE_LIMIT=$new_rate echo -e "当前最大连接数: ${BLUE}$MAX_CONNECTIONS${NC}" read -p "新的最大连接数 (默认50): " new_max [ -n "$new_max" ] && MAX_CONNECTIONS=$new_max echo -e "${GREEN}参数已更新${NC}" sleep 1 } # 管理自定义规则 manage_custom_rules() { while true; do clear show_banner echo -e "${CYAN}════════════════════ 自定义规则管理 ════════════════════${NC}" echo " 1) 查看当前规则" echo " 2) 添加新规则" echo " 3) 编辑规则文件" echo " 4) 导入规则集" echo " 5) 清空所有规则" echo " 6) 返回上一级" echo -e "${CYAN}════════════════════════════════════════════════════════${NC}" read -p "请选择选项 [1-6]: " choice case $choice in 1) if [ -f "$CUSTOM_RULES" ] && [ -s "$CUSTOM_RULES" ]; then echo -e "${GREEN}当前自定义规则:${NC}" echo "════════════════════════════════════════" cat "$CUSTOM_RULES" echo "════════════════════════════════════════" else echo -e "${YELLOW}暂无自定义规则${NC}" fi read -p "按Enter继续..." ;; 2) echo -e "${GREEN}添加自定义规则${NC}" echo "示例: deny '恶意User-Agent' 'BadBot'" echo "格式: <动作> <描述> <匹配模式>" echo -n "请输入规则: " read rule if [ -n "$rule" ]; then echo "# 自定义规则 - 添加于 $(date)" >> "$CUSTOM_RULES" echo "$rule" >> "$CUSTOM_RULES" echo -e "${GREEN}规则已添加${NC}" fi sleep 1 ;; 3) if command -v nano &> /dev/null; then nano "$CUSTOM_RULES" elif command -v vim &> /dev/null; then vim "$CUSTOM_RULES" elif command -v vi &> /dev/null; then vi "$CUSTOM_RULES" else echo -e "${YELLOW}未找到文本编辑器,使用cat编辑${NC}" cat > "$CUSTOM_RULES" fi ;; 4) echo -e "${GREEN}导入规则集${NC}" echo "1) OWASP核心规则集" echo "2) 常见攻击规则" echo "3) 扫描器防护规则" read -p "选择规则集 [1-3]: " ruleset case $ruleset in 1) import_owasp_rules ;; 2) import_common_attack_rules ;; 3) import_scanner_rules ;; *) echo -e "${RED}无效选择${NC}" ;; esac sleep 1 ;; 5) read -p "确定清空所有自定义规则? (y/n): " confirm if [ "$confirm" = "y" ]; then > "$CUSTOM_RULES" echo -e "${GREEN}规则已清空${NC}" fi sleep 1 ;; 6) return 0 ;; *) echo -e "${RED}无效选项${NC}" sleep 1 ;; esac done } # 导入OWASP规则 import_owasp_rules() { cat >> "$CUSTOM_RULES" << 'EOF' # ========== OWASP核心规则集 ========== # SQL注入防护规则 deny "SQL Injection - UNION" "union.*select" deny "SQL Injection - SELECT" "select.*from" deny "SQL Injection - INSERT" "insert.*into" deny "SQL Injection - UPDATE" "update.*set" deny "SQL Injection - DELETE" "delete.*from" deny "SQL Injection - DROP" "drop.*table" deny "SQL Injection - OR 1=1" "or.*1=1" deny "SQL Injection -- comment" "--" # XSS防护规则 deny "XSS - Script Tag" "<script>" deny "XSS - Javascript Protocol" "javascript:" deny "XSS - onload Event" "onload=" deny "XSS - onerror Event" "onerror=" deny "XSS - eval()" "eval\(" # 命令注入防护规则 deny "Command Injection - Pipe" "\|" deny "Command Injection - Semicolon" ";" deny "Command Injection - Backtick" "`" deny "Command Injection - Dollar" "\$\(.*\)" EOF echo -e "${GREEN}OWASP规则集已导入${NC}" } # 导入常见攻击规则 import_common_attack_rules() { cat >> "$CUSTOM_RULES" << 'EOF' # ========== 常见攻击规则 ========== # 目录遍历 deny "Directory Traversal" "\.\./" deny "Directory Traversal" "\.\.\\" # 文件包含 deny "File Inclusion" "\.\./\.\./" deny "File Inclusion" "/etc/passwd" # SSI注入 deny "SSI Injection" "<!--#" # PHP攻击 deny "PHP Injection" "php://" deny "PHP Code Injection" "eval\(base64_decode" # Shellshock攻击 deny "Shellshock Attack" "\(\)\s*{" # 扫描器特征 deny "Scanner - Nikto" "nikto" deny "Scanner - Acunetix" "acunetix" deny "Scanner - Nessus" "nessus" deny "Scanner - Netsparker" "netsparker" EOF echo -e "${GREEN}常见攻击规则已导入${NC}" } # 生成iptables规则 generate_iptables_rules() { local iptables_file="$CONFIG_DIR/iptables_rules.sh" cat > "$iptables_file" << EOF #!/bin/bash # 自动生成的iptables规则 # 生成时间: $(date) # 清除现有规则 iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # 默认策略 iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # 允许本地回环 iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # 允许已建立的连接 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 允许SSH (端口22) iptables -A INPUT -p tcp --dport 22 -j ACCEPT # 允许HTTP (端口80) iptables -A INPUT -p tcp --dport 80 -j ACCEPT # 允许HTTPS (端口443) iptables -A INPUT -p tcp --dport 443 -j ACCEPT # DDoS防护 - 限制连接数 iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above $MAX_CONNECTIONS --connlimit-mask 32 -j DROP iptables -A INPUT -p tcp --dport 443 -m connlimit --connlimit-above $MAX_CONNECTIONS --connlimit-mask 32 -j DROP # 速率限制 iptables -A INPUT -p tcp --dport 80 -m limit --limit $RATE_LIMIT/second --limit-burst 200 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A INPUT -p tcp --dport 443 -m limit --limit $RATE_LIMIT/second --limit-burst 200 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j DROP # 防止SYN洪水攻击 iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT iptables -A INPUT -p tcp --syn -j DROP # 防止ping洪水攻击 iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT # 保存规则 iptables-save > /etc/iptables/rules.v4 echo "iptables规则已应用" EOF chmod +x "$iptables_file" log_message "INFO" "iptables规则已生成: $iptables_file" } # 生成Nginx WAF配置 generate_nginx_waf() { local nginx_waf="$CONFIG_DIR/nginx_waf.conf" cat > "$nginx_waf" << EOF # Nginx WAF配置 # 生成时间: $(date) # 限制请求大小 client_max_body_size 10M; # 限制缓冲区大小 client_body_buffer_size 128k; client_header_buffer_size 1k; large_client_header_buffers 4 4k; # 超时设置 client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; # 限制请求方法 if (\$request_method !~ ^(GET|HEAD|POST)\$ ) { return 405; } # 阻止SQL注入 $(if [ "$ENABLE_SQL_INJECTION" = "true" ]; then cat << 'SQL_RULES' set \$block_sql_injection 0; if (\$query_string ~* "union.*select.*\(") { set \$block_sql_injection 1; } if (\$query_string ~* "union.*all.*select.*") { set \$block_sql_injection 1; } if (\$query_string ~* "concat.*\(") { set \$block_sql_injection 1; } if (\$query_string ~* "group.*by.*\(") { set \$block_sql_injection 1; } if (\$query_string ~* "order.*by.*\(") { set \$block_sql_injection 1; } if (\$block_sql_injection = 1) { return 403; } SQL_RULES fi) # 阻止XSS攻击 $(if [ "$ENABLE_XSS" = "true" ]; then cat << 'XSS_RULES' set \$block_xss 0; if (\$query_string ~* "<script.*>.*</script>") { set \$block_xss 1; } if (\$query_string ~* "javascript:") { set \$block_xss 1; } if (\$query_string ~* "onload\s*=") { set \$block_xss 1; } if (\$query_string ~* "onerror\s*=") { set \$block_xss 1; } if (\$query_string ~* "onclick\s*=") { set \$block_xss 1; } if (\$block_xss = 1) { return 403; } XSS_RULES fi) # 阻止目录遍历 $(if [ "$ENABLE_RFI_LFI" = "true" ]; then cat << 'DIR_RULES' set \$block_dir_traversal 0; if (\$query_string ~* "\.\./") { set \$block_dir_traversal 1; } if (\$query_string ~* "\.\.\\") { set \$block_dir_traversal 1; } if (\$query_string ~* "etc/passwd") { set \$block_dir_traversal 1; } if (\$query_string ~* "proc/self/environ") { set \$block_dir_traversal 1; } if (\$block_dir_traversal = 1) { return 403; } DIR_RULES fi) # 阻止命令注入 $(if [ "$ENABLE_COMMAND_INJECTION" = "true" ]; then cat << 'CMD_RULES' set \$block_command_injection 0; if (\$query_string ~* "\|.*\/bin\/") { set \$block_command_injection 1; } if (\$query_string ~* "\|.*\/bin\/sh") { set \$block_command_injection 1; } if (\$query_string ~* "cmd\s*=") { set \$block_command_injection 1; } if (\$query_string ~* "exec\s*=") { set \$block_command_injection 1; } if (\$block_command_injection = 1) { return 403; } CMD_RULES fi) # 文件上传防护 $(if [ "$ENABLE_FILE_UPLOAD" = "true" ]; then cat << 'UPLOAD_RULES' # 限制上传文件类型 location ~* \.(php|pl|py|jsp|asp|sh|cgi)\$ { return 403; } # 防止执行上传的脚本 location ~* /uploads/.*\.(php|pl|py|jsp|asp|sh|cgi)\$ { return 403; } UPLOAD_RULES fi) # 防盗链 $(if [ "$ENABLE_HOTLINKING" = "true" ]; then cat << 'HOTLINK_RULES' location ~* \.(jpg|jpeg|png|gif|ico|css|js)\$ { valid_referers none blocked server_names ~\.google\. ~\.bing\. ~\.yahoo\. *.example.com example.com; if (\$invalid_referer) { return 403; } } HOTLINK_RULES fi) # 阻止常见扫描器 $(if [ "$ENABLE_BOT_PROTECTION" = "true" ]; then cat << 'SCANNER_RULES' set \$block_scanner 0; if (\$http_user_agent ~* (nikto|wikto|acunetix|nessus|netsparker|w3af|owasp|paros|burpsuite)) { set \$block_scanner 1; } if (\$http_user_agent ~* (sqlmap|havij|sqlninja|pangolin)) { set \$block_scanner 1; } if (\$http_user_agent ~* (masscan|nmap|nessus|openvas)) { set \$block_scanner 1; } if (\$block_scanner = 1) { return 403; } # 阻止空User-Agent if (\$http_user_agent = "") { return 403; } # 阻止异常User-Agent if (\$http_user_agent ~* (libwww-perl|wget|curl|python|java|jakarta|httpclient)) { return 403; } SCANNER_RULES fi) # 速率限制 limit_req_zone \$binary_remote_addr zone=one:10m rate=${RATE_LIMIT}r/s; limit_req_zone \$binary_remote_addr zone=two:10m rate=5r/s; server { # 全局速率限制 limit_req zone=one burst=20 nodelay; location /login { # 登录页面更严格的限制 limit_req zone=two burst=5 nodelay; } location /admin { # 后台管理限制 limit_req zone=two burst=10 nodelay; } } # 访问日志格式 log_format waf '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for" ' 'blocked=\$block_sql_injection\$block_xss\$block_dir_traversal\$block_command_injection'; access_log $ACCESS_LOG waf; error_log $ACCESS_LOG; EOF log_message "INFO" "Nginx WAF配置已生成: $nginx_waf" } # 生成Apache WAF配置 generate_apache_waf() { local apache_waf="$CONFIG_DIR/apache_waf.conf" cat > "$apache_waf" << EOF # Apache WAF配置 # 生成时间: $(date) <IfModule mod_security2.c> # 启用ModSecurity SecRuleEngine On # 规则文件 SecRuleRemoveById 123456 $(if [ "$ENABLE_SQL_INJECTION" = "true" ]; then cat << 'APACHE_SQL' # SQL注入防护 SecRule ARGS "(?i:union\s+select)" \ "id:1001,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" SecRule ARGS "(?i:select.*from)" \ "id:1002,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" SecRule ARGS "(?i:insert\s+into)" \ "id:1003,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" SecRule ARGS "(?i:update.*set)" \ "id:1004,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" APACHE_SQL fi) $(if [ "$ENABLE_XSS" = "true" ]; then cat << 'APACHE_XSS' # XSS防护 SecRule ARGS "<script" \ "id:2001,phase:2,t:none,block,msg:'XSS Attack Detected'" SecRule ARGS "javascript:" \ "id:2002,phase:2,t:none,block,msg:'XSS Attack Detected'" SecRule ARGS "(?i:onload\s*=)" \ "id:2003,phase:2,t:none,block,msg:'XSS Attack Detected'" APACHE_XSS fi) $(if [ "$ENABLE_COMMAND_INJECTION" = "true" ]; then cat << 'APACHE_CMD' # 命令注入防护 SecRule ARGS "[\|;`&]" \ "id:3001,phase:2,t:none,block,msg:'Command Injection Attempt'" SecRule ARGS "(?i:cmd\s*=)" \ "id:3002,phase:2,t:none,block,msg:'Command Injection Attempt'" APACHE_CMD fi) </IfModule> <IfModule mod_evasive20.c> # DDoS防护 DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod $BAN_TIME $(if [ "$ENABLE_BRUTE_FORCE" = "true" ]; then cat << 'APACHE_BRUTE' # 暴力破解防护 DOSLoginPage "/login.php" DOSLoginCount 5 APACHE_BRUTE fi) </IfModule> <IfModule mod_rewrite.c> RewriteEngine On $(if [ "$ENABLE_HOTLINKING" = "true" ]; then cat << 'APACHE_HOTLINK' # 防盗链 RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] APACHE_HOTLINK fi) $(if [ "$ENABLE_BOT_PROTECTION" = "true" ]; then cat << 'APACHE_BOT' # 阻止恶意机器人 RewriteCond %{HTTP_USER_AGENT} (nikto|wikto|acunetix|nessus|netsparker|sqlmap|nmap) [NC] RewriteRule ^.*$ - [F,L] # 阻止空User-Agent RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_USER_AGENT} ^-?$ RewriteRule ^.*$ - [F,L] APACHE_BOT fi) </IfModule> # 限制请求方法 <LimitExcept GET POST> Deny from all </LimitExcept> # 文件上传限制 LimitRequestBody 10485760 # 自定义日志格式 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" waf CustomLog "$ACCESS_LOG" waf ErrorLog "$ACCESS_LOG" EOF log_message "INFO" "Apache WAF配置已生成: $apache_waf" } # 生成系统加固配置 generate_system_hardening() { local sysctl_file="$CONFIG_DIR/sysctl_hardening.conf" local limits_file="$CONFIG_DIR/limits_hardening.conf" # 生成sysctl配置 cat > "$sysctl_file" << EOF # 系统安全加固配置 # 生成时间: $(date) # 防止IP欺骗 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 禁止IP源路由 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # 禁止ICMP重定向 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 # 禁止发送ICMP重定向 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # 开启SYN Cookies net.ipv4.tcp_syncookies = 1 # 减少TIME-WAIT套接字 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 # 增大TCP缓冲区 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 # 增大最大连接数 net.core.somaxconn = 65535 net.ipv4.tcp_max_syn_backlog = 65535 # 防止SYN洪水攻击 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 3 # 开启TCP时间戳 net.ipv4.tcp_timestamps = 1 # 开启恶意ICMP错误消息保护 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 开启IP转发日志 net.ipv4.ip_forward = 0 EOF # 生成limits配置 cat > "$limits_file" << EOF # 用户限制配置 # 生成时间: $(date) * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 # 防止fork炸弹 root soft nproc unlimited root hard nproc unlimited # 核心文件限制 * soft core 0 * hard core 0 # 内存限制 * soft memlock unlimited * hard memlock unlimited EOF log_message "INFO" "系统加固配置已生成" } # 应用配置 apply_configuration() { log_message "INFO" "开始应用WAF配置..." # 备份当前配置 backup_config # 应用iptables规则 if [ -f "$CONFIG_DIR/iptables_rules.sh" ]; then log_message "INFO" "应用iptables规则..." sudo bash "$CONFIG_DIR/iptables_rules.sh" fi # 应用系统加固 if [ -f "$CONFIG_DIR/sysctl_hardening.conf" ]; then log_message "INFO" "应用sysctl配置..." sudo sysctl -p "$CONFIG_DIR/sysctl_hardening.conf" fi if [ -f "$CONFIG_DIR/limits_hardening.conf" ]; then log_message "INFO" "应用limits配置..." sudo cp "$CONFIG_DIR/limits_hardening.conf" /etc/security/limits.d/waf_limits.conf fi # 应用Web服务器配置 if [ "$WEB_SERVER" = "nginx" ] && [ -f "$CONFIG_DIR/nginx_waf.conf" ]; then log_message "INFO" "应用Nginx WAF配置..." # 检查Nginx配置语法 if sudo nginx -t; then sudo cp "$CONFIG_DIR/nginx_waf.conf" /etc/nginx/conf.d/waf.conf sudo systemctl reload nginx log_message "INFO" "Nginx配置已应用并重载" else log_message "ERROR" "Nginx配置测试失败" fi elif [ "$WEB_SERVER" = "apache" ] && [ -f "$CONFIG_DIR/apache_waf.conf" ]; then log_message "INFO" "应用Apache WAF配置..." sudo cp "$CONFIG_DIR/apache_waf.conf" /etc/apache2/conf-available/waf.conf sudo a2enconf waf sudo systemctl reload apache2 log_message "INFO" "Apache配置已应用并重载" fi # 设置监控脚本 setup_monitoring log_message "INFO" "WAF配置应用完成!" } # 设置监控 setup_monitoring() { local monitor_script="$SCRIPT_DIR/waf_monitor.sh" cat > "$monitor_script" << 'EOF' #!/bin/bash # WAF监控脚本 # 定期检查WAF状态和日志 LOG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/waf_logs" CONFIG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/waf_configs" # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # 检查日志 check_logs() { echo -e "${YELLOW}=== WAF日志分析 ===${NC}" if [ -f "$LOG_DIR/waf_block.log" ]; then echo -e "最近被阻止的攻击:" tail -20 "$LOG_DIR/waf_block.log" | while read line; do echo -e "${RED}✗${NC} $line" done fi # 统计攻击类型 echo -e "\n${YELLOW}攻击统计:${NC}" if [ -f "$LOG_DIR/waf_access.log" ]; then echo "SQL注入尝试: $(grep -c "SQL Injection" "$LOG_DIR/waf_access.log" 2>/dev/null || echo 0)" echo "XSS攻击尝试: $(grep -c "XSS Attack" "$LOG_DIR/waf_access.log" 2>/dev/null || echo 0)" echo "扫描器探测: $(grep -c "Scanner" "$LOG_DIR/waf_access.log" 2>/dev/null || echo 0)" fi } # 检查系统状态 check_system() { echo -e "${YELLOW}=== 系统状态 ===${NC}" # 检查iptables echo -e "iptables规则数: $(sudo iptables -L -n | wc -l)" echo -e "当前连接数: $(netstat -an | grep ESTABLISHED | wc -l)" # 检查内存使用 echo -e "内存使用: $(free -m | awk 'NR==2{printf "%.2f%%", $3*100/$2}')" # 检查CPU负载 echo -e "CPU负载: $(uptime | awk -F'load average:' '{print $2}')" } # 生成报告 generate_report() { local report_file="$LOG_DIR/waf_report_$(date +%Y%m%d_%H%M%S).txt" { echo "WAF监控报告" echo "生成时间: $(date)" echo "======================" echo "" check_system echo "" check_logs echo "" echo "配置状态:" if [ -f "$CONFIG_DIR/waf_main.conf" ]; then grep -E "ENABLE_|BLOCK_" "$CONFIG_DIR/waf_main.conf" fi } > "$report_file" echo -e "${GREEN}报告已生成: $report_file${NC}" } # 主循环 case "$1" in "check") check_logs check_system ;; "report") generate_report ;; "monitor") while true; do clear check_logs check_system echo -e "\n${YELLOW}按Ctrl+C退出监控${NC}" sleep 10 done ;; *) echo "用法: $0 {check|report|monitor}" exit 1 ;; esac EOF chmod +x "$monitor_script" # 创建cron任务 local cron_job="*/5 * * * * $monitor_script check > /dev/null 2>&1" (crontab -l 2>/dev/null | grep -v "$monitor_script"; echo "$cron_job") | crontab - log_message "INFO" "监控脚本已设置: $monitor_script" } # 一键默认配置 default_configuration() { log_message "INFO" "应用默认配置..." # 设置所有防护为开启 ENABLE_SQL_INJECTION="true" ENABLE_XSS="true" ENABLE_RFI_LFI="true" ENABLE_COMMAND_INJECTION="true" ENABLE_BRUTE_FORCE="true" ENABLE_DDOS="true" ENABLE_BOT_PROTECTION="true" ENABLE_FILE_UPLOAD="true" ENABLE_HOTLINKING="true" ENABLE_SENSITIVE_DATA="true" # 默认参数 BLOCK_THRESHOLD=10 BAN_TIME=3600 RATE_LIMIT=100 MAX_CONNECTIONS=50 # 保存配置 save_config # 生成所有配置文件 generate_iptables_rules generate_system_hardening if [ "$WEB_SERVER" = "nginx" ]; then generate_nginx_waf elif [ "$WEB_SERVER" = "apache" ]; then generate_apache_waf fi # 导入默认规则 import_owasp_rules import_common_attack_rules # 询问是否立即应用 read -p "是否立即应用配置? (y/n): " apply_now if [ "$apply_now" = "y" ]; then apply_configuration fi log_message "INFO" "默认配置已完成!" } # 显示状态 show_status() { echo -e "${CYAN}════════════════════ WAF状态 ════════════════════${NC}" # 检查服务状态 echo -e "${YELLOW}服务状态:${NC}" if systemctl is-active --quiet nginx 2>/dev/null; then echo -e " Nginx: ${GREEN}运行中${NC}" elif systemctl is-active --quiet apache2 2>/dev/null; then echo -e " Apache: ${GREEN}运行中${NC}" fi # 检查iptables echo -e " iptables: $(sudo iptables -L -n 2>/dev/null | grep -c 'DROP\|REJECT') 条阻止规则" # 检查配置文件 echo -e "\n${YELLOW}配置文件:${NC}" [ -f "$MAIN_CONFIG" ] && echo -e " 主配置: ${GREEN}存在${NC}" || echo -e " 主配置: ${RED}缺失${NC}" [ -f "$CUSTOM_RULES" ] && echo -e " 自定义规则: ${GREEN}存在 ($(wc -l < "$CUSTOM_RULES") 条)${NC}" || echo -e " 自定义规则: ${RED}缺失${NC}" # 检查日志 echo -e "\n${YELLOW}日志文件:${NC}" [ -f "$ACCESS_LOG" ] && echo -e " 访问日志: ${GREEN}存在 ($(du -h "$ACCESS_LOG" | cut -f1))${NC}" || echo -e " 访问日志: ${RED}缺失${NC}" [ -f "$BLOCK_LOG" ] && echo -e " 阻止日志: ${GREEN}存在 ($(grep -c "blocked" "$BLOCK_LOG" 2>/dev/null || echo 0) 条记录)${NC}" || echo -e " 阻止日志: ${RED}缺失${NC}" # 显示最近事件 if [ -f "$BLOCK_LOG" ] && [ -s "$BLOCK_LOG" ]; then echo -e "\n${YELLOW}最近被阻止的事件:${NC}" tail -5 "$BLOCK_LOG" | while read line; do echo -e " ${RED}▶${NC} $line" done fi echo -e "${CYAN}════════════════════════════════════════════════════${NC}" } # 主菜单 main_menu() { while true; do clear show_banner show_status echo -e "${GREEN}════════════════════ 主菜单 ════════════════════${NC}" echo " 1) 自定义配置WAF" echo " 2) 一键默认配置" echo " 3) 生成配置文件" echo " 4) 应用配置到系统" echo " 5) 查看当前配置" echo " 6) 管理自定义规则" echo " 7) 查看日志和状态" echo " 8) 备份当前配置" echo " 9) 恢复配置" echo "10) 运行监控脚本" echo "11) 测试WAF防护" echo "12) 卸载WAF配置" echo "13) 退出脚本" echo -e "${GREEN}════════════════════════════════════════════════════${NC}" read -p "请选择选项 [1-13]: " choice case $choice in 1) custom_config_menu ;; 2) default_configuration read -p "按Enter继续..." ;; 3) generate_configurations read -p "按Enter继续..." ;; 4) read -p "确定应用配置到系统? (y/n): " confirm if [ "$confirm" = "y" ]; then apply_configuration read -p "按Enter继续..." fi ;; 5) clear show_current_config echo -e "\n配置文件位置:" echo " 主配置: $MAIN_CONFIG" echo " 规则文件: $CUSTOM_RULES" echo " Nginx配置: $CONFIG_DIR/nginx_waf.conf" echo " Apache配置: $CONFIG_DIR/apache_waf.conf" echo " iptables配置: $CONFIG_DIR/iptables_rules.sh" read -p "按Enter继续..." ;; 6) manage_custom_rules ;; 7) clear show_status if [ -f "$SCRIPT_DIR/waf_monitor.sh" ]; then echo -e "\n${YELLOW}运行监控检查:${NC}" $SCRIPT_DIR/waf_monitor.sh check fi read -p "按Enter继续..." ;; 8) backup_config read -p "按Enter继续..." ;; 9) restore_configuration read -p "按Enter继续..." ;; 10) if [ -f "$SCRIPT_DIR/waf_monitor.sh" ]; then $SCRIPT_DIR/waf_monitor.sh monitor else echo -e "${RED}监控脚本未找到${NC}" sleep 2 fi ;; 11) test_waf_protection ;; 12) uninstall_waf read -p "按Enter继续..." ;; 13) echo -e "${GREEN}感谢使用WAF防护脚本!${NC}" exit 0 ;; *) echo -e "${RED}无效选项${NC}" sleep 1 ;; esac done } # 生成所有配置文件 generate_configurations() { log_message "INFO" "生成所有配置文件..." generate_iptables_rules generate_system_hardening if [ "$WEB_SERVER" = "nginx" ]; then generate_nginx_waf elif [ "$WEB_SERVER" = "apache" ]; then generate_apache_waf else log_message "WARN" "未检测到Web服务器,跳过生成服务器配置" fi log_message "INFO" "所有配置文件已生成到: $CONFIG_DIR" } # 测试WAF防护 test_waf_protection() { echo -e "${CYAN}════════════════════ WAF防护测试 ════════════════════${NC}" echo "此功能将发送测试请求来验证WAF防护是否正常工作" echo "注意: 这些是真实的攻击测试,但使用安全参数" echo -e "${YELLOW}警告: 仅在测试环境使用!${NC}" echo -e "${CYAN}════════════════════════════════════════════════════${NC}" read -p "是否继续? (y/n): " confirm if [ "$confirm" != "y" ]; then return fi # 获取服务器地址 read -p "请输入要测试的URL (默认: http://localhost): " test_url test_url=${test_url:-http://localhost} echo -e "\n${GREEN}开始WAF防护测试...${NC}" # 测试SQL注入防护 if [ "$ENABLE_SQL_INJECTION" = "true" ]; then echo -e "\n${YELLOW}测试SQL注入防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?id=1' OR '1'='1" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?id=1 UNION SELECT NULL,NULL--" fi # 测试XSS防护 if [ "$ENABLE_XSS" = "true" ]; then echo -e "\n${YELLOW}测试XSS防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?q=<script>alert('xss')</script>" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?q=javascript:alert(1)" fi # 测试目录遍历 if [ "$ENABLE_RFI_LFI" = "true" ]; then echo -e "\n${YELLOW}测试目录遍历防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?file=../../../etc/passwd" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?page=....//....//etc/passwd" fi # 测试命令注入 if [ "$ENABLE_COMMAND_INJECTION" = "true" ]; then echo -e "\n${YELLOW}测试命令注入防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?cmd=ls%20-la" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?input=|cat%20/etc/passwd" fi # 测试扫描器防护 if [ "$ENABLE_BOT_PROTECTION" = "true" ]; then echo -e "\n${YELLOW}测试扫描器防护:${NC}" curl -s -o /dev/null -A "nmap" -w "HTTP状态码: %{http_code}\n" "$test_url/" curl -s -o /dev/null -A "sqlmap" -w "HTTP状态码: %{http_code}\n" "$test_url/" fi echo -e "\n${GREEN}测试完成!${NC}" echo "查看日志文件了解详细信息: $BLOCK_LOG" read -p "按Enter继续..." } # 恢复配置 restore_configuration() { echo -e "${CYAN}════════════════════ 恢复配置 ════════════════════${NC}" if [ ! -d "$BACKUP_DIR" ] || [ -z "$(ls -A $BACKUP_DIR 2>/dev/null)" ]; then echo -e "${RED}未找到备份文件${NC}" return 1 fi # 显示备份文件 echo -e "${YELLOW}可用的备份:${NC}" local backups=($(ls -1t $BACKUP_DIR/waf_backup_*.conf 2>/dev/null | head -10)) if [ ${#backups[@]} -eq 0 ]; then backups=($(ls -1t $BACKUP_DIR/waf_backup_* 2>/dev/null | head -10)) fi for i in "${!backups[@]}"; do echo " $((i+1))) $(basename ${backups[$i]})" done read -p "选择要恢复的备份编号 [1-${#backups[@]}]: " choice if [[ $choice =~ ^[0-9]+$ ]] && [ $choice -ge 1 ] && [ $choice -le ${#backups[@]} ]; then local backup_file="${backups[$((choice-1))]}" echo -e "\n恢复备份: $backup_file" # 根据文件类型恢复 case $backup_file in *_nginx.conf) sudo cp "$backup_file" /etc/nginx/nginx.conf sudo nginx -t && sudo systemctl reload nginx echo -e "${GREEN}Nginx配置已恢复${NC}" ;; *_apache.conf|*_httpd.conf) if [ -f "/etc/apache2/apache2.conf" ]; then sudo cp "$backup_file" /etc/apache2/apache2.conf sudo systemctl reload apache2 elif [ -f "/etc/httpd/conf/httpd.conf" ]; then sudo cp "$backup_file" /etc/httpd/conf/httpd.conf sudo systemctl reload httpd fi echo -e "${GREEN}Apache配置已恢复${NC}" ;; *_iptables.rules) sudo iptables-restore < "$backup_file" echo -e "${GREEN}iptables规则已恢复${NC}" ;; *_sysctl.conf) sudo cp "$backup_file" /etc/sysctl.conf sudo sysctl -p echo -e "${GREEN}sysctl配置已恢复${NC}" ;; *) echo -e "${YELLOW}未知备份类型,请手动恢复${NC}" ;; esac else echo -e "${RED}无效选择${NC}" fi } # 卸载WAF配置 uninstall_waf() { echo -e "${RED}════════════════════ 卸载WAF配置 ════════════════════${NC}" echo -e "${RED}警告: 这将移除所有WAF配置${NC}" echo "1) 仅移除配置,保留备份和日志" echo "2) 完全卸载,删除所有文件" echo "3) 取消" echo -e "${RED}════════════════════════════════════════════════════${NC}" read -p "选择卸载选项 [1-3]: " choice case $choice in 1) # 移除配置 echo -e "${YELLOW}正在移除WAF配置...${NC}" # 移除iptables规则 sudo iptables -F sudo iptables -X sudo iptables -t nat -F sudo iptables -t nat -X # 恢复默认策略 sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT # 移除Web服务器配置 if [ "$WEB_SERVER" = "nginx" ] && [ -f "/etc/nginx/conf.d/waf.conf" ]; then sudo rm -f /etc/nginx/conf.d/waf.conf sudo systemctl reload nginx elif [ "$WEB_SERVER" = "apache" ]; then sudo rm -f /etc/apache2/conf-available/waf.conf sudo a2disconf waf 2>/dev/null sudo systemctl reload apache2 fi # 移除limits配置 sudo rm -f /etc/security/limits.d/waf_limits.conf echo -e "${GREEN}WAF配置已移除,备份和日志已保留${NC}" ;; 2) # 完全卸载 read -p "确定要完全删除所有WAF文件? (输入'CONFIRM'确认): " confirm if [ "$confirm" = "CONFIRM" ]; then echo -e "${RED}正在删除所有WAF文件...${NC}" # 移除配置和规则 rm -rf "$CONFIG_DIR" "$RULES_DIR" # 移除cron任务 crontab -l | grep -v "waf_monitor" | crontab - # 移除监控脚本 rm -f "$SCRIPT_DIR/waf_monitor.sh" echo -e "${GREEN}所有WAF文件已删除${NC}" else echo -e "${YELLOW}取消卸载${NC}" fi ;; *) echo -e "${YELLOW}取消卸载${NC}" ;; esac } # 初始化脚本 init_script() { # 检查是否为root if [ "$EUID" -ne 0 ]; then log_message "WARN" "建议使用root权限运行此脚本" sleep 2 fi # 创建目录 mkdir -p "$CONFIG_DIR" "$LOGS_DIR" "$BACKUP_DIR" "$RULES_DIR" # 初始化日志 log_message "INFO" "WAF脚本初始化" log_message "INFO" "脚本目录: $SCRIPT_DIR" # 检查依赖 check_dependencies # 加载配置 load_config } # 主程序 main() { init_script main_menu } # 捕获Ctrl+C trap 'echo -e "\n${RED}用户中断脚本${NC}"; exit 1' INT # 运行主程序 main脚本功能说明主要特性:1.全面防护功能:SQL注入防护XSS跨站脚本防护RFI/LFI远程/本地文件包含防护命令注入防护暴力破解防护DDoS防护恶意机器人防护文件上传防护盗链防护敏感数据防护2.配置管理:一键默认配置自定义配置(可单独开关每个功能)参数自定义调整配置备份与恢复规则管理:自定义规则添加OWASP核心规则集导入常见攻击规则导入规则文件编辑3.多Web服务器支持:Nginx配置生成Apache配置生成iptables防火墙规则4.监控与报告:实时监控脚本自动日志分析攻击统计报告系统状态监控使用方法:保存脚本:# 将脚本保存为 waf_manager.sh chmod +x waf_manager.sh运行脚本:sudo ./waf_manager.sh推荐使用流程:首次运行选择"一键默认配置"根据需求使用"自定义配置"调整生成配置文件后"应用配置到系统"使用"测试WAF防护"验证效果定期使用"运行监控脚本"查看状态 -
Linux系统笔记本关盖休眠交互式脚本 #!/bin/bash # Linux笔记本关盖休眠设置脚本 # 适用于支持systemd的Linux系统 # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # 配置文件路径 LOGIND_CONF="/etc/systemd/logind.conf" LOGIND_CONF_DIR="/etc/systemd/logind.conf.d/" CUSTOM_CONF="$LOGIND_CONF_DIR/lid-settings.conf" # 系统信息 DISTRO=$(lsb_release -si 2>/dev/null || echo "Unknown") DISTRO_VERSION=$(lsb_release -sr 2>/dev/null || echo "Unknown") KERNEL=$(uname -r) # 检查是否以root运行 check_root() { if [ "$EUID" -ne 0 ]; then echo -e "${RED}错误:此脚本需要root权限${NC}" echo "请使用 sudo 运行:sudo $0" exit 1 fi } # 显示系统信息 show_system_info() { echo -e "${CYAN}系统信息:${NC}" echo -e "发行版: $DISTRO $DISTRO_VERSION" echo -e "内核版本: $KERNEL" echo -e "主机名: $(hostname)" # 检查是否为笔记本电脑 if [ -d /sys/class/power_supply/ ]; then echo -e "设备类型: 笔记本电脑" else echo -e "${YELLOW}设备类型: 可能不是笔记本电脑${NC}" fi } # 显示当前设置 show_current_settings() { echo -e "\n${BLUE}=== 当前关盖设置 ===${NC}" # 检查是否有盖子设备 if [ -e /proc/acpi/button/lid/LID/state ]; then lid_state=$(cat /proc/acpi/button/lid/LID/state 2>/dev/null | awk '{print $2}') echo -e "${CYAN}盖子状态:${NC} $lid_state" elif [ -d /sys/class/power_supply/ ]; then echo -e "${CYAN}盖子状态:${NC} 通过/sys接口检测" fi # 检查全局配置 if [ -f "$LOGIND_CONF" ]; then echo -e "\n${YELLOW}全局配置 ($LOGIND_CONF):${NC}" grep -E "^(#)?HandleLidSwitch" "$LOGIND_CONF" || echo "未设置(使用默认值)" grep -E "^(#)?HandleLidSwitchExternalPower" "$LOGIND_CONF" || echo "" grep -E "^(#)?HandleLidSwitchDocked" "$LOGIND_CONF" || echo "" fi # 检查自定义配置 if [ -f "$CUSTOM_CONF" ]; then echo -e "\n${YELLOW}自定义配置 ($CUSTOM_CONF):${NC}" cat "$CUSTOM_CONF" fi # 显示实际生效的值 echo -e "\n${YELLOW}实际生效的设置:${NC}" current_setting=$(systemctl cat systemd-logind 2>/dev/null | grep -i HandleLidSwitch | tail -1) if [ -n "$current_setting" ]; then echo "$current_setting" else echo "使用默认设置: HandleLidSwitch=suspend" fi # 检查其他可能的配置文件 if [ -f "/etc/UPower/UPower.conf" ]; then echo -e "\n${YELLOW}UPower 配置:${NC}" grep -i "IgnoreLid" /etc/UPower/UPower.conf || echo "未设置" fi } # 启用关盖休眠 enable_lid_suspend() { echo -e "\n${GREEN}正在启用关盖休眠...${NC}" # 创建配置目录(如果不存在) mkdir -p "$LOGIND_CONF_DIR" # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=suspend HandleLidSwitchExternalPower=suspend HandleLidSwitchDocked=ignore EOF echo -e "${GREEN}配置已保存到 $CUSTOM_CONF${NC}" # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}服务已重启,设置生效${NC}" # 对于某些桌面环境,可能需要额外的设置 if [ -f "/etc/UPower/UPower.conf" ]; then echo -e "${YELLOW}检测到UPower,建议同时配置UPower设置${NC}" echo "可以在桌面环境的电源管理设置中进行配置" fi } # 禁用关盖休眠 disable_lid_suspend() { echo -e "\n${YELLOW}正在禁用关盖休眠(关盖时不执行操作)...${NC}" # 创建配置目录(如果不存在) mkdir -p "$LOGIND_CONF_DIR" # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=ignore HandleLidSwitchExternalPower=ignore HandleLidSwitchDocked=ignore EOF echo -e "${GREEN}配置已保存到 $CUSTOM_CONF${NC}" # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}服务已重启,设置生效${NC}" echo -e "\n${CYAN}注意:${NC}" echo "禁用关盖休眠后,合上盖子时屏幕可能会继续亮着,消耗电量。" echo "如果需要关闭屏幕但不休眠,请选择'只锁定屏幕'选项。" } # 设置自定义行为 set_custom_behavior() { echo -e "\n${BLUE}=== 设置自定义关盖行为 ===${NC}" echo "请选择关盖时的行为:" echo -e "1) ${GREEN}suspend${NC} - 挂起/休眠(默认,低功耗状态)" echo -e "2) ${GREEN}lock${NC} - 只锁定屏幕(保持运行)" echo -e "3) ${YELLOW}ignore${NC} - 不执行任何操作" echo -e "4) ${RED}poweroff${NC} - 关机" echo -e "5) ${PURPLE}hibernate${NC} - 深度休眠(保存到硬盘)" echo -e "6) ${CYAN}hybrid-sleep${NC} - 混合休眠" read -p "请输入选项编号 (1-6): " choice case $choice in 1) behavior="suspend" ;; 2) behavior="lock" ;; 3) behavior="ignore" ;; 4) behavior="poweroff" ;; 5) behavior="hibernate" ;; 6) behavior="hybrid-sleep" ;; *) echo -e "${RED}无效选择,使用默认值 (suspend)${NC}" behavior="suspend" ;; esac echo -e "\n${CYAN}是否区分电源状态?${NC}" echo "1) 统一设置(电池和电源都使用相同行为)" echo "2) 分别设置(电池和电源使用不同行为)" read -p "请选择 (1-2): " power_choice # 创建配置目录(如果不存在) mkdir -p "$LOGIND_CONF_DIR" if [ "$power_choice" = "2" ]; then echo -e "\n${CYAN}请设置使用电池时的行为:${NC}" echo "1) suspend 2) lock 3) ignore" echo "4) poweroff 5) hibernate 6) hybrid-sleep" read -p "选项 (1-6): " battery_choice case $battery_choice in 1) battery_behavior="suspend" ;; 2) battery_behavior="lock" ;; 3) battery_behavior="ignore" ;; 4) battery_behavior="poweroff" ;; 5) battery_behavior="hibernate" ;; 6) battery_behavior="hybrid-sleep" ;; *) battery_behavior="$behavior" ;; esac echo -e "\n${CYAN}请设置使用外接电源时的行为:${NC}" echo "1) suspend 2) lock 3) ignore" echo "4) poweroff 5) hibernate 6) hybrid-sleep" read -p "选项 (1-6): " ac_choice case $ac_choice in 1) ac_behavior="suspend" ;; 2) ac_behavior="lock" ;; 3) ac_behavior="ignore" ;; 4) ac_behavior="poweroff" ;; 5) ac_behavior="hibernate" ;; 6) ac_behavior="hybrid-sleep" ;; *) ac_behavior="$behavior" ;; esac # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=$battery_behavior HandleLidSwitchExternalPower=$ac_behavior HandleLidSwitchDocked=ignore EOF echo -e "\n${GREEN}已设置:${NC}" echo -e "使用电池时: ${GREEN}$battery_behavior${NC}" echo -e "使用外接电源时: ${GREEN}$ac_behavior${NC}" else # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=$behavior HandleLidSwitchExternalPower=$behavior HandleLidSwitchDocked=ignore EOF echo -e "${GREEN}已设置关盖行为为: $behavior${NC}" fi echo -e "${GREEN}配置已保存到 $CUSTOM_CONF${NC}" # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}服务已重启,设置生效${NC}" } # 恢复默认设置 restore_default() { echo -e "\n${YELLOW}正在恢复默认设置...${NC}" # 删除自定义配置 if [ -f "$CUSTOM_CONF" ]; then rm "$CUSTOM_CONF" echo -e "${GREEN}已删除自定义配置${NC}" else echo -e "${YELLOW}未找到自定义配置${NC}" fi # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}已恢复系统默认设置${NC}" } # 检查休眠功能支持 check_hibernate_support() { echo -e "\n${BLUE}=== 检查休眠支持 ===${NC}" # 检查swap echo -e "${CYAN}交换空间:${NC}" swapon --show # 检查hibernate支持 if [ -f /sys/power/state ]; then echo -e "\n${CYAN}支持的电源状态:${NC}" cat /sys/power/state fi # 检查是否配置了resume if [ -f /proc/cmdline ]; then if grep -q "resume" /proc/cmdline; then echo -e "\n${GREEN}已配置休眠恢复参数${NC}" else echo -e "\n${YELLOW}未配置休眠恢复参数${NC}" fi fi } # 设置休眠(如果需要) setup_hibernate() { echo -e "\n${YELLOW}注意:要使用休眠功能,需要正确配置交换空间${NC}" echo "当前交换空间信息:" swapon --show read -p "是否查看休眠配置指南? (y/N): " choice if [ "$choice" = "y" ] || [ "$choice" = "Y" ]; then echo -e "\n${CYAN}基本休眠配置步骤:${NC}" echo "1. 确保交换分区大小 >= 内存大小" echo "2. 编辑 /etc/default/grub,添加 resume=交换分区设备" echo "3. 运行 update-grub 或 grub-mkconfig" echo "4. 重启系统" echo "" echo "例如:GRUB_CMDLINE_LINUX_DEFAULT=\"resume=/dev/sda2\"" fi } # 测试功能 test_lid_behavior() { echo -e "\n${YELLOW}=== 关盖行为测试 ===${NC}" echo "此功能需要您手动合上笔记本盖子进行测试。" echo "" echo -e "${RED}警告:测试前请保存所有工作!${NC}" echo "" echo "测试步骤:" echo "1. 保持终端窗口打开" echo "2. 合上笔记本盖子" echo "3. 等待5-10秒" echo "4. 打开盖子" echo "5. 检查系统状态" echo "" # 倒计时 for i in {5..1}; do echo -ne "\r测试将在 $i 秒后开始(按 Ctrl+C 取消)..." sleep 1 done echo "" echo -e "\n${GREEN}开始测试...${NC}" echo "测试开始时间: $(date)" echo -e "${YELLOW}请在5秒内合上笔记本盖子...${NC}" sleep 5 echo -e "\n${CYAN}测试结果:${NC}" echo "当前时间: $(date)" echo -e "${GREEN}如果看到此消息,说明:${NC}" echo "1. 系统检测到盖子关闭事件" echo "2. 当前设置允许系统保持唤醒状态" echo "" echo "要验证设置是否完全生效,可以:" echo "1. 等待更长时间(30-60秒)" echo "2. 查看系统日志:journalctl -u systemd-logind --since \"5 minutes ago\"" read -p "是否查看最近的相关日志? (y/N): " view_logs if [ "$view_logs" = "y" ] || [ "$view_logs" = "Y" ]; then journalctl -u systemd-logind --since "5 minutes ago" --no-pager | tail -20 fi } # 查看日志 view_logs() { echo -e "\n${BLUE}=== 查看相关日志 ===${NC}" echo "1) 查看systemd-logind服务状态" echo "2) 查看系统日志中的关盖事件(最近1小时)" echo "3) 查看内核日志(关盖相关)" echo "4) 实时监控日志(按Ctrl+C退出)" echo "5) 返回主菜单" read -p "请选择 (1-5): " log_choice case $log_choice in 1) echo -e "\n${YELLOW}systemd-logind 服务状态:${NC}" systemctl status systemd-logind --no-pager -l ;; 2) echo -e "\n${YELLOW}最近的系统日志(关盖相关):${NC}" journalctl -u systemd-logind --since "1 hour ago" | grep -i "lid\|sleep\|suspend\|lock" | tail -30 ;; 3) echo -e "\n${YELLOW}内核日志(关盖相关):${NC}" dmesg | grep -i "lid\|acpi" | tail -20 ;; 4) echo -e "\n${YELLOW}开始实时监控日志(按Ctrl+C退出)...${NC}" journalctl -u systemd-logind -f ;; 5) return ;; *) echo -e "${RED}无效选择${NC}" ;; esac read -p "按回车键继续..." } # 显示菜单 show_menu() { clear echo -e "${BLUE}=================================${NC}" echo -e "${BLUE} Linux笔记本关盖休眠设置工具 ${NC}" echo -e "${BLUE}=================================${NC}" echo "" show_system_info show_current_settings echo -e "\n${GREEN}请选择操作:${NC}" echo "1) 启用关盖休眠(默认)" echo "2) 禁用关盖休眠(关盖时不操作)" echo "3) 设置自定义关盖行为" echo "4) 检查休眠功能支持" echo "5) 恢复系统默认设置" echo "6) 显示当前设置" echo "7) 测试关盖行为" echo "8) 查看日志" echo "9) 退出" echo "" } # 主函数 main() { # 检查root权限 check_root # 检查systemd if ! command -v systemctl &> /dev/null; then echo -e "${RED}错误:未找到systemd,此脚本需要systemd系统${NC}" exit 1 fi while true; do show_menu read -p "请输入选项编号 (1-9): " choice case $choice in 1) enable_lid_suspend ;; 2) disable_lid_suspend ;; 3) set_custom_behavior ;; 4) check_hibernate_support read -p "是否设置休眠功能? (y/N): " hibernate_choice if [ "$hibernate_choice" = "y" ] || [ "$hibernate_choice" = "Y" ]; then setup_hibernate fi ;; 5) restore_default ;; 6) show_current_settings ;; 7) test_lid_behavior ;; 8) view_logs continue # 不暂停,直接返回菜单 ;; 9) echo -e "\n${GREEN}感谢使用,再见!${NC}" exit 0 ;; *) echo -e "${RED}无效选项,请重新输入${NC}" ;; esac # 暂停一下让用户看到结果 if [ "$choice" != "8" ]; then read -p "按回车键继续..." fi done } # 显示使用说明 show_usage() { echo -e "${BLUE}Linux笔记本关盖休眠设置脚本${NC}" echo "版本: 2.0" echo "适用于支持systemd的Linux发行版" echo "" echo "用法:" echo " $0 [选项]" echo "" echo "选项:" echo " --enable 启用关盖休眠" echo " --disable 禁用关盖休眠" echo " --status 显示当前设置" echo " --check-hibernate 检查休眠支持" echo " --help, -h 显示此帮助信息" echo "" echo "示例:" echo " sudo $0 --enable" echo " sudo $0 --status" echo " sudo $0 --check-hibernate" echo "" echo "支持的发行版:" echo " Ubuntu, Debian, Fedora, CentOS, Arch Linux, openSUSE等" } # 处理命令行参数 case "$1" in "--enable") check_root enable_lid_suspend ;; "--disable") check_root disable_lid_suspend ;; "--status") check_root show_system_info show_current_settings ;; "--check-hibernate") check_root check_hibernate_support ;; "--help"|"-h") show_usage exit 0 ;; "") # 无参数,进入交互模式 main ;; *) echo -e "${RED}未知参数: $1${NC}" show_usage exit 1 ;; esac使用方法交互式菜单模式(推荐):sudo bash lid-control.sh命令行模式:# 启用关盖休眠 sudo bash lid-control.sh --enable # 禁用关盖休眠 sudo bash lid-control.sh --disable # 查看当前设置 sudo bash lid-control.sh --status # 检查休眠支持 sudo bash lid-control.sh --check-hibernate # 显示帮助信息 sudo bash lid-control.sh --help
-
Linux系统资源监控与优化工具箱 #!/bin/bash # ============================================ # 系统资源监控与优化工具箱 # 功能:实时监控CPU、内存、磁盘、网络,提供优化建议 # 使用方法:./sys-monitor.sh [选项] # ============================================ # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' CYAN='\033[0;36m' PURPLE='\033[0;35m' NC='\033[0m' # No Color # 配置文件 CONFIG_DIR="$HOME/.sys-monitor" LOG_FILE="$CONFIG_DIR/sys-monitor.log" ALERT_LOG="$CONFIG_DIR/alerts.log" CONFIG_FILE="$CONFIG_DIR/config" REPORT_DIR="$CONFIG_DIR/reports" # 阈值配置(可在设置中修改) CPU_WARNING=70 CPU_CRITICAL=90 MEM_WARNING=70 MEM_CRITICAL=90 DISK_WARNING=80 DISK_CRITICAL=95 LOAD_WARNING=1 LOAD_CRITICAL=2 # 初始化函数 init_monitor() { mkdir -p "$CONFIG_DIR" mkdir -p "$REPORT_DIR" if [ ! -f "$CONFIG_FILE" ]; then save_config else load_config fi # 初始化日志 echo "========================================" >> "$LOG_FILE" echo "系统监控启动时间: $(date)" >> "$LOG_FILE" echo "主机名: $(hostname)" >> "$LOG_FILE" echo "========================================" >> "$LOG_FILE" } # 保存配置 save_config() { cat > "$CONFIG_FILE" << EOF # 系统监控配置 CPU_WARNING=$CPU_WARNING CPU_CRITICAL=$CPU_CRITICAL MEM_WARNING=$MEM_WARNING MEM_CRITICAL=$MEM_CRITICAL DISK_WARNING=$DISK_WARNING DISK_CRITICAL=$DISK_CRITICAL ALERT_ENABLED=true MONITOR_INTERVAL=2 KEEP_LOGS_DAYS=7 EOF } # 加载配置 load_config() { if [ -f "$CONFIG_FILE" ]; then source "$CONFIG_FILE" fi } # ============================================ # 内存信息获取函数(完全修复版) # ============================================ # 方法1: 使用/proc/meminfo(最可靠) get_memory_info_from_proc() { if [ -f /proc/meminfo ]; then # 读取内存信息 local mem_total_kb=$(grep "^MemTotal:" /proc/meminfo | awk '{print $2}') local mem_free_kb=$(grep "^MemFree:" /proc/meminfo | awk '{print $2}') local buffers_kb=$(grep "^Buffers:" /proc/meminfo | awk '{print $2}') local cached_kb=$(grep "^Cached:" /proc/meminfo | awk '{print $2}') local sreclaimable_kb=$(grep "^SReclaimable:" /proc/meminfo | awk '{print $2}') # 转换为MB local mem_total_mb=$((mem_total_kb / 1024)) # 计算已用内存 (更准确的方法) # 已用内存 = 总内存 - 可用内存 # 可用内存 = MemFree + Buffers + Cached + SReclaimable if [ -n "$mem_free_kb" ] && [ -n "$buffers_kb" ] && [ -n "$cached_kb" ]; then local mem_available_kb=$((mem_free_kb + buffers_kb + cached_kb)) if [ -n "$sreclaimable_kb" ]; then mem_available_kb=$((mem_available_kb + sreclaimable_kb)) fi local mem_used_mb=$(((mem_total_kb - mem_available_kb) / 1024)) echo "$mem_total_mb $mem_used_mb" return 0 fi # 如果上面的方法失败,使用简单方法 if [ -n "$mem_total_kb" ]; then local mem_used_kb=$((mem_total_kb - mem_free_kb)) local mem_used_mb=$((mem_used_kb / 1024)) echo "$mem_total_mb $mem_used_mb" return 0 fi fi return 1 } # 方法2: 使用free命令 get_memory_info_from_free() { if command -v free &> /dev/null; then local free_output=$(free -m 2>/dev/null) if [ $? -eq 0 ]; then local mem_total=$(echo "$free_output" | awk '/^Mem:/{print $2}') local mem_used=$(echo "$free_output" | awk '/^Mem:/{print $3}') local mem_available=$(echo "$free_output" | awk '/^Mem:/{print $7}') # 如果有available字段,使用更准确的计算 if [ -n "$mem_available" ] && [ "$mem_available" -gt 0 ]; then local mem_real_used=$((mem_total - mem_available)) echo "$mem_total $mem_real_used" elif [ -n "$mem_total" ] && [ -n "$mem_used" ]; then echo "$mem_total $mem_used" fi return 0 fi fi return 1 } # 方法3: 使用vmstat get_memory_info_from_vmstat() { if command -v vmstat &> /dev/null; then local vmstat_output=$(vmstat -s 2>/dev/null) if [ $? -eq 0 ]; then local mem_total_kb=$(echo "$vmstat_output" | grep -i "total memory" | awk '{print $1}') local mem_used_kb=$(echo "$vmstat_output" | grep -i "used memory" | awk '{print $1}') if [ -n "$mem_total_kb" ] && [ -n "$mem_used_kb" ]; then local mem_total_mb=$((mem_total_kb / 1024)) local mem_used_mb=$((mem_used_kb / 1024)) echo "$mem_total_mb $mem_used_mb" return 0 fi fi fi return 1 } # 主内存获取函数 get_memory_info() { # 尝试方法1: /proc/meminfo local mem_info=$(get_memory_info_from_proc) if [ $? -eq 0 ] && [ -n "$mem_info" ]; then echo "$mem_info" return 0 fi # 尝试方法2: free命令 mem_info=$(get_memory_info_from_free) if [ $? -eq 0 ] && [ -n "$mem_info" ]; then echo "$mem_info" return 0 fi # 尝试方法3: vmstat mem_info=$(get_memory_info_from_vmstat) if [ $? -eq 0 ] && [ -n "$mem_info" ]; then echo "$mem_info" return 0 fi # 所有方法都失败 echo "0 0" return 1 } # 安全地计算内存使用率 calculate_mem_percent() { local total_mem=$1 local used_mem=$2 # 检查参数是否有效 if [ -z "$total_mem" ] || [ "$total_mem" -le 0 ] || [ -z "$used_mem" ] || [ "$used_mem" -lt 0 ]; then echo "0" return fi # 计算百分比(使用整数运算) local percent=0 if [ "$total_mem" -gt 0 ]; then percent=$((used_mem * 100 / total_mem)) # 确保百分比在合理范围内 if [ "$percent" -lt 0 ]; then percent=0 elif [ "$percent" -gt 100 ]; then percent=100 fi fi echo "$percent" } # ============================================ # 其他信息获取函数 # ============================================ # 获取CPU使用率 get_cpu_usage() { # 方法1: 使用/proc/stat(最可靠) if [ -f /proc/stat ]; then # 获取第一次CPU统计 local cpu_line=$(grep '^cpu ' /proc/stat) read cpu user nice system idle iowait irq softirq steal guest guest_nice <<< "$cpu_line" local total1=$((user + nice + system + idle + iowait + irq + softirq + steal)) local idle1=$idle # 等待1秒 sleep 0.5 # 获取第二次CPU统计 cpu_line=$(grep '^cpu ' /proc/stat) read cpu user nice system idle iowait irq softirq steal guest guest_nice <<< "$cpu_line" local total2=$((user + nice + system + idle + iowait + irq + softirq + steal)) local idle2=$idle # 计算CPU使用率 local total_diff=$((total2 - total1)) local idle_diff=$((idle2 - idle1)) if [ $total_diff -gt 0 ]; then local cpu_usage=$((100 * (total_diff - idle_diff) / total_diff)) echo "$cpu_usage" return 0 fi fi # 方法2: 使用top命令 if command -v top &> /dev/null; then local cpu_usage=$(top -bn1 2>/dev/null | grep "Cpu(s)" | awk '{print $2}' | cut -d'%' -f1) if [ -n "$cpu_usage" ]; then echo "${cpu_usage%.*}" return 0 fi fi echo "0" } # 获取磁盘使用率 get_disk_usage() { # 方法1: 使用df命令 if command -v df &> /dev/null; then local disk_usage=$(df -h / 2>/dev/null | awk 'NR==2 {print $5}' | sed 's/%//') if [ -n "$disk_usage" ]; then echo "$disk_usage" return 0 fi fi # 方法2: 使用/proc/mounts if [ -f /proc/mounts ]; then local root_device=$(grep " / " /proc/mounts | awk '{print $1}') if [ -n "$root_device" ] && command -v df &> /dev/null; then local disk_usage=$(df -h "$root_device" 2>/dev/null | awk 'NR==2 {print $5}' | sed 's/%//') if [ -n "$disk_usage" ]; then echo "$disk_usage" return 0 fi fi fi echo "0" } # 获取系统负载 get_load_average() { if [ -f /proc/loadavg ]; then cat /proc/loadavg | awk '{print $1, $2, $3}' elif command -v uptime &> /dev/null; then uptime | sed -n 's/.*load average: //p' | tr -d ',' else echo "0 0 0" fi } # 获取系统信息 get_system_info() { # 获取操作系统信息 if [ -f /etc/os-release ]; then OS_INFO=$(grep PRETTY_NAME /etc/os-release 2>/dev/null | cut -d'"' -f2) elif [ -f /etc/redhat-release ]; then OS_INFO=$(cat /etc/redhat-release 2>/dev/null) elif [ -f /etc/debian_version ]; then OS_INFO="Debian $(cat /etc/debian_version 2>/dev/null)" elif [ -f /etc/lsb-release ]; then OS_INFO=$(grep DISTRIB_DESCRIPTION /etc/lsb-release 2>/dev/null | cut -d'=' -f2 | tr -d '"') else OS_INFO=$(uname -o 2>/dev/null) fi OS_INFO=${OS_INFO:-"Unknown Linux"} # 获取内核版本 KERNEL=$(uname -r 2>/dev/null) KERNEL=${KERNEL:-"Unknown"} # 获取系统架构 ARCH=$(uname -m 2>/dev/null) ARCH=${ARCH:-"Unknown"} # 获取主机名 HOSTNAME=$(hostname 2>/dev/null) HOSTNAME=${HOSTNAME:-"Unknown"} # 获取正常运行时间 if [ -f /proc/uptime ]; then local uptime_sec=$(awk '{print int($1)}' /proc/uptime 2>/dev/null) local uptime_days=$((uptime_sec / 86400)) local uptime_hours=$(( (uptime_sec % 86400) / 3600 )) local uptime_mins=$(( (uptime_sec % 3600) / 60 )) if [ $uptime_days -gt 0 ]; then UPTIME="${uptime_days}天 ${uptime_hours}小时" elif [ $uptime_hours -gt 0 ]; then UPTIME="${uptime_hours}小时 ${uptime_mins}分钟" else UPTIME="${uptime_mins}分钟" fi else UPTIME="unknown" fi # 获取CPU信息 if [ -f /proc/cpuinfo ]; then CPU_MODEL=$(grep "model name" /proc/cpuinfo 2>/dev/null | head -1 | cut -d':' -f2 | sed 's/^ *//') CPU_CORES=$(grep -c "^processor" /proc/cpuinfo 2>/dev/null) fi CPU_MODEL=${CPU_MODEL:-"Unknown CPU"} CPU_CORES=${CPU_CORES:-1} # 获取内存信息(使用新函数) mem_info=$(get_memory_info) TOTAL_MEM=$(echo $mem_info | awk '{print $1}') USED_MEM=$(echo $mem_info | awk '{print $2}') # 获取磁盘信息 if command -v df &> /dev/null; then TOTAL_DISK=$(df -h / 2>/dev/null | awk 'NR==2 {print $2}' || echo "unknown") else TOTAL_DISK="unknown" fi } # 显示标题 show_header() { clear echo -e "${PURPLE}" echo "╔══════════════════════════════════════════════════════════╗" echo "║ 系统资源监控与优化工具箱 v1.0 ║" echo "║ System Monitor & Optimizer Toolkit ║" echo "╚══════════════════════════════════════════════════════════╝" echo -e "${NC}" get_system_info # 计算内存使用率 local mem_percent=$(calculate_mem_percent "$TOTAL_MEM" "$USED_MEM") echo -e "${CYAN}系统概览:${NC}" echo -e "主机: ${GREEN}$HOSTNAME${NC} | 系统: ${YELLOW}$OS_INFO${NC}" echo -e "内核: ${BLUE}$KERNEL${NC} | 架构: ${BLUE}$ARCH${NC}" echo -e "运行: ${CYAN}$UPTIME${NC} | CPU: ${CPU_CORES}核 ${CPU_MODEL:0:30}" echo -e "内存: ${GREEN}${TOTAL_MEM}MB${NC} (使用率: ${mem_percent}%) | 磁盘: ${GREEN}$TOTAL_DISK${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" } # 显示菜单 show_menu() { echo -e "\n${YELLOW}主菜单:${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${GREEN}1. 实时系统监控${NC} - 监控CPU、内存、磁盘、网络" echo -e "${GREEN}2. 资源使用分析${NC} - 详细分析资源使用情况" echo -e "${GREEN}3. 进程管理${NC} - 查看和管理进程" echo -e "${GREEN}4. 服务状态检查${NC} - 检查系统服务状态" echo -e "${GREEN}5. 系统日志分析${NC} - 分析系统日志" echo -e "${GREEN}6. 磁盘空间管理${NC} - 磁盘使用分析和清理" echo -e "${GREEN}7. 网络连接监控${NC} - 监控网络连接和流量" echo -e "${GREEN}8. 系统优化建议${NC} - 获取系统优化建议" echo -e "${GREEN}9. 性能基准测试${NC} - 运行性能基准测试" echo -e "${GREEN}10. 生成系统报告${NC} - 生成详细系统报告" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${GREEN}0. 退出${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" } # 记录日志 log_message() { local message="$1" echo "[$(date '+%Y-%m-%d %H:%M:%S')] $message" >> "$LOG_FILE" } # 记录告警 log_alert() { local alert_type="$1" local message="$2" echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$alert_type] $message" >> "$ALERT_LOG" echo -e "${RED}[告警] $message${NC}" } # 1. 实时系统监控 real_time_monitor() { local refresh_rate=${MONITOR_INTERVAL:-2} local monitor_duration=0 show_header echo -e "\n${CYAN}实时系统监控 (按 q 退出)${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}刷新间隔: ${refresh_rate}秒 | 按 '+' 增加间隔 | 按 '-' 减少间隔${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" while true; do # 获取当前时间 local current_time=$(date '+%H:%M:%S') # 获取CPU使用率 local cpu_usage=$(get_cpu_usage) # 获取内存信息 local mem_info=$(get_memory_info) local total_mem=$(echo $mem_info | awk '{print $1}') local used_mem=$(echo $mem_info | awk '{print $2}') local mem_percent=$(calculate_mem_percent "$total_mem" "$used_mem") # 获取磁盘使用率 local disk_usage=$(get_disk_usage) # 获取系统负载 local load_avg=$(get_load_average) local load1=$(echo $load_avg | awk '{print $1}') local load5=$(echo $load_avg | awk '{print $2}') local load15=$(echo $load_avg | awk '{print $3}') # 获取运行时间 local uptime_sec=0 local uptime_days=0 local uptime_hours=0 local uptime_mins=0 if [ -f /proc/uptime ]; then uptime_sec=$(awk '{print int($1)}' /proc/uptime 2>/dev/null) uptime_days=$((uptime_sec / 86400)) uptime_hours=$(( (uptime_sec % 86400) / 3600 )) uptime_mins=$(( (uptime_sec % 3600) / 60 )) fi # 清屏并显示信息 clear # 显示简化标题 echo -e "${PURPLE}" echo "╔══════════════════════════════════════════════════════════╗" echo "║ 实时系统监控 (按q退出) ║" echo "╚══════════════════════════════════════════════════════════╝" echo -e "${NC}" echo -e "${CYAN}监控时间: $current_time | 刷新间隔: ${refresh_rate}秒${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" # CPU使用率 echo -e "\n${GREEN}CPU 使用率:${NC}" echo -n " [" local cpu_bar_length=50 local cpu_filled=0 # 安全地计算填充长度 if [ "$cpu_usage" -gt 0 ] 2>/dev/null && [ "$cpu_usage" -le 100 ]; then cpu_filled=$((cpu_usage * cpu_bar_length / 100)) fi if [ "$cpu_filled" -gt "$cpu_bar_length" ]; then cpu_filled=$cpu_bar_length fi local cpu_empty=$((cpu_bar_length - cpu_filled)) # 根据使用率显示不同颜色 if [ "$cpu_usage" -ge "$CPU_CRITICAL" ] 2>/dev/null; then echo -ne "${RED}" elif [ "$cpu_usage" -ge "$CPU_WARNING" ] 2>/dev/null; then echo -ne "${YELLOW}" else echo -ne "${GREEN}" fi printf "%${cpu_filled}s" | tr " " "█" echo -ne "${NC}" printf "%${cpu_empty}s" | tr " " "░" echo -e "] ${cpu_usage}%" # 内存使用率 echo -e "\n${GREEN}内存 使用率:${NC}" echo -n " [" local mem_bar_length=50 local mem_filled=0 if [ "$mem_percent" -gt 0 ] 2>/dev/null && [ "$mem_percent" -le 100 ]; then mem_filled=$((mem_percent * mem_bar_length / 100)) fi if [ "$mem_filled" -gt "$mem_bar_length" ]; then mem_filled=$mem_bar_length fi local mem_empty=$((mem_bar_length - mem_filled)) if [ "$mem_percent" -ge "$MEM_CRITICAL" ] 2>/dev/null; then echo -ne "${RED}" elif [ "$mem_percent" -ge "$MEM_WARNING" ] 2>/dev/null; then echo -ne "${YELLOW}" else echo -ne "${GREEN}" fi printf "%${mem_filled}s" | tr " " "█" echo -ne "${NC}" printf "%${mem_empty}s" | tr " " "░" echo -e "] ${mem_percent}% (${used_mem}MB/${total_mem}MB)" # 磁盘使用率 echo -e "\n${GREEN}磁盘 使用率(/):${NC}" echo -n " [" local disk_bar_length=50 local disk_filled=0 if [ "$disk_usage" -gt 0 ] 2>/dev/null && [ "$disk_usage" -le 100 ]; then disk_filled=$((disk_usage * disk_bar_length / 100)) fi if [ "$disk_filled" -gt "$disk_bar_length" ]; then disk_filled=$disk_bar_length fi local disk_empty=$((disk_bar_length - disk_filled)) if [ "$disk_usage" -ge "$DISK_CRITICAL" ] 2>/dev/null; then echo -ne "${RED}" elif [ "$disk_usage" -ge "$DISK_WARNING" ] 2>/dev/null; then echo -ne "${YELLOW}" else echo -ne "${GREEN}" fi printf "%${disk_filled}s" | tr " " "█" echo -ne "${NC}" printf "%${disk_empty}s" | tr " " "░" echo -e "] ${disk_usage}%" # 系统负载 echo -e "\n${GREEN}系统负载:${NC}" echo -e " 1分钟: ${load1:-0} | 5分钟: ${load5:-0} | 15分钟: ${load15:-0}" # 获取CPU核心数 local cpu_cores=1 if [ -f /proc/cpuinfo ]; then cpu_cores=$(grep -c "^processor" /proc/cpuinfo 2>/dev/null || echo 1) fi echo -e " CPU核心数: ${cpu_cores}" # 其他信息 echo -e "\n${GREEN}其他信息:${NC}" # 获取进程数 local process_count=0 if [ -f /proc/stat ]; then process_count=$(grep -c "^procs_running" /proc/stat) fi echo -e " 运行进程数: ${process_count}" echo -e " 系统运行: ${uptime_days}天 ${uptime_hours}小时 ${uptime_mins}分钟" # 检查告警条件 if [ "$ALERT_ENABLED" = "true" ]; then echo -e "\n${YELLOW}告警检查:${NC}" # 检查CPU if [ "$cpu_usage" -ge "$CPU_CRITICAL" ] 2>/dev/null; then echo -e " ${RED}⚠ CPU使用率过高: ${cpu_usage}%${NC}" elif [ "$cpu_usage" -ge "$CPU_WARNING" ] 2>/dev/null; then echo -e " ${YELLOW}⚠ CPU使用率警告: ${cpu_usage}%${NC}" else echo -e " ${GREEN}✓ CPU使用率正常${NC}" fi # 检查内存 if [ "$mem_percent" -ge "$MEM_CRITICAL" ] 2>/dev/null; then echo -e " ${RED}⚠ 内存使用率过高: ${mem_percent}%${NC}" elif [ "$mem_percent" -ge "$MEM_WARNING" ] 2>/dev/null; then echo -e " ${YELLOW}⚠ 内存使用率警告: ${mem_percent}%${NC}" else echo -e " ${GREEN}✓ 内存使用率正常${NC}" fi # 检查磁盘 if [ "$disk_usage" -ge "$DISK_CRITICAL" ] 2>/dev/null; then echo -e " ${RED}⚠ 磁盘使用率过高: ${disk_usage}%${NC}" elif [ "$disk_usage" -ge "$DISK_WARNING" ] 2>/dev/null; then echo -e " ${YELLOW}⚠ 磁盘使用率警告: ${disk_usage}%${NC}" else echo -e " ${GREEN}✓ 磁盘使用率正常${NC}" fi fi echo -e "\n${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}按 q 退出 | 按 + 增加间隔 | 按 - 减少间隔${NC}" # 非阻塞读取键盘输入 if read -t "$refresh_rate" -n 1 key; then case $key in q|Q) echo -e "\n${GREEN}退出监控模式${NC}" break ;; +) refresh_rate=$((refresh_rate + 1)) echo -e "\n${YELLOW}刷新间隔增加至 ${refresh_rate}秒${NC}" sleep 1 ;; -) if [ "$refresh_rate" -gt 1 ]; then refresh_rate=$((refresh_rate - 1)) echo -e "\n${YELLOW}刷新间隔减少至 ${refresh_rate}秒${NC}" sleep 1 fi ;; esac fi monitor_duration=$((monitor_duration + refresh_rate)) done log_message "实时监控运行 ${monitor_duration}秒" } # 2. 资源使用分析 resource_analysis() { show_header echo -e "\n${CYAN}资源使用详细分析${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" # CPU详细分析 echo -e "\n${YELLOW}1. CPU使用分析:${NC}" echo -e "${GREEN}══════════════════════════════════════════════════════════${NC}" echo -e "CPU型号: ${CPU_MODEL}" echo -e "CPU核心数: ${CPU_CORES}" # 显示CPU架构 if [ -f /proc/cpuinfo ]; then echo -e "CPU架构: $(grep -m1 "model name" /proc/cpuinfo | cut -d: -f2 | sed 's/^ *//')" fi # 显示CPU频率 if [ -f /proc/cpuinfo ]; then echo -e "CPU频率: $(grep -m1 "cpu MHz" /proc/cpuinfo | cut -d: -f2 | sed 's/^ *//') MHz" fi # 按进程统计CPU使用 echo -e "\n${CYAN}CPU使用最高的进程 (前5):${NC}" if command -v ps &> /dev/null; then echo -e "${YELLOW}USER PID CPU% COMMAND${NC}" ps aux --sort=-%cpu 2>/dev/null | head -6 | tail -5 | awk '{printf "%-10s %-8s %-6s %-50s\n", $1, $2, $3, $11}' else echo -e "${YELLOW}无法获取进程信息${NC}" fi # 内存详细分析 echo -e "\n${YELLOW}2. 内存使用分析:${NC}" echo -e "${GREEN}══════════════════════════════════════════════════════════${NC}" # 使用多种方法显示内存信息 echo -e "${CYAN}方法1: 使用free命令${NC}" if command -v free &> /dev/null; then free -h 2>/dev/null || echo -e "${YELLOW}无法获取内存信息${NC}" fi echo -e "\n${CYAN}方法2: 使用/proc/meminfo${NC}" if [ -f /proc/meminfo ]; then echo -e "总内存: $(grep "^MemTotal:" /proc/meminfo | awk '{print $2/1024 " MB"}')" echo -e "空闲内存: $(grep "^MemFree:" /proc/meminfo | awk '{print $2/1024 " MB"}')" echo -e "可用内存: $(grep "^MemAvailable:" /proc/meminfo 2>/dev/null | awk '{print $2/1024 " MB"}' || echo "未知")" echo -e "缓存: $(grep "^Cached:" /proc/meminfo | awk '{print $2/1024 " MB"}')" echo -e "缓冲: $(grep "^Buffers:" /proc/meminfo | awk '{print $2/1024 " MB"}')" fi # 按进程统计内存使用 echo -e "\n${CYAN}内存使用最高的进程 (前5):${NC}" if command -v ps &> /dev/null; then echo -e "${YELLOW}USER PID MEM% COMMAND${NC}" ps aux --sort=-%mem 2>/dev/null | head -6 | tail -5 | awk '{printf "%-10s %-8s %-6s %-50s\n", $1, $2, $4, $11}' fi # 磁盘详细分析 echo -e "\n${YELLOW}3. 磁盘使用分析:${NC}" echo -e "${GREEN}══════════════════════════════════════════════════════════${NC}" if command -v df &> /dev/null; then echo -e "${CYAN}磁盘使用情况:${NC}" df -h 2>/dev/null | head -10 || echo -e "${YELLOW}无法获取磁盘信息${NC}" fi # 显示inode使用情况 echo -e "\n${CYAN}Inode使用情况:${NC}" if command -v df &> /dev/null; then df -i 2>/dev/null | head -5 fi # 总结和建议 echo -e "\n${YELLOW}4. 分析总结:${NC}" echo -e "${GREEN}══════════════════════════════════════════════════════════${NC}" # 获取当前资源使用 local cpu_usage=$(get_cpu_usage) local mem_info=$(get_memory_info) local total_mem=$(echo $mem_info | awk '{print $1}') local used_mem=$(echo $mem_info | awk '{print $2}') local mem_percent=$(calculate_mem_percent "$total_mem" "$used_mem") local disk_usage=$(get_disk_usage) echo -e "${CYAN}当前资源使用情况:${NC}" echo -e " CPU使用率: ${cpu_usage}%" echo -e " 内存使用率: ${mem_percent}% (${used_mem}MB/${total_mem}MB)" echo -e " 磁盘使用率: ${disk_usage}%" # 提供建议 echo -e "\n${CYAN}优化建议:${NC}" if [ "$cpu_usage" -gt 80 ] 2>/dev/null; then echo -e " ${RED}⚠ CPU使用率较高,建议:${NC}" echo -e " 1. 检查并优化高CPU进程" echo -e " 2. 考虑升级CPU" echo -e " 3. 优化应用程序配置" else echo -e " ${GREEN}✓ CPU使用率正常${NC}" fi if [ "$mem_percent" -gt 80 ] 2>/dev/null; then echo -e " ${RED}⚠ 内存使用率较高,建议:${NC}" echo -e " 1. 关闭不必要的应用程序" echo -e " 2. 增加交换空间" echo -e " 3. 考虑增加物理内存" echo -e " 4. 优化应用程序内存使用" else echo -e " ${GREEN}✓ 内存使用率正常${NC}" fi if [ "$disk_usage" -gt 80 ] 2>/dev/null; then echo -e " ${RED}⚠ 磁盘使用率较高,建议:${NC}" echo -e " 1. 清理临时文件" echo -e " 2. 删除不需要的软件包" echo -e " 3. 清理日志文件" echo -e " 4. 考虑增加磁盘空间" else echo -e " ${GREEN}✓ 磁盘使用率正常${NC}" fi log_message "资源使用分析" read -p "按回车键继续..." } # 3. 进程管理 process_management() { while true; do show_header echo -e "\n${CYAN}进程管理${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "\n${YELLOW}进程管理选项:${NC}" echo "1. 查看所有进程" echo "2. 查看高CPU进程" echo "3. 查看高内存进程" echo "4. 查找特定进程" echo "5. 结束进程" echo "0. 返回主菜单" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" read -p "请选择 [0-5]: " choice case $choice in 1) echo -e "\n${CYAN}所有进程 (前20个):${NC}" if command -v ps &> /dev/null; then ps aux | head -20 else echo -e "${RED}无法获取进程信息${NC}" fi ;; 2) echo -e "\n${CYAN}高CPU进程 (前10个):${NC}" if command -v ps &> /dev/null; then echo -e "${YELLOW}USER PID CPU% COMMAND${NC}" ps aux --sort=-%cpu | head -11 | tail -10 | awk '{printf "%-10s %-8s %-6s %-50s\n", $1, $2, $3, $11}' fi ;; 3) echo -e "\n${CYAN}高内存进程 (前10个):${NC}" if command -v ps &> /dev/null; then echo -e "${YELLOW}USER PID MEM% COMMAND${NC}" ps aux --sort=-%mem | head -11 | tail -10 | awk '{printf "%-10s %-8s %-6s %-50s\n", $1, $2, $4, $11}' fi ;; 4) read -p "输入要查找的进程名: " proc_name if [ -n "$proc_name" ]; then echo -e "\n${CYAN}查找进程: $proc_name${NC}" if command -v ps &> /dev/null; then ps aux | grep -i "$proc_name" | grep -v grep fi fi ;; 5) read -p "输入要结束的进程PID: " pid if [ -n "$pid" ]; then echo -e "${YELLOW}结束进程 $pid ...${NC}" if kill "$pid" 2>/dev/null; then echo -e "${GREEN}✓ 进程 $pid 已结束${NC}" else echo -e "${RED}✗ 无法结束进程 $pid${NC}" fi fi ;; 0) break ;; *) echo -e "${RED}无效选择${NC}" ;; esac if [ "$choice" -ne 0 ]; then read -p "按回车键继续..." fi done } # 4. 服务状态检查 service_check() { show_header echo -e "\n${CYAN}服务状态检查${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "\n${YELLOW}关键服务状态:${NC}" # 检查系统是使用systemd还是init if command -v systemctl &> /dev/null; then echo -e "${GREEN}使用systemd管理系统${NC}" # 检查常见服务 services=("ssh" "cron" "nginx" "apache2" "mysql" "docker" "network" "systemd-logind") for service in "${services[@]}"; do if systemctl list-unit-files "$service.service" &>/dev/null 2>&1; then status=$(systemctl is-active "$service.service" 2>/dev/null) if [ "$status" = "active" ]; then echo -e " ${GREEN}✓ $service: 运行中${NC}" elif [ "$status" = "inactive" ]; then echo -e " ${YELLOW}○ $service: 已停止${NC}" elif [ "$status" = "failed" ]; then echo -e " ${RED}✗ $service: 失败${NC}" else echo -e " ${BLUE}? $service: 未知状态${NC}" fi fi done # 显示失败的服务 echo -e "\n${YELLOW}失败的服务:${NC}" systemctl --failed 2>/dev/null | grep -v "0 loaded units listed" || echo -e " ${GREEN}✓ 没有失败的服务${NC}" elif [ -d /etc/init.d ]; then echo -e "${GREEN}使用init.d管理系统${NC}" echo -e "\n${YELLOW}服务状态:${NC}" service --status-all 2>/dev/null | head -10 else echo -e "${YELLOW}无法确定服务管理系统${NC}" fi # 检查网络服务 echo -e "\n${YELLOW}网络服务端口:${NC}" if command -v ss &> /dev/null; then ss -tulpn 2>/dev/null | head -10 elif command -v netstat &> /dev/null; then netstat -tulpn 2>/dev/null | head -10 else echo -e "${YELLOW}无法检查网络端口${NC}" fi read -p "按回车键继续..." } # 主程序 main() { # 初始化 init_monitor # 显示欢迎信息 show_header # 检查是否以root运行 if [ "$EUID" -ne 0 ]; then echo -e "${YELLOW}注意: 部分功能需要root权限${NC}" echo -e "${CYAN}可以使用sudo运行脚本: sudo $0${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" fi while true; do show_header show_menu read -p "请选择操作 [0-10]: " main_choice case $main_choice in 1) real_time_monitor ;; 2) resource_analysis ;; 3) process_management ;; 4) service_check ;; 5) show_header echo -e "\n${CYAN}系统日志分析${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}功能开发中...${NC}" read -p "按回车键继续..." ;; 6) show_header echo -e "\n${CYAN}磁盘空间管理${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}功能开发中...${NC}" read -p "按回车键继续..." ;; 7) show_header echo -e "\n${CYAN}网络连接监控${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}功能开发中...${NC}" read -p "按回车键继续..." ;; 8) show_header echo -e "\n${CYAN}系统优化建议${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}功能开发中...${NC}" read -p "按回车键继续..." ;; 9) show_header echo -e "\n${CYAN}性能基准测试${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}功能开发中...${NC}" read -p "按回车键继续..." ;; 10) show_header echo -e "\n${CYAN}生成系统报告${NC}" echo -e "${BLUE}══════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW}功能开发中...${NC}" read -p "按回车键继续..." ;; 0) echo -e "\n${GREEN}感谢使用系统监控工具!${NC}" echo -e "${CYAN}日志文件: $LOG_FILE${NC}" echo -e "${CYAN}告警日志: $ALERT_LOG${NC}" echo -e "${CYAN}报告目录: $REPORT_DIR${NC}" exit 0 ;; *) echo -e "${RED}无效选择,请重新输入${NC}" sleep 1 ;; esac done } # 运行主程序 main
-
Linux系统安全加固与审计脚本 #!/bin/bash # ============================================ # Linux系统安全加固与审计脚本 # 功能:自动化安全检查和系统加固 # 使用方法:sudo ./security-audit.sh [选项] ## 保存脚本 ## sudo nano /usr/local/bin/security-audit.sh ## 赋予执行权限 ## sudo chmod +x /usr/local/bin/security-audit.sh ## 运行交互式菜单 ## sudo security-audit.sh ## 或直接运行完整审计 ## sudo security-audit.sh --audit # ============================================ # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' CYAN='\033[0;36m' PURPLE='\033[0;35m' NC='\033[0m' # No Color # 配置 REPORT_FILE="/var/log/security-audit-$(date +%Y%m%d).report" LOG_FILE="/var/log/security-audit.log" BACKUP_DIR="/root/security-backup-$(date +%Y%m%d)" AUDIT_SCORE=0 MAX_SCORE=100 CHECK_COUNT=0 PASS_COUNT=0 FAIL_COUNT=0 WARN_COUNT=0 # 函数:打印带颜色的消息 print_color() { local color=$1 local msg=$2 echo -e "${color}${msg}${NC}" } # 函数:记录日志 log_message() { local message=$1 echo "[$(date '+%Y-%m-%d %H:%M:%S')] $message" >> "$LOG_FILE" } # 函数:打印检查结果 print_result() { local level=$1 local check_name=$2 local status=$3 local message=$4 CHECK_COUNT=$((CHECK_COUNT + 1)) case $status in "PASS") PASS_COUNT=$((PASS_COUNT + 1)) AUDIT_SCORE=$((AUDIT_SCORE + 2)) printf "[${GREEN}✓${NC}] %-50s ${GREEN}通过${NC}\n" "$check_name" log_message "PASS - $check_name: $message" ;; "FAIL") FAIL_COUNT=$((FAIL_COUNT + 1)) printf "[${RED}✗${NC}] %-50s ${RED}失败${NC}\n" "$check_name" printf " ${YELLOW}建议: $message${NC}" log_message "FAIL - $check_name: $message" ;; "WARN") WARN_COUNT=$((WARN_COUNT + 1)) AUDIT_SCORE=$((AUDIT_SCORE + 1)) printf "[${YELLOW}!${NC}] %-50s ${YELLOW}警告${NC}\n" "$check_name" printf " ${CYAN}信息: $message${NC}" log_message "WARN - $check_name: $message" ;; "INFO") printf "[${BLUE}i${NC}] %-50s ${BLUE}信息${NC}\n" "$check_name" printf " ${CYAN}详情: $message${NC}" log_message "INFO - $check_name: $message" ;; esac } # 函数:生成报告头部 report_header() { cat > "$REPORT_FILE" << EOF ============================================ Linux系统安全审计报告 生成时间: $(date) 主机名: $(hostname) 操作系统: $(cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2 2>/dev/null || uname -o) 内核版本: $(uname -r) ============================================ EOF log_message "生成审计报告头部" } # 函数:添加报告内容 add_report() { local section=$1 local content=$2 echo -e "\n=== $section ===" >> "$REPORT_FILE" echo "$content" >> "$REPORT_FILE" } # 函数:显示进度条 show_progress() { local current=$1 local total=$2 local width=50 local percent=$((current * 100 / total)) local filled=$((current * width / total)) local empty=$((width - filled)) printf "\r[" printf "%${filled}s" | tr " " "=" printf "%${empty}s" | tr " " " " printf "] %3d%%" "$percent" } # 函数:显示标题 show_section() { local title=$1 echo "" print_color "$PURPLE" "┌──────────────────────────────────────────────────────┐" print_color "$PURPLE" "│ $(printf "%-52s" "$title") │" print_color "$PURPLE" "└──────────────────────────────────────────────────────┘" } # 函数:检查是否为root用户 check_root() { if [ "$EUID" -ne 0 ]; then print_color "$RED" "错误:此脚本需要root权限运行!" print_color "$CYAN" "请使用: sudo $0" exit 1 fi } # 函数:备份配置文件 backup_config() { local file=$1 if [ -f "$file" ]; then mkdir -p "$BACKUP_DIR" cp "$file" "$BACKUP_DIR/" 2>/dev/null if [ $? -eq 0 ]; then print_color "$CYAN" "已备份: $file -> $BACKUP_DIR/" else print_color "$YELLOW" "备份失败: $file (可能权限不足)" fi fi } # 函数:暂停等待 pause() { echo "" print_color "$CYAN" "按回车键继续..." read -n 1 } # ==================== 安全检查模块 ==================== # 1. 检查SSH安全配置 check_ssh_security() { show_section "SSH服务安全检查" local ssh_config="/etc/ssh/sshd_config" if [ -f "$ssh_config" ]; then backup_config "$ssh_config" # 检查PermitRootLogin if grep -q "^PermitRootLogin no" "$ssh_config" || grep -q "^#PermitRootLogin no" "$ssh_config"; then print_result "HIGH" "SSH禁止root登录" "PASS" "已禁止root通过SSH登录" else print_result "HIGH" "SSH禁止root登录" "FAIL" "建议设置 PermitRootLogin no" fi # 检查密码认证 if grep -q "^PasswordAuthentication no" "$ssh_config"; then print_result "MEDIUM" "SSH密码认证" "PASS" "已禁用密码认证" elif grep -q "^#PasswordAuthentication no" "$ssh_config"; then print_result "MEDIUM" "SSH密码认证" "WARN" "考虑禁用密码认证,使用密钥" else print_result "MEDIUM" "SSH密码认证" "FAIL" "建议禁用密码认证" fi # 检查空闲超时 if grep -q "^ClientAliveInterval 300" "$ssh_config" && grep -q "^ClientAliveCountMax 3" "$ssh_config"; then print_result "LOW" "SSH连接超时" "PASS" "已设置连接超时" else print_result "LOW" "SSH连接超时" "WARN" "建议设置 ClientAliveInterval 300 和 ClientAliveCountMax 3" fi # 检查端口 local ssh_port=$(grep "^Port" "$ssh_config" | awk '{print $2}' | head -1) if [ "$ssh_port" = "22" ] || [ -z "$ssh_port" ]; then print_result "MEDIUM" "SSH默认端口" "WARN" "考虑修改默认SSH端口" else print_result "MEDIUM" "SSH默认端口" "PASS" "已修改默认端口: $ssh_port" fi # 检查协议版本 if grep -q "^Protocol 2" "$ssh_config"; then print_result "HIGH" "SSH协议版本" "PASS" "已使用SSH协议版本2" else print_result "HIGH" "SSH协议版本" "FAIL" "必须使用SSH协议版本2" fi # 检查失败登录限制 if grep -q "^MaxAuthTries 3" "$ssh_config"; then print_result "MEDIUM" "SSH登录尝试次数" "PASS" "已限制登录尝试次数" else print_result "MEDIUM" "SSH登录尝试次数" "WARN" "建议设置 MaxAuthTries 3" fi else print_result "HIGH" "SSH配置文件" "WARN" "SSH配置文件不存在" fi } # 2. 检查防火墙配置 check_firewall() { show_section "防火墙安全检查" # 检查iptables if command -v iptables &> /dev/null; then local iptables_rules=$(iptables -L -n 2>/dev/null | grep -c "^ACCEPT") if [ $iptables_rules -gt 0 ]; then print_result "HIGH" "iptables防火墙" "PASS" "iptables规则已配置" # 检查默认策略 local input_policy=$(iptables -L INPUT -n 2>/dev/null | grep "policy" | awk '{print $4}') local forward_policy=$(iptables -L FORWARD -n 2>/dev/null | grep "policy" | awk '{print $4}') if [ "$input_policy" = "DROP" ] || [ "$input_policy" = "REJECT" ]; then print_result "HIGH" "INPUT链默认策略" "PASS" "INPUT策略: $input_policy" else print_result "HIGH" "INPUT链默认策略" "FAIL" "建议设置INPUT链为DROP" fi else print_result "HIGH" "iptables防火墙" "FAIL" "未配置iptables规则" fi fi # 检查firewalld if command -v systemctl &> /dev/null && systemctl is-active firewalld &> /dev/null; then print_result "MEDIUM" "firewalld防火墙" "PASS" "firewalld正在运行" if command -v firewall-cmd &> /dev/null; then local firewalld_zones=$(firewall-cmd --get-active-zones 2>/dev/null | wc -l) if [ $firewalld_zones -gt 0 ]; then print_result "MEDIUM" "firewalld区域" "PASS" "已配置防火墙区域" fi fi fi # 检查UFW if command -v ufw &> /dev/null; then local ufw_status=$(ufw status 2>/dev/null | grep -i "active") if [ -n "$ufw_status" ]; then print_result "MEDIUM" "UFW防火墙" "PASS" "UFW已启用" else print_result "MEDIUM" "UFW防火墙" "WARN" "UFW已安装但未启用" fi fi } # 3. 检查密码策略 check_password_policy() { show_section "密码策略检查" local login_defs="/etc/login.defs" local common_auth="/etc/pam.d/common-auth" local common_password="/etc/pam.d/common-password" if [ -f "$login_defs" ]; then # 检查密码最大天数 local pass_max_days=$(grep "^PASS_MAX_DAYS" "$login_defs" | awk '{print $2}') if [ -n "$pass_max_days" ] && [ "$pass_max_days" -le 90 ]; then print_result "MEDIUM" "密码最大有效期" "PASS" "密码有效期: $pass_max_days 天" else print_result "MEDIUM" "密码最大有效期" "FAIL" "建议设置密码有效期不超过90天" fi # 检查密码最小天数 local pass_min_days=$(grep "^PASS_MIN_DAYS" "$login_defs" | awk '{print $2}') if [ -n "$pass_min_days" ] && [ "$pass_min_days" -ge 1 ]; then print_result "LOW" "密码最小修改间隔" "PASS" "最小修改间隔: $pass_min_days 天" else print_result "LOW" "密码最小修改间隔" "WARN" "建议设置密码最小修改间隔为1天" fi # 检查密码警告天数 local pass_warn_age=$(grep "^PASS_WARN_AGE" "$login_defs" | awk '{print $2}') if [ -n "$pass_warn_age" ] && [ "$pass_warn_age" -ge 7 ]; then print_result "LOW" "密码过期警告" "PASS" "过期前警告: $pass_warn_age 天" else print_result "LOW" "密码过期警告" "WARN" "建议设置密码过期前7天警告" fi fi # 检查PAM密码复杂度 if [ -f "$common_password" ]; then if grep -q "pam_pwquality.so" "$common_password"; then print_result "HIGH" "密码复杂度检查" "PASS" "已启用密码复杂度检查" # 检查具体复杂度设置 if grep -q "minlen=12" "$common_password" || grep -q "minlen=14" "$common_password"; then print_result "HIGH" "密码最小长度" "PASS" "密码最小长度12+字符" else print_result "HIGH" "密码最小长度" "WARN" "建议密码最小长度12字符" fi else print_result "HIGH" "密码复杂度检查" "FAIL" "未启用密码复杂度检查" fi fi # 检查失败登录锁定 if [ -f "$common_auth" ]; then if grep -q "pam_tally2.so" "$common_auth" || grep -q "pam_faillock.so" "$common_auth"; then print_result "HIGH" "失败登录锁定" "PASS" "已启用失败登录锁定" else print_result "HIGH" "失败登录锁定" "WARN" "建议启用失败登录锁定机制" fi fi } # 4. 检查用户和权限 check_users_permissions() { show_section "用户和权限检查" # 检查空密码账户 local empty_passwords=$(awk -F: '($2 == "" ) {print $1}' /etc/shadow 2>/dev/null) if [ -z "$empty_passwords" ]; then print_result "CRITICAL" "空密码账户" "PASS" "没有空密码账户" else print_result "CRITICAL" "空密码账户" "FAIL" "发现空密码账户: $empty_passwords" fi # 检查UID为0的用户 local uid0_users=$(awk -F: '($3 == 0) {print $1}' /etc/passwd) local uid0_count=$(echo "$uid0_users" | wc -l) if [ "$uid0_count" -eq 1 ] && echo "$uid0_users" | grep -q "^root$"; then print_result "CRITICAL" "UID 0用户检查" "PASS" "只有root用户UID为0" else print_result "CRITICAL" "UID 0用户检查" "FAIL" "多个用户UID为0: $uid0_users" fi # 检查sudo权限 local sudo_users=$(grep -E "^[^#].*ALL.*NOPASSWD" /etc/sudoers /etc/sudoers.d/* 2>/dev/null | wc -l) if [ "$sudo_users" -eq 0 ]; then print_result "HIGH" "无密码sudo" "PASS" "没有配置无密码sudo" else print_result "HIGH" "无密码sudo" "WARN" "发现无密码sudo配置,建议审查" fi # 检查登录shell local valid_shells="/bin/bash|/bin/sh|/bin/zsh|/bin/tcsh|/bin/csh" local invalid_shell_users=$(awk -F: -v shells="$valid_shells" '$7 !~ shells && $7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 != "/sbin/nologin" {print $1":"$7}' /etc/passwd 2>/dev/null) if [ -z "$invalid_shell_users" ]; then print_result "MEDIUM" "无效登录shell" "PASS" "没有无效的登录shell" else print_result "MEDIUM" "无效登录shell" "WARN" "发现无效登录shell: $invalid_shell_users" fi # 检查umask设置 local umask_global=$(grep -r "^umask" /etc/profile /etc/bash.bashrc /etc/profile.d/* 2>/dev/null | head -1) if echo "$umask_global" | grep -q "022\|027"; then print_result "MEDIUM" "全局umask设置" "PASS" "全局umask设置正确" else print_result "MEDIUM" "全局umask设置" "WARN" "建议设置全局umask为022或027" fi } # 5. 检查文件系统安全 check_filesystem_security() { show_section "文件系统安全检查" # 检查关键目录权限 local critical_dirs=( "/etc/passwd:644:root:root" "/etc/shadow:640:root:shadow" "/etc/group:644:root:root" "/etc/sudoers:440:root:root" "/etc/ssh/sshd_config:600:root:root" "/root:700:root:root" "/etc/crontab:644:root:root" ) for dir_info in "${critical_dirs[@]}"; do IFS=':' read -r file expected_mode expected_owner expected_group <<< "$dir_info" if [ -e "$file" ]; then local actual_mode=$(stat -c "%a" "$file" 2>/dev/null) local actual_owner=$(stat -c "%U" "$file" 2>/dev/null) local actual_group=$(stat -c "%G" "$file" 2>/dev/null) if [ "$actual_mode" = "$expected_mode" ] && [ "$actual_owner" = "$expected_owner" ] && [ "$actual_group" = "$expected_group" ]; then print_result "HIGH" "文件权限: $file" "PASS" "权限正确" else print_result "HIGH" "文件权限: $file" "FAIL" "当前: $actual_mode $actual_owner:$actual_group, 期望: $expected_mode $expected_owner:$expected_group" fi fi done # 检查SUID/SGID文件 local suid_files=$(find / -xdev -type f \( -perm -4000 -o -perm -2000 \) 2>/dev/null | head -20) local suid_count=$(echo "$suid_files" | wc -l) if [ "$suid_count" -lt 50 ]; then print_result "MEDIUM" "SUID/SGID文件检查" "PASS" "发现 $suid_count 个SUID/SGID文件" else print_result "MEDIUM" "SUID/SGID文件检查" "WARN" "发现较多SUID/SGID文件 ($suid_count),建议审查" fi # 检查world-writable文件 local world_writable=$(find / -xdev -type f -perm -0002 ! -path "/proc/*" ! -path "/sys/*" 2>/dev/null | head -20) local ww_count=$(echo "$world_writable" | wc -l) if [ "$ww_count" -eq 0 ]; then print_result "HIGH" "全局可写文件" "PASS" "未发现全局可写文件" else print_result "HIGH" "全局可写文件" "FAIL" "发现 $ww_count 个全局可写文件,建议审查" fi # 检查未授权文件 local no_owner_files=$(find / -xdev -nouser -o -nogroup 2>/dev/null | head -10) if [ -z "$no_owner_files" ]; then print_result "MEDIUM" "无属主文件" "PASS" "未发现无属主文件" else print_result "MEDIUM" "无属主文件" "WARN" "发现无属主文件,建议清理" fi } # 6. 检查服务安全 check_services_security() { show_section "服务安全检查" # 检查不必要的服务 local dangerous_services=( "telnet" "rsh" "rlogin" "rexec" "ypbind" "ypserv" "tftp" "chargen" "daytime" "echo" "discard" "vsftpd" "proftpd" "pure-ftpd" ) for service in "${dangerous_services[@]}"; do if systemctl is-enabled "$service" 2>/dev/null | grep -q "enabled"; then print_result "HIGH" "危险服务: $service" "FAIL" "发现危险服务启用" elif netstat -tulpn 2>/dev/null | grep -q "$service"; then print_result "HIGH" "危险服务: $service" "WARN" "发现危险服务运行" fi done # 检查网络服务 local listening_services=$(netstat -tulpn 2>/dev/null | grep "LISTEN" | awk '{print $4, $7}' | head -15) if [ -n "$listening_services" ]; then print_result "MEDIUM" "网络监听服务" "INFO" "当前监听服务:\n$listening_services" fi # 检查自动启动服务 if command -v systemctl &> /dev/null; then local enabled_services=$(systemctl list-unit-files --state=enabled 2>/dev/null | grep -E "\.service" | wc -l) if [ "$enabled_services" -lt 50 ]; then print_result "LOW" "自动启动服务数量" "PASS" "启用服务数量: $enabled_services" else print_result "LOW" "自动启动服务数量" "WARN" "启用服务较多 ($enabled_services),建议优化" fi fi } # 7. 检查日志配置 check_logging_config() { show_section "日志配置检查" # 检查rsyslog if systemctl is-active rsyslog &> /dev/null; then print_result "MEDIUM" "rsyslog服务" "PASS" "rsyslog正在运行" # 检查日志转发 if grep -q "@" /etc/rsyslog.conf 2>/dev/null || grep -r "@" /etc/rsyslog.d/ 2>/dev/null; then print_result "MEDIUM" "日志远程存储" "PASS" "已配置远程日志" else print_result "MEDIUM" "日志远程存储" "WARN" "建议配置远程日志存储" fi else print_result "MEDIUM" "rsyslog服务" "WARN" "rsyslog未运行" fi # 检查journald if command -v journalctl &> /dev/null; then local journal_size=$(grep "^SystemMaxUse=" /etc/systemd/journald.conf 2>/dev/null | cut -d= -f2) if [ -n "$journal_size" ]; then print_result "LOW" "journald日志大小" "PASS" "日志大小限制: $journal_size" else print_result "LOW" "journald日志大小" "WARN" "建议设置journald日志大小限制" fi fi # 检查日志轮转 if [ -f "/etc/logrotate.conf" ]; then print_result "LOW" "日志轮转配置" "PASS" "已配置日志轮转" fi # 检查auditd if command -v auditctl &> /dev/null; then if systemctl is-active auditd &> /dev/null; then print_result "HIGH" "auditd审计服务" "PASS" "auditd正在运行" # 检查审计规则 local audit_rules=$(auditctl -l 2>/dev/null | wc -l) if [ "$audit_rules" -gt 5 ]; then print_result "HIGH" "审计规则数量" "PASS" "配置了 $audit_rules 条审计规则" else print_result "HIGH" "审计规则数量" "WARN" "审计规则较少,建议增加" fi else print_result "HIGH" "auditd审计服务" "WARN" "auditd未运行" fi fi } # 8. 检查内核安全参数 check_kernel_security() { show_section "内核安全参数检查" local sysctl_conf="/etc/sysctl.conf" local sysctl_files=("/etc/sysctl.d/*.conf") backup_config "$sysctl_conf" # 重要内核参数检查 local kernel_params=( "net.ipv4.ip_forward:0:IP转发" "net.ipv4.conf.all.accept_redirects:0:接受重定向" "net.ipv4.conf.all.send_redirects:0:发送重定向" "net.ipv4.conf.all.accept_source_route:0:源路由" "net.ipv4.conf.all.rp_filter:1:反向路径过滤" "net.ipv4.icmp_echo_ignore_broadcasts:1:忽略广播ping" "net.ipv4.icmp_ignore_bogus_error_responses:1:忽略错误响应" "net.ipv4.tcp_syncookies:1:SYN cookies" "net.ipv4.tcp_max_syn_backlog:4096:SYN队列大小" "kernel.randomize_va_space:2:地址空间随机化" ) for param_info in "${kernel_params[@]}"; do IFS=':' read -r param expected_value description <<< "$param_info" local current_value=$(sysctl -n "$param" 2>/dev/null) if [ -n "$current_value" ]; then if [ "$current_value" = "$expected_value" ]; then print_result "HIGH" "内核参数: $description" "PASS" "$param = $current_value" else print_result "HIGH" "内核参数: $description" "FAIL" "当前: $current_value, 期望: $expected_value" fi else print_result "MEDIUM" "内核参数: $description" "WARN" "参数未设置" fi done # 检查YAMA配置(ptrace限制) if [ -f "/proc/sys/kernel/yama/ptrace_scope" ]; then local ptrace_scope=$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null) if [ "$ptrace_scope" -ge 1 ]; then print_result "MEDIUM" "ptrace限制" "PASS" "ptrace_scope = $ptrace_scope" else print_result "MEDIUM" "ptrace限制" "WARN" "建议设置ptrace_scope为1或更高" fi fi } # 9. 检查网络安全 check_network_security() { show_section "网络安全检查" # 检查IPv6配置 if ip -6 addr show &> /dev/null; then local ipv6_enabled=$(sysctl -n net.ipv6.conf.all.disable_ipv6 2>/dev/null) if [ "$ipv6_enabled" = "1" ]; then print_result "MEDIUM" "IPv6支持" "PASS" "IPv6已禁用" else print_result "MEDIUM" "IPv6支持" "WARN" "IPv6已启用,如不需要建议禁用" fi fi # 检查TCP时间戳 local tcp_timestamps=$(sysctl -n net.ipv4.tcp_timestamps 2>/dev/null) if [ "$tcp_timestamps" = "0" ]; then print_result "LOW" "TCP时间戳" "PASS" "TCP时间戳已禁用" else print_result "LOW" "TCP时间戳" "INFO" "TCP时间戳已启用" fi # 检查SYN flood防护 local tcp_syncookies=$(sysctl -n net.ipv4.tcp_syncookies 2>/dev/null) if [ "$tcp_syncookies" = "1" ]; then print_result "MEDIUM" "SYN flood防护" "PASS" "已启用SYN cookies" fi # 检查ICMP响应 local icmp_echo=$(sysctl -n net.ipv4.icmp_echo_ignore_all 2>/dev/null) if [ "$icmp_echo" = "1" ]; then print_result "LOW" "ICMP响应" "PASS" "已禁用ICMP响应" fi } # 10. 检查恶意软件和Rootkit check_malware_rootkit() { show_section "恶意软件和Rootkit检查" # 检查常见rootkit检测工具 local rootkit_tools=("rkhunter" "chkrootkit" "lynis") local installed_tools=() for tool in "${rootkit_tools[@]}"; do if command -v "$tool" &> /dev/null; then installed_tools+=("$tool") fi done if [ ${#installed_tools[@]} -gt 0 ]; then print_result "HIGH" "Rootkit检测工具" "PASS" "已安装: ${installed_tools[*]}" # 建议运行检测 for tool in "${installed_tools[@]}"; do case $tool in "rkhunter") print_result "INFO" "安全扫描建议" "INFO" "运行: sudo rkhunter --check --skip-keypress" ;; "chkrootkit") print_result "INFO" "安全扫描建议" "INFO" "运行: sudo chkrootkit" ;; "lynis") print_result "INFO" "安全扫描建议" "INFO" "运行: sudo lynis audit system" ;; esac done else print_result "HIGH" "Rootkit检测工具" "FAIL" "未安装Rootkit检测工具" print_result "INFO" "安全工具安装" "INFO" "建议安装: sudo apt install rkhunter chkrootkit lynis" fi # 检查可疑进程 local suspicious_procs=$(ps aux 2>/dev/null | grep -E "(nc |telnet |nmap |nessus|metasploit|john |hashcat)" | grep -v grep) if [ -z "$suspicious_procs" ]; then print_result "HIGH" "可疑进程检查" "PASS" "未发现可疑进程" else print_result "HIGH" "可疑进程检查" "FAIL" "发现可疑进程: $suspicious_procs" fi # 检查隐藏文件 local hidden_files=$(find / -name ".*" -type f 2>/dev/null | grep -E "\.(bash_history|ssh|mysql_history)$" | head -10) if [ -n "$hidden_files" ]; then print_result "MEDIUM" "敏感隐藏文件" "INFO" "发现敏感隐藏文件" fi } # 11. 检查Docker安全(如果安装) check_docker_security() { if command -v docker &> /dev/null; then show_section "Docker安全配置检查" # 检查Docker守护进程配置 local docker_config="/etc/docker/daemon.json" if [ -f "$docker_config" ]; then print_result "MEDIUM" "Docker配置文件" "PASS" "已配置Docker守护进程" # 检查是否启用用户命名空间 if grep -q "userns-remap" "$docker_config"; then print_result "HIGH" "Docker用户命名空间" "PASS" "已启用用户命名空间" else print_result "HIGH" "Docker用户命名空间" "WARN" "建议启用用户命名空间" fi # 检查是否启用seccomp if grep -q "seccomp" "$docker_config" && ! grep -q '"seccomp": "unconfined"' "$docker_config"; then print_result "HIGH" "Docker seccomp配置" "PASS" "已启用seccomp" else print_result "HIGH" "Docker seccomp配置" "WARN" "建议启用seccomp" fi else print_result "MEDIUM" "Docker配置文件" "WARN" "未找到Docker配置文件" fi # 检查容器运行状态 local running_containers=$(docker ps -q 2>/dev/null | wc -l) if [ "$running_containers" -gt 0 ]; then print_result "MEDIUM" "运行中的容器" "INFO" "有 $running_containers 个容器正在运行" fi # 检查特权容器 local privileged_containers=$(docker ps --filter "ancestor=privileged" -q 2>/dev/null | wc -l) if [ "$privileged_containers" -eq 0 ]; then print_result "HIGH" "特权容器检查" "PASS" "未发现特权容器" else print_result "HIGH" "特权容器检查" "FAIL" "发现特权容器,建议审查" fi fi } # 12. 检查Cron作业和定时任务 check_cron_jobs() { show_section "Cron作业检查" # 检查系统cron local cron_files=("/etc/crontab" "/etc/cron.d/*" "/etc/cron.hourly/*" "/etc/cron.daily/*" "/etc/cron.weekly/*" "/etc/cron.monthly/*") local suspicious_cron=() for file in ${cron_files[@]}; do if [ -f "$file" ]; then local file_perm=$(stat -c "%a" "$file" 2>/dev/null) local file_owner=$(stat -c "%U" "$file" 2>/dev/null) if [ "$file_owner" != "root" ] || [ "$file_perm" -gt "644" ]; then suspicious_cron+=("$file (权限: $file_perm, 属主: $file_owner)") fi fi done if [ ${#suspicious_cron[@]} -eq 0 ]; then print_result "HIGH" "系统cron作业" "PASS" "系统cron配置正常" else print_result "HIGH" "系统cron作业" "FAIL" "发现可疑cron配置: ${suspicious_cron[*]}" fi # 检查用户cron local users_with_cron=$(cut -d: -f1 /etc/passwd) for user in $users_with_cron; do local user_cron=$(crontab -l -u "$user" 2>/dev/null) if [ -n "$user_cron" ]; then print_result "MEDIUM" "用户cron作业: $user" "INFO" "用户 $user 有cron作业" fi done } # 13. 生成安全加固建议 generate_hardening_suggestions() { show_section "安全加固建议" local suggestions=() # 收集失败和建议项 if [ $FAIL_COUNT -gt 0 ]; then suggestions+=("发现 $FAIL_COUNT 个严重问题,建议立即修复") fi if [ $WARN_COUNT -gt 0 ]; then suggestions+=("发现 $WARN_COUNT 个警告项,建议尽快处理") fi # 具体建议 if ! command -v fail2ban &> /dev/null; then suggestions+=("安装fail2ban防止暴力破解: sudo apt install fail2ban") fi if ! grep -q "pam_tally2.so" /etc/pam.d/common-auth 2>/dev/null; then suggestions+=("配置登录失败锁定: 在/etc/pam.d/common-auth添加 pam_tally2.so") fi if ! sysctl -n net.ipv4.tcp_syncookies 2>/dev/null | grep -q "1"; then suggestions+=("启用SYN cookies防护: echo 'net.ipv4.tcp_syncookies = 1' >> /etc/sysctl.conf") fi if [ ! -f "/etc/ssh/sshd_config.d/99-hardening.conf" ]; then suggestions+=("创建SSH加固配置: /etc/ssh/sshd_config.d/99-hardening.conf") fi # 显示建议 if [ ${#suggestions[@]} -eq 0 ]; then print_result "INFO" "安全状况" "PASS" "系统安全状况良好" else for ((i=0; i<${#suggestions[@]}; i++)); do print_result "INFO" "建议 $((i+1))" "INFO" "${suggestions[$i]}" done fi } # 14. 生成审计报告 generate_audit_report() { show_section "审计报告生成" # 计算安全评分 local total_possible=$((CHECK_COUNT * 2)) local security_score=0 if [ $total_possible -gt 0 ]; then security_score=$((AUDIT_SCORE * 100 / total_possible)) fi print_color "$CYAN" "正在生成详细审计报告..." # 报告摘要 { echo "安全审计报告摘要" echo "==================" echo "审计时间: $(date)" echo "主机名: $(hostname)" echo "总检查项: $CHECK_COUNT" echo "通过: $PASS_COUNT" echo "失败: $FAIL_COUNT" echo "警告: $WARN_COUNT" echo "安全评分: ${security_score}/100" echo "" if [ "$security_score" -ge 80 ]; then echo "安全评级: 优秀" elif [ "$security_score" -ge 60 ]; then echo "安全评级: 良好" elif [ "$security_score" -ge 40 ]; then echo "安全评级: 一般" else echo "安全评级: 危险" fi echo "" echo "关键问题汇总:" echo "-------------" grep "FAIL" "$LOG_FILE" | tail -10 echo "" echo "加固建议:" echo "---------" echo "1. 立即修复所有FAIL级别的问题" echo "2. 审查并处理WARN级别的问题" echo "3. 定期运行此审计脚本" echo "4. 启用系统自动更新" echo "5. 配置定期安全扫描" } > "$REPORT_FILE" print_result "INFO" "报告生成" "PASS" "审计报告已保存到: $REPORT_FILE" print_result "INFO" "备份文件" "INFO" "配置文件备份在: $BACKUP_DIR" # 显示报告位置 echo "" print_color "$PURPLE" "================================================" print_color "$GREEN" "✅ 安全审计完成!" print_color "$CYAN" "📋 详细报告: $REPORT_FILE" print_color "$CYAN" "📝 操作日志: $LOG_FILE" print_color "$CYAN" "💾 配置备份: $BACKUP_DIR" print_color "$CYAN" "📊 安全评分: $security_score/100" if [ "$security_score" -lt 60 ]; then print_color "$RED" "⚠️ 警告:系统存在严重安全问题,建议立即修复!" fi print_color "$PURPLE" "================================================" } # 主函数:运行所有安全检查 run_security_audit() { print_color "$BLUE" "🔒 Linux系统安全审计与加固脚本" print_color "$CYAN" "开始时间: $(date)" print_color "$PURPLE" "================================================" # 检查root权限 check_root # 创建日志和报告文件 touch "$LOG_FILE" report_header # 备份重要配置文件 mkdir -p "$BACKUP_DIR" # 执行所有安全检查 local checks=( check_ssh_security check_firewall check_password_policy check_users_permissions check_filesystem_security check_services_security check_logging_config check_kernel_security check_network_security check_malware_rootkit check_docker_security check_cron_jobs ) local total_checks=${#checks[@]} local current_check=0 for check_func in "${checks[@]}"; do current_check=$((current_check + 1)) show_progress $current_check $total_checks $check_func sleep 0.5 # 短暂延迟,让用户看到进度 done echo "" # 换行 # 生成建议和报告 generate_hardening_suggestions generate_audit_report log_message "审计完成 - 总检查: $CHECK_COUNT, 通过: $PASS_COUNT, 失败: $FAIL_COUNT, 警告: $WARN_COUNT" } # 交互式菜单 show_menu() { while true; do clear print_color "$PURPLE" "┌──────────────────────────────────────────────────────┐" print_color "$PURPLE" "│ Linux安全审计与加固工具 │" print_color "$PURPLE" "└──────────────────────────────────────────────────────┘" echo "" print_color "$CYAN" "1. 运行完整安全审计" print_color "$CYAN" "2. 仅运行SSH安全配置检查" print_color "$CYAN" "3. 仅运行防火墙配置检查" print_color "$CYAN" "4. 仅运行密码策略检查" print_color "$CYAN" "5. 仅运行文件权限检查" print_color "$CYAN" "6. 查看最近审计报告" print_color "$CYAN" "7. 应用基本安全加固" print_color "$CYAN" "8. 查看系统安全状态" print_color "$CYAN" "9. 退出" echo "" print_color "$YELLOW" "选择操作 [1-9]: " read -n 1 choice echo "" case $choice in 1) run_security_audit pause ;; 2) show_section "SSH安全配置检查" check_ssh_security pause ;; 3) show_section "防火墙配置检查" check_firewall pause ;; 4) show_section "密码策略检查" check_password_policy pause ;; 5) show_section "文件权限检查" check_filesystem_security pause ;; 6) if [ -f "$REPORT_FILE" ]; then less "$REPORT_FILE" else print_color "$RED" "未找到审计报告" sleep 2 fi ;; 7) apply_basic_hardening ;; 8) show_system_security_status ;; 9) print_color "$GREEN" "感谢使用安全审计工具!" exit 0 ;; *) print_color "$RED" "无效选择" sleep 1 ;; esac done } # 应用基本安全加固 apply_basic_hardening() { show_section "应用基本安全加固" print_color "$RED" "警告:此操作将修改系统配置!" read -p "确定要继续吗?(y/N): " confirm if [[ ! $confirm =~ ^[Yy]$ ]]; then print_color "$YELLOW" "操作已取消" return fi # 备份当前配置 mkdir -p "$BACKUP_DIR" # 1. 加固SSH print_color "$CYAN" "加固SSH配置..." backup_config "/etc/ssh/sshd_config" # 禁用root登录 sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config 2>/dev/null # 禁用密码认证 sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config 2>/dev/null # 使用SSH协议2 sed -i 's/^#*Protocol.*/Protocol 2/' /etc/ssh/sshd_config 2>/dev/null # 2. 配置防火墙基本规则 print_color "$CYAN" "配置防火墙..." if command -v ufw &> /dev/null; then ufw --force enable ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw reload fi # 3. 配置密码策略 print_color "$CYAN" "配置密码策略..." backup_config "/etc/login.defs" sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/' /etc/login.defs 2>/dev/null sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 1/' /etc/login.defs 2>/dev/null sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/' /etc/login.defs 2>/dev/null # 4. 配置内核参数 print_color "$CYAN" "配置内核安全参数..." backup_config "/etc/sysctl.conf" cat >> /etc/sysctl.conf << EOF # 安全加固配置 net.ipv4.ip_forward = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.tcp_syncookies = 1 kernel.randomize_va_space = 2 fs.suid_dumpable = 0 EOF sysctl -p print_color "$GREEN" "✅ 基本安全加固完成!" print_color "$CYAN" "建议重启系统以使所有更改生效" log_message "应用基本安全加固" } # 显示系统安全状态 show_system_security_status() { clear print_color "$PURPLE" "系统安全状态概览" echo "========================================" echo "" print_color "$CYAN" "🔐 认证安全:" echo " - 空密码用户: $(awk -F: '($2 == "" ) {print $1}' /etc/shadow 2>/dev/null | wc -l)" echo " - UID 0用户: $(awk -F: '($3 == 0) {print $1}' /etc/passwd | wc -l)" echo "" print_color "$CYAN" "🛡️ 网络安全:" echo " - 开放端口: $(netstat -tulpn 2>/dev/null | grep LISTEN | wc -l)" echo " - SSH连接: $(ss -tun 2>/dev/null | grep :22 | wc -l)" echo "" print_color "$CYAN" "📁 文件安全:" echo " - SUID文件: $(find / -type f -perm -4000 2>/dev/null | wc -l)" echo " - 全局可写文件: $(find / -type f -perm -0002 ! -path "/proc/*" ! -path "/sys/*" 2>/dev/null | wc -l)" echo "" print_color "$CYAN" "⚙️ 服务安全:" echo " - 运行中服务: $(systemctl list-units --state=running 2>/dev/null | grep service | wc -l)" echo " - 失败的服务: $(systemctl list-units --state=failed 2>/dev/null | wc -l)" echo "" print_color "$CYAN" "📊 资源监控:" echo " - 内存使用: $(free -h | awk '/^Mem:/ {print $3 "/" $2}')" echo " - 磁盘使用: $(df -h / | awk 'NR==2 {print $5}')" echo "========================================" print_color "$CYAN" "按回车键继续..." read -n 1 } # 启动脚本 if [ "$#" -eq 0 ]; then show_menu else case $1 in "--audit"|"-a") run_security_audit ;; "--harden"|"-h") apply_basic_hardening ;; "--status"|"-s") show_system_security_status ;; "--help"|"-?") print_color "$CYAN" "使用说明:" echo " $0 显示交互式菜单" echo " $0 --audit | -a 运行完整安全审计" echo " $0 --harden | -h 应用基本安全加固" echo " $0 --status | -s 显示系统安全状态" echo " $0 --help | -? 显示帮助信息" ;; *) print_color "$RED" "未知选项: $1" print_color "$CYAN" "使用 $0 --help 查看帮助" ;; esac fi
-
Linux系统信息与健康检查脚本 #!/bin/bash # ============================================ # 系统健康检查脚本 # 功能:收集系统信息并检查关键健康指标 # 使用方法:sudo ./system-check.sh # ============================================ # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # 日志文件 LOG_FILE="/var/log/system-check-$(date +%Y%m%d-%H%M%S).log" # 函数:打印带颜色的消息 print_msg() { local color=$1 local msg=$2 echo -e "${color}${msg}${NC}" } # 函数:检查命令是否成功执行 check_status() { if [ $? -eq 0 ]; then print_msg "$GREEN" "[✓] 成功" else print_msg "$RED" "[✗] 失败" fi } # 函数:记录日志 log_message() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> "$LOG_FILE" } # 函数:显示分隔线 print_separator() { echo "========================================" } # 函数:检查命令是否存在 check_command() { if ! command -v $1 &> /dev/null; then print_msg "$YELLOW" "注意:$1 命令未安装,跳过相关检查" return 1 fi return 0 } # 检查是否以root权限运行 check_root() { if [ "$EUID" -ne 0 ]; then print_msg "$YELLOW" "警告:建议使用root权限运行此脚本以获取完整信息" read -p "是否继续?(y/n): " -n 1 -r echo if [[ ! $REPLY =~ ^[Yy]$ ]]; then exit 1 fi fi } # 系统基本信息 system_info() { print_msg "$BLUE" "\n1. 系统基本信息" print_separator echo "主机名: $(hostname)" if [ -f /etc/os-release ]; then echo "操作系统: $(grep PRETTY_NAME /etc/os-release | cut -d'"' -f2)" else echo "操作系统: $(uname -o)" fi echo "内核版本: $(uname -r)" echo "系统架构: $(uname -m)" echo "启动时间: $(who -b 2>/dev/null | awk '{print $3, $4}' || uptime -s 2>/dev/null || echo '无法获取')" echo "运行时间: $(uptime -p 2>/dev/null || echo '无法获取')" log_message "系统基本信息收集完成" } # CPU检查 cpu_check() { print_msg "$BLUE" "\n2. CPU信息" print_separator if check_command "lscpu"; then echo "CPU型号: $(lscpu | grep "Model name" | cut -d':' -f2 | sed 's/^ *//' 2>/dev/null || echo '无法获取')" echo "CPU核心数: $(nproc)" else echo "CPU核心数: $(grep -c '^processor' /proc/cpuinfo)" fi echo -n "CPU使用率: " if check_command "mpstat"; then mpstat 1 1 2>/dev/null | tail -2 || echo "无法获取" else echo "请安装 sysstat 包以获取详细CPU使用率" fi # 检查CPU负载 load_avg=$(uptime | awk -F'load average:' '{print $2}' 2>/dev/null) cpu_cores=$(grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 1) if [ -n "$load_avg" ]; then load1=$(echo $load_avg | awk -F, '{print $1}' | tr -d ' ' | sed 's/,/./') echo "1分钟负载: $load1 (核心数: $cpu_cores)" if command -v bc &> /dev/null; then if (( $(echo "$load1 > $cpu_cores" | bc -l 2>/dev/null) )); then print_msg "$YELLOW" "警告:CPU负载较高" fi fi fi log_message "CPU检查完成" } # 内存检查 memory_check() { print_msg "$BLUE" "\n3. 内存信息" print_separator echo "内存使用情况:" free -h # 安全地计算内存使用率 total_mem=$(free -m 2>/dev/null | awk '/^Mem:/{print $2}') used_mem=$(free -m 2>/dev/null | awk '/^Mem:/{print $3}') if [ -n "$total_mem" ] && [ "$total_mem" -gt 0 ]; then mem_percent=$((used_mem * 100 / total_mem)) echo -e "\n内存使用率: ${mem_percent}%" if [ $mem_percent -gt 90 ]; then print_msg "$RED" "警告:内存使用率超过90%" elif [ $mem_percent -gt 70 ]; then print_msg "$YELLOW" "注意:内存使用率超过70%" fi else echo -e "\n内存使用率: 无法计算" fi # 显示交换空间 echo -e "\n交换空间:" swapon --show 2>/dev/null || free -h | grep -i swap log_message "内存检查完成" } # 磁盘检查 disk_check() { print_msg "$BLUE" "\n4. 磁盘信息" print_separator echo "磁盘空间使用情况:" df -h 2>/dev/null | head -20 echo "" echo "磁盘I/O统计:" if check_command "iostat"; then iostat -d 1 1 2>/dev/null | tail -n +4 || echo "无法获取I/O统计" else echo "请安装 sysstat 包以获取磁盘I/O统计: sudo apt-get install sysstat" fi # 检查根分区使用率 root_usage=$(df / 2>/dev/null | tail -1 | awk '{print $5}' | sed 's/%//') if [ -n "$root_usage" ] && [ "$root_usage" -eq "$root_usage" ] 2>/dev/null; then if [ $root_usage -gt 90 ]; then print_msg "$RED" "警告:根分区使用率超过90%" elif [ $root_usage -gt 80 ]; then print_msg "$YELLOW" "注意:根分区使用率超过80%" fi ROOT_USAGE=$root_usage else ROOT_USAGE=0 print_msg "$YELLOW" "注意:无法获取根分区使用率" fi # 显示磁盘inode使用情况 echo -e "\nInode使用情况:" df -i 2>/dev/null | head -10 log_message "磁盘检查完成" } # 网络检查 network_check() { print_msg "$BLUE" "\n5. 网络信息" print_separator echo "网络接口:" ip addr show 2>/dev/null | grep -E "^[0-9]+:" | head -10 || ifconfig 2>/dev/null | head -20 echo "" echo "IP地址信息:" # 获取内网IP ip addr show 2>/dev/null | grep -E "inet (192\.168|10\.|172\.(1[6-9]|2[0-9]|3[0-1]))" | grep -v "127.0.0.1" || \ ifconfig 2>/dev/null | grep -E "inet (addr:)?(192\.168|10\.|172\.)" || \ echo "未找到内网IP或需要root权限" echo "" echo "网络连接状态(前10个):" if check_command "ss"; then ss -tun 2>/dev/null | head -11 elif check_command "netstat"; then netstat -tun 2>/dev/null | head -11 else echo "请安装 iproute2 或 net-tools 包" fi echo "" echo "路由表:" ip route 2>/dev/null | head -5 || route -n 2>/dev/null | head -5 # 测试网络连通性 echo "" echo -n "外网连通性测试: " if ping -c 1 -W 1 8.8.8.8 &> /dev/null; then print_msg "$GREEN" "正常" else print_msg "$YELLOW" "失败" fi log_message "网络检查完成" } # 服务检查 service_check() { print_msg "$BLUE" "\n6. 关键服务状态" print_separator # 检查系统是使用systemd还是sysvinit if [ -d /run/systemd/system ]; then echo "使用systemd管理系统服务" # 检查常见服务 services=("sshd" "ssh" "nginx" "apache2" "httpd" "mysql" "mariadb" "postgresql" "docker" "crond" "cron") for service in "${services[@]}"; do if systemctl list-unit-files 2>/dev/null | grep -q "^${service}\."; then status=$(systemctl is-active $service 2>/dev/null || echo "unknown") if [ "$status" = "active" ]; then echo -e "${service}: ${GREEN}运行中${NC}" elif [ "$status" = "inactive" ]; then echo -e "${service}: ${YELLOW}未运行${NC}" else echo -e "${service}: 状态未知" fi fi done elif [ -d /etc/init.d ]; then echo "使用sysvinit管理系统服务" echo "运行中的服务:" service --status-all 2>/dev/null | grep -E "\[ \+ \]" | head -10 else echo "无法确定服务管理系统" fi log_message "服务检查完成" } # 安全检查 security_check() { print_msg "$BLUE" "\n7. 安全检查" print_separator echo "当前登录用户:" who echo "" echo "最近登录记录(前5条):" last -5 2>/dev/null || echo "需要root权限查看" # 检查失败的登录尝试 echo "" echo "失败的登录尝试:" if [ -f /var/log/auth.log ]; then grep "Failed password" /var/log/auth.log 2>/dev/null | tail -3 || echo "无记录或需要root权限" elif [ -f /var/log/secure ]; then grep "Failed password" /var/log/secure 2>/dev/null | tail -3 || echo "无记录或需要root权限" else echo "认证日志文件未找到" fi # 检查sudo使用 echo "" echo "sudo使用记录(最近3条):" if [ -f /var/log/auth.log ]; then grep "sudo:" /var/log/auth.log 2>/dev/null | tail -3 || echo "无记录" else echo "日志文件不可访问" fi log_message "安全检查完成" } # 软件包更新检查(仅限基于APT或YUM的系统) package_check() { print_msg "$BLUE" "\n8. 软件包更新检查" print_separator if check_command "apt-get"; then echo "APT系统检测到 (Debian/Ubuntu)" apt-get update > /dev/null 2>&1 updates=$(apt-get -s upgrade 2>/dev/null | grep -c "^Inst") if [ "$updates" -gt 0 ]; then print_msg "$YELLOW" "有 $updates 个可用更新" apt-get -s upgrade 2>/dev/null | grep "^Inst" | head -5 else print_msg "$GREEN" "系统已是最新" fi elif check_command "yum"; then echo "YUM系统检测到 (RHEL/CentOS/Fedora)" updates=$(yum check-update --quiet 2>/dev/null | grep -vc "^$") if [ "$updates" -gt 0 ]; then print_msg "$YELLOW" "有 $updates 个可用更新" yum check-update 2>/dev/null | head -10 else print_msg "$GREEN" "系统已是最新" fi else echo "不支持的包管理器" fi log_message "软件包检查完成" } # 主函数 main() { clear print_msg "$GREEN" "开始系统健康检查..." echo "检查时间: $(date)" echo "日志文件: $LOG_FILE" print_separator # 创建日志文件 touch "$LOG_FILE" 2>/dev/null || { LOG_FILE="$HOME/system-check-$(date +%Y%m%d-%H%M%S).log" touch "$LOG_FILE" print_msg "$YELLOW" "无法写入/var/log,日志将保存到: $LOG_FILE" } log_message "开始系统健康检查" # 执行检查 check_root system_info cpu_check memory_check disk_check network_check service_check security_check package_check print_msg "$GREEN" "\n✓ 系统检查完成" echo "详细日志已保存至: $LOG_FILE" # 生成摘要报告 print_msg "$BLUE" "\n📊 检查摘要" print_separator echo "系统: $(hostname)" echo "运行时间: $(uptime -p 2>/dev/null || echo '未知')" # 获取内存使用率(如果可用) total_mem=$(free -m 2>/dev/null | awk '/^Mem:/{print $2}') used_mem=$(free -m 2>/dev/null | awk '/^Mem:/{print $3}') if [ -n "$total_mem" ] && [ "$total_mem" -gt 0 ]; then mem_percent=$((used_mem * 100 / total_mem)) echo "内存使用率: ${mem_percent}%" else echo "内存使用率: 未知" fi # 获取根分区使用率(如果可用) root_usage=$(df / 2>/dev/null | tail -1 | awk '{print $5}' | sed 's/%//') if [ -n "$root_usage" ] && [ "$root_usage" -eq "$root_usage" ] 2>/dev/null; then echo "根分区使用率: ${root_usage}%" else echo "根分区使用率: 未知" fi echo "检查时间: $(date '+%Y-%m-%d %H:%M:%S')" log_message "系统检查完成" } # 执行主函数 main安装缺失的命令:如果缺少某些命令,可以安装:# Debian/Ubuntu sudo apt-get update sudo apt-get install sysstat iproute2 net-tools # RHEL/CentOS/Fedora sudo yum install sysstat iproute net-tools # 通用依赖 sudo apt-get install bc # 或 sudo yum install bc点击复制
