# Usage: check and repair user
# History:
# 20140918 hean debug 1.0
LOG=usercheck.log
IP=`ifconfig eth1|grep "inet addr"|awk '{print $2}'|awk -F '[:]' '{print $2}'`
if [ "$IP"x = ""x ]; then
IP=`awk -F '[=]' '{print $2}' /etc/sinainstall.conf`
fi
if [ "$IP"x = ""x ]; then
IP=`ifconfig eth0|grep "inet addr"|awk '{print $2}'|awk -F '[:]' '{print $2}'`
fi
rm -f $IP"_"$LOG
touch $IP"_"$LOG
RSYNC=10.217.13.242::hean/usercheck/log/
function Check()
{
while read user;do
echo -e "\n\n**************check $user************************"
#check if user exist
id $user && r=0 || r=1
if [ $r -eq 1 ];then
echo "$user not exist! run /var/cfengine/bin/cfagent -qv -K"
continue
fi
#check shadow
status=`grep $user /etc/shadow | awk -F '[:]' '{print $2}'`
if [ "$status"x = "!"x ];then
echo "$user is disallowed to login, modify the shadow..."
sed -i "s/$user:\!/$user:\*/g" /etc/shadow
else
echo "shadow ok!"
fi
#check .ssh
if [ ! -f /usr/home/$user/.ssh/authorized_keys ];then
echo "/usr/home/$user/.ssh/authorized_keys not exist! run /var/cfengine/bin/cfagent -qv -K"
continue
fi
#check home dir permission
mod=`ls -l /usr/home/ | grep " $user" | awk '{print $1}'`
if [ "$mod"x != "drwxr-xr-x"x ];then
echo "home dir permission error! chmod to 755..."
chmod 755 /usr/home/$user
else
echo "home dir ok!"
fi
#check .ssh dir permission
mod=`ls -la /usr/home/$user | grep -E "\.ssh" | awk '{print $1}'`
if [ "$mod"x != "drwx------"x ];then
echo ".ssh dir permission error! chmod to 755..."
chmod 700 /usr/home/$user/.ssh
else
echo ".ssh dir ok!"
fi
#check home dir owner
owner=`ls -l /usr/home/ | grep " $user" | awk '{print $3}'`
if [ "$owner"x != "$user"x ];then
echo "home dir owner error! chown to $user.."
chown -R $user /usr/home/$user
else
echo "home dir owner ok!"
fi
#check home dir group
group=`ls -l /usr/home/ | grep " $user" | awk '{print $4}'`
if [ "$group"x != "$user"x ];then
echo "home dir group error! chown to $user.."
chown :$user /usr/home/$user
else
echo "home dir group ok!"
fi
#del user line in authorized_keys
sed -i "/$user/d" /usr/home/$user/.ssh/authorized_keys
done <dat
}
# Check if user is root
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this script!\n"
exit 1
fi
Check 2>&1 | tee -a $IP"_"$LOG
rsync $IP"_"$LOG $RSYNC[/tex]
[tex=code]#!/bin/bash
set -x
# Usage: check and repair user
# History:
# 20140918 hean debug 1.0
# 20141104 hean 修复过滤不严bug
LOG=usercheck.log
IP=`ifconfig eth1|grep "inet addr"|awk '{print $2}'|awk -F '[:]' '{print $2}'`
if [ "$IP"x = ""x ]; then
IP=`awk -F '[=]' '{print $2}' /etc/sinainstall.conf`
fi
if [ "$IP"x = ""x ]; then
IP=`ifconfig eth0|grep "inet addr"|awk '{print $2}'|awk -F '[:]' '{print $2}'`
fi
rm -f $IP"_"$LOG
touch $IP"_"$LOG
RSYNC=10.217.13.242::hean/usercheck/log/
function Check()
{
while read user;do
echo -e "\n\n**************check $user @ $IP************************"
#check if user exist
id $user && r=0 || r=1
if [ $r -eq 1 ];then
echo "$user not exist! run /var/cfengine/bin/cfagent -qv -K"
continue
fi
#check shadow
status=`grep "^$user:" /etc/shadow | awk -F '[:]' '{print $2}'`
if [ "$status"x = "!!"x ];then
echo "$user is disallowed to login, modify the shadow..."
sed -i "s/^$user:\!\!/$user:\*/g" /etc/shadow
else
echo "shadow ok!"
fi
#check .ssh
if [ ! -f /usr/home/$user/.ssh/authorized_keys ];then
echo "/usr/home/$user/.ssh/authorized_keys not exist! run /var/cfengine/bin/cfagent -qv -K"
continue
fi
#check home dir permission
mod=`ls -l /usr/home/ | grep " $user\$" | awk '{print $1}'`
if [ "$mod"x != "drwxr-xr-x"x ];then
echo "home dir permission error! chmod to 755..."
chmod 755 /usr/home/$user
else
echo "home dir ok!"
fi
#check .ssh dir permission
mod=`ls -la /usr/home/$user | grep -E "\.ssh" | awk '{print $1}'`
if [ "$mod"x != "drwx------"x ];then
echo ".ssh dir permission error! chmod to 755..."
chmod 700 /usr/home/$user/.ssh
else
echo ".ssh dir ok!"
fi
#check home dir owner
owner=`ls -l /usr/home/ | grep " $user\$" | awk '{print $3}'`
if [ "$owner"x != "$user"x ];then
echo "home dir owner error! chown to $user.."
chown -R $user /usr/home/$user
else
echo "home dir owner ok!"
fi
#check home dir group
group=`ls -l /usr/home/ | grep " $user\$" | awk '{print $4}'`
if [ "$group"x != "$user"x ];then
echo "home dir group error! chown to $user.."
chown :$user /usr/home/$user
else
echo "home dir group ok!"
fi
#del user line in authorized_keys
sed -i "/$user/d" /usr/home/$user/.ssh/authorized_keys
done <dat
}
# Check if user is root
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this script!\n"
exit 1
fi
Check 2>&1 | tee -a $IP"_"$LOG
rsync $IP"_"$LOG $RSYNC
[/tex]
[tex=code][root@localhost usercheck]# vim test
[root@localhost usercheck]# sed "s/!/*/g" test
-bash: !/*/g": event not found
[root@localhost usercheck]# sed 's/!/*/g' test
***********
[root@localhost usercheck]# sed "s/\!/*/g" test
***********
[root@localhost usercheck]# sed "s/\!/\*/g" test
***********
[root@localhost usercheck]# cat test
!!!!!!!!!!!
[root@localhost usercheck]# [/tex]
IP=`ifconfig eth1|grep "inet addr"|awk '{print $2}'|awk -F '[:]' '{print $2}'`
if [ "$IP"x = ""x ]; then
IP=`awk -F '[=]' '{print $2}' /etc/sinainstall.conf`
fi
if [ "$IP"x = ""x ]; then
IP=`ifconfig eth0|grep "inet addr"|awk '{print $2}'|awk -F '[:]' '{print $2}'`
fi
rm -f $IP"_"$LOG
touch $IP"_"$LOG
RSYNC=10.217.13.242::hean/usercheck/log/
CONF=(
/etc/shadow
/etc/passwd
/etc/group
)
function CheckAttr()
{
for id in ${CONF
}
do
lsattr $id |grep "\-i\-" &>/dev/null && r=0 || r=1
if [ $r -eq 0 ]; then
echo "$id has attribute i ,cfengine can not modify $id ,before you run cfengine you must remove the attribute i"
echo "use the command : chattr -i $id "
fi
done
}
function Check()
{
while read user;do
echo -e "\n\n**************check $user @ $IP************************"
#check if user exist
id $user && r=0 || r=1
if [ $r -eq 1 ];then
echo "$user not exist! run /var/cfengine/bin/cfagent -qv -K"
continue
fi
#check shadow
status=`grep "^$user:" /etc/shadow | awk -F '[:]' '{print $2}'`
if [ "$status"x = "!!"x ];then
echo "$user is disallowed to login, modify the shadow..."
sed -i "s/^$user:\!\!/$user:\*/g" /etc/shadow
else
echo "shadow ok!"
fi
#check .ssh
if [ ! -f /usr/home/$user/.ssh/authorized_keys ];then
echo "/usr/home/$user/.ssh/authorized_keys not exist! run /var/cfengine/bin/cfagent -qv -K"
continue
fi
#check home dir permission
mod=`ls -l /usr/home/ | grep " $user\$" | awk '{print $1}'`
if [ "$mod"x != "drwxr-xr-x"x ];then
echo "home dir permission error! chmod to 755..."
chmod 755 /usr/home/$user
else
echo "home dir ok!"
fi
#check .ssh dir permission
mod=`ls -la /usr/home/$user | grep -E "\.ssh" | awk '{print $1}'`
if [ "$mod"x != "drwx------"x ];then
echo ".ssh dir permission error! chmod to 755..."
chmod 700 /usr/home/$user/.ssh
else
echo ".ssh dir ok!"
fi
#check home dir owner
owner=`ls -l /usr/home/ | grep " $user\$" | awk '{print $3}'`
if [ "$owner"x != "$user"x ];then
echo "home dir owner error! chown to $user.."
chown -R $user /usr/home/$user
else
echo "home dir owner ok!"
fi
#check home dir group
group=`ls -l /usr/home/ | grep " $user\$" | awk '{print $4}'`
if [ "$group"x != "$user"x ];then
echo "home dir group error! chown to $user.."
chown :$user /usr/home/$user
else
echo "home dir group ok!"
fi
#del user line in authorized_keys
sed -i "/$user/d" /usr/home/$user/.ssh/authorized_keys
done <dat
}
# Check if user is root
if [ $(id -u) != "0" ]; then
printf "Error: You must be root to run this script!\n"
exit 1
fi
CheckAttr 2>&1 | tee -a $IP"_"$LOG
Check 2>&1 | tee -a $IP"_"$LOG
rsync $IP"_"$LOG $RSYNC
[/tex]
雷达卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
楼主