检查用户脚本

oppo · 发表于 2014-10-21 15:09

[tex=code]#!/bin/bash

# Usage: check and repair user
# History:
# 20140918 hean debug 1.0
LOG=usercheck.log

IP=`ifconfig eth1|grep "inet addr"|awk '{print

2}'|awk -F '[:]' '{print $2}'`
if [ " $2}'|awk -F '[:]' '{print $2}'` if [ "$ IP"x = ""x ]; then
IP=`awk -F '[=]' '{print

2}' /etc/sinainstall.conf`
fi

if [ " $2}' /etc/sinainstall.conf` fi if [ "$ IP"x = ""x ]; then
IP=`ifconfig eth0|grep "inet addr"|awk '{print

2}'|awk -F '[:]' '{print $2}'`
fi

rm -f $2}'|awk -F '[:]' '{print $2}'` fi rm -f$ IP"_"

$LOG touch$ IP"_"

$LOG RSYNC=10.217.13.242::hean/usercheck/log/ function Check() { while read user;do echo -e "\n\n**************check $user************************" #check if user exist id $user && r=0 || r=1 if [ $r -eq 1 ];then echo "$user not exist! run /var/cfengine/bin/cfagent -qv -K" continue fi #check shadow status=`grep $user /etc/shadow | awk -F '[:]' '{print $2}'` if [ "$status"x = "!"x ];then echo "$user is disallowed to login, modify the shadow..." sed -i "s/$user:\!/$user:\*/g" /etc/shadow else echo "shadow ok!" fi #check .ssh if [ ! -f /usr/home/$user/.ssh/authorized_keys ];then echo "/usr/home/$user/.ssh/authorized_keys not exist! run /var/cfengine/bin/cfagent -qv -K" continue fi #check home dir permission mod=`ls -l /usr/home/ | grep " $user" | awk '{print $1}'` if [ "$mod"x != "drwxr-xr-x"x ];then echo "home dir permission error! chmod to 755..." chmod 755 /usr/home/$user else echo "home dir ok!" fi #check .ssh dir permission mod=`ls -la /usr/home/$user | grep -E "\.ssh" | awk '{print $1}'` if [ "$mod"x != "drwx------"x ];then echo ".ssh dir permission error! chmod to 755..." chmod 700 /usr/home/$user/.ssh else echo ".ssh dir ok!" fi #check authorized_keys permission mod=`ls -l /usr/home/$user/.ssh | grep "authorized_keys" | awk '{print $1}'` if [ "$mod"x != "-rw-r--r--"x ];then echo "authorized_keys permission error! chmod to 755..." chmod 644 /usr/home/$user/.ssh/authorized_keys else echo "authorized_keys file ok!" fi #check home dir owner owner=`ls -l /usr/home/ | grep " $user" | awk '{print $3}'` if [ "$owner"x != "$user"x ];then echo "home dir owner error! chown to $user.." chown -R $user /usr/home/$user else echo "home dir owner ok!" fi #check home dir group group=`ls -l /usr/home/ | grep " $user" | awk '{print $4}'` if [ "$group"x != "$user"x ];then echo "home dir group error! chown to $user.." chown :$user /usr/home/$user else echo "home dir group ok!" fi #del user line in authorized_keys sed -i "/$user/d" /usr/home/$user/.ssh/authorized_keys done <dat } # Check if user is root if [$ (id -u) != "0" ]; then
printf "Error: You must be root to run this script!\n"
exit 1
fi

Check 2>&1 | tee -a

$IP"_"$ LOG
rsync

$IP"_"$ LOG $RSYNC[/tex]

oppo · 发表于 2014-11-4 17:22

[tex=code]#!/bin/bash
set -x
# Usage: check and repair user
# History:
# 20140918 hean debug 1.0
# 20141104 hean 修复过滤不严bug
LOG=usercheck.log

IP=`ifconfig eth1|grep "inet addr"|awk '{print

$2}'|awk -F '[:]' '{print $2}'` if [ "$ IP"x = ""x ]; then
IP=`awk -F '[=]' '{print

$2}' /etc/sinainstall.conf` fi if [ "$ IP"x = ""x ]; then
IP=`ifconfig eth0|grep "inet addr"|awk '{print

$2}'|awk -F '[:]' '{print $2}'` fi rm -f$ IP"_"

$LOG touch$ IP"_"

$LOG RSYNC=10.217.13.242::hean/usercheck/log/ function Check() { while read user;do echo -e "\n\n**************check $user @ $IP************************" #check if user exist id $user && r=0 || r=1 if [ $r -eq 1 ];then echo "$user not exist! run /var/cfengine/bin/cfagent -qv -K" continue fi #check shadow status=`grep "^$user:" /etc/shadow | awk -F '[:]' '{print $2}'` if [ "$status"x = "!!"x ];then echo "$user is disallowed to login, modify the shadow..." sed -i "s/^$user:\!\!/$user:\*/g" /etc/shadow else echo "shadow ok!" fi #check .ssh if [ ! -f /usr/home/$user/.ssh/authorized_keys ];then echo "/usr/home/$user/.ssh/authorized_keys not exist! run /var/cfengine/bin/cfagent -qv -K" continue fi #check home dir permission mod=`ls -l /usr/home/ | grep " $user\$" | awk '{print $1}'` if [ "$mod"x != "drwxr-xr-x"x ];then echo "home dir permission error! chmod to 755..." chmod 755 /usr/home/$user else echo "home dir ok!" fi #check .ssh dir permission mod=`ls -la /usr/home/$user | grep -E "\.ssh" | awk '{print $1}'` if [ "$mod"x != "drwx------"x ];then echo ".ssh dir permission error! chmod to 755..." chmod 700 /usr/home/$user/.ssh else echo ".ssh dir ok!" fi #check authorized_keys permission mod=`ls -l /usr/home/$user/.ssh | grep "authorized_keys" | awk '{print $1}'` if [ "$mod"x != "-rw-r--r--"x ];then echo "authorized_keys permission error! chmod to 755..." chmod 644 /usr/home/$user/.ssh/authorized_keys else echo "authorized_keys file ok!" fi #check home dir owner owner=`ls -l /usr/home/ | grep " $user\$" | awk '{print $3}'` if [ "$owner"x != "$user"x ];then echo "home dir owner error! chown to $user.." chown -R $user /usr/home/$user else echo "home dir owner ok!" fi #check home dir group group=`ls -l /usr/home/ | grep " $user\$" | awk '{print $4}'` if [ "$group"x != "$user"x ];then echo "home dir group error! chown to $user.." chown :$user /usr/home/$user else echo "home dir group ok!" fi #del user line in authorized_keys sed -i "/$user/d" /usr/home/$user/.ssh/authorized_keys done <dat } # Check if user is root if [$ (id -u) != "0" ]; then
printf "Error: You must be root to run this script!\n"
exit 1
fi

Check 2>&1 | tee -a

$IP"_"$ LOG
rsync

$IP"_"$ LOG $RSYNC
[/tex]

oppo · 发表于 2014-11-4 17:28

[tex=code][root@localhost usercheck]# vim test
[root@localhost usercheck]# sed "s/!/*/g" test
-bash: !/*/g": event not found
[root@localhost usercheck]# sed 's/!/*/g' test
***********
[root@localhost usercheck]# sed "s/\!/*/g" test
***********
[root@localhost usercheck]# sed "s/\!/\*/g" test
***********
[root@localhost usercheck]# cat test
!!!!!!!!!!!
[root@localhost usercheck]# [/tex]

oppo · 发表于 2014-11-6 16:38

[tex=code]
#!/bin/bash
#set -x
# Usage: check and repair user
# History:
# 20140918 hean debug 1.0
# 20141104 hean 修复过滤不严bug
# 20141106 hean 检查/etc/下passwd,shadow等文件隐藏权限
LOG=usercheck.log

IP=`ifconfig eth1|grep "inet addr"|awk '{print

$2}'|awk -F '[:]' '{print $2}'` if [ "$ IP"x = ""x ]; then
IP=`awk -F '[=]' '{print

$2}' /etc/sinainstall.conf` fi if [ "$ IP"x = ""x ]; then
IP=`ifconfig eth0|grep "inet addr"|awk '{print

$2}'|awk -F '[:]' '{print $2}'` fi rm -f$ IP"_"

$LOG touch$ IP"_"$LOG

RSYNC=10.217.13.242::hean/usercheck/log/

CONF=(
/etc/shadow
/etc/passwd
/etc/group
)

function CheckAttr()
{
for id in ${CONF

}
do
lsattr

$id |grep "\-i\-" &>/dev/null && r=0 || r=1 if [$ r -eq 0 ]; then
echo "

$id has attribute i ,cfengine can not modify$ id ,before you run cfengine you must remove the attribute i"
echo "use the command : chattr -i

$id " fi done } function Check() { while read user;do echo -e "\n\n**************check $user @ $IP************************" #check if user exist id $user && r=0 || r=1 if [ $r -eq 1 ];then echo "$user not exist! run /var/cfengine/bin/cfagent -qv -K" continue fi #check shadow status=`grep "^$user:" /etc/shadow | awk -F '[:]' '{print $2}'` if [ "$status"x = "!!"x ];then echo "$user is disallowed to login, modify the shadow..." sed -i "s/^$user:\!\!/$user:\*/g" /etc/shadow else echo "shadow ok!" fi #check .ssh if [ ! -f /usr/home/$user/.ssh/authorized_keys ];then echo "/usr/home/$user/.ssh/authorized_keys not exist! run /var/cfengine/bin/cfagent -qv -K" continue fi #check home dir permission mod=`ls -l /usr/home/ | grep " $user\$" | awk '{print $1}'` if [ "$mod"x != "drwxr-xr-x"x ];then echo "home dir permission error! chmod to 755..." chmod 755 /usr/home/$user else echo "home dir ok!" fi #check .ssh dir permission mod=`ls -la /usr/home/$user | grep -E "\.ssh" | awk '{print $1}'` if [ "$mod"x != "drwx------"x ];then echo ".ssh dir permission error! chmod to 755..." chmod 700 /usr/home/$user/.ssh else echo ".ssh dir ok!" fi #check authorized_keys permission mod=`ls -l /usr/home/$user/.ssh | grep "authorized_keys" | awk '{print $1}'` if [ "$mod"x != "-rw-r--r--"x ];then echo "authorized_keys permission error! chmod to 755..." chmod 644 /usr/home/$user/.ssh/authorized_keys else echo "authorized_keys file ok!" fi #check home dir owner owner=`ls -l /usr/home/ | grep " $user\$" | awk '{print $3}'` if [ "$owner"x != "$user"x ];then echo "home dir owner error! chown to $user.." chown -R $user /usr/home/$user else echo "home dir owner ok!" fi #check home dir group group=`ls -l /usr/home/ | grep " $user\$" | awk '{print $4}'` if [ "$group"x != "$user"x ];then echo "home dir group error! chown to $user.." chown :$user /usr/home/$user else echo "home dir group ok!" fi #del user line in authorized_keys sed -i "/$user/d" /usr/home/$user/.ssh/authorized_keys done <dat } # Check if user is root if [$ (id -u) != "0" ]; then
printf "Error: You must be root to run this script!\n"
exit 1
fi

CheckAttr 2>&1 | tee -a

$IP"_"$ LOG
Check 2>&1 | tee -a

$IP"_"$ LOG
rsync

$IP"_"$ LOG $RSYNC
[/tex]

账号		自动登录	找回密码
密码			立即注册

[系统维护] 检查用户脚本

相关帖子