1、自動化登錄服務器操作:
第一種方式:(login.vbs文件)
Sub Main
xsh.Screen.Send "ssh root@10.99.202.54"
xsh.Screen.Send VbCr
xsh.Screen.WaitForString "password: "
xsh.Screen.Send "TOYxmx$Hpv"
xsh.Screen.Send VbCr
xsh.Screen.Send "ifconfig"
xsh.Screen.Send VbCr
End Sub
第二種方式:建立會話實現點擊登錄
2、執行命令的腳本文件(basci.vbs文件)
Sub Main
xsh.Screen.Send "yum install lrzsz -y"
xsh.Screen.Send VbCr
xsh.Screen.Send "yum -y install psmisc"
xsh.Screen.Send VbCr
xsh.Screen.Send "yum install -y ntp"
xsh.Screen.Send VbCr
xsh.Screen.Send "service ntpd start"
xsh.Screen.Send VbCr
xsh.Screen.Send "cd /home"
xsh.Screen.Send VbCr
xsh.Screen.Send "mkdir securityCheck"
xsh.Screen.Send VbCr
xsh.Screen.Send "cd /home/securityCheck"
xsh.Screen.Send VbCr
End Sub
3、上傳文件
rz (enter)
4、執行腳本文件(查詢信息,生成TXT文件並且導出到本地)run.vbs文件
Sub Main
xsh.Screen.Send "chmod +x securityCheck.sh"
xsh.Screen.Send VbCr
xsh.Screen.Send "./securityCheck.sh"
xsh.Screen.Send VbCr
xsh.Screen.Send "sz securityReport.txt"
xsh.Screen.Send VbCr
xsh.Screen.Send VbCr
End Sub
5、腳本文件具體內容(securityCheck.sh文件)
#!/bin/bash
echo "------------------------網絡安全檢查開始----------------------" >> /home/securityCheck/securityReport.txt
echo "------------------第一部分——網卡配置查詢--------------------" >> /home/securityCheck/securityReport.txt
#01-網卡配置——查詢命令總結
network_scripts=`cat /etc/sysconfig/network-scripts/ifcfg-ens192`
echo "1.1 系統網卡配置信息ifcfg-ens192:" >> /home/securityCheck/securityReport.txt
echo "$network_scripts" >> /home/securityCheck/securityReport.txt
ifconfig=`ifconfig`
echo "1.2 系統網卡ifconfig具體信息:" >> /home/securityCheck/securityReport.txt
echo "$ifconfig" >> /home/securityCheck/securityReport.txt
#02-DNS文件配置——查詢命令
echo "------------------第二部分——DNS配置查詢--------------------" >> /home/securityCheck/securityReport.txt
DNS=`cat /etc/resolv.conf`
echo "2.1 系統DNS配置信息:" >> /home/securityCheck/securityReport.txt
echo "$DNS" >> /home/securityCheck/securityReport.txt
#03-核查NTP文件配置-查詢命令
echo "------------------第三部分——NTP配置查詢--------------------" >> /home/securityCheck/securityReport.txt
#查詢NTP文件配置
NTP=`ntpq -p`
echo "3.1 系統NTP配置信息" >> /home/securityCheck/securityReport.txt
echo "$NTP" >> /home/securityCheck/securityReport.txt
#顯示網絡時間同步狀態
NTPstat=`ntpstat`
echo "3.2 系統網絡時間同步狀態信息" >> /home/securityCheck/securityReport.txt
echo "$NTPstat" >> /home/securityCheck/securityReport.txt
#04-端口檢查-查詢命令
echo "------------------第四部分——端口信息查詢--------------------" >> /home/securityCheck/securityReport.txt
#所有端口檢查
PORT=`netstat -tunlp`
echo "4.1 系統所有端口信息" >> /home/securityCheck/securityReport.txt
echo "$PORT" >> /home/securityCheck/securityReport.txt
#查看所有的服務和端口
AllPORT=`netstat -anlp`
echo "4.2 系統所有的服務及端口信息" >> /home/securityCheck/securityReport.txt
echo "$AllPORT" >> /home/securityCheck/securityReport.txt
#查看服務占用的端口(比如Nginx,mysqld)
JAVA=`netstat -ntulp | grep java`
echo "4.3-1 java服務占用的端口信息" >> /home/securityCheck/securityReport.txt
echo "$JAVA" >> /home/securityCheck/securityReport.txt
NGINX=`netstat -ntulp | grep nginx`
echo "4.3-2 nginx服務占用的端口信息" >> /home/securityCheck/securityReport.txt
echo "$NGINX" >> /home/securityCheck/securityReport.txt
REDIS=`netstat -ntulp | grep redis`
echo "4.3-3 redis服務占用的端口信息" >> /home/securityCheck/securityReport.txt
echo "$REDIS" >> /home/securityCheck/securityReport.txt
#ssh服務器端/etc/ssh/sshd_conf配置文件詳解
SSH=`cat /etc/ssh/sshd_config`
echo "4.4 SSH服務的具體配置信息" >> /home/securityCheck/securityReport.txt
echo "$SSH" >> /home/securityCheck/securityReport.txt
echo "------------------第五部分——防火牆信息查詢--------------------" >> /home/securityCheck/securityReport.txt
#05-核查防火牆-查詢命令
#查看防火牆的狀態
FIREWALL=`firewall-cmd --state`
echo "5.1 防火牆的具體信息" >> /home/securityCheck/securityReport.txt
echo "$FIREWALL" >> /home/securityCheck/securityReport.txt
#查看防火牆的規則
FIRERULE=`firewall-cmd --list-all`
echo "5.2 防火牆的具體信息" >> /home/securityCheck/securityReport.txt
echo "$FIRERULE" >> /home/securityCheck/securityReport.txt
echo "------------------第六部分——系統用戶信息查詢--------------------" >> /home/securityCheck/securityReport.txt
#06-核查系統用戶-查詢命令
#查詢系統用戶列表
SYSTEMUSER=`cat /etc/passwd`
echo "6.1 系統的用戶狀態信息" >> /home/securityCheck/securityReport.txt
echo "$SYSTEMUSER" >> /home/securityCheck/securityReport.txt
#查詢系統用戶密碼列表
USERPASSWORD=`cat /etc/shadow`
echo "6.2 系統的用戶密碼信息" >> /home/securityCheck/securityReport.txt
echo "$USERPASSWORD" >> /home/securityCheck/securityReport.txt
#查看系統中有哪些用戶
USER=`cut -d : -f 1 /etc/passwd`
echo "6.3 系統的用戶列表" >> /home/securityCheck/securityReport.txt
echo "$USER" >> /home/securityCheck/securityReport.txt
#查看可以登錄系統的用戶
LOGINUSER=`cat /etc/passwd | grep -v /sbin/nologin | cut -d : -f 1`
echo "6.4 系統中具有登錄權限的用戶信息" >> /home/securityCheck/securityReport.txt
echo "$LOGINUSER" >> /home/securityCheck/securityReport.txt
echo "------------------第七部分——系統進程信息查詢--------------------" >> /home/securityCheck/securityReport.txt
#07-核查進程-查詢命令
#查詢系統的所有進程
PROCESS=`ps aux --sort=-%mem`
echo "7.1 系統所有的進程信息(按照占用內存大小排序)" >> /home/securityCheck/securityReport.txt
echo "$PROCESS" >> /home/securityCheck/securityReport.txt
#查詢所有正在運行中的進程
PROCESSING=`ps aux | less`
echo "7.2 系統中正在運行的進程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESSING" >> /home/securityCheck/securityReport.txt
#顯示系統所有進程的進程樹
PTREE=`pstree`
echo "7.3 系統整體進程樹信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE" >> /home/securityCheck/securityReport.txt
#查詢特定服務的進程樹
PTREE_JAVA=`pstree -aup | grep java`
echo "7.4.1 系統中java服務的進程樹信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_JAVA" >> /home/securityCheck/securityReport.txt
PTREE_REDIS=`pstree -aup | grep redis`
echo "7.4.2 系統中redis服務的進程樹信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_REDIS" >> /home/securityCheck/securityReport.txt
PTREE_NGINX=`pstree -aup | grep nginx`
echo "7.4.3 系統中nginx服務的進程樹信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_NGINX" >> /home/securityCheck/securityReport.txt
PTREE_SSH=`pstree -aup | grep ssh`
echo "7.4.4 系統中SSH服務的進程樹信息" >> /home/securityCheck/securityReport.txt
echo "$PTREE_SSH" >> /home/securityCheck/securityReport.txt
#查詢某一個服務的進程數
PROCESS_COUNT_JAVA=`ps -ef | grep java | wc -l`
echo "7.5.1 系統中java服務的進程數" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_JAVA" >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_REDIS=`ps -ef | grep redis | wc -l`
echo "7.5.2 系統中redis服務的進程數" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_JAVA" >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_NGINX=`ps -ef | grep nginx | wc -l`
echo "7.5.3 系統中nignx服務的進程數" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_NGINX" >> /home/securityCheck/securityReport.txt
PROCESS_COUNT_SSH=`ps -ef | grep ssh | wc -l`
echo "7.5.4 系統中ssh服務的進程數" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_COUNT_SSH" >> /home/securityCheck/securityReport.txt
#查詢某一個服務的進程詳細信息
PROCESS_DETAIL_JAVA=`ps -ef | grep java`
echo "7.6.1 系統中java服務的具體進程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_JAVA" >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_REDIS=`ps -ef | grep redis`
echo "7.6.2 系統中redis服務的具體進程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_REDIS" >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_NGINX=`ps -ef | grep nginx`
echo "7.6.3 系統中nignx服務的具體進程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_NGINX" >> /home/securityCheck/securityReport.txt
PROCESS_DETAIL_SSH=`ps -ef | grep ssh`
echo "7.6.4 系統中ssh服務的具體進程信息" >> /home/securityCheck/securityReport.txt
echo "$PROCESS_DETAIL_SSH" >> /home/securityCheck/securityReport.txt
echo "------------------第八部分——系統CPU信息查詢--------------------" >> /home/securityCheck/securityReport.txt
#08-核查CPU信息-查詢命令
#cpu邏輯核個數
CPU_NUMBER_logistic=`cat /proc/cpuinfo | grep "processor" | wc -l`
echo "8.1 系統CPU邏輯核個數" >> /home/securityCheck/securityReport.txt
echo "$CPU_NUMBER_logistic" >> /home/securityCheck/securityReport.txt
#cpu物理核個數
CPU_NUMBER_physical=`cat /proc/cpuinfo | grep "cpu cores" | uniq`
echo "8.2 系統CPU物理核個數" >> /home/securityCheck/securityReport.txt
echo "$CPU_NUMBER_physical" >> /home/securityCheck/securityReport.txt
#cpu個數
CPU_NUMBER=`cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l`
echo "8.3 系統CPU的個數" >> /home/securityCheck/securityReport.txt
echo "$CPU_NUMBER" >> /home/securityCheck/securityReport.txt
#cpu是否啟用超線程(siblings 大於 cpu cores,說明啟用了超線程)
CHAO_THREAD=`cat /proc/cpuinfo | grep -e "cpu cores" -e "siblings" | sort | uniq`
echo "8.4 系統的超線程情況信息" >> /home/securityCheck/securityReport.txt
echo "$CHAO_THREAD" >> /home/securityCheck/securityReport.txt
#cpu的具體信息查詢
CPU_DETAIL=`cat /proc/cpuinfo`
echo "8.5 系統CPU的具體信息" >> /home/securityCheck/securityReport.txt
echo "$CPU_DETAIL" >> /home/securityCheck/securityReport.txt
#查詢CPU的主頻
CPU_HZ=`cat /proc/cpuinfo |grep MHz|uniq`
echo "8.6 系統CPU的主頻信息" >> /home/securityCheck/securityReport.txt
echo "$CPU_HZ" >> /home/securityCheck/securityReport.txt
#查詢內存的基本信息
RAM=`cat /proc/meminfo`
echo "8.7 系統內存信息" >> /home/securityCheck/securityReport.txt
echo "$RAM" >> /home/securityCheck/securityReport.txt
#查看CPU的型號
CPU_TYPE=`dmidecode -s processor-version`
echo "8.7 系統內存信息" >> /home/securityCheck/securityReport.txt
echo "$CPU_TYPE" >> /home/securityCheck/securityReport.txt
echo "------------------------網絡安全檢查結束----------------------" >> /home/securityCheck/securityReport.txt
6、結束腳本內容(end.vbs)
Sub Main
xsh.Screen.Send "cd /home"
xsh.Screen.Send VbCr
xsh.Screen.Send "rm -rf securityCheck"
xsh.Screen.Send VbCr
xsh.Screen.Send "ll"
xsh.Screen.Send VbCr
End Sub
綜合以上腳本內容和執行順序,具體的文件如下所示:
