1、查看 tcp 的连接状态
代码语言:javascript复制#!/bin/bash
# 统计不同状态的 TCP 连接(除了 LISTEN)
all_status_tcp=$(netstat -nt | awk 'NR>2 { status[$6]} END {for (s in status) print s, status[s]}')
# 统计各状态的 TCP 连接以及连接数
all_tcp=$(netstat -na | awk '/^tcp/ { status[$NF]} END {for (s in status) print s, status[s]}')
# 统计连接到本地 80 端口的 IP 地址(IPv4)
connect_80_ip=$(netstat -ant | awk -F'[ :]' '/:80/ { ip[$6]} END {for (i in ip) print i, ip[i]}' | sort -rn)
# 输出连接到本地 80 端口的前十个 IP 地址(IPv4)
top10_connect_80_ip=$(netstat -ant | awk -F'[ :]' '/:80/ { ip[$6]} END {for (i in ip) print i, ip[i]}' | sort -rn | head -n 10)
echo -e "e[31m不同状态(除了 LISTEN)的 TCP 连接及连接数:e[0mn${all_status_tcp}"
echo -e "e[31m各个状态的 TCP 连接以及连接数:e[0mn${all_tcp}"
echo -e "e[31m连接到本地 80 端口的 IP 地址及连接数:e[0mn${connect_80_ip}"
echo -e "e[31m前十个连接到本地 80 端口的 IP 地址及连接数:e[0mn${top10_connect_80_ip}"2、文件不安全的权限检查
代码语言:javascript复制# 查找系统中任何用户都有写权限的文件(目录),并存放到/tmp/anynone_write.txt
find / -type f -perm -o=w -o -perm -g=w -o -perm -o=w -exec echo {} ; > /tmp/anynone_write.txt
# 查找系统中所有含 's' 位权限的程序,并存放到/tmp/s_permission.txt
find / -type f -perm -4000 -o -perm -2000 -exec echo {} ; > /tmp/s_permission.txt
# 查找系统中没有属主以及属组的文件,并存放到/tmp/none.txt
find / -nouser -o -nogroup -exec echo {} ; > /tmp/none.txt3、根据 PID 显示进程所有信息
代码语言:javascript复制#!/bin/bash
read -p "请输入要查询的PID: " pid
process_info=$(ps -o pid= -o comm= -o user= -o %cpu= -o %mem= -o start= -o time= -o stat= -o vsz= -o rss= -p "$pid")
if [ -z "$process_info" ]; then
echo "该PID不存在!!"
exit
fi
read -r process_pid process_command process_user process_cpu process_mem process_start process_time process_stat process_vsz process_rss <<< "$process_info"
echo -e "e[32m--------------------------------e[0m"
echo "进程PID: $process_pid"
echo "进程命令:$process_command"
echo "进程所属用户: $process_user"
echo "CPU占用率:$process_cpu%"
echo "内存占用率:$process_mem%"
echo "进程开始运行的时间:$process_start"
echo "进程运行的时间:$process_time"
echo "进程状态:$process_stat"
echo "进程虚拟内存:$process_vsz"
echo "进程共享内存:$process_rss"
echo -e "e[32m--------------------------------e[0m"4、根据进程名显示该进程所有信息
代码语言:javascript复制#!/bin/bash
read -p "请输入要查询的进程名:" process_name
process_info=$(ps -o pid= -o comm= -o user= -o %cpu= -o %mem= -o start= -o time= -o stat= -o vsz= -o rss= -C "$process_name")
if [ -z "$process_info" ]; then
echo "该进程名没有运行!"
exit
fi
echo -e "e[32m***************************************************************e[0m"
while read -r process_pid process_command process_user process_cpu process_mem process_start process_time process_stat process_vsz process_rss; do
echo "进程PID: $process_pid"
echo "进程命令:$process_command"
echo "进程所属用户: $process_user"
echo "CPU占用率:$process_cpu%"
echo "内存占用率:$process_mem%"
echo "进程开始运行的时间:$process_start"
echo "进程运行的时间:$process_time"
echo "进程状态:$process_stat"
echo "进程虚拟内存:$process_vsz"
echo "进程共享内存:$process_rss"
echo -e "e[32m***************************************************************e[0m"
done <<< "$process_info"
5、根据用户名查看该用户的相关信息
代码语言:javascript复制#!/bin/bash
read -p "请输入要查询的用户名:" username
echo "------------------------------"
user_info=$(getent passwd "$username")
if [ -z "$user_info" ]; then
echo -e "e[31m该用户不存在!e[0m"
echo "------------------------------"
else
echo "该用户的用户名:$username"
echo "该用户的UID:$(echo "$user_info" | awk -F: '{print $3}')"
echo "该用户的组为:$(id -gn "$username")"
echo "该用户的GID为:$(echo "$user_info" | awk -F: '{print $4}')"
echo "该用户的家目录为:$(echo "$user_info" | awk -F: '{print $6}')"
shell=$(echo "$user_info" | awk -F: '{print $NF}')
if [ "$shell" == "/bin/bash" ]; then
echo -e "e[32m该用户有登录系统的权限e[0m"
echo "------------------------------"
elif [ "$shell" == "/sbin/nologin" ]; then
echo -e "e[31m该用户没有登录系统的权限!e[0m"
echo "------------------------------"
fi
fi
6、显示系统性能
代码语言:javascript复制#!/bin/bash
# 获取物理内存使用量
mem_used=$(free -m | awk '/^Mem/{print $3}')
# 获取物理内存总量
mem_total=$(free -m | awk '/^Mem/{print $2}')
# 获取CPU核数
cpu_num=$(grep -c '^processor' /proc/cpuinfo)
# 获取平均负载
load_average=$(uptime | awk -F'[a-z]:' '{print $2}')
# 获取CPU使用率
cpu_usage=$(top -b -n 1 | awk '/^%Cpu/{print $2"% (User), "$4"% (System), "$10"% (Idle), "$8"% (I/O), "$6"% (Hardware interrupts), "$7"% (Software interrupts)"}')
echo "物理内存使用量(M): $mem_used"
echo "物理内存总量(M): $mem_total"
echo "CPU核数: $cpu_num"
echo "平均负载: $load_average"
echo "CPU使用率:"
echo "$cpu_usage"
