380 lines
11 KiB
Markdown
380 lines
11 KiB
Markdown
<h1><center>shell脚本案例</center></h1>
|
||
|
||
作者:行癫(盗版必究)
|
||
|
||
------
|
||
|
||
## 一:脚本案例
|
||
|
||
#### 1.配置静态IP案例
|
||
|
||
```shell
|
||
#!/bin/bash
|
||
# This script configures a static IP address on CentOS 7
|
||
|
||
# Define variables for the IP address, netmask, gateway, and DNS servers
|
||
IP_ADDRESS=192.168.1.100
|
||
NETMASK=255.255.255.0
|
||
GATEWAY=192.168.1.1
|
||
DNS_SERVERS="8.8.8.8 114.114.114.114"
|
||
|
||
# Backup the original network configuration file
|
||
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33.bak
|
||
|
||
# Modify the network configuration file with the static IP address, netmask, gateway, and DNS servers
|
||
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-ens33
|
||
TYPE=Ethernet
|
||
BOOTPROTO=none
|
||
NAME=ens33
|
||
DEVICE=ens33
|
||
ONBOOT=yes
|
||
IPADDR=$IP_ADDRESS
|
||
NETMASK=$NETMASK
|
||
GATEWAY=$GATEWAY
|
||
DNS1=${DNS_SERVERS%% *}
|
||
DNS2=${DNS_SERVERS##* }
|
||
EOF
|
||
|
||
# Restart the network service to apply the changes
|
||
systemctl restart network
|
||
|
||
# Display the new network configuration
|
||
ip addr show ens33
|
||
```
|
||
|
||
centos stream 9
|
||
|
||
```shell
|
||
[root@xingdiancloud ~]# bash network.sh
|
||
#!/bin/bash
|
||
#auther:xingdian
|
||
NET_DIR=`ls /etc/NetworkManager/system-connections/`
|
||
NET_PATH="/etc/NetworkManager/system-connections/"
|
||
read -p "请输入IP地址: " ipadd
|
||
read -p "请输入子网掩码,例如24: " netmask
|
||
read -p "请输入默认网关: " gateway
|
||
read -p "请输入dns地址: " dns
|
||
read -p "输入设备名字: " name
|
||
# 备份原配置
|
||
if [ -f ${NET_PATH}${name}.nmconnection.bak ];then
|
||
rm -rf ${NET_PATH}${name}.nmconnection.bak
|
||
else
|
||
cp ${NET_PATH}${NET_DIR} ${NET_PATH}${NET_DIR}.bak
|
||
fi
|
||
cat > ${NET_PATH}${name}.nmconnection <<eof
|
||
[connection]
|
||
id=$name
|
||
uuid=639d6c39-a14a-36f9-b18f-7c1ff3c082d7
|
||
type=ethernet
|
||
autoconnect-priority=-999
|
||
interface-name=$name
|
||
timestamp=1681589526
|
||
|
||
[ethernet]
|
||
|
||
[ipv4]
|
||
method=manual
|
||
address1=$ipadd/$netmask,$gateway
|
||
dns=$dns
|
||
|
||
[ipv6]
|
||
addr-gen-mode=eui64
|
||
method=auto
|
||
|
||
[proxy]
|
||
eof
|
||
|
||
nmcli c reload
|
||
nmcli c up $name
|
||
|
||
#systemctl restart NetworkManager
|
||
```
|
||
|
||
#### 2.系统初始化脚本
|
||
|
||
```shell
|
||
#!/bin/bash
|
||
#centos7: 初始化脚本
|
||
#auther:xingdian
|
||
|
||
# 防火墙设置
|
||
|
||
echo "关闭防火墙和selinux中...."
|
||
|
||
echo
|
||
systemctl stop firewalld && systemctl disable firewalld &> /dev/null
|
||
|
||
if [ $? -eq 0 ];then
|
||
echo "防火墙已经成功关闭....."
|
||
else
|
||
echo "防火墙关闭失败,请手动关闭!!!"
|
||
fi
|
||
|
||
setenforce 0 && sed -i '/^SELINUX/c SELINUX=disabled' /etc/selinux/config
|
||
|
||
if [ $? -eq 0 ];then
|
||
echo "selinux已经成功关闭....."
|
||
else
|
||
echo "selnux关闭失败,请手动关闭!!!"
|
||
fi
|
||
echo
|
||
|
||
# 外网检测
|
||
echo "正在检测网络是否能上外网......"
|
||
|
||
echo
|
||
|
||
ping -c 2 www.baidu.com &> /dev/null
|
||
|
||
if [ $? -eq 0 ];then
|
||
echo "网络正常"
|
||
else
|
||
echo "网络不可达!"
|
||
fi
|
||
echo
|
||
|
||
# 配置yum源-这里选用阿里源
|
||
|
||
echo "配置yum源中....."
|
||
echo
|
||
yum install -y wget &> /dev/null
|
||
if [ $? -ne 0 ];then
|
||
echo "wget 安装失败........."
|
||
systemctl restart network
|
||
yum repolist &> /dev/null
|
||
sleep 2
|
||
fi
|
||
mkdir -p /root/YUM_backup
|
||
mv /etc/yum.repos.d/* /root/YUM_backup
|
||
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
|
||
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &>/dev/null
|
||
yum clean all &>/dev/null && yum reppolist &>/dev/null
|
||
echo "你的yum源有:" $(ls /etc/yum.repos.d)
|
||
sleep 2
|
||
|
||
# 配置主机名和host文件
|
||
|
||
echo "正在配置你的主机名..."
|
||
|
||
echo
|
||
read -p "请输入你的主机名:" host
|
||
|
||
hostname(){
|
||
hostnamectl set-hostname $host
|
||
}
|
||
hostname host && echo -e "主机名设置成功!!"
|
||
|
||
echo "正在配置你的hosts文件..."
|
||
ip=$(ip a | grep ens33 |grep inet |awk '{print $2}' | awk -F"/" '{print $1}')
|
||
echo "$ip $host" >> /etc/hosts
|
||
echo "hosts配置完成!!!"
|
||
|
||
# 安装基础软件包
|
||
|
||
echo "安装基础软件包中....."
|
||
echo
|
||
|
||
yum install -y vim wget unzip yum_utils &>/dev/null
|
||
if [ $? -eq 0 ];then
|
||
echo "安装完成....."
|
||
else
|
||
echo "安装失败..... "
|
||
fi
|
||
# 时间同步
|
||
echo
|
||
echo "时间同步中……"
|
||
yum install -y ntpdate &> /dev/null
|
||
ntpdate cn.pool.ntp.org &> /dev/null
|
||
file=$(who | head -1 | cut -d" " -f1)
|
||
echo "* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org" > /var/spool/cron/$file
|
||
if [ $? -eq 0 ];then
|
||
echo "时间同步成功!!!"
|
||
echo "unset MAILCHECK" >> /etc/profile
|
||
source /etc/profile &> /dev/null
|
||
else
|
||
echo "时间同步失败!!!"
|
||
fi
|
||
```
|
||
|
||
#### 3.获取系统信息
|
||
|
||
```shell
|
||
#!/bin/bash
|
||
#此脚本获取系统centos7.x/centos stream9.x
|
||
#auther:xingdian
|
||
|
||
#查看服务器硬件型号
|
||
hard_type=`dmidecode |grep "Product Name"|tr "\n" " "` #获取服务器型号
|
||
sn=`dmidecode |grep -A 3 "Product Name" |grep "Serial Number"|grep -v "None"` #获取硬件序列码
|
||
|
||
##系统信息
|
||
version=`cat /etc/redhat-release` #版本
|
||
kernel=`uname -r` #内核
|
||
|
||
##cpu
|
||
phy_cpu_num=`grep 'physical id' /proc/cpuinfo | sort | uniq | wc -l` #物理CPU数量
|
||
nuclear=`grep vendor_id /proc/cpuinfo|wc -l` #逻辑核数(线程)
|
||
|
||
##内存\Swap
|
||
mem=`free -m|grep Mem|awk '{print $2"M"}'` #内存总大小
|
||
user_mem=`free -m|grep Mem|awk '{print $3"M"}'` #已用内存大小
|
||
swap=`free -m |grep Swap|awk '{print $2"M"}'` #swap总大小
|
||
user_swap=`free -m |grep Swap|awk '{print $3"M"}'` #已用swap大小
|
||
|
||
#最大支持内存数
|
||
max_memory=`dmidecode|grep -P 'Maximum\s+Capacity'`
|
||
|
||
##负载
|
||
loadavg=`uptime |awk -F: '{print $NF}'` #系统负载
|
||
|
||
##网络
|
||
network=`[[ $(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" www.baidu.com) -eq 200 ]] && echo yes || echo no` #根据curl www.baidu.com的返回状态码来判断是否能上网
|
||
ip_addr=`ip address|grep -w "inet"|grep -v "127.0.0.1"|awk -F "[ /]+" '{print $3,$NF}'` #获取除了回环地址之外的所有网卡的ip地址和对应的网卡名
|
||
##磁盘
|
||
disk_zong=`df -Th | grep -w '/' | awk '{print $3}'` #获取系统盘的总大小
|
||
disk_user=`df -Th | grep -w '/' | awk '{print $4}'` #获取系统盘已用大小
|
||
disk_lsbl=`lsblk` #硬盘分区分布
|
||
##其他
|
||
system_time=`awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime` #开机时长
|
||
sys_begin=`date -d "$(awk -F. '{print $1}' /proc/uptime) second ago" +"%Y-%m-%d %H:%M:%S"` #开机时间
|
||
##日志
|
||
system_log=`du -sh /var/log/ |awk '{print $1}'` #系统日志大小
|
||
#进程
|
||
tasks=`top -n1 |grep Tasks |awk '{print $2,$4,6}'` #总 运行 休眠
|
||
|
||
system(){
|
||
echo "
|
||
|硬件型号:
|
||
$hard_type
|
||
|序列号:
|
||
$sn
|
||
|版本: $version
|
||
|内核: $kernel
|
||
|
||
|物理CPU个数:$phy_cpu_num 逻辑核数: $nuclear"个"
|
||
|负载:$loadavg
|
||
|
||
|内存: $mem #最大支持内存:$max_memory
|
||
|已用: $user_mem
|
||
|swap: $swap
|
||
|已用: $user_swap
|
||
|
||
|是否可以上网: $network
|
||
|本地IP地址:
|
||
$ip_addr
|
||
|
||
|系统磁盘大小: $disk_zong
|
||
|系统磁盘已用: $disk_user
|
||
|日志: 系统日志大小为$system_log
|
||
|开机: $sys_begin
|
||
|至今: $system_time
|
||
硬盘分区
|
||
----------------------------------------------------------------------
|
||
$disk_lsbl
|
||
----------------------------------------------------------------------
|
||
|
||
----------------------------------------------------------------------
|
||
"
|
||
}
|
||
system
|
||
##端口扫描
|
||
echo "监听的端口扫描
|
||
----------------------------------------------------------------------"
|
||
portarray=(`sudo netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^[0-9]*$/) print $NF}'|sort|uniq`)
|
||
length=${#portarray[@]} #统计元素个数
|
||
printf "{\n"
|
||
printf '\t'port":"
|
||
for ((i=0;i<$length;i++))
|
||
do
|
||
printf '\n\t\t{'
|
||
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"}"
|
||
if [ $i -lt $[$length-1] ];then
|
||
printf ','
|
||
fi
|
||
done
|
||
printf "\n\t\n"
|
||
printf "}\n"
|
||
echo "----------------------------------------------------------------------
|
||
"
|
||
```
|
||
|
||
#### 4.sshpass登录远程服务器与验证
|
||
|
||
```shell
|
||
sshpass安装后,可以在控制台输入sshpass命令查看所有选项参数:
|
||
|
||
$ sshpass
|
||
|
||
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
|
||
|
||
-f filename Take password to use from file
|
||
|
||
-d number Use number as file descriptor for getting password
|
||
|
||
-p password Provide password as argument (security unwise)
|
||
|
||
-e Password is passed as env-var "SSHPASS"
|
||
|
||
With no parameters - password will be taken from stdin
|
||
|
||
-P prompt Which string should sshpass search for to detect a password prompt
|
||
|
||
-v Be verbose about what you're doing
|
||
-h Show help (this screen)
|
||
-V Print version information
|
||
At most one of -f, -d, -p or -e should be used
|
||
如上所示,command parameters为你要执行的需要交互式输入密码的命令,如:ssh、scp等。当sshpass没有指定参数时会从stdin获取密码,几个密码输入相关参数如下:
|
||
-f filename:从文件中获取密码
|
||
-d number:使用数字作为获取密码的文件描述符
|
||
-p password:指定明文本密码输入(安全性较差)
|
||
-e:从环境变量SSHPASS获取密码
|
||
|
||
远程连接指定ssh的端口:
|
||
[root@linuxcool ~]# sshpass -p "password" ssh username@ip
|
||
本地执行远程机器的命令:
|
||
[root@linuxcool ~]# sshpass -p "password" ssh -p 8443 username@ip
|
||
从密码文件读取文件内容作为密码去远程连接主机:
|
||
[root@linuxcool ~]# sshpass -p xxx ssh root@192.168.11.11 "ethtool eth0"
|
||
从远程主机上拉取文件到本地:
|
||
[root@linuxcool ~]# sshpass -p '123456' scp root@host_ip:/home/test/t ./tmp/
|
||
```
|
||
|
||
#### 5.免密脚本
|
||
|
||
```shell
|
||
yum -y install expect
|
||
#生成并拷贝ssh_key到远程机器
|
||
rm -rf /root/.ssh/*
|
||
/usr/bin/expect <<EOF
|
||
set timeout 30
|
||
spawn ssh-keygen
|
||
expect "Enter file in which to save the key (/root/.ssh/id_rsa):"
|
||
send "\n"
|
||
expect "Enter passphrase (empty for no passphrase):"
|
||
send "\n"
|
||
expect "Enter same passphrase again:"
|
||
send "\n"
|
||
spawn ssh-copy-id 172.16.70.251
|
||
expect {
|
||
"yes/no" { send "yes\n"; exp_continue }
|
||
"root@172.16.70.251's password:" { send "uplooking\n"}
|
||
}
|
||
expect eof
|
||
EOF
|
||
ssh-add #将私钥身份添加到 OpenSSH 身份验证代理,从而提高ssh的认证速度
|
||
==========================================
|
||
/usr/bin/expect <<eof
|
||
spawn:生成 spawn ssh 10.18.44.196
|
||
expect:捕获 expect "password"
|
||
send:发送 send "1\n"
|
||
expect eof
|
||
eof
|
||
```
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|