You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

380 lines
11 KiB

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<h1><center>shell脚本案例</center></h1>
作者:行癫(盗版必究)
------
## 一:脚本案例
#### 1.配置静态IP案例
```shell
#!/bin/bash
# This script configures a static IP address on CentOS 7
# Define variables for the IP address, netmask, gateway, and DNS servers
IP_ADDRESS=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS_SERVERS="8.8.8.8 114.114.114.114"
# Backup the original network configuration file
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33.bak
# Modify the network configuration file with the static IP address, netmask, gateway, and DNS servers
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=$IP_ADDRESS
NETMASK=$NETMASK
GATEWAY=$GATEWAY
DNS1=${DNS_SERVERS%% *}
DNS2=${DNS_SERVERS##* }
EOF
# Restart the network service to apply the changes
systemctl restart network
# Display the new network configuration
ip addr show ens33
```
centos stream 9
```shell
[root@xingdiancloud ~]# bash network.sh
#!/bin/bash
#autherxingdian
NET_DIR=`ls /etc/NetworkManager/system-connections/`
NET_PATH="/etc/NetworkManager/system-connections/"
read -p "请输入IP地址: " ipadd
read -p "请输入子网掩码,例如24: " netmask
read -p "请输入默认网关: " gateway
read -p "请输入dns地址: " dns
read -p "输入设备名字: " name
# 备份原配置
if [ -f ${NET_PATH}${name}.nmconnection.bak ];then
rm -rf ${NET_PATH}${name}.nmconnection.bak
else
cp ${NET_PATH}${NET_DIR} ${NET_PATH}${NET_DIR}.bak
fi
cat > ${NET_PATH}${name}.nmconnection <<eof
[connection]
id=$name
uuid=639d6c39-a14a-36f9-b18f-7c1ff3c082d7
type=ethernet
autoconnect-priority=-999
interface-name=$name
timestamp=1681589526
[ethernet]
[ipv4]
method=manual
address1=$ipadd/$netmask,$gateway
dns=$dns
[ipv6]
addr-gen-mode=eui64
method=auto
[proxy]
eof
nmcli c reload
nmcli c up $name
#systemctl restart NetworkManager
```
#### 2.系统初始化脚本
```shell
#!/bin/bash
#centos7 初始化脚本
#autherxingdian
# 防火墙设置
echo "关闭防火墙和selinux中...."
echo
systemctl stop firewalld && systemctl disable firewalld &> /dev/null
if [ $? -eq 0 ];then
echo "防火墙已经成功关闭....."
else
echo "防火墙关闭失败,请手动关闭!!!"
fi
setenforce 0 && sed -i '/^SELINUX/c SELINUX=disabled' /etc/selinux/config
if [ $? -eq 0 ];then
echo "selinux已经成功关闭....."
else
echo "selnux关闭失败请手动关闭"
fi
echo
# 外网检测
echo "正在检测网络是否能上外网......"
echo
ping -c 2 www.baidu.com &> /dev/null
if [ $? -eq 0 ];then
echo "网络正常"
else
echo "网络不可达!"
fi
echo
# 配置yum源-这里选用阿里源
echo "配置yum源中....."
echo
yum install -y wget &> /dev/null
if [ $? -ne 0 ];then
echo "wget 安装失败........."
systemctl restart network
yum repolist &> /dev/null
sleep 2
fi
mkdir -p /root/YUM_backup
mv /etc/yum.repos.d/* /root/YUM_backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &>/dev/null
yum clean all &>/dev/null && yum reppolist &>/dev/null
echo "你的yum源有:" $(ls /etc/yum.repos.d)
sleep 2
# 配置主机名和host文件
echo "正在配置你的主机名..."
echo
read -p "请输入你的主机名:" host
hostname(){
hostnamectl set-hostname $host
}
hostname host && echo -e "主机名设置成功!!"
echo "正在配置你的hosts文件..."
ip=$(ip a | grep ens33 |grep inet |awk '{print $2}' | awk -F"/" '{print $1}')
echo "$ip $host" >> /etc/hosts
echo "hosts配置完成!!!"
# 安装基础软件包
echo "安装基础软件包中....."
echo
yum install -y vim wget unzip yum_utils &>/dev/null
if [ $? -eq 0 ];then
echo "安装完成....."
else
echo "安装失败..... "
fi
# 时间同步
echo
echo "时间同步中……"
yum install -y ntpdate &> /dev/null
ntpdate cn.pool.ntp.org &> /dev/null
file=$(who | head -1 | cut -d" " -f1)
echo "* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org" > /var/spool/cron/$file
if [ $? -eq 0 ];then
echo "时间同步成功!!!"
echo "unset MAILCHECK" >> /etc/profile
source /etc/profile &> /dev/null
else
echo "时间同步失败!!!"
fi
```
#### 3.获取系统信息
```shell
#!/bin/bash
#此脚本获取系统centos7.x/centos stream9.x
#autherxingdian
#查看服务器硬件型号
hard_type=`dmidecode |grep "Product Name"|tr "\n" " "` #获取服务器型号
sn=`dmidecode |grep -A 3 "Product Name" |grep "Serial Number"|grep -v "None"` #获取硬件序列码
##系统信息
version=`cat /etc/redhat-release` #版本
kernel=`uname -r` #内核
##cpu
phy_cpu_num=`grep 'physical id' /proc/cpuinfo | sort | uniq | wc -l` #物理CPU数量
nuclear=`grep vendor_id /proc/cpuinfo|wc -l` #逻辑核数(线程)
##内存\Swap
mem=`free -m|grep Mem|awk '{print $2"M"}'` #内存总大小
user_mem=`free -m|grep Mem|awk '{print $3"M"}'` #已用内存大小
swap=`free -m |grep Swap|awk '{print $2"M"}'` #swap总大小
user_swap=`free -m |grep Swap|awk '{print $3"M"}'` #已用swap大小
#最大支持内存数
max_memory=`dmidecode|grep -P 'Maximum\s+Capacity'`
##负载
loadavg=`uptime |awk -F: '{print $NF}'` #系统负载
##网络
network=`[[ $(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" www.baidu.com) -eq 200 ]] && echo yes || echo no` #根据curl www.baidu.com的返回状态码来判断是否能上网
ip_addr=`ip address|grep -w "inet"|grep -v "127.0.0.1"|awk -F "[ /]+" '{print $3,$NF}'` #获取除了回环地址之外的所有网卡的ip地址和对应的网卡名
##磁盘
disk_zong=`df -Th | grep -w '/' | awk '{print $3}'` #获取系统盘的总大小
disk_user=`df -Th | grep -w '/' | awk '{print $4}'` #获取系统盘已用大小
disk_lsbl=`lsblk` #硬盘分区分布
##其他
system_time=`awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime` #开机时长
sys_begin=`date -d "$(awk -F. '{print $1}' /proc/uptime) second ago" +"%Y-%m-%d %H:%M:%S"` #开机时间
##日志
system_log=`du -sh /var/log/ |awk '{print $1}'` #系统日志大小
#进程
tasks=`top -n1 |grep Tasks |awk '{print $2,$4,6}'` #总 运行 休眠
system(){
echo "
|硬件型号:
$hard_type
|序列号:
$sn
|版本: $version
|内核: $kernel
|物理CPU个数$phy_cpu_num 逻辑核数: $nuclear""
|负载:$loadavg
|内存: $mem #最大支持内存:$max_memory
|已用: $user_mem
|swap: $swap
|已用: $user_swap
|是否可以上网: $network
|本地IP地址:
$ip_addr
|系统磁盘大小: $disk_zong
|系统磁盘已用: $disk_user
|日志: 系统日志大小为$system_log
|开机: $sys_begin
|至今: $system_time
硬盘分区
----------------------------------------------------------------------
$disk_lsbl
----------------------------------------------------------------------
----------------------------------------------------------------------
"
}
system
##端口扫描
echo "监听的端口扫描
----------------------------------------------------------------------"
portarray=(`sudo netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^[0-9]*$/) print $NF}'|sort|uniq`)
length=${#portarray[@]} #统计元素个数
printf "{\n"
printf '\t'port":"
for ((i=0;i<$length;i++))
do
printf '\n\t\t{'
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"}"
if [ $i -lt $[$length-1] ];then
printf ','
fi
done
printf "\n\t\n"
printf "}\n"
echo "----------------------------------------------------------------------
"
```
#### 4.sshpass登录远程服务器与验证
```shell
sshpass安装后可以在控制台输入sshpass命令查看所有选项参数
$ sshpass
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-P prompt Which string should sshpass search for to detect a password prompt
-v Be verbose about what you're doing
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used
如上所示command parameters为你要执行的需要交互式输入密码的命令ssh、scp等。当sshpass没有指定参数时会从stdin获取密码几个密码输入相关参数如下
-f filename从文件中获取密码
-d number使用数字作为获取密码的文件描述符
-p password指定明文本密码输入(安全性较差)
-e从环境变量SSHPASS获取密码
远程连接指定ssh的端口
[root@linuxcool ~]# sshpass -p "password" ssh username@ip
本地执行远程机器的命令:
[root@linuxcool ~]# sshpass -p "password" ssh -p 8443 username@ip
从密码文件读取文件内容作为密码去远程连接主机:
[root@linuxcool ~]# sshpass -p xxx ssh root@192.168.11.11 "ethtool eth0"
从远程主机上拉取文件到本地:
[root@linuxcool ~]# sshpass -p '123456' scp root@host_ip:/home/test/t ./tmp/
```
#### 5.免密脚本
```shell
yum -y install expect
#生成并拷贝ssh_key到远程机器
rm -rf /root/.ssh/*
/usr/bin/expect <<EOF
set timeout 30
spawn ssh-keygen
expect "Enter file in which to save the key (/root/.ssh/id_rsa):"
send "\n"
expect "Enter passphrase (empty for no passphrase):"
send "\n"
expect "Enter same passphrase again:"
send "\n"
spawn ssh-copy-id 172.16.70.251
expect {
"yes/no" { send "yes\n"; exp_continue }
"root@172.16.70.251's password:" { send "uplooking\n"}
}
expect eof
EOF
ssh-add #将私钥身份添加到 OpenSSH 身份验证代理从而提高ssh的认证速度
==========================================
/usr/bin/expect <<eof
spawn:生成 spawn ssh 10.18.44.196
expect:捕获 expect "password"
send:发送 send "1\n"
expect eof
eof
```