|
|
<h1><center>shell脚本案例</center></h1>
|
|
|
|
|
|
作者:行癫(盗版必究)
|
|
|
|
|
|
------
|
|
|
|
|
|
## 一:脚本案例
|
|
|
|
|
|
#### 1.配置静态IP案例
|
|
|
|
|
|
```shell
|
|
|
#!/bin/bash
|
|
|
# This script configures a static IP address on CentOS 7
|
|
|
|
|
|
# Define variables for the IP address, netmask, gateway, and DNS servers
|
|
|
IP_ADDRESS=192.168.1.100
|
|
|
NETMASK=255.255.255.0
|
|
|
GATEWAY=192.168.1.1
|
|
|
DNS_SERVERS="8.8.8.8 114.114.114.114"
|
|
|
|
|
|
# Backup the original network configuration file
|
|
|
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33.bak
|
|
|
|
|
|
# Modify the network configuration file with the static IP address, netmask, gateway, and DNS servers
|
|
|
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-ens33
|
|
|
TYPE=Ethernet
|
|
|
BOOTPROTO=none
|
|
|
NAME=ens33
|
|
|
DEVICE=ens33
|
|
|
ONBOOT=yes
|
|
|
IPADDR=$IP_ADDRESS
|
|
|
NETMASK=$NETMASK
|
|
|
GATEWAY=$GATEWAY
|
|
|
DNS1=${DNS_SERVERS%% *}
|
|
|
DNS2=${DNS_SERVERS##* }
|
|
|
EOF
|
|
|
|
|
|
# Restart the network service to apply the changes
|
|
|
systemctl restart network
|
|
|
|
|
|
# Display the new network configuration
|
|
|
ip addr show ens33
|
|
|
```
|
|
|
|
|
|
centos stream 9
|
|
|
|
|
|
```shell
|
|
|
[root@xingdiancloud ~]# bash network.sh
|
|
|
#!/bin/bash
|
|
|
#auther:xingdian
|
|
|
NET_DIR=`ls /etc/NetworkManager/system-connections/`
|
|
|
NET_PATH="/etc/NetworkManager/system-connections/"
|
|
|
read -p "请输入IP地址: " ipadd
|
|
|
read -p "请输入子网掩码,例如24: " netmask
|
|
|
read -p "请输入默认网关: " gateway
|
|
|
read -p "请输入dns地址: " dns
|
|
|
read -p "输入设备名字: " name
|
|
|
# 备份原配置
|
|
|
if [ -f ${NET_PATH}${name}.nmconnection.bak ];then
|
|
|
rm -rf ${NET_PATH}${name}.nmconnection.bak
|
|
|
else
|
|
|
cp ${NET_PATH}${NET_DIR} ${NET_PATH}${NET_DIR}.bak
|
|
|
fi
|
|
|
cat > ${NET_PATH}${name}.nmconnection <<eof
|
|
|
[connection]
|
|
|
id=$name
|
|
|
uuid=639d6c39-a14a-36f9-b18f-7c1ff3c082d7
|
|
|
type=ethernet
|
|
|
autoconnect-priority=-999
|
|
|
interface-name=$name
|
|
|
timestamp=1681589526
|
|
|
|
|
|
[ethernet]
|
|
|
|
|
|
[ipv4]
|
|
|
method=manual
|
|
|
address1=$ipadd/$netmask,$gateway
|
|
|
dns=$dns
|
|
|
|
|
|
[ipv6]
|
|
|
addr-gen-mode=eui64
|
|
|
method=auto
|
|
|
|
|
|
[proxy]
|
|
|
eof
|
|
|
|
|
|
nmcli c reload
|
|
|
nmcli c up $name
|
|
|
|
|
|
#systemctl restart NetworkManager
|
|
|
```
|
|
|
|
|
|
#### 2.系统初始化脚本
|
|
|
|
|
|
```shell
|
|
|
#!/bin/bash
|
|
|
#centos7: 初始化脚本
|
|
|
#auther:xingdian
|
|
|
|
|
|
# 防火墙设置
|
|
|
|
|
|
echo "关闭防火墙和selinux中...."
|
|
|
|
|
|
echo
|
|
|
systemctl stop firewalld && systemctl disable firewalld &> /dev/null
|
|
|
|
|
|
if [ $? -eq 0 ];then
|
|
|
echo "防火墙已经成功关闭....."
|
|
|
else
|
|
|
echo "防火墙关闭失败,请手动关闭!!!"
|
|
|
fi
|
|
|
|
|
|
setenforce 0 && sed -i '/^SELINUX/c SELINUX=disabled' /etc/selinux/config
|
|
|
|
|
|
if [ $? -eq 0 ];then
|
|
|
echo "selinux已经成功关闭....."
|
|
|
else
|
|
|
echo "selnux关闭失败,请手动关闭!!!"
|
|
|
fi
|
|
|
echo
|
|
|
|
|
|
# 外网检测
|
|
|
echo "正在检测网络是否能上外网......"
|
|
|
|
|
|
echo
|
|
|
|
|
|
ping -c 2 www.baidu.com &> /dev/null
|
|
|
|
|
|
if [ $? -eq 0 ];then
|
|
|
echo "网络正常"
|
|
|
else
|
|
|
echo "网络不可达!"
|
|
|
fi
|
|
|
echo
|
|
|
|
|
|
# 配置yum源-这里选用阿里源
|
|
|
|
|
|
echo "配置yum源中....."
|
|
|
echo
|
|
|
yum install -y wget &> /dev/null
|
|
|
if [ $? -ne 0 ];then
|
|
|
echo "wget 安装失败........."
|
|
|
systemctl restart network
|
|
|
yum repolist &> /dev/null
|
|
|
sleep 2
|
|
|
fi
|
|
|
mkdir -p /root/YUM_backup
|
|
|
mv /etc/yum.repos.d/* /root/YUM_backup
|
|
|
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
|
|
|
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &>/dev/null
|
|
|
yum clean all &>/dev/null && yum reppolist &>/dev/null
|
|
|
echo "你的yum源有:" $(ls /etc/yum.repos.d)
|
|
|
sleep 2
|
|
|
|
|
|
# 配置主机名和host文件
|
|
|
|
|
|
echo "正在配置你的主机名..."
|
|
|
|
|
|
echo
|
|
|
read -p "请输入你的主机名:" host
|
|
|
|
|
|
hostname(){
|
|
|
hostnamectl set-hostname $host
|
|
|
}
|
|
|
hostname host && echo -e "主机名设置成功!!"
|
|
|
|
|
|
echo "正在配置你的hosts文件..."
|
|
|
ip=$(ip a | grep ens33 |grep inet |awk '{print $2}' | awk -F"/" '{print $1}')
|
|
|
echo "$ip $host" >> /etc/hosts
|
|
|
echo "hosts配置完成!!!"
|
|
|
|
|
|
# 安装基础软件包
|
|
|
|
|
|
echo "安装基础软件包中....."
|
|
|
echo
|
|
|
|
|
|
yum install -y vim wget unzip yum_utils &>/dev/null
|
|
|
if [ $? -eq 0 ];then
|
|
|
echo "安装完成....."
|
|
|
else
|
|
|
echo "安装失败..... "
|
|
|
fi
|
|
|
# 时间同步
|
|
|
echo
|
|
|
echo "时间同步中……"
|
|
|
yum install -y ntpdate &> /dev/null
|
|
|
ntpdate cn.pool.ntp.org &> /dev/null
|
|
|
file=$(who | head -1 | cut -d" " -f1)
|
|
|
echo "* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org" > /var/spool/cron/$file
|
|
|
if [ $? -eq 0 ];then
|
|
|
echo "时间同步成功!!!"
|
|
|
echo "unset MAILCHECK" >> /etc/profile
|
|
|
source /etc/profile &> /dev/null
|
|
|
else
|
|
|
echo "时间同步失败!!!"
|
|
|
fi
|
|
|
```
|
|
|
|
|
|
#### 3.获取系统信息
|
|
|
|
|
|
```shell
|
|
|
#!/bin/bash
|
|
|
#此脚本获取系统centos7.x/centos stream9.x
|
|
|
#auther:xingdian
|
|
|
|
|
|
#查看服务器硬件型号
|
|
|
hard_type=`dmidecode |grep "Product Name"|tr "\n" " "` #获取服务器型号
|
|
|
sn=`dmidecode |grep -A 3 "Product Name" |grep "Serial Number"|grep -v "None"` #获取硬件序列码
|
|
|
|
|
|
##系统信息
|
|
|
version=`cat /etc/redhat-release` #版本
|
|
|
kernel=`uname -r` #内核
|
|
|
|
|
|
##cpu
|
|
|
phy_cpu_num=`grep 'physical id' /proc/cpuinfo | sort | uniq | wc -l` #物理CPU数量
|
|
|
nuclear=`grep vendor_id /proc/cpuinfo|wc -l` #逻辑核数(线程)
|
|
|
|
|
|
##内存\Swap
|
|
|
mem=`free -m|grep Mem|awk '{print $2"M"}'` #内存总大小
|
|
|
user_mem=`free -m|grep Mem|awk '{print $3"M"}'` #已用内存大小
|
|
|
swap=`free -m |grep Swap|awk '{print $2"M"}'` #swap总大小
|
|
|
user_swap=`free -m |grep Swap|awk '{print $3"M"}'` #已用swap大小
|
|
|
|
|
|
#最大支持内存数
|
|
|
max_memory=`dmidecode|grep -P 'Maximum\s+Capacity'`
|
|
|
|
|
|
##负载
|
|
|
loadavg=`uptime |awk -F: '{print $NF}'` #系统负载
|
|
|
|
|
|
##网络
|
|
|
network=`[[ $(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" www.baidu.com) -eq 200 ]] && echo yes || echo no` #根据curl www.baidu.com的返回状态码来判断是否能上网
|
|
|
ip_addr=`ip address|grep -w "inet"|grep -v "127.0.0.1"|awk -F "[ /]+" '{print $3,$NF}'` #获取除了回环地址之外的所有网卡的ip地址和对应的网卡名
|
|
|
##磁盘
|
|
|
disk_zong=`df -Th | grep -w '/' | awk '{print $3}'` #获取系统盘的总大小
|
|
|
disk_user=`df -Th | grep -w '/' | awk '{print $4}'` #获取系统盘已用大小
|
|
|
disk_lsbl=`lsblk` #硬盘分区分布
|
|
|
##其他
|
|
|
system_time=`awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime` #开机时长
|
|
|
sys_begin=`date -d "$(awk -F. '{print $1}' /proc/uptime) second ago" +"%Y-%m-%d %H:%M:%S"` #开机时间
|
|
|
##日志
|
|
|
system_log=`du -sh /var/log/ |awk '{print $1}'` #系统日志大小
|
|
|
#进程
|
|
|
tasks=`top -n1 |grep Tasks |awk '{print $2,$4,6}'` #总 运行 休眠
|
|
|
|
|
|
system(){
|
|
|
echo "
|
|
|
|硬件型号:
|
|
|
$hard_type
|
|
|
|序列号:
|
|
|
$sn
|
|
|
|版本: $version
|
|
|
|内核: $kernel
|
|
|
|
|
|
|物理CPU个数:$phy_cpu_num 逻辑核数: $nuclear"个"
|
|
|
|负载:$loadavg
|
|
|
|
|
|
|内存: $mem #最大支持内存:$max_memory
|
|
|
|已用: $user_mem
|
|
|
|swap: $swap
|
|
|
|已用: $user_swap
|
|
|
|
|
|
|是否可以上网: $network
|
|
|
|本地IP地址:
|
|
|
$ip_addr
|
|
|
|
|
|
|系统磁盘大小: $disk_zong
|
|
|
|系统磁盘已用: $disk_user
|
|
|
|日志: 系统日志大小为$system_log
|
|
|
|开机: $sys_begin
|
|
|
|至今: $system_time
|
|
|
硬盘分区
|
|
|
----------------------------------------------------------------------
|
|
|
$disk_lsbl
|
|
|
----------------------------------------------------------------------
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
|
"
|
|
|
}
|
|
|
system
|
|
|
##端口扫描
|
|
|
echo "监听的端口扫描
|
|
|
----------------------------------------------------------------------"
|
|
|
portarray=(`sudo netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^[0-9]*$/) print $NF}'|sort|uniq`)
|
|
|
length=${#portarray[@]} #统计元素个数
|
|
|
printf "{\n"
|
|
|
printf '\t'port":"
|
|
|
for ((i=0;i<$length;i++))
|
|
|
do
|
|
|
printf '\n\t\t{'
|
|
|
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"}"
|
|
|
if [ $i -lt $[$length-1] ];then
|
|
|
printf ','
|
|
|
fi
|
|
|
done
|
|
|
printf "\n\t\n"
|
|
|
printf "}\n"
|
|
|
echo "----------------------------------------------------------------------
|
|
|
"
|
|
|
```
|
|
|
|
|
|
#### 4.sshpass登录远程服务器与验证
|
|
|
|
|
|
```shell
|
|
|
sshpass安装后,可以在控制台输入sshpass命令查看所有选项参数:
|
|
|
|
|
|
$ sshpass
|
|
|
|
|
|
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
|
|
|
|
|
|
-f filename Take password to use from file
|
|
|
|
|
|
-d number Use number as file descriptor for getting password
|
|
|
|
|
|
-p password Provide password as argument (security unwise)
|
|
|
|
|
|
-e Password is passed as env-var "SSHPASS"
|
|
|
|
|
|
With no parameters - password will be taken from stdin
|
|
|
|
|
|
-P prompt Which string should sshpass search for to detect a password prompt
|
|
|
|
|
|
-v Be verbose about what you're doing
|
|
|
-h Show help (this screen)
|
|
|
-V Print version information
|
|
|
At most one of -f, -d, -p or -e should be used
|
|
|
如上所示,command parameters为你要执行的需要交互式输入密码的命令,如:ssh、scp等。当sshpass没有指定参数时会从stdin获取密码,几个密码输入相关参数如下:
|
|
|
-f filename:从文件中获取密码
|
|
|
-d number:使用数字作为获取密码的文件描述符
|
|
|
-p password:指定明文本密码输入(安全性较差)
|
|
|
-e:从环境变量SSHPASS获取密码
|
|
|
|
|
|
远程连接指定ssh的端口:
|
|
|
[root@linuxcool ~]# sshpass -p "password" ssh username@ip
|
|
|
本地执行远程机器的命令:
|
|
|
[root@linuxcool ~]# sshpass -p "password" ssh -p 8443 username@ip
|
|
|
从密码文件读取文件内容作为密码去远程连接主机:
|
|
|
[root@linuxcool ~]# sshpass -p xxx ssh root@192.168.11.11 "ethtool eth0"
|
|
|
从远程主机上拉取文件到本地:
|
|
|
[root@linuxcool ~]# sshpass -p '123456' scp root@host_ip:/home/test/t ./tmp/
|
|
|
```
|
|
|
|
|
|
#### 5.免密脚本
|
|
|
|
|
|
```shell
|
|
|
yum -y install expect
|
|
|
#生成并拷贝ssh_key到远程机器
|
|
|
rm -rf /root/.ssh/*
|
|
|
/usr/bin/expect <<EOF
|
|
|
set timeout 30
|
|
|
spawn ssh-keygen
|
|
|
expect "Enter file in which to save the key (/root/.ssh/id_rsa):"
|
|
|
send "\n"
|
|
|
expect "Enter passphrase (empty for no passphrase):"
|
|
|
send "\n"
|
|
|
expect "Enter same passphrase again:"
|
|
|
send "\n"
|
|
|
spawn ssh-copy-id 172.16.70.251
|
|
|
expect {
|
|
|
"yes/no" { send "yes\n"; exp_continue }
|
|
|
"root@172.16.70.251's password:" { send "uplooking\n"}
|
|
|
}
|
|
|
expect eof
|
|
|
EOF
|
|
|
ssh-add #将私钥身份添加到 OpenSSH 身份验证代理,从而提高ssh的认证速度
|
|
|
==========================================
|
|
|
/usr/bin/expect <<eof
|
|
|
spawn:生成 spawn ssh 10.18.44.196
|
|
|
expect:捕获 expect "password"
|
|
|
send:发送 send "1\n"
|
|
|
expect eof
|
|
|
eof
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|