查看进程所占句柄数量: lsof -n |awk '{print $2}'|sort|uniq -c |sort -nr|more
第一列为数量,第二列为进程号 可以使用ps -ef |grep pid 查看进程名,pwdx查看进程路径
将文件中的相关内容回写到某文件中:
tail -f xxxx.log | while read LINE; do echo $LINE|grep -i "xxx"; done >> output
1 获得内存硬件信息
#!/bin/bash
# by qfong.com selinuxplus.com
echo " Locator Size Speed Form Factor Type Type Detail"
echo " ========= ======== ============ ============= ========== ==========="
dmidecode \
|sed -e '/./{H;$!d;}'\
-e 'x;/Memory Device\n/!d;'\
-e 's/: /:/g'\
-e 's/</{/g' -e 's/>/}/g' \
-e 's/[ \t]*\n/\n/g'\
|awk -F: '/Size|Type|Form.Factor|Type.Detail|[^ ]Locator/{printf ("|%s",$2)}/Speed/{print "|" $2}'\
|sed -e 's/No Module Installed/{EMPTY}/'\
|sort \
| awk -F'|' '{printf (" %-10s %-8s %-12s %-13s %-10s %-8s\n", $4,$2,$7,$3,$5,$6);}'
2 获得设备信息
#!/bin/bash
# by qfong.com selinuxplus.com
df -kP |grep /|awk -F' ' '{print $6":"$5}'|awk -F'%' '{print $1}'|tr -s '\n' ';'
3 获得分区信息
#!/bin/bash
# by qfong.com selinuxplus.com
name_val() {
printf "%12s | %s\n" "$1" "$2"
}
[ -f /tmp/diskinfo ] && >/tmp/diskinfo
for disk in $(ls /sys/block/ | grep -v ram | grep -v loop); do
if [ -e "/sys/block/${disk}/queue/scheduler" ]; then
name_val "${disk}" "$(cat /sys/block/${disk}/queue/scheduler | grep -o '\[.*\]') $(cat /sys/block/${disk}/queue/nr_requests)"
fdisk -l "/dev/${disk}" >> /tmp/diskinfo 2>/dev/null
fi
done
awk '
BEGIN {
format="%-12s %4s %10s %10s %18s\n";
printf(format, "Device", "Type", "Start", "End", "Size");
printf(format, "============", "====", "==========", "==========", "==================");
}
/Disk.*bytes/ {
disk = substr($2, 1, length($2) - 1);
size = $5;
printf(format, disk, "Disk", "", "", size);
}
/Units/ {
units = $9;
}
/^\/dev/ {
if ( $2 == "*" ) {
start = $3;
end = $4;
}
else {
start = $2;
end = $3;
}
printf(format, $1, "Part", start, end, (end - start) * units);
}
' /tmp/diskinfo
4 获得cfq I/O调度信息
#!/bin/bash
# by qfong.com selinuxplus.com
name_val() {
printf "%12s | %s\n" "$1" "$2"
}
for disk in $(ls /sys/block/ | grep -v ram | grep -v loop); do
if [ -e "/sys/block/${disk}/queue/scheduler" ]; then
name_val " ${disk}" " $(cat /sys/block/${disk}/queue/scheduler | grep -o '\[.*\]') $(cat /sys/block/${disk}/queue/nr_requests)"
fdisk -l "/dev/${disk}" >> /tmp/diskpartion 2>/dev/null
fi
done
5 获得fstab信息
#!/bin/bash
# by qfong.com selinuxplus.com
awk '
{printf "%-26s %-12s %-8s %-16s %-1s %-1s \n",$1,$2,$3,$4,$5,$6}' /etc/fstab |grep -v ^# |grep -v ^$
printf "advice>>>"
echo "fstab" >>/tmp/NKevent
awk '($2 ~ /\/tmp|\/boot|\/dev\/shm|\/var\/log\/audit/ )\
{ $4 = $4 ",nosuid,noexec,nodev"} ($2 ~ /\/home/ )\
{ $4 = $4 ",nosuid,nodev" }($2 ~ /\/var/ ){ $4 = $4 ",nosuid"};\
{printf "%-26s %-12s %-8s %-16s %-1s %-1s \n",$1,$2,$3,$4,$5,$6}' /etc/fstab |grep -v ^# |grep -v ^$
6 获得inode信息
#!/bin/bash
# by qfong.com selinuxplus.com
name_val() {
printf "%12s | %s\n" "$1" "$2"
}
for file in dentry-state file-nr inode-nr; do
name_val "${file}" "$(cat /proc/sys/fs/${file} )"
done
7 获得挂载点信息
#!/bin/bash
# by qfong.com selinuxplus.com
sfile1=/tmp/sysmount1
sfile2=/tmp/sysmount2
df -hP | sort > ${sfile1}
mount | sort | join ${sfile1} - > ${sfile2}
spec="$(awk '
BEGIN {
f=10;
m=0;
t=0;
}
/./ {
if ( length($1) > f ) {
f=length($1);
}
if ( length($11) > m ) {
m=length($11);
}
if ( length($10) > t ) {
t=length($10);
}
}
END{
print "%-" f "s %5s %4s %-" t "s %s";
}
' ${sfile2})";
awk "
BEGIN {
spec=\" ${spec}\n\";
printf spec, \"Filesystem\", \"Size\", \"Used\", \"Type\", \"Mountpoint\";
}
{
printf spec, \$1, \$2, \$3, \$5, \$6
}" ${sfile2}
rm ${sfile2} ${sfile1}
8 获得netstat信息
#!/bin/bash
# by qfong.com selinuxplus.com
netfile=/tmp/netstat
netstat -antp >${netfile}
echo " Connections from remote IP addresses"
awk '$1 ~ /^tcp/ && $5 ~ /^[1-9]/ {
print substr($5, 0, index($5, ":") - 1);
}' ${netfile} | sort | uniq -c \
| awk '{printf " %-15s %5d\n", $2, $1}' \
| sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4
echo " Connections to local IP addresses"
awk '$1 ~ /^tcp/ && $5 ~ /^[1-9]/ {
print substr($4, 0, index($4, ":") - 1);
}' ${netfile} | sort | uniq -c \
| awk '{printf " %-15s %5d\n", $2, $1}' \
| sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4
echo " Connections to top 10 local ports"
awk '$1 ~ /^tcp/ && $5 ~ /^[1-9]/ {
print substr($4, index($4, ":") + 1);
}' ${netfile} | sort | uniq -c | sort -rn | head -n10 \
| awk '{printf " %-15s %5d\n", $2, $1}' | sort
echo " States of connections"
awk '$1 ~ /^tcp/ {
print $6;
}' ${netfile} | sort | uniq -c | sort -rn \
| awk '{printf " %-15s %5d\n", $2, $1}' | sort
rm ${netfile}
9 获得netstat 链接状态的信息
#!/bin/bash
# by qfong.com selinuxplus.com
netstat -n |awk '/^tcp/{++S[$NF]}END {for (a in S) print a,S[a]}'
10获得selinux 相关信息
#!/bin/bash
# by qfong.com selinuxplus.com
selogin=/tmp/semanage_login
seuser=/tmp/semanage_user
semanage login -l >${selogin}
semanage user -l >${seuser}
sed -i '1,3d' ${seuser}
printf "***The Selinux Login List:>>>\n"
cat ${selogin}
spec="$(awk '
BEGIN {
f=8;
m=10;
t=0;
}
/./ {
if ( length($1) > f ) {
f=length($1);
}
if ( length($4) > m ) {
m=length($4);
}
}
END{
print "%-"f "s %-8s %-8s %-"m "s %-s %s %s %s";
}
' ${seuser})";
awk "
BEGIN {
spec=\" ${spec}\n\";
printf \"***The Selinux User List:>>>\n\n\"
printf spec, \"\", \"Labeling\", \"MLS/\", \"MLS/\", \"\",\"\",\"\",\"\";
printf spec, \"SEL User\", \"Prefix\", \"MCSLevel\", \" MCSRange\", \"SEL Roles\",\"\",\"\",\"\";
}
{
printf spec, \$1, \$2, \$3, \$4, \$5,\$6,\$7,\$8
}" ${seuser}
rm ${seuser} ${selogin}
11 获得tcp-warpper限制
#!/bin/bash
# by qfong.com selinuxplus.com
HOSTSALLOW=/etc/hosts.allow
cat /etc/hosts.allow|grep -v ^#
if [ $? != 0 ];then
printf "The Hosts.allow is Null\n"
fi
for I in $(ifconfig |grep "inet addr"|cut -f2 -d: |cut -f1-3 -d"."|grep -v ^127|sort -n)
do
if ! grep -q ${I} ${HOSTSALLOW} ;then
printf "advice>>>\n"
printf "ALL:localhost,${I}.\n"
fi
done
HOSTSDENY=/etc/hosts.deny
12 获得linux snmp设置信息
#!/bin/bash
# by qfong.com selinuxplus.com
cat /etc/snmp/snmpd.conf |grep mib-2
cat /etc/snmp/snmpd.conf |grep ^"view mib2"
if [ $? != 0 ];then
printf "advice>>>\n"
echo "snmpd mgmt">>/tmp/NKevent
printf "view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc\n"
fi
#cat /etc/snmp/snmpd.conf |grep "systemview none"
cat /etc/snmp/snmpd.conf |grep "exact mib2"
if [ $? != 0 ];then
printf "advice>>>\n"
echo "snmpd mib2">>/tmp/NKevent
printf "access notConfigGroup "" any noauth exact mib2 none none\n"
fi
12 获得系统常用日志信息
#!/bin/bash
# by qfong.com selinuxplus.com
cd /var/log >/dev/null
for LOGF in \
boot.log \
btmp \
cron \
dmesg \
ksyms \
httpd \
lastlog \
maillog \
mailman \
messages \
news \
pgsql \
rpmpkgs \
sa \
samba \
scrollkeeper.log\
secure \
spooler \
squid \
vbox \
wtmp
do
if [ -e ${LOGF} ];then
ls -l ${LOGF} |grep -v total
fi
done
cd - >/dev/null
13 获得系统限制链接数
#!/bin/bash
# by qfong.com selinuxplus.com
limit=/tmp/limit
cat /etc/security/limits.conf | grep -v "^#" |grep -v ^$ >${limit}
spec="$(awk '
BEGIN {
f=8;
m=8;
t=10;
}
/./ {
if ( length($2) > f ) {
f=length($2);
}
if ( length($3) > m ) {
m=length($3);
}
if ( length($4) > t ) {
t=length($4);
}
}
END{
print "%10s %"f"s %" m "s %" t "s";
}
' ${limit} )";
awk "
BEGIN {
spec=\" ${spec}\n\";
printf spec, \"<domain>\" ,\"<type>\", \"<item>\" ,\"<value>\";
}
{ printf spec, \$1, \$2, \$3, \$4
}" ${limit}
14 获得网卡信息
#!/bin/bash
# by qfong.com selinuxplus.com
name_val (){
printf "%12s | %s\n" "$1" "$2"
}
lspci | grep -i ethernet |cut -d: -f3|sed 's/(rev.*)//g'|while read line;do
name_val Controller "${line}"
done
15 获得系统alias信息
#!/bin/bash
# by qfong.com selinuxplus.com
aliasfile=/tmp/aliasfile
grep "alias" /root/.*rc | awk -F: '{print $2}' |grep ^alias|sed 's/=/ /g' > ${aliasfile}
grep "alias" /root/.*profile | awk -F: '{print $2}' |grep ^alias|sed 's/=/ /g' >> ${aliasfile}
grep "alias" /etc/profile | awk -F: '{print $2}' |grep ^alias|sed 's/=/ /g' >> ${aliasfile}
grep "alias" /etc/profile.d/colorls.sh >> ${aliasfile}
grep "alias" /etc/profile.d/colorls.sh >> ${aliasfile}
cat ${aliasfile} |sed 's/^ //g' |sort -r |sort -u
rm $aliasfile