cat multiple_install_while.sh
#!/bin/bash
#echo "input the localnet:"
localnet=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|cut -d= -f2|cut -d. -f1-3`
i=$1
end=$2
OLDPASSWD=123$%^@6
echo "We will change all the passwd to a secret number."
echo "please input the passwd:"
read NEWPASSWD
#OLDPASSWD="123!@#"
while true
do
echo "check from $localnet.$i to $localnet.$end "
echo "the new passwd is $NEWPASSWD"
echo "confirm y/Y:reset n/N"
read answer
if [[ "$answer" == "n" || "$answer" == "N" ]]
then
echo "input the localnet:"
read localnet
echo "the begining host"
read i
echo "the ending host"
read end
echo "We will change all the passwd to a secret number."
echo "please input the passwd:"
read NEWPASSWD
continue
fi
if [ "$answer" = "y" -o "$answer" = "Y" ]
then
while [ $i -le $end ]
do
expect -c "spawn ssh root@$localnet.$i \"mkdir /root/win ; chmod 700 -R /root/win\";\
expect "continue";\
send \"yes\n\";\
expect "password:";\
expect sleep 1;\
send \"$OLDPASSWD\n\";\
expect"
expect -c "spawn scp ./n_safe.zip root@$localnet.$i:/root/win;\
expect "password:";\
expect sleep 1;\
send \"$OLDPASSWD\n\";\
expect"
expect -c "spawn ssh root@$localnet.$i \"cd /root/win && unzip /root/win/n_safe.zip && sh ./checkfirewall.sh && sh /root/win/install_aide.sh && echo $NEWPASSWD |passwd root --stdin\";\
expect "password:";\
expect sleep 1;\
send \"$OLDPASSWD\n\";\
expect "replace";\
send \"A\n\";\
set timeout 300
expect"
i=`expr $i + 1`
done
break
else echo "you type wrong alphabet"
echo "try it again"
continue
fi
done
echo "check_server is done"
#!/bin/bash
#echo "input the localnet:"
localnet=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|cut -d= -f2|cut -d. -f1-3`
i=$1
end=$2
OLDPASSWD=gx
while true
do
echo "check from $localnet.$i to $localnet.$end "
echo "the new passwd is $NEWPASSWD"
echo "confirm y/Y:reset n/N"
read answer
if [[ "$answer" == "n" || "$answer" == "N" ]]
then
echo "input the localnet:"
read localnet
echo "the begining host"
read i
echo "the ending host"
read end
echo "We will change all the passwd to a secret number."
echo "please input the passwd:"
read NEWPASSWD
continue
fi
if [ "$answer" = "y" -o "$answer" = "Y" ]
then
while [ $i -le $end ]
do
expect -c "spawn ssh root@$localnet.$i \"ifconfig ; iptables-save ; netstat -lnp | grep 161 ; netstat -nr\";\
expect "password:";\
expect sleep 1;\
send \"$OLDPASSWD\n\";\
expect"
i=`expr $i + 1`
done
break
else echo "you type wrong alphabet"
echo "try it again"
continue
fi
done
echo "check_server is done"
#!/bin/sh
echo "set ip_forward -> 1"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "set rt_tables"
sed -i -e '/10 DX/d' /etc/iproute2/rt_tables
sed -i -e '/20 WT/d' /etc/iproute2/rt_tables
echo '10 DX' >> /etc/iproute2/rt_tables
echo '20 WT' >> /etc/iproute2/rt_tables
echo "clean GW_DX & GW_WT"
IF_DX="eth1"
IF_WT="eth2"
GW_DX="222.7.6.129"
GW_WT="12.65.17.65"
WAN_DX="222.7.6.3"
WAN_WT="12.65.17.16"
ip route del default via $GW_DX table DX 2>&1>/dev/null
ip route del default via $GW_WT table WT 2>&1>/dev/null
ip rule del from $WAN_DX pref 10 table DX 2>&1>/dev/null
ip rule del from $WAN_WT pref 20 table WT 2>&1>/dev/null
ip route add default via $GW_DX table DX
ip route add default via $GW_WT table WT
ip rule add from $WAN_DX pref 10 table DX
ip rule add from $WAN_WT pref 20 table WT
ip route flush cache
cat enhancesafe.sh
#!/bin/bash
#enhance safe
#禁用SSH1协议
echo "*****************************************************"
echo "We will replace the 'protocol 2,1' with 'protocol 2'"
echo "*****************************************************"
sed 's/#Protocol 2,1/Protocol 2/' /etc/ssh/sshd_config >/etc/ssh/sshd_config.temp
mv /etc/ssh/sshd_config.temp /etc/ssh/sshd_config -f
chmod 600 /etc/ssh/sshd_config
#删除不需要的帐号
echo "*************************************************************"
echo "del user begin !!!!!!!!!!"
echo "*************************************************************"
userdel lp
groupdel lp
userdel shutdown
groupdel shutdown
userdel halt
groupdel halt
userdel news
groupdel news
userdel uucp
groupdel uucp
userdel operator
groupdel operator
userdel games
groupdel games
userdel gopher
groupdel gopher
usermod -s /sbin/nologin netdump
echo "delete user finish!!!!!"
#日志文件的属性设置
chattr +i /var/log/messages.*
sed -e "s/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t45/" -e "s/PASS_MIN_LEN\t5/PASS_MIN_LEN\t20/" -i /etc/login.defs
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
service sshd reload
#禁用IP源路由
for f in /proc/sys/net/ipv4/conf/*/accept_source_route
do echo 0 >$f
done
#关闭不需要的服务
echo "*************************************************************"
echo "Now we will shut down some unneccessary services in our server"
echo "*************************************************************"
service cpuspeed stop
service cups stop
service iiim stop
service xfs stop
service gpm stop
service atd stop
service portmap stop
service xinetd stop
service sendmail stop
service nfslock stop
chkconfig --level 12345 cpuspeed off
chkconfig --level 12345 cups off
chkconfig --level 12345 sendmail off
chkconfig --level 12345 xfs off
chkconfig --level 12345 gpm off
chkconfig --level 12345 atd off
chkconfig --level 12345 iiim off
chkconfig --level 12345 nfslock off
chkconfig --level 12345 portmap off
chkconfig --level 12345 xinetd off
sleep 3
/etc/rc.d/forward
#显示防火墙状态
iptables -L -n
sleep 3
kill $(ps -ef |grep login|grep -v grep |awk '{print $2}')
echo "install pppox /bin/true" >> /etc/modprobe.conf
echo "install bluetooth /bin/true" >> /etc/modprobe.conf
echo "install appletalk /bin/true" >> /etc/modprobe.conf
echo "install ipx /bin/true" >> /etc/modprobe.conf
echo "install scto /bin/true" >> /etc/modprobe.conf
#创建登陆公钥
mkdir /root/.ssh
mv -f ./authorized_keys /root/.ssh/
chmod 700 /root/.ssh/authorized_keys
echo "public_key is waiting!!"
name=`hostname`
if [ `echo $name|grep -v "^GWS.*"` ]
then
#日志转发
echo "log collection beginning"
echo "#log collection" >> /etc/syslog.conf
echo "*.* @192.168.66.61" >> /etc/syslog.conf
/etc/init.d/syslog reload
#回程定向路由
#net=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|awk -F= '{print $2}'|awk -F. '{print $1"."$2"."$3}'`
net=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|cut -d= -f2|cut -d. -f1-3`
route add -net 192.168.66.0/23 gw $net.251
route add -net 192.168.142.0/24 gw $net.251
echo "route add -net 192.168.66.0/23 gw $net.251" >> /etc/rc.local
echo "route add -net 192.168.142.0/24 gw $net.251" >> /etc/rc.local
echo "log_initialization is finishing"
else echo "this is not gateway or session or scanserver"
fi
if [ -s /usr/local/company/ztgame/.zcbm.txt ]
then
echo "add zcbm"
else
echo "no add zcbm"
cat checkfirewall.sh
#!/bin/bash
#checkfirewall
name=`hostname`
if [ `echo $name|grep "^JGR.*"` ]
then name=`echo $name|cut -d- -f3`
echo "this is JGR SERVER"
else
echo "this is ZDT server"
fi
if [ `echo $name|grep "^WEB.*"` ]
then name=`echo $name|cut -d- -f3`
echo "this is WEB SERVER"
else
echo "this is ZDT server"
fi
if [ `echo $name|grep "^GW.*"` ]
then
cp ./forward /etc/rc.d/
chmod 700 /etc/rc.d/forward
if [[ ! `grep "/etc/rc.d/forward" /etc/rc.local ` ]]
then
echo "/etc/rc.d/forward">> /etc/rc.local
fi
sh /root/win/enhancesafe.sh
else
sh /root/win/enhancesafe.sh
阅读(907) | 评论(0) | 转发(0) |
