Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1828889
  • 博文数量: 636
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 3950
  • 用 户 组: 普通用户
  • 注册时间: 2014-08-06 21:58
个人简介

博客是我工作的好帮手,遇到困难就来博客找资料

文章分类

全部博文(636)

文章存档

2024年(5)

2022年(2)

2021年(4)

2020年(40)

2019年(4)

2018年(78)

2017年(213)

2016年(41)

2015年(183)

2014年(66)

我的朋友

分类: 系统运维

2018-02-07 17:34:24

cat multiple_install_while.sh

#!/bin/bash
#echo "input the localnet:"
localnet=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|cut -d= -f2|cut -d. -f1-3`
i=$1
end=$2
OLDPASSWD=123$%^@6
echo "We will change all the passwd to a secret number."
echo "please input the passwd:"
read NEWPASSWD
#OLDPASSWD="123!@#"
while true
do
        echo "check from  $localnet.$i to $localnet.$end "
        echo "the new passwd is $NEWPASSWD"
        echo "confirm y/Y:reset n/N"
        read answer




        if  [[ "$answer" == "n" || "$answer" == "N" ]]
        then
        echo "input the localnet:"
                read localnet
                echo "the begining host"
                read i
                echo "the ending host"
                read end
                echo "We will change all the passwd to a secret number."
                echo "please input the passwd:"
                read NEWPASSWD
        continue
        fi
        if [ "$answer" = "y" -o  "$answer" = "Y" ]
        then
        while [ $i -le $end ]
                do
                        expect -c "spawn ssh root@$localnet.$i \"mkdir /root/win ; chmod 700 -R /root/win\";\
                        expect "continue";\
                        send \"yes\n\";\
                        expect "password:";\
                        expect sleep 1;\
                        send \"$OLDPASSWD\n\";\
                        expect"
                        expect -c "spawn scp ./n_safe.zip root@$localnet.$i:/root/win;\
                        expect "password:";\
                        expect sleep 1;\
                        send \"$OLDPASSWD\n\";\
                        expect"
                        expect -c "spawn ssh root@$localnet.$i \"cd /root/win && unzip /root/win/n_safe.zip && sh ./checkfirewall.sh && sh /root/win/install_aide.sh && echo $NEWPASSWD |passwd root --stdin\";\
                        expect "password:";\
                        expect sleep 1;\
                        send \"$OLDPASSWD\n\";\
                        expect "replace";\
                        send \"A\n\";\
                        set timeout 300
                        expect"
                        i=`expr $i + 1`
                done
        break
        else echo "you type wrong alphabet"
                echo "try it again"
                continue
        fi
done
echo "check_server is done" 






#!/bin/bash
#echo "input the localnet:"
localnet=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|cut -d= -f2|cut -d. -f1-3`
i=$1
end=$2
OLDPASSWD=gx
while true
do
        echo "check from  $localnet.$i to $localnet.$end "
        echo "the new passwd is $NEWPASSWD"
        echo "confirm y/Y:reset n/N"
        read answer




        if  [[ "$answer" == "n" || "$answer" == "N" ]]
        then
        echo "input the localnet:"
                read localnet
                echo "the begining host"
                read i
                echo "the ending host"
                read end
                echo "We will change all the passwd to a secret number."
                echo "please input the passwd:"
                read NEWPASSWD
        continue
        fi
        if [ "$answer" = "y" -o  "$answer" = "Y" ]
        then
        while [ $i -le $end ]
                do
                        expect -c "spawn ssh root@$localnet.$i \"ifconfig ; iptables-save ; netstat -lnp | grep 161 ; netstat -nr\";\
                        expect "password:";\
                        expect sleep 1;\
                        send \"$OLDPASSWD\n\";\
                        expect"
                        i=`expr $i + 1`
                done
        break
        else echo "you type wrong alphabet"
                echo "try it again"
                continue
        fi
done
echo "check_server is done"





#!/bin/sh
echo "set ip_forward -> 1"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "set rt_tables"
sed -i -e '/10 DX/d' /etc/iproute2/rt_tables
sed -i -e '/20 WT/d' /etc/iproute2/rt_tables
echo '10 DX' >> /etc/iproute2/rt_tables
echo '20 WT' >> /etc/iproute2/rt_tables
echo "clean GW_DX & GW_WT"
IF_DX="eth1"
IF_WT="eth2"
GW_DX="222.7.6.129"
GW_WT="12.65.17.65"
WAN_DX="222.7.6.3"
WAN_WT="12.65.17.16"


ip route del default via $GW_DX table DX 2>&1>/dev/null
ip route del default via $GW_WT table WT 2>&1>/dev/null
ip rule del from $WAN_DX pref 10 table DX 2>&1>/dev/null
ip rule del from $WAN_WT pref 20 table WT 2>&1>/dev/null


ip route add default via $GW_DX table DX
ip route add default via $GW_WT table WT
ip rule add from $WAN_DX pref 10 table DX
ip rule add from $WAN_WT pref 20 table WT


ip route flush cache 




















cat enhancesafe.sh
#!/bin/bash
#enhance safe


#禁用SSH1协议
echo "*****************************************************"
echo "We will replace the 'protocol 2,1' with 'protocol 2'"
echo "*****************************************************"


sed 's/#Protocol 2,1/Protocol 2/' /etc/ssh/sshd_config >/etc/ssh/sshd_config.temp
mv /etc/ssh/sshd_config.temp /etc/ssh/sshd_config -f
chmod 600 /etc/ssh/sshd_config


#删除不需要的帐号
echo "*************************************************************"
echo "del user begin !!!!!!!!!!"
echo "*************************************************************"
userdel lp
groupdel lp
userdel shutdown
groupdel shutdown
userdel halt
groupdel halt
userdel news
groupdel news
userdel uucp
groupdel uucp
userdel operator
groupdel operator
userdel games
groupdel games
userdel gopher
groupdel gopher
usermod -s /sbin/nologin netdump
echo "delete user finish!!!!!"


#日志文件的属性设置
chattr +i /var/log/messages.*


sed -e "s/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t45/" -e "s/PASS_MIN_LEN\t5/PASS_MIN_LEN\t20/" -i /etc/login.defs
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
service sshd reload


#禁用IP源路由
for f in /proc/sys/net/ipv4/conf/*/accept_source_route 
do echo 0 >$f
done


#关闭不需要的服务
echo "*************************************************************"
echo "Now we will shut down some unneccessary services in our server"
echo "*************************************************************"


service cpuspeed stop
service cups stop
service iiim stop
service xfs stop
service gpm stop
service atd stop
service portmap stop
service xinetd stop
service sendmail stop
service nfslock stop
chkconfig --level 12345 cpuspeed off
chkconfig --level 12345 cups off
chkconfig --level 12345 sendmail off
chkconfig --level 12345 xfs off
chkconfig --level 12345 gpm off
chkconfig --level 12345 atd off
chkconfig --level 12345 iiim off
chkconfig --level 12345 nfslock off
chkconfig --level 12345 portmap off
chkconfig --level 12345 xinetd off
sleep 3


/etc/rc.d/forward


#显示防火墙状态
iptables -L -n
sleep 3


kill $(ps -ef |grep login|grep -v grep |awk '{print $2}')


echo "install pppox /bin/true" >> /etc/modprobe.conf
echo "install bluetooth /bin/true" >> /etc/modprobe.conf
echo "install appletalk /bin/true" >> /etc/modprobe.conf
echo "install ipx /bin/true" >> /etc/modprobe.conf
echo "install scto /bin/true" >> /etc/modprobe.conf




#创建登陆公钥


mkdir /root/.ssh
mv -f ./authorized_keys /root/.ssh/
chmod 700 /root/.ssh/authorized_keys
echo "public_key is waiting!!"


name=`hostname`
if [ `echo $name|grep -v "^GWS.*"` ]
then


#日志转发
  echo "log collection beginning" 
  echo "#log collection" >> /etc/syslog.conf
  echo "*.*     @192.168.66.61" >> /etc/syslog.conf
  /etc/init.d/syslog reload


#回程定向路由
#net=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|awk -F= '{print $2}'|awk -F. '{print $1"."$2"."$3}'`
  net=`cat /etc/sysconfig/network-scripts/ifcfg-eth0|grep IPADDR|cut -d= -f2|cut -d. -f1-3`
  route add -net 192.168.66.0/23 gw $net.251
  route add -net 192.168.142.0/24 gw $net.251
  echo "route add -net 192.168.66.0/23 gw $net.251" >> /etc/rc.local
  echo "route add -net 192.168.142.0/24 gw $net.251" >> /etc/rc.local
  echo "log_initialization is finishing"
else echo "this is not gateway or session or scanserver"
fi




if [ -s /usr/local/company/ztgame/.zcbm.txt ]
then 
        echo "add zcbm"
        else
        echo "no add zcbm" 
































cat checkfirewall.sh
#!/bin/bash
#checkfirewall


name=`hostname`
if [ `echo $name|grep "^JGR.*"` ]
then name=`echo $name|cut -d- -f3`
        echo "this is JGR SERVER"
        else
        echo "this is ZDT server"
fi
if [ `echo $name|grep "^WEB.*"` ]
then name=`echo $name|cut -d- -f3`
        echo "this is WEB SERVER"
        else
        echo "this is ZDT server"
fi


if [ `echo $name|grep "^GW.*"` ]
then
        cp ./forward /etc/rc.d/
        chmod 700 /etc/rc.d/forward
        if [[ ! `grep "/etc/rc.d/forward" /etc/rc.local ` ]]
                then 
                echo "/etc/rc.d/forward">> /etc/rc.local
        fi
        sh /root/win/enhancesafe.sh
else
        sh /root/win/enhancesafe.sh

阅读(1009) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~