进了某公司干了三个月,测了好几次Linux,这里列一下我常用的一些命令

这里的命令以CentOS为例子,debian系、一些其余魔改版本的Linux,我就不知道能不能用了,比如银河麒麟查询Linux版本的命令是nkvers

以下为具体的命令行:


echo "查看shadow文件"
awk -F':' '{ print $1 ":" $2 }' /etc/shadow
echo "----------------------------"

echo "查看login.defs文件"
grep -E 'PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_MIN_LEN|PASS_WARN_AGE' /etc/login.defs | grep -v "#"
echo "----------------------------"

echo "查看密码复杂度文件"
cat /etc/security/pwquality.conf | grep -v "#"
echo "----------------------------"

echo "查看system-auth文件"
cat /etc/pam.d/system-auth
echo "----------------------------"

echo "查看TMOUT参数"
tmout_setting=$(grep '^TMOUT=' /etc/profile | cut -d '=' -f 2)
if [ -z "$tmout_setting" ]; then
    echo "NO TMOUT SETTING"
else
    echo "$tmout_setting"
fi
echo "----------------------------"

echo "查看sshd服务"
ps -e | grep sshd
echo "----------------------------"

echo "查看是否开启了telnet"
systemctl status telnet.socket
echo "----------------------------"

echo "查看重要文件权限"
files=("/etc/passwd" "/etc/hosts" "/etc/login.defs" "/etc/hosts.allow" "/etc/shadow" "/etc/group" "/etc/services" "/var/log/messages" "/var/log/secure" "/var/log/audit/audit.log")
for file in "${files[@]}"; do
    ls -l "$file"
done
echo "----------------------------"

echo "查看是否开启了root远程登录"
grep 'PermitRootLogin' /etc/ssh/sshd_config
echo "----------------------------"

echo "查看sudo配置"
grep -v '^\s*#' /etc/sudo.conf
echo "----------------------------"

echo "查看SELinux状态"
sestatus
echo "----------------------------"

echo "查看auditd运行状态"
systemctl is-active auditd
echo "----------------------------"

echo "查看rsyslog运行状态"
systemctl is-active rsyslog
echo "----------------------------"

echo "查看rsyslog配置文件"
grep -v '^\s*#' /etc/rsyslog.conf
echo "----------------------------"

echo "查看audit.log最早10条日志(转换时间戳)"
grep 'msg=audit' /var/log/audit/audit.log | head -n 10 | while read log_entry; 
do
    timestamp=$(echo "$log_entry" | grep -oP 'msg=audit\(\K[0-9]+\.[0-9]+')
    formatted_date=$(date -d "@$timestamp" "+%Y-%m-%d %H:%M:%S")
    echo "$log_entry" | sed "s/msg=audit(\([^:]*\).*:\([0-9]*\))/msg=audit($formatted_date)/"
done
echo "----------------------------"

echo "查看audit.log最新10条日志(转换时间戳)"
grep 'msg=audit' /var/log/audit/audit.log | tail -n 10 | while read log_entry;
do
    timestamp=$(echo "$log_entry" | grep -oP 'msg=audit\(\K[0-9]+\.[0-9]+')
    formatted_date=$(date -d "@$timestamp" "+%Y-%m-%d %H:%M:%S")
    echo "$log_entry" | sed "s/msg=audit(\([^:]*\).*:\([0-9]*\))/msg=audit($formatted_date)/"
done
echo "----------------------------"

echo "查看软件安装情况"
yum list installed
echo "----------------------------"

echo "查看正在运行的服务"
systemctl list-unit-files | grep enable | awk -F ' ' '{ print $1}'
echo "----------------------------"

echo "查看正在运行的联网服务"
netstat -ntlp
echo "----------------------------"

echo "查看是否开启共享"
rpm -qi samba
echo "----------------------------"


echo "检查hosts白名单"
cat /etc/hosts.allow | grep -v '^\s*#'
echo "----------------------------"

echo "检查hosts黑名单"
cat /etc/hosts.deny | grep -v '^\s*#'
echo "----------------------------"

echo "检查系统版本和补丁安装情况"
cat /etc/redhat-release && rpm -qa | grep patch
echo "----------------------------"

echo "检查防火墙规则"
firewall-cmd --list-all
echo "----------------------------"

echo "检查iptables情况"
iptables --list