11 KiB
11 KiB
shell脚本案例
一:脚本案例
1.配置静态IP案例
#!/bin/bash
# This script configures a static IP address on CentOS 7
# Define variables for the IP address, netmask, gateway, and DNS servers
IP_ADDRESS=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS_SERVERS="8.8.8.8 114.114.114.114"
# Backup the original network configuration file
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33.bak
# Modify the network configuration file with the static IP address, netmask, gateway, and DNS servers
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=$IP_ADDRESS
NETMASK=$NETMASK
GATEWAY=$GATEWAY
DNS1=${DNS_SERVERS%% *}
DNS2=${DNS_SERVERS##* }
EOF
# Restart the network service to apply the changes
systemctl restart network
# Display the new network configuration
ip addr show ens33
centos stream 9
[root@xingdiancloud ~]# bash network.sh
#!/bin/bash
#auther:xingdian
NET_DIR=`ls /etc/NetworkManager/system-connections/`
NET_PATH="/etc/NetworkManager/system-connections/"
read -p "请输入IP地址: " ipadd
read -p "请输入子网掩码,例如24: " netmask
read -p "请输入默认网关: " gateway
read -p "请输入dns地址: " dns
read -p "输入设备名字: " name
# 备份原配置
if [ -f ${NET_PATH}${name}.nmconnection.bak ];then
rm -rf ${NET_PATH}${name}.nmconnection.bak
else
cp ${NET_PATH}${NET_DIR} ${NET_PATH}${NET_DIR}.bak
fi
cat > ${NET_PATH}${name}.nmconnection <<eof
[connection]
id=$name
uuid=639d6c39-a14a-36f9-b18f-7c1ff3c082d7
type=ethernet
autoconnect-priority=-999
interface-name=$name
timestamp=1681589526
[ethernet]
[ipv4]
method=manual
address1=$ipadd/$netmask,$gateway
dns=$dns
[ipv6]
addr-gen-mode=eui64
method=auto
[proxy]
eof
nmcli c reload
nmcli c up $name
#systemctl restart NetworkManager
2.系统初始化脚本
#!/bin/bash
#centos7: 初始化脚本
#auther:xingdian
# 防火墙设置
echo "关闭防火墙和selinux中...."
echo
systemctl stop firewalld && systemctl disable firewalld &> /dev/null
if [ $? -eq 0 ];then
echo "防火墙已经成功关闭....."
else
echo "防火墙关闭失败,请手动关闭!!!"
fi
setenforce 0 && sed -i '/^SELINUX/c SELINUX=disabled' /etc/selinux/config
if [ $? -eq 0 ];then
echo "selinux已经成功关闭....."
else
echo "selnux关闭失败,请手动关闭!!!"
fi
echo
# 外网检测
echo "正在检测网络是否能上外网......"
echo
ping -c 2 www.baidu.com &> /dev/null
if [ $? -eq 0 ];then
echo "网络正常"
else
echo "网络不可达!"
fi
echo
# 配置yum源-这里选用阿里源
echo "配置yum源中....."
echo
yum install -y wget &> /dev/null
if [ $? -ne 0 ];then
echo "wget 安装失败........."
systemctl restart network
yum repolist &> /dev/null
sleep 2
fi
mkdir -p /root/YUM_backup
mv /etc/yum.repos.d/* /root/YUM_backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &>/dev/null
yum clean all &>/dev/null && yum reppolist &>/dev/null
echo "你的yum源有:" $(ls /etc/yum.repos.d)
sleep 2
# 配置主机名和host文件
echo "正在配置你的主机名..."
echo
read -p "请输入你的主机名:" host
hostname(){
hostnamectl set-hostname $host
}
hostname host && echo -e "主机名设置成功!!"
echo "正在配置你的hosts文件..."
ip=$(ip a | grep ens33 |grep inet |awk '{print $2}' | awk -F"/" '{print $1}')
echo "$ip $host" >> /etc/hosts
echo "hosts配置完成!!!"
# 安装基础软件包
echo "安装基础软件包中....."
echo
yum install -y vim wget unzip yum_utils &>/dev/null
if [ $? -eq 0 ];then
echo "安装完成....."
else
echo "安装失败..... "
fi
# 时间同步
echo
echo "时间同步中……"
yum install -y ntpdate &> /dev/null
ntpdate cn.pool.ntp.org &> /dev/null
file=$(who | head -1 | cut -d" " -f1)
echo "* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org" > /var/spool/cron/$file
if [ $? -eq 0 ];then
echo "时间同步成功!!!"
echo "unset MAILCHECK" >> /etc/profile
source /etc/profile &> /dev/null
else
echo "时间同步失败!!!"
fi
3.获取系统信息
#!/bin/bash
#此脚本获取系统centos7.x/centos stream9.x
#auther:xingdian
#查看服务器硬件型号
hard_type=`dmidecode |grep "Product Name"|tr "\n" " "` #获取服务器型号
sn=`dmidecode |grep -A 3 "Product Name" |grep "Serial Number"|grep -v "None"` #获取硬件序列码
##系统信息
version=`cat /etc/redhat-release` #版本
kernel=`uname -r` #内核
##cpu
phy_cpu_num=`grep 'physical id' /proc/cpuinfo | sort | uniq | wc -l` #物理CPU数量
nuclear=`grep vendor_id /proc/cpuinfo|wc -l` #逻辑核数(线程)
##内存\Swap
mem=`free -m|grep Mem|awk '{print $2"M"}'` #内存总大小
user_mem=`free -m|grep Mem|awk '{print $3"M"}'` #已用内存大小
swap=`free -m |grep Swap|awk '{print $2"M"}'` #swap总大小
user_swap=`free -m |grep Swap|awk '{print $3"M"}'` #已用swap大小
#最大支持内存数
max_memory=`dmidecode|grep -P 'Maximum\s+Capacity'`
##负载
loadavg=`uptime |awk -F: '{print $NF}'` #系统负载
##网络
network=`[[ $(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" www.baidu.com) -eq 200 ]] && echo yes || echo no` #根据curl www.baidu.com的返回状态码来判断是否能上网
ip_addr=`ip address|grep -w "inet"|grep -v "127.0.0.1"|awk -F "[ /]+" '{print $3,$NF}'` #获取除了回环地址之外的所有网卡的ip地址和对应的网卡名
##磁盘
disk_zong=`df -Th | grep -w '/' | awk '{print $3}'` #获取系统盘的总大小
disk_user=`df -Th | grep -w '/' | awk '{print $4}'` #获取系统盘已用大小
disk_lsbl=`lsblk` #硬盘分区分布
##其他
system_time=`awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime` #开机时长
sys_begin=`date -d "$(awk -F. '{print $1}' /proc/uptime) second ago" +"%Y-%m-%d %H:%M:%S"` #开机时间
##日志
system_log=`du -sh /var/log/ |awk '{print $1}'` #系统日志大小
#进程
tasks=`top -n1 |grep Tasks |awk '{print $2,$4,6}'` #总 运行 休眠
system(){
echo "
|硬件型号:
$hard_type
|序列号:
$sn
|版本: $version
|内核: $kernel
|物理CPU个数:$phy_cpu_num 逻辑核数: $nuclear"个"
|负载:$loadavg
|内存: $mem #最大支持内存:$max_memory
|已用: $user_mem
|swap: $swap
|已用: $user_swap
|是否可以上网: $network
|本地IP地址:
$ip_addr
|系统磁盘大小: $disk_zong
|系统磁盘已用: $disk_user
|日志: 系统日志大小为$system_log
|开机: $sys_begin
|至今: $system_time
硬盘分区
----------------------------------------------------------------------
$disk_lsbl
----------------------------------------------------------------------
----------------------------------------------------------------------
"
}
system
##端口扫描
echo "监听的端口扫描
----------------------------------------------------------------------"
portarray=(`sudo netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^[0-9]*$/) print $NF}'|sort|uniq`)
length=${#portarray[@]} #统计元素个数
printf "{\n"
printf '\t'port":"
for ((i=0;i<$length;i++))
do
printf '\n\t\t{'
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"}"
if [ $i -lt $[$length-1] ];then
printf ','
fi
done
printf "\n\t\n"
printf "}\n"
echo "----------------------------------------------------------------------
"
4.sshpass登录远程服务器与验证
sshpass安装后,可以在控制台输入sshpass命令查看所有选项参数:
$ sshpass
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-P prompt Which string should sshpass search for to detect a password prompt
-v Be verbose about what you're doing
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used
如上所示,command parameters为你要执行的需要交互式输入密码的命令,如:ssh、scp等。当sshpass没有指定参数时会从stdin获取密码,几个密码输入相关参数如下:
-f filename:从文件中获取密码
-d number:使用数字作为获取密码的文件描述符
-p password:指定明文本密码输入(安全性较差)
-e:从环境变量SSHPASS获取密码
远程连接指定ssh的端口:
[root@linuxcool ~]# sshpass -p "password" ssh username@ip
本地执行远程机器的命令:
[root@linuxcool ~]# sshpass -p "password" ssh -p 8443 username@ip
从密码文件读取文件内容作为密码去远程连接主机:
[root@linuxcool ~]# sshpass -p xxx ssh root@192.168.11.11 "ethtool eth0"
从远程主机上拉取文件到本地:
[root@linuxcool ~]# sshpass -p '123456' scp root@host_ip:/home/test/t ./tmp/
5.免密脚本
yum -y install expect
#生成并拷贝ssh_key到远程机器
rm -rf /root/.ssh/*
/usr/bin/expect <<EOF
set timeout 30
spawn ssh-keygen
expect "Enter file in which to save the key (/root/.ssh/id_rsa):"
send "\n"
expect "Enter passphrase (empty for no passphrase):"
send "\n"
expect "Enter same passphrase again:"
send "\n"
spawn ssh-copy-id 172.16.70.251
expect {
"yes/no" { send "yes\n"; exp_continue }
"root@172.16.70.251's password:" { send "uplooking\n"}
}
expect eof
EOF
ssh-add #将私钥身份添加到 OpenSSH 身份验证代理,从而提高ssh的认证速度
==========================================
/usr/bin/expect <<eof
spawn:生成 spawn ssh 10.18.44.196
expect:捕获 expect "password"
send:发送 send "1\n"
expect eof
eof