文章目录
1. `LVS客户端自动配置`2、`企业日常巡检`3、`检测网站地址是否存活`4、`LVS节点健康检查`5、`Keepalived监控服务`6、`mysql建库建表插入数据`7、`mysql分库分表备份`8、`检测MySQL主从复制是否异常`9、`mysql日志切割`10、`防DOS攻击-网络连接法`11、`入侵检测与邮件报警`12、`企业微信报警`
1. LVS客户端自动配置
#
/bin
/bash
VIP
=(202.106.195.111 202.106.195.222)
[ -e
/etc
/sysctl
.conf
]&&rm
-f
/etc
/sysctl
.conf
[ -e
/etc
/sysconfig
/network
-scripts
/ifcfg
-lo
:0 ]&&rm
-f
/etc
/sysconfig
/network
-scripts
/ifcfg
-lo
:0
[ -e
/etc
/sysconfig
/network
-scripts
/ifcfg
-lo
:1 ]&&rm
-f
/etc
/sysconfig
/network
-scripts
/ifcfg
-lo
:1
echo
"net.ipv4.conf.all.arp_ignore = 1">/etc
/sysctl
.conf
echo
"net.ipv4.conf.all.arp_announce = 2">>/etc
/sysctl
.conf
echo
"net.ipv4.conf.default.arp_ignore = 1">>/etc
/sysctl
.conf
echo
"net.ipv4.conf.default.arp_announce = 2">>/etc
/sysctl
.conf
echo
"net.ipv4.conf.lo.arp_ignore = 1">>/etc
/sysctl
.conf
echo
"net.ipv4.conf.lo.arp_announce = 2">>/etc
/sysctl
.conf
sysctl
-p
&>/dev
/null
cd
/etc
/sysconfig
/network
-scripts
for ((i
=0;i
<`echo $
{#VIP
[*]}`
;i
++))
do
cp ifcfg
-lo ifcfg
-lo
:$i
echo
"DEVICE=lo:$i">ifcfg
-lo
:$i
echo
"IPADDR=${VIP[$i]}">>ifcfg
-lo
:$i
echo
"NETMASK=255.255.255.255">>ifcfg
-lo
:$i
echo
"ONBOOT=yes">>ifcfg
-lo
:$i
ifup ifcfg
-lo
:$i
/usr
/sbin
/route add
-host $
{VIP
[$i
]} dev lo
:$i
&>/dev
/null
done
2、企业日常巡检
#
!/bin
/bash
function
system(){
echo
"#########################系统信息#########################"
OS_TYPE
=`uname`
OS_VER
=`cat
/etc
/redhat
-release`
OS_KER
=`uname
-a
|awk
'{print $3}'`
OS_TIME
=`date
+%F_
%T`
OS_RUN_TIME
=`uptime
|awk
'{print $3}'|awk
-F
, '{print $1}'`
OS_LAST_REBOOT_TIME
=`who
-b
|awk
'{print $2,$3}'`
OS_HOSTNAME
=`hostname`
echo
" 系统类型:$OS_TYPE"
echo
" 系统版本:$OS_VER"
echo
" 系统内核:$OS_KER"
echo
" 当前时间:$OS_TIME"
echo
" 运行时间:$OS_RUN_TIME"
echo
"最后重启时间:$OS_LAST_REBOOT_TIME"
echo
" 本机名称:$OS_HOSTNAME"
}
function
network(){
echo
"#########################网络信息#########################"
INTERNET
=(`ifconfig
|grep ens
|awk
-F
: '{print $1}'`
)
for((i
=0;i
<`echo $
{#INTERNET
[*]}`
;i
++))
do
OS_IP
=`ifconfig $
{INTERNET
[$i
]}|head
-2|grep inet
|awk
'{print $2}'`
echo
" 本机IP:${INTERNET[$i]}:$OS_IP"
done
curl
-I http
://www
.baidu
.com
&>/dev
/null
if [ $
? -eq
0 ]
then echo
" 访问外网:成功"
else echo
" 访问外网:失败"
fi
}
function
hardware(){
echo
"#########################硬件信息#########################"
CPUID
=`grep
"physical id" /proc
/cpuinfo
|sort
|uniq
|wc
-l`
CPUCORES
=`grep
"cores" /proc
/cpuinfo
|sort
|uniq
|awk
-F
: '{print $2}'`
CPUMODE
=`grep
"model name" /proc
/cpuinfo
|sort
|uniq
|awk
-F
: '{print $2}'`
echo
" CPU数量: $CPUID"
echo
" CPU核心:$CPUCORES"
echo
" CPU型号:$CPUMODE"
MEMTOTAL
=`free
-m
|grep Mem
|awk
'{print $2}'`
MEMFREE
=`free
-m
|grep Mem
|awk
'{print $7}'`
echo
" 内存总容量: ${MEMTOTAL}MB"
echo
"剩余内存容量: ${MEMFREE}MB"
disksize
=0
swapsize
=`free
|grep Swap
|awk
{'print $2'}`
partitionsize
=(`df
-T
|sed
1d
|egrep
-v
"tmpfs|sr0"|awk
{'print $3'}`
)
for ((i
=0;i
<`echo $
{#partitionsize
[*]}`
;i
++))
do
disksize
=`expr $disksize
+ $
{partitionsize
[$i
]}`
done
((disktotal
=\
($disksize
+$swapsize\
)/1024/1024))
echo
" 磁盘总容量: ${disktotal}GB"
diskfree
=0
swapfree
=`free
|grep Swap
|awk
'{print $4}'`
partitionfree
=(`df
-T
|sed
1d
|egrep
-v
"tmpfs|sr0"|awk
'{print $5}'`
)
for ((i
=0;i
<`echo $
{#partitionfree
[*]}`
;i
++))
do
diskfree
=`expr $diskfree
+ $
{partitionfree
[$i
]}`
done
((freetotal
=\
($diskfree
+$swapfree\
)/1024/1024))
echo
"剩余磁盘容量:${freetotal}GB"
}
function
secure(){
echo
"#########################安全信息#########################"
countuser
=(`last
|grep
"still logged in"|awk
'{print $1}'|sort
|uniq`
)
for ((i
=0;i
<`echo $
{#countuser
[*]}`
;i
++))
do echo
"当前登录用户:${countuser[$i]}"
done
md5sum
-c
--quiet
/opt
/passwd
.db
&>/dev
/null
if [ $
? -eq
0 ]
then echo
" 用户异常:否"
else echo
" 用户异常:是"
fi
}
function
chksys(){
system
network
hardware
secure
}
3、检测网站地址是否存活
#
!/bin
/bash
. /etc
/init
.d
/functions
url_list
=(www
.tec
.com www
.stu
.com
)
function
chkurl(){
i
=0
while [ $i
-lt
2 ]
do
curl http
://$
{url_list
[$i
]} &>/dev
/null
if [ $
? -eq
0 ]
then
action
"${url_list[$i]}" /bin
/true
else
action
"${url_list[$i]}" /bin
/false
fi
let i
++
done
}
function
main(){
while true
do chkurl
sleep
3
done
}
main
4、LVS节点健康检查
#
!/bin
/bash
VIP
=202.106.195.1
PORT
=80
RIP
=(192.168.100.10 192.168.100.20)
while true
do
for ((i
=0;i
<`echo $
{#RIP
[*]}`
;i
++))
do
code
=`curl
-I
-m
10 -o
/dev
/null
-s
-w
%{http_code
} http
://$
{RIP
[$i
]}`
if [ $code
-ne
200 -a $
(ipvsadm
-Ln
|grep $
{RIP
[$i
]}|wc
-l
) -eq
1 ]
then ipvsadm
-d
-t $VIP
:$PORT
-r $
{RIP
[$i
]}:$PORT
elif
[ $code
-eq
200 -a $
(ipvsadm
-Ln
|grep $
{RIP
[$i
]}|wc
-l
) -lt
1 ]
then ipvsadm
-a
-t $VIP
:$PORT
-r $
{RIP
[$i
]}:$PORT
fi
done
sleep
5
done
5、Keepalived监控服务
#
!/bin
/bash
while true
do
if [ $
(pidof httpd
|wc
-l
) -eq
1 -a $
(pidof keepalived
|wc
-l
) -eq
0 ]
then systemctl start keepalived
fi
pidof httpd
&>/dev
/null
if [ $
? -ne
0 ]
then systemctl start httpd
&>/dev
/null
fi
sleep
3
pidof httpd
&>/dev
/null
if [ $
? -ne
0 ]
then systemctl stop keepalived
fi
sleep
3
done
6、mysql建库建表插入数据
#
!/bin
/bash
user
="root"
password
="123456"
mycmd
="mysql -u$user -p$password"
for dbname in tec stu
do
$mycmd
-e
"create database $dbname;"
$mycmd
-e
"use $dbname;create table test(id int,name varchar(18));insert into test values(1,'rainman');"
done
7、mysql分库分表备份
#
!/bin
/bash
user
="root"
password
="123456"
mycmd
="mysql -u$user -p$password -h 192.168.100.1"
mydump
="mysqldump -u$user -p$password -h 192.168.100.1 --lock-tables=0"
for dbname in `$mycmd
-e
"show databases;"|egrep
-v
"Database|schema"`
do
[ -d
/opt
/$dbname
]||mkdir
-p
/opt
/$dbname
for tabname in `$mycmd
-e
"show tables from $dbname"|sed
1d`
do $mydump $dbname $tabname
> /opt
/$dbname
/$
{tabname
}_$
(date
+%F
).sql
done
done
8、检测MySQL主从复制是否异常
#
!/bin
/bash
user
="root"
password
="123456"
mycmd
="mysql -u$user -p$password -h 192.168.100.20"
function
chkdb() {
list
=($
($mycmd
-e
"show slave status \G"|egrep
"Running|Behind"|awk
-F
: '{print $2}'))
if [ $
{list
[0]} = "Yes" -a $
{list
[1]} = "Yes" -a $
{list
[2]} -lt
120 ]
then echo
"Mysql slave is ok"
else echo
"Mysql slave replation is filed"
fi
}
function
main() {
while true
do chkdb
sleep
3
done
}
main
9、mysql日志切割
#
!/bin
/bash
logfile
=/var
/log
/httpd
/access_log
pid
=/run
/httpd
/httpd
.pid
mv $logfile
/opt
/access_$
(date
-d
"yesterday" +"%Y-%m-%d").log
kill
-USR1 $
(cat $pid
)
size
=`du
-sh
/opt
|awk
'{print $1}'|awk
-F
"M" '{print $1}'`
if [ $size
-gt
1000 ]
then find
/opt
-type f
-name access
* -mtime
+30 -exec rm
-f
{} \
;
fi
10、防DOS攻击-网络连接法
#
!/bin
/bash
netstat
-antup
|grep SYN_RECV
|awk
'{print $5}'|awk
-F
: '{print $1}'|sort
|uniq
-c
>/opt
/tmp
exec
</opt
/tmp
while read line
do
count
=`echo $line
|awk
'{print $1}'`
ip
=`echo $line
|awk
'{print $2}'`
if [ $count
-gt
128 ]
then iptables
-I INPUT
-s $ip
-j DROP
fi
done
11、入侵检测与邮件报警
#
!/bin
/bash
webdir
=/var
/www
/html
cd $webdir
md5sum
-c
--quiet
/opt
/sumfile
.db
&>/opt
/sum_err
.log
if [ $
? -ne
0 ]
then
echo
"the file_sum is changed"
mail
-s
"sum_error" wcg@bw
.com
</opt
/sum_err
.log
else
echo
"check file_sum is ok"
fi
find
/var
/www
/html
/ -type f
>/opt
/countfile
.db_sec
diff
/opt
/countfile
.db_
* &>/opt
/count_err
.log
if [ $
(diff
/opt
/countfile
.db_
*|wc
-l
) -gt
0 ]
then
echo
"the file_count is changed"
mail
-s
"count_err" wcg@bw
.com
</opt
/count_err
.log
else
echo
"check file_count is ok"
fi
12、企业微信报警
function
sendmsg() {
CorpID
="ww3c6298264d839e2f"
Secret
="YvyMQpMRIoXtdQRWo0RNkMBTZnHWKvBwC3ILkyuCsKQ"
agentid
=1000002
GURL
="https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$CorpID&corpsecret=$Secret"
Gtoken
=$
(/usr
/bin
/curl
-s
-G $GURL
|awk
-F\"
'{print $10}')
#echo $Gtoken
PURL
="https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=$Gtoken"
Ip
=$
(ip a
|grep ens33
|grep inet
|awk
-F
"/" '{ print $1 }' |awk
-F
" " '{ print $2 }')
/usr
/bin
/curl
--data
-ascii '
{
"touser": "@all",
"toparty": "2",
"msgtype": "text",
"agentid": "1000002",
"text": {"content": "'"警告
:[$msg
]\n主机
:[`uname
-n`
]\n日期
:[$
(date
+%F
-%T
)]\n地址
:[$Ip
]"'"},
"safe":"0"
}' $PURL
>/dev
/null
2>&1
}
