1、服务器系统配置初始化
| #/bin/bash | |
| # 安装系统性能分析工具及其他 | |
| yum install gcc make autoconf vim sysstat net-tools iostat iftop iotp wget lrzsz lsof unzip openssh-clients net-tool vim ntpdate -y | |
| # 设置时区并同步时间 | |
| ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime | |
| if ! crontab -l |grep ntpdate &>/dev/null ; then | |
| (echo "* * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontab | |
| fi | |
| # 禁用selinux | |
| sed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config | |
| # 关闭防火墙 | |
| if egrep ".[0-9]" /etc/redhat-release &>/dev/null; then | |
| systemctl stop firewalld | |
| systemctl disable firewalld | |
| elif egrep ".[0-9]" /etc/redhat-release &>/dev/null; then | |
| service iptables stop | |
| chkconfig iptables off | |
| fi | |
| # 历史命令显示操作时间 | |
| if ! grep HISTTIMEFORMAT /etc/bashrc; then | |
| echo ' export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S `whoami` "' >> /etc/bashrc | |
| fi | |
| # SSH超时时间 | |
| if ! grep "TMOUT=" /etc/profile &>/dev/null; then | |
| echo "export TMOUT=" >> /etc/profile | |
| fi | |
| # 禁止 root 远程登录 切记给系统添加普通用户,给su到root的权限 | |
| sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| # 禁止定时任务向发送邮件 | |
| sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab | |
| # 设置最大打开文件数 | |
| if ! grep "* soft nofile" /etc/security/limits.conf &>/dev/null; then | |
| cat >> /etc/security/limits.conf << EOF | |
| * soft nofile | |
| * hard nofile | |
| EOF | |
| fi | |
| # 系统内核优化 | |
| cat >> /etc/sysctl.conf << EOF | |
| net.ipv.tcp_syn cookies = 1 | |
| net.ipv.tcp_max_tw_buckets = 20480 | |
| net.ipv.tcp_max_syn_backlog = 20480 | |
| net.core.netdev_max_backlog = | |
| net.ipv.tcp_fin_timeout = 20 | |
| EOF | |
| # 减少SWAP使用 | |
| echo "" > /proc/sys/vm/swappiness |
2、批量创建多个用户并设置密码
| #!/bin/bash | |
| USER_LIST=$@ | |
| USER_FILE=./user.info | |
| for USER in $USER_LIST;do | |
| if ! id $USER &>/dev/null; then | |
| PASS=$(echo $RANDOM |mdsum |cut -c 1-8) | |
| useradd $USER | |
| echo $PASS | passwd --stdin $USER &>/dev/null | |
| echo "$USER $PASS" >> $USER_FILE | |
| echo "$USER User create successful." | |
| else | |
| echo "$USER User already exists !" | |
| fi | |
| done |
3、一键查看服务器利用率
| #!/bin/bash | |
| function cpu(){ | |
| util=$(vmstat | awk '{if(NR==)print $13+$14}') | |
| iowait=$(vmstat | awk '{if(NR==)print $16}') | |
| echo "CPU -使用率:${util}% ,等待磁盘IO相应使用率:${iowait}:${iowait}%" | |
| } | |
| function memory (){ | |
| total=`free -m |awk '{if(NR==)printf "%.1f",$2/1024}'` | |
| used=`free -m |awk '{if(NR==) printf "%.1f",($2-$NF)/1024}'` | |
| available=`free -m |awk '{if(NR==) printf "%.1f",$NF/1024}'` | |
| echo "内存 - 总大小: ${total}G , 使用: ${used}G , 剩余: ${available}G" | |
| } | |
| disk(){ | |
| fs=$(df -h |awk '/^\/dev/{print $}') | |
| for p in $fs; do | |
| mounted=$(df -h |awk '$=="'$p'"{print $NF}') | |
| size=$(df -h |awk '$=="'$p'"{print $2}') | |
| used=$(df -h |awk '$=="'$p'"{print $3}') | |
| used_percent=$(df -h |awk '$=="'$p'"{print $5}') | |
| echo "硬盘 - 挂载点: $mounted , 总大小: $size , 使用: $used , 使用率: $used_percent" | |
| done | |
| } | |
| function tcp_status() { | |
| summary=$(ss -antp |awk '{status[$]++}END{for(i in status) printf i":"status[i]" "}') | |
| echo "TCP连接状态 - $summary" | |
| } | |
| cpu | |
| memory | |
| disk | |
| tcp_status |
4、找出占用CPU 内存过高的进程
| #!/bin/bash | |
| echo "-------------------CUP占用前排序--------------------------------" | |
| ps -eo user,pid,pcpu,pmem,args --sort=-pcpu |head -n | |
| echo "-------------------内存占用前排序--------------------------------" | |
| ps -eo user,pid,pcpu,pmem,args --sort=-pmem |head -n |
5、查看网卡的实时流量
| #!/bin/bash | |
| eth=$1 | |
| echo -e "流量进入--流量传出 " | |
| while true; do | |
| old_in=$(cat /proc/net/dev |grep $eth |awk '{print $2}') | |
| old_out=$(cat /proc/net/dev |grep $eth |awk '{print $10}') | |
| sleep | |
| new_in=$(cat /proc/net/dev |grep $eth |awk '{print $2}') | |
| new_out=$(cat /proc/net/dev |grep $eth |awk '{print $10}') | |
| in=$(printf "%.f%s" "$((($new_in-$old_in)/1024))" "KB/s") | |
| out=$(printf "%.f%s" "$((($new_out-$old_out)/1024))" "KB/s") | |
| echo "$in $out" | |
| done |
6、监控多台服务器磁盘利用率脚本
| #!/bin/bash | |
| HOST_INFO=host.info | |
| for IP in $(awk '/^[^#]/{print $}' $HOST_INFO); do | |
| #取出用户名和端口 | |
| USER=$(awk -v ip=$IP 'ip==${print $2}' $HOST_INFO) | |
| PORT=$(awk -v ip=$IP 'ip==${print $3}' $HOST_INFO) | |
| #创建临时文件,保存信息 | |
| TMP _FILE=/tmp/disk.tmp | |
| #通过公钥登录获取主机磁盘信息 | |
| ssh -p $PORT $USER@$IP 'df -h' > $TMP_FILE | |
| #分析磁盘占用空间 | |
| USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^\/dev/{print $NF,int($)}' $TMP_FILE) | |
| #循环磁盘列表,进行判断 | |
| for USE_RATE in $USE_RATE_LIST; do | |
| #取出等号(=)右边的值 挂载点名称 | |
| PART_NAME=${USE_RATE%=*} | |
| #取出等号(=)左边的值 磁盘利用率 | |
| USE_RATE=${USE_RATE#*=} | |
| #进行判断 | |
| if [ $USE_RATE -ge ]; then | |
| echo "Warning: $PART_NAME Partition usage $USE_RATE%!" | |
| echo "服务器$IP的磁盘空间占用过高,请及时处理" | mail -s "空间不足警告" 你的qq@qq.com | |
| else | |
| echo "服务器$IP的$PART_NAME目录空间良好" | |
| fi | |
| done | |
| done |
7、批量检测网站是否异常并邮件通知
| #!/bin/bash | |
| URL_LIST="www.baidu.com www.ctnrs.com www.der-matech.net.cn www.der-matech.com.cn www.der-matech.cn www.der-matech.top www.der-matech.org" | |
| for URL in $URL_LIST; do | |
| FAIL_COUNT= | |
| for ((i=;i<=3;i++)); do | |
| HTTP_CODE=$(curl -o /dev/null --connect-timeout -s -w "%{http_code}" $URL) | |
| if [ $HTTP_CODE -eq ]; then | |
| echo "$URL OK" | |
| break | |
| else | |
| echo "$URL retry $FAIL_COUNT" | |
| let FAIL_COUNT++ | |
| fi | |
| done | |
| if [ $FAIL_COUNT -eq ]; then | |
| echo "Warning: $URL Access failure!" | |
| echo "网站$URL坏掉,请及时处理" | mail -s "$URL网站高危"@qq.com | |
| fi | |
| done |
8、批量主机远程执行命令脚本
| #!/bin/bash | |
| COMMAND=$* | |
| HOST_INFO=host.info | |
| for IP in $(awk '/^[^#]/{print $}' $HOST_INFO); do | |
| USER=$(awk -v ip=$IP 'ip==${print $2}' $HOST_INFO) | |
| PORT=$(awk -v ip=$IP 'ip==${print $3}' $HOST_INFO) | |
| PASS=$(awk -v ip=$IP 'ip==${print $4}' $HOST_INFO) | |
| expect -c " | |
| spawn ssh -p $PORT $USER@$IP | |
| expect { | |
| \"(yes/no)\" {send \"yes\r\"; exp_continue} | |
| \"password:\" {send \"$PASS\r\"; exp_continue} | |
| \"$USER@*\" {send \"$COMMAND\r exit\r\"; exp_continue} | |
| } | |
| " | |
| echo "-------------------" | |
| done |
9、一键部署 LNMP 网站平台脚本
| #!/bin/bash | |
| Nginx _V=1.15.6 | |
| PHP_V=.6.36 | |
| TMP_DIR=/tmp | |
| INSTALL_DIR=/usr/local | |
| PWD_C=$PWD | |
| echo | |
| echo -e "\tMenu\n" | |
| echo -e ". Install Nginx" | |
| echo -e ". Install PHP" | |
| echo -e ". Install MySQL" | |
| echo -e ". Deploy LNMP" | |
| echo -e ". Quit" | |
| function command_status_check() { | |
| if [ $? -ne ]; then | |
| echo $ | |
| exit | |
| fi | |
| } | |
| function install_nginx() { | |
| cd $TMP_DIR | |
| yum install -y gcc gcc-c++ make openssl-devel pcre-devel wget | |
| wget {NGINX_V}.tar.gz | |
| tar zxf nginx-${NGINX_V}.tar.gz | |
| cd nginx-${NGINX_V} | |
| ./configure --prefix=$INSTALL_DIR/nginx \ | |
| --with-http_ssl_module \ | |
| --with-http_stub_status_module \ | |
| --with-stream | |
| command_status_check "Nginx - 平台环境检查失败!" | |
| make -j | |
| command_status_check "Nginx - 编译失败!" | |
| make install | |
| command_status_check "Nginx - 安装失败!" | |
| mkdir -p $INSTALL_DIR/nginx/conf/vhost | |
| alias cp=cp ; cp -rf $PWD_C/nginx.conf $INSTALL_DIR/nginx/conf | |
| rm -rf $INSTALL_DIR/nginx/html/* | |
| echo "ok" > $INSTALL_DIR/nginx/html/status.html | |
| echo '<?php echo "ok"?>' > $INSTALL_DIR/nginx/html/status.php | |
| $INSTALL_DIR/nginx/sbin/nginx | |
| command_status_check "Nginx - 启动失败!" | |
| } | |
| function install_php() { | |
| cd $TMP_DIR | |
| yum install -y gcc gcc-c++ make gd-devel libxml-devel \ | |
| libcurl-devel libjpeg-devel libpng-devel openssl-devel \ | |
| libmcrypt-devel libxslt-devel libtidy-devel | |
| wget {PHP_V}.tar.gz | |
| tar zxf php-${PHP_V}.tar.gz | |
| cd php-${PHP_V} | |
| ./configure --prefix=$INSTALL_DIR/php \ | |
| --with-config-file-path=$INSTALL_DIR/php/etc \ | |
| --enable-fpm --enable-opcache \ | |
| --with- MySQL --with-mysqli --with-pdo-mysql \ | |
| --with-openssl --with-zlib --with-curl --with-gd \ | |
| --with-jpeg-dir --with-png-dir --with-freetype-dir \ | |
| --enable-mbstring --enable-hash | |
| command_status_check "PHP - 平台环境检查失败!" | |
| make -j | |
| command_status_check "PHP - 编译失败!" | |
| make install | |
| command_status_check "PHP - 安装失败!" | |
| cp php.ini-production $INSTALL_DIR/php/etc/php.ini | |
| cp sapi/fpm/php-fpm.conf $INSTALL_DIR/php/etc/php-fpm.conf | |
| cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm | |
| chmod +x /etc/init.d/php-fpm | |
| /etc/init.d/php-fpm start | |
| command_status_check "PHP - 启动失败!" | |
| } | |
| read -p "请输入编号:" number | |
| case $number in) | |
| install_nginx;;) | |
| install_php;;) | |
| install_mysql;;) | |
| install_nginx | |
| install_php | |
| ;;) | |
| exit;; | |
| esac |
10、监控MySQL主从同步状态是否异常脚本
| #!/bin/bash | |
| HOST=localhost | |
| USER=root | |
| PASSWD=.com | |
| IO_SQL_STATUS=$(mysql -h$HOST -u$USER -p$PASSWD -e 'show slave status\G'>/dev/null |awk '/Slave_.*_Running:/{print $1$2}') | |
| for i in $IO_SQL_STATUS; do | |
| THREAD _STATUS_NAME=${i%:*} | |
| THREAD_STATUS=${i#*:} | |
| if [ "$THREAD_STATUS" != "Yes" ]; then | |
| echo "Error: MySQL Master-Slave $THREAD_STATUS_NAME status is $THREAD_STATUS!" |mail -s "Master-Slave Staus" xxx@.com | |
| fi | |
| done |
11、MySql数据库备份脚本
分库备份
| mysqldump -uroot -pxxx -B A > A.sql | |
| #!/bin/bash | |
| DATE=$(date +%F_%H-%M-%S) | |
| HOST=localhost | |
| USER=backup | |
| PASS=.com | |
| BACKUP_DIR=/data/db_backup | |
| DB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;">/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys") | |
| for DB in $DB_LIST; do | |
| BACKUP_NAME=$BACKUP_DIR/${DB}_${DATE}.sql | |
| if ! mysqldump -h$HOST -u$USER -p$PASS -B $DB > $BACKUP_NAME>/dev/null; then | |
| echo "$BACKUP_NAME 备份失败!" | |
| fi | |
| done |
分表备份
| mysqldump -uroot -pxxx -A t > t.sql | |
| #!/bin/bash | |
| DATE=$(date +%F_%H-%M-%S) | |
| HOST=localhost | |
| USER=backup | |
| PASS=.com | |
| BACKUP_DIR=/data/db_backup | |
| DB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;">/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys") | |
| for DB in $DB_LIST; do | |
| BACKUP_DB_DIR=$BACKUP_DIR/${DB}_${DATE} | |
| [ ! -d $BACKUP_DB_DIR ] && mkdir -p $BACKUP_DB_DIR &>/dev/null | |
| TABLE_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "use $DB;show tables;">/dev/null) | |
| for TABLE in $TABLE_LIST; do | |
| BACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.sql | |
| if ! mysqldump -h$HOST -u$USER -p$PASS $DB $TABLE > $BACKUP_NAME>/dev/null; then | |
| echo "$BACKUP_NAME 备份失败!" | |
| fi | |
| done | |
| done |
12、Nginx访问日志分析
| #!/bin/bash | |
| # 日志格式: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" | |
| LOG_FILE=$ | |
| echo "统计访问最多的个IP" | |
| awk '{a[$]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr |head -10 | |
| echo "----------------------" | |
| echo "统计时间段访问最多的IP" | |
| awk '$>="[01/Dec/2018:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr|head -10 | |
| echo "----------------------" | |
| echo "统计访问最多的个页面" | |
| awk '{a[$]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}' $LOG_FILE |sort -k2 -nr | |
| echo "----------------------" | |
| echo "统计访问页面状态码数量" | |
| awk '{a[$" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}' $LOG_FILE |sort -k3 -nr |
13、Nginx访问日志自动按天(周、月)切割
| #!/bin/bash | |
| #nginx日志目录 | |
| LOG_DIR=/www/server/nginx/logs | |
| #获取到上一天的时间 | |
| YESTERDAY_TIME=$(date -d "yesterday" +%F) | |
| #归档日志取时间 | |
| LOG_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m") | |
| #归档日志的名称 | |
| LOG_FILE_LIST="access.log" | |
| for LOG_FILE in $LOG_FILE_LIST; do | |
| [ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR | |
| mv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME} | |
| done | |
| kill -USR $(cat $LOG_DIR/nginx.pid) |
14、自动发布Java项目(Tomcat)
| #!/bin/bash | |
| DATE=$(date +%F_%T) | |
| TOMCAT_NAME=$ | |
| TOMCAT_DIR=/usr/local/$TOMCAT_NAME | |
| ROOT=$TOMCAT_DIR/webapps/ROOT | |
| BACKUP_DIR=/data/backup | |
| WORK_DIR=/tmp | |
| PROJECT_NAME=tomcat-java-demo | |
| # 拉取代码 | |
| cd $WORK_DIR | |
| if [ ! -d $PROJECT_NAME ]; then | |
| git clone | |
| cd $PROJECT_NAME | |
| else | |
| cd $PROJECT_NAME | |
| git pull | |
| fi | |
| # 构建 | |
| mvn clean package -Dmaven.test.skip=true | |
| if [ $? -ne ]; then | |
| echo "maven build failure!" | |
| exit | |
| fi | |
| # 部署 | |
| TOMCAT_PID=$(ps -ef |grep "$TOMCAT_NAME" |egrep -v "grep|$$" |awk 'NR=={print $2}') | |
| [ -n "$TOMCAT_PID" ] && kill - $TOMCAT_PID | |
| [ -d $ROOT ] && mv $ROOT $BACKUP_DIR/${TOMCAT_NAME}_ROOT$DATE | |
| unzip $WORK_DIR/$PROJECT_NAME/target/*.war -d $ROOT | |
| $TOMCAT_DIR/bin/startup.sh |
15、自动发布PHP项目
| #!/bin/bash | |
| DATE=$(date +%F_%T) | |
| WWWROOT=/usr/local/nginx/html/$ | |
| BACKUP_DIR=/data/backup | |
| WORK_DIR=/tmp | |
| PROJECT_NAME=php-demo | |
| # 拉取代码 | |
| cd $WORK_DIR | |
| if [ ! -d $PROJECT_NAME ]; then | |
| git clone | |
| cd $PROJECT_NAME | |
| else | |
| cd $PROJECT_NAME | |
| git pull | |
| fi | |
| # 部署 | |
| if [ ! -d $WWWROOT ]; then | |
| mkdir -p $WWWROOT | |
| rsync -avz --exclude=.git $WORK_DIR/$PROJECT_NAME/* $WWWROOT | |
| else | |
| rsync -avz --exclude=.git $WORK_DIR/$PROJECT_NAME/* $WWWROOT | |
| fi |
16、DOS攻击防范(自动屏蔽攻击IP)
| #!/bin/bash | |
| DATE=$(date +%d/%b/%Y:%H:%M) | |
| #nginx日志 | |
| LOG_FILE=/usr/local/nginx/logs/demo.access.log | |
| #分析ip的访问情况 | |
| ABNORMAL_IP=$(tail -n $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>10)print i}') | |
| for IP in $ABNORMAL_IP; do | |
| if [ $(iptables -vnL |grep -c "$IP") -eq ]; then | |
| iptables -I INPUT -s $IP -j DROP | |
| echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log | |
| fi | |
| done |
17、目录入侵检测与告警
| #!/bin/bash | |
| MON_DIR=/opt | |
| inotifywait -mqr --format %f -e create $MON_DIR |\ | |
| while read files; do | |
| #同步文件 | |
| rsync -avz /opt /tmp/opt | |
| #检测文件是否被修改 | |
| #echo "$(date +'%F %T') create $files" | mail -s "dir monitor" xxx@.com | |
| done |