shell/shell-MD/shell脚本案例.md

11 KiB
Raw Blame History

shell脚本案例

作者:行癫(盗版必究)


一:脚本案例

1.配置静态IP案例

#!/bin/bash
# This script configures a static IP address on CentOS 7

# Define variables for the IP address, netmask, gateway, and DNS servers
IP_ADDRESS=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS_SERVERS="8.8.8.8 114.114.114.114"

# Backup the original network configuration file
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33.bak

# Modify the network configuration file with the static IP address, netmask, gateway, and DNS servers
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=$IP_ADDRESS
NETMASK=$NETMASK
GATEWAY=$GATEWAY
DNS1=${DNS_SERVERS%% *}
DNS2=${DNS_SERVERS##* }
EOF

# Restart the network service to apply the changes
systemctl restart network

# Display the new network configuration
ip addr show ens33

centos stream 9

[root@xingdiancloud ~]# bash network.sh
#!/bin/bash
#autherxingdian
NET_DIR=`ls /etc/NetworkManager/system-connections/`
NET_PATH="/etc/NetworkManager/system-connections/"
read -p "请输入IP地址: " ipadd
read -p "请输入子网掩码,例如24: " netmask
read -p "请输入默认网关: " gateway
read -p "请输入dns地址: " dns
read -p "输入设备名字: " name
# 备份原配置
if [ -f ${NET_PATH}${name}.nmconnection.bak ];then
        rm -rf ${NET_PATH}${name}.nmconnection.bak
else
        cp ${NET_PATH}${NET_DIR} ${NET_PATH}${NET_DIR}.bak
fi
cat > ${NET_PATH}${name}.nmconnection <<eof
[connection]
id=$name
uuid=639d6c39-a14a-36f9-b18f-7c1ff3c082d7
type=ethernet
autoconnect-priority=-999
interface-name=$name
timestamp=1681589526

[ethernet]

[ipv4]
method=manual
address1=$ipadd/$netmask,$gateway
dns=$dns

[ipv6]
addr-gen-mode=eui64
method=auto

[proxy]
eof

nmcli c reload
nmcli c up $name

#systemctl restart NetworkManager

2.系统初始化脚本

#!/bin/bash
#centos7 初始化脚本
#autherxingdian
 
# 防火墙设置
 
echo "关闭防火墙和selinux中...."
 
echo
        systemctl stop firewalld && systemctl disable firewalld &> /dev/null
        
        if [ $? -eq 0 ];then
                echo "防火墙已经成功关闭....."
        else
                echo "防火墙关闭失败,请手动关闭!!!"
        fi
        
        setenforce 0 &&  sed -i '/^SELINUX/c SELINUX=disabled' /etc/selinux/config
 
        if [ $? -eq 0 ];then
                echo "selinux已经成功关闭....."
        else
                echo "selnux关闭失败请手动关闭"
        fi
echo
 
# 外网检测
echo "正在检测网络是否能上外网......"
 
echo
 
        ping -c 2 www.baidu.com &> /dev/null
 
        if [ $? -eq 0 ];then
                echo "网络正常"
        else
                echo "网络不可达!"
        fi
echo
 
# 配置yum源-这里选用阿里源
 
echo "配置yum源中....."
echo
        yum install -y wget &> /dev/null
        if [ $? -ne 0 ];then
                echo "wget 安装失败........."
                systemctl restart network
                yum repolist &> /dev/null
                sleep 2
        fi
        mkdir -p /root/YUM_backup
        mv /etc/yum.repos.d/* /root/YUM_backup
        wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &>/dev/null
        wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &>/dev/null
        yum clean all &>/dev/null && yum reppolist &>/dev/null
        echo "你的yum源有:" $(ls /etc/yum.repos.d)
        sleep 2
 
# 配置主机名和host文件
 
echo "正在配置你的主机名..."
 
echo
        read -p "请输入你的主机名:" host 
 
        hostname(){
                hostnamectl set-hostname $host
        }
        hostname host && echo -e "主机名设置成功!!"
 
echo "正在配置你的hosts文件..."
        ip=$(ip a | grep ens33 |grep inet |awk '{print $2}' | awk -F"/" '{print $1}')
        echo "$ip $host" >> /etc/hosts
        echo  "hosts配置完成!!!"
 
# 安装基础软件包
 
        echo "安装基础软件包中....."
        echo
 
        yum install -y vim wget unzip yum_utils &>/dev/null
        if [ $? -eq 0 ];then
                echo "安装完成....."
        else
                echo "安装失败..... "
        fi
# 时间同步
echo
        echo "时间同步中……"
        yum install -y ntpdate &> /dev/null
        ntpdate cn.pool.ntp.org &> /dev/null
        file=$(who | head -1 | cut -d" " -f1)
        echo "* */1 * * * /usr/sbin/ntpdate   cn.pool.ntp.org" > /var/spool/cron/$file
        if [ $? -eq 0 ];then
                echo "时间同步成功!!!"
                echo "unset MAILCHECK" >> /etc/profile
                source /etc/profile &> /dev/null
        else
                echo "时间同步失败!!!"
        fi

3.获取系统信息

#!/bin/bash
#此脚本获取系统centos7.x/centos stream9.x
#autherxingdian

#查看服务器硬件型号
hard_type=`dmidecode |grep "Product Name"|tr "\n" " "` #获取服务器型号
sn=`dmidecode |grep -A 3 "Product Name" |grep "Serial Number"|grep -v "None"` #获取硬件序列码

##系统信息
version=`cat /etc/redhat-release` #版本
kernel=`uname -r` #内核

##cpu
phy_cpu_num=`grep 'physical id' /proc/cpuinfo | sort | uniq | wc -l` #物理CPU数量
nuclear=`grep vendor_id /proc/cpuinfo|wc -l` #逻辑核数(线程)

##内存\Swap
mem=`free -m|grep Mem|awk '{print $2"M"}'` #内存总大小
user_mem=`free -m|grep Mem|awk '{print $3"M"}'` #已用内存大小
swap=`free -m |grep Swap|awk '{print $2"M"}'` #swap总大小
user_swap=`free -m |grep Swap|awk '{print $3"M"}'` #已用swap大小

#最大支持内存数
max_memory=`dmidecode|grep -P 'Maximum\s+Capacity'`

##负载
loadavg=`uptime |awk -F: '{print $NF}'` #系统负载

##网络
network=`[[ $(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" www.baidu.com) -eq 200 ]] && echo yes || echo no` #根据curl www.baidu.com的返回状态码来判断是否能上网
ip_addr=`ip address|grep -w "inet"|grep -v "127.0.0.1"|awk -F "[ /]+" '{print $3,$NF}'` #获取除了回环地址之外的所有网卡的ip地址和对应的网卡名
##磁盘
disk_zong=`df -Th | grep -w '/' | awk '{print $3}'` #获取系统盘的总大小
disk_user=`df -Th | grep -w '/' | awk '{print $4}'` #获取系统盘已用大小
disk_lsbl=`lsblk` #硬盘分区分布
##其他
system_time=`awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60;d=$1%60} {printf("%ddays, %d:%d:%d\n",a,b,c,d)}' /proc/uptime` #开机时长
sys_begin=`date -d "$(awk -F. '{print $1}' /proc/uptime) second ago" +"%Y-%m-%d %H:%M:%S"` #开机时间
##日志
system_log=`du -sh /var/log/ |awk '{print $1}'` #系统日志大小
#进程
tasks=`top -n1 |grep Tasks |awk '{print $2,$4,6}'` #总 运行 休眠

system(){
echo "
|硬件型号:
$hard_type
|序列号:
$sn
|版本: $version
|内核: $kernel

|物理CPU个数$phy_cpu_num 逻辑核数: $nuclear""
|负载:$loadavg

|内存: $mem #最大支持内存:$max_memory
|已用: $user_mem
|swap: $swap
|已用: $user_swap

|是否可以上网: $network
|本地IP地址:
$ip_addr

|系统磁盘大小: $disk_zong
|系统磁盘已用: $disk_user
|日志: 系统日志大小为$system_log
|开机: $sys_begin
|至今: $system_time
硬盘分区
----------------------------------------------------------------------
$disk_lsbl
----------------------------------------------------------------------

----------------------------------------------------------------------
"
}
system
##端口扫描
echo "监听的端口扫描
----------------------------------------------------------------------"
portarray=(`sudo netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^[0-9]*$/) print $NF}'|sort|uniq`)
length=${#portarray[@]}  #统计元素个数
printf "{\n"
printf '\t'port":"
for ((i=0;i<$length;i++))
do
printf '\n\t\t{'
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"}"
if [ $i -lt $[$length-1] ];then
printf ','
fi
done
printf "\n\t\n"
printf "}\n"
echo "----------------------------------------------------------------------
"

4.sshpass登录远程服务器与验证

sshpass安装后可以在控制台输入sshpass命令查看所有选项参数
 
$ sshpass
 
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
 
-f filename   Take password to use from file
 
-d number     Use number as file descriptor for getting password
 
-p password   Provide password as argument (security unwise)
 
-e            Password is passed as env-var "SSHPASS"
 
With no parameters - password will be taken from stdin
 
-P prompt     Which string should sshpass search for to detect a password prompt
 
-v            Be verbose about what you're doing
-h            Show help (this screen)
-V            Print version information
At most one of -f, -d, -p or -e should be used
如上所示command parameters为你要执行的需要交互式输入密码的命令ssh、scp等。当sshpass没有指定参数时会从stdin获取密码几个密码输入相关参数如下
-f filename从文件中获取密码
-d number使用数字作为获取密码的文件描述符
-p password指定明文本密码输入(安全性较差)
-e从环境变量SSHPASS获取密码

远程连接指定ssh的端口
[root@linuxcool ~]# sshpass -p "password" ssh username@ip
本地执行远程机器的命令:
[root@linuxcool ~]# sshpass -p "password" ssh -p 8443 username@ip
从密码文件读取文件内容作为密码去远程连接主机:
[root@linuxcool ~]# sshpass -p xxx ssh root@192.168.11.11 "ethtool eth0"
从远程主机上拉取文件到本地:
[root@linuxcool ~]# sshpass -p '123456' scp root@host_ip:/home/test/t ./tmp/

5.免密脚本

yum -y install expect
#生成并拷贝ssh_key到远程机器
rm -rf /root/.ssh/*
/usr/bin/expect <<EOF
set timeout 30
spawn ssh-keygen
expect "Enter file in which to save the key (/root/.ssh/id_rsa):"
send "\n"
expect "Enter passphrase (empty for no passphrase):"
send "\n"
expect "Enter same passphrase again:"
send "\n"
spawn ssh-copy-id 172.16.70.251
expect {
    "yes/no" { send "yes\n"; exp_continue }
    "root@172.16.70.251's password:" { send "uplooking\n"}
}
expect eof
EOF
ssh-add #将私钥身份添加到 OpenSSH 身份验证代理从而提高ssh的认证速度
==========================================
/usr/bin/expect <<eof
spawn:生成 spawn ssh 10.18.44.196
expect:捕获 expect "password"
send:发送  send "1\n"
expect eof
eof