linux上安全掃描系統的指令碼(自動掃描出漏洞,以及給出解決方案)
請自行下載安裝包 lynis-master.zip
指令碼內容如下:
cat lynis.sh
!#/bin/bash
unzip lynis-master.zip > /dev/null
mv lynis-master /etc/lynis
cd /etc/lynis;clear
echo "檢測系統安全中,請等待檢測結果……"
./lynis audit system |sed '1,/Results/d' > /var/log/lynis-log
curl qq.com &> /dev/null
if [ $? != 0 ];then
clear;echo "本機curl不通外網站點,請聯絡機房處理!!"
fi
ping -c3 8.8.4.4 &> /dev/null
if [ $? != 0 ];then
echo "本機DNS不通,請聯絡機房處理!!"
fi
AWS=`cat /var/log/lynis-log | grep Warnings | wc -l`
if [ $AWS != 0 ];then
echo ""
echo "本機系統漏洞數量如下:"
cat /var/log/lynis-log | grep Warnings
AWWS=`cat /var/log/lynis-log | grep Found | awk '{print $NF}' | awk -F"[" '{print $2}' | awk -F"]" '{print $1}'`
for i in "$AWWS"
do
cd /etc/lynis
echo ""
echo "警告解決方案如下……"
./lynis show details "$i"
done
echo ""
echo "掃描結果 /var/log/lynis-log"
echo "結果詳情 /var/log/lynis.log"
else
echo "本機系統檢測完畢,安全!"
fi