#说明: Everyone usually on the Linux server security is mainly to the system user check, login server IP check, and firewall status check!
1. The correct system user name needs to be stored in the/root/liu_shell/local_user.txt file and then compared!
2. Determine whether the IP that is starting with 192.168.1 and 192.168.2 is the normal ip!
3. Judge Iptables status!
#!/usr/bin/python#coding=utf-8import sys,os,re,sockethost=str (Socket.gethostname (). Strip ()) fuhao= Os.linesepdef user_panduan (): file01=file ('/etc/passwd ') mmm=[] for xx in file01: Mmm.append (Re.split (': ', XX) [0]) file01.close () file02=file ('/ Root/liu_shell/new_user.txt ', ' W ') for yy in mmm: file02.write ('%s%s ' % (Yy,fuhao)) file02.close () f_local=file ('/root/liu_shell/local_user.txt ') f_new=file ('/root/liu_ Shell/new_user.txt ') local_user=[] new_user=[] for line1 in f_local: line1=line1.strip () local_user.append (line1) for line2 in f_new: line2=line2.strip () New_user.append (line2) f_local.close () f_new.close () if local_user==new_user: print ' host:%s user ok ' %host else: cmd = "echo ' Host:%s user error ' |mail -s user_error [email protected ] " %host os.system (cmd) Def ip_panduan (): os.system ("last|awk ' {print $3} ' |grep -v [a-z]|grep -v ^$|sort |uniq >/root/liu_shell/local_ip.txt ") f_ip=file ('/root/liu_shell/local_ Ip.txt ') local_ip=[] for line in f_ip: line=line.strip () local_ip.append (line) for aa in local_ip: kk= Re.match (' 192.168.1|192.168.2 ', aa) if kk: print ' Host:%s ip ok ' %host else: cmd= "echo ' Host:%s ip error ' |mail -s ip_error [ email protected] " %host os.system (CMD) Def iptables_panduan (): iptables_status=int (Os.popen ("/sbin/ iptables -nl|grep -v ^$|wc -l "). ReadLine (). Strip ()) if iptables_status==6: cmd= "echo ' host:%s iptables not running! ' |mail -s iptables [email protected] " %host os.system (CMD) else: print ' Host:%s iptable running ok ' %hostuser_panduan () Ip_panduan () Iptables_ Panduan ()
This article is from the "Chengdu @ Ah-like" blog, please be sure to keep this source http://azhuang.blog.51cto.com/9176790/1440164
Linux Server Security Check script