Skip to main content

核查与访谈

部分内容如日志备份情况(包括上面运行的中间件如nginx等)须手动确认,防病毒软件版本号和特征库信息也需要手动确认,其他可直接执行以下脚本:

curl https://www.nat.ac.cn/shell/collect_system_info.sh |bash

以下为脚本完整内容:

#!/bin/bash

# Check if running on Linux
if [[ "$(uname)" != "Linux" ]]; then
  echo "This script is designed to run only on Linux systems."
  exit 1
fi

# Get system IP address for filename
SYSTEM_IP=$(ip addr show | grep -w inet | grep -v 127.0.0.1 | awk '{print $2}' | cut -d/ -f1 | head -n1)
if [ -z "$SYSTEM_IP" ]; then
  SYSTEM_IP="unknown"
fi

# Create output file with IP and timestamp
TIMESTAMP=$(date +%Y%m%d%H%M%S)
OUTPUT_FILE="$HOME/${SYSTEM_IP}_${TIMESTAMP}.txt"
touch "$OUTPUT_FILE"

# Function to run command with echo explanation
run_command() {
  local cmd="$1"
  local explanation="$2"
  
  # Echo explanation to terminal
  echo "$explanation"
  # Echo explanation to file
  echo -e "\necho \"$explanation\"" >> "$OUTPUT_FILE"
  # Echo the command to file
  echo "echo \"Running: $cmd\"" >> "$OUTPUT_FILE"
  echo "$cmd" >> "$OUTPUT_FILE"
  # Execute the command and save output
  eval "$cmd" >> "$OUTPUT_FILE" 2>&1 || echo "Command failed or not available" >> "$OUTPUT_FILE"
  echo -e "----------------------------------------\n" >> "$OUTPUT_FILE"
}

echo "Starting system information collection..." > "$OUTPUT_FILE"
echo "Output file: $OUTPUT_FILE" >> "$OUTPUT_FILE"
echo "Collection time: $(date)" >> "$OUTPUT_FILE"
echo -e "----------------------------------------\n" >> "$OUTPUT_FILE"

# System information commands
run_command "hostnamectl" "This command displays system hostname and operating system information"
run_command "timedatectl" "This command displays system time and date information"
run_command "ip addr show | grep inet" "This command displays all IP addresses configured on the system"

# User and group information
run_command "cat /etc/group" "This command displays all groups defined on the system"
run_command "cat /etc/passwd" "This command displays all user accounts defined on the system"
run_command "cat /etc/shadow" "This command displays password and account expiration information"
run_command "cat /etc/sudoers | grep -v ^#" "This command displays sudo configuration and permissions (non-comment lines)"
run_command "w" "This command shows who is logged in and what they are doing"
run_command "who" "This command shows who is logged in"
run_command "last | head -n 5" "This command shows the first 5 recent login records"
run_command "last | tail -n 5" "This command shows the last 5 login records"

# Password and authentication configuration
run_command "cat /etc/login.defs | grep -v ^#" "This command displays system-wide login settings (non-comment lines)"
run_command "chage -l \$(whoami)" "This command displays password expiration information for current user"
run_command "yum list installed | grep libpwquality" "This command checks if password quality enforcement is installed"
run_command "yum list installed | grep google-authenticator" "This command checks if Google Authenticator 2FA is installed"

# PAM configuration
run_command "cat /etc/pam.d/login | grep -v ^#" "This command displays login authentication configuration (non-comment lines)"
run_command "cat /etc/pam.d/passwd | grep -v ^#" "This command displays password change authentication configuration (non-comment lines)"
run_command "cat /etc/pam.d/ | grep -v ^#" "This command displays common password authentication configuration (non-comment lines)"
run_command "cat /etc/pam.d/password-system-auth | grep -v ^#" "This command displays common authentication configuration (non-comment lines)"

# SSH configuration
run_command "cat /etc/ssh/sshd_config | grep Protocol" "This command displays SSH protocol version configuration"
run_command "cat /etc/ssh/sshd_config | grep PermitEmptyPasswords" "This command checks if empty passwords are allowed for SSH"
run_command "cat /etc/ssh/sshd_config | grep PasswordAuthentication" "This command checks if password authentication is enabled for SSH"
run_command "cat $HOME/.ssh/authorized_keys" "This command displays authorized SSH keys for the current user"
run_command "cat /etc/ssh/sshd_config | grep ClientAliveInterval" "This command displays SSH session timeout settings"
run_command "cat /etc/ssh/sshd_config | grep AuthenticationMethods" "This command displays SSH authentication methods configuration"
run_command "cat /etc/ssh/sshd_config | grep ChallengeResponseAuthentication" "This command checks if challenge-response authentication is enabled for SSH"
run_command "cat /etc/ssh/sshd_config | grep PermitRootLogin" "This command checks if root login is permitted via SSH"

# System services
run_command "ps -eo user,pid,cmd | grep rsyslogd" "This command displays running syslog daemon processes"
run_command "systemctl show rsyslog.service -p User,Group,UID,GID" "This command displays the user and group that the syslog service runs as"
run_command "ps -eo user,pid,cmd | grep auditd" "This command displays running audit daemon processes"
run_command "systemctl show auditd.service -p User,Group,UID,GID" "This command displays the user and group that the audit service runs as"

# Log files and network information
run_command "ls -ltr /var/log | head -n 5" "This command displays the 5 oldest log files"
run_command "cat /etc/logrotate.conf | grep -v ^#" "This command displays non-commented lines in the log rotation configuration file"
run_command "ls -ltr /etc/logrotate.d/" "This command lists log rotation configuration files for specific services"
run_command "netstat -nlpt" "This command displays all listening TCP ports and their associated processes"
run_command "ufw status" "This command displays the status of the Uncomplicated Firewall"
run_command "firewall-cmd --list-all" "This command displays firewalld configuration"

echo "All information has been collected and saved to $OUTPUT_FILE"


Back to top