#!/bin/bashget_ip() {
cmd_get_ip=$(/sbin/ifconfig |grep "192.168.1\." |awk -F ' ''{print $2}'|tr -d "地址:"|tr -d "addr:")echo$cmd_get_ip}
filepath="/tools/passwdmd5"dirpath="/tools/dircount"date=`date +%Y-%m-%d@%H:%M:%S`ip=$(get_ip)maxint=3varint=0receiver=你的收件箱
if [ -f /tools/passwdmd5/passwd.bak -a-f /tools/passwdmd5/shadow.bak ];then
dfuser=`diff /etc/passwd /tools/passwdmd5/passwd.bak`dfpswd=`diff /etc/shadow /tools/passwdmd5/shadow.bak`elsedfuser=''dfpswd=''fiexec_install() {
rm-fr$filepathmkdir-p$filepathrm-fr$dirpathmkdir-p$dirpathcp-f /etc/passwd $filepath/passwd.bak
cp-f /etc/shadow $filepath/shadow.bak
md5sum /etc/passwd > $filepath/passwdmd5old.log
md5sum /etc/shadow >> $filepath/passwdmd5old.log
}
exec_init() {
rm-fr$filepath/passwd.bak $filepath/shadow.bak $filepath/passwdmd5old.log
cp-f /etc/passwd $filepath/passwd.bak
cp-f /etc/shadow $filepath/shadow.bak
md5sum /etc/passwd > $filepath/passwdmd5old.log
md5sum /etc/shadow >> $filepath/passwdmd5old.log
echo0 > $dirpath/fileint.txt
}
users_alarm() {
echo-e"本机用户有异常!"\\n"用户变化:"\\n$dfuser\\n"密码变化:"\\n$dfpswd | mail -s$ip"服务器上用户有异常,请查看!"$receiver}
reset_alarm() {
echo-e"本机用户异常报警超过$maxint次,执行重置命令!"\\n"用户变化:"\\n$dfuser\\n"密码变化:"\\n$dfpswd | mail -s$ip"重置计划:部署已重置,请查看重置前用户异常情况!"$receiverecho0 > $dirpath/fileint.txt
}
file_alarm() {
echo-e"$filepath文件被删除报警!"\\n"用户变化:"\\n$dfuser\\n"密码变化:"\\n$dfpswd | mail -s$ip"$filepath文件可能被删除,请检查文件情况!"$receiver}
dir_alarm() {
echo-e"$filepath目录被删除报警!" | mail -s$ip"$filepath目录被删除,请检查目录情况!"$receiver}
diff_user_passwd() {
if [ -f$filepath/passwdmd5old.log -a-f$filepath/passwd.bak -a-f$filepath/shadow.bak ];then
md5sum /etc/passwd > $filepath/passwdmd5new.log
md5sum /etc/shadow >> $filepath/passwdmd5new.log
a=`diff -c $filepath/passwdmd5new.log $filepath/passwdmd5old.log`if [ "$a"="" ];then
if [ ! -d$dirpath ];then
mkdir-p$dirpathecho0 > $dirpath/fileint.txt
fiecho"==========================================" >> /tmp/diff.log
echo$date":用户正常。" >> /tmp/diff.log
echo"==========================================" >> /tmp/diff.log
elseecho"==========================================" >> /tmp/diff.log
echo$date":" >> /tmp/diff.log
echo"$a" >> /tmp/diff.log
echo"==========================================" >> /tmp/diff.log
if [ ! -d$dirpath ];then
mkdir-p$dirpathecho0 > $dirpath/fileint.txt
fiif [ ! -f$dirpath/fileint.txt ];then
echo0 > $dirpath/fileint.txt
fivarint=`cat $dirpath/fileint.txt`if [ $varint-lt$maxint ] ;then
users_alarm
((varint++))
echo$varint > $dirpath/fileint.txt
else reset_alarm
if [ -f$filepath/passwd.bak -a-f$filepath/shadow.bak ];then
rm-rf$filepath/passwd.bak $filepath/shadow.bak
echo$date":已进行重置,删除passwd.bak,shadow.bak以及passwdmd5old.log三个文件!!!" >> /tmp/diff.log
exec_init
diff_user_passwd
else exec_init
diff_user_passwd
fififielseif [ ! -d$dirpath ];then
mkdir-p$dirpathecho0 > $dirpath/fileint.txt
fiif [ ! -f$dirpath/fileint.txt ];then
echo0 > $dirpath/fileint.txt
fivarint=`cat $dirpath/fileint.txt`if [ $varint-lt$maxint ] ;then
file_alarm
((varint++))
echo$varint > $dirpath/fileint.txt
else exec_init
diff_user_passwd
fifi}
if [ "$1"="install" ];then
exec_install
diff_user_passwd
elif [ "$1"="start" ];then
if [ -d$filepath ];then
diff_user_passwd
elseif [ ! -d$dirpath ];then
mkdir-p$dirpathecho0 > $dirpath/dirint.txt
fiif [ ! -f$dirpath/dirint.txt ];then
echo0 > $dirpath/dirint.txt
fivarint=`cat $dirpath/dirint.txt`if [ $varint-lt$maxint ] ;then
dir_alarm
((varint++))
echo$varint > $dirpath/dirint.txt
else exec_install
diff_user_passwd
fifielif [ "$1"="init" ];then
exec_init
diff_user_passwd
elseecho"您输入的参数有误,若是新部署请加参数install来部署或者start来启动"exit0fi