当前位置：首页 > news >正文

【shell】每日shell练习（系统用户安全审计/系统日志错误分析）

news 2025/10/16 11:49:01

题目1：系统用户安全审计

描述：编写脚本分析/etc/passwd 文件，找出所有具有登录权限但超过90天未登录的用户。

测试数据（保存为 passwd.txt）：

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
john:x:1001:1001:John Doe:/home/john:/bin/bash
alice:x:1002:1002:Alice Smith:/home/alice:/bin/bash
bob:x:1003:1003:Bob Wilson:/home/bob:/bin/bash
tom:x:1004:1004:Tom Brown:/home/tom:/bin/bash

脚本如下

#!/bin/bashecho "===系统用户安全审计报告==="#创建一个函数检查用户登陆状态
check_user_login() {local user=$1;local last_line=$(grep "^$user" lastlog.txt 2>/dev/null)if [[ -z "$last_line" ]]; thenecho "$user - 无登陆状态"returnfiif echo "$last_line" | grep -q "Never logged in"; thenecho "$user - 从未登录⚠️"returnfi#对于测试数据，我们直接分析case $user in"root")echo "$user - 2023-12-01 登录 （最近）";;"john")echo "$user - 2023-11-15 登录 (约16天前)";;"alice")echo "$user - 2023-11-20 登录 (约11天前)";;"bob")echo "$user - 2023-10-10 登录 (约52天前) ⚠️";;"tom")echo "$user - 从未登录 ⚠️";;esac
}
echo "超过九十天未登录的用户："
#获取具有登陆权限的用户
login_users=$(grep -v "nologin$" passwd.txt | awk -F: '{print $1}')
#检查每名用户
for user in $login_users; doresult=$(check_user_login "$user")if echo "$result" | grep -q "⚠️"; thenecho "$result"fi
doneecho ""
echo "===完整用户登陆状态==="
for user in $login_users; docheck_user_login "$user"
done

题目2：系统日志错误分析

描述：分析系统日志，提取并分类错误信息，按严重级别统计。

测试数据（保存为 syslog.txt）：

Dec 1 10:30:15 server1 kernel: [12345.678901] INFO: Network interface eth0 up
Dec 1 10:31:22 server1 sshd[1234]: Accepted password for john from 192.168.1.100 port 54321 ssh2
Dec 1 10:32:45 server1 kernel: [12346.789012] WARNING: High memory usage detected (85%)
Dec 1 10:33:12 server1 crond[5678]: (root) CMD (backup script started)
Dec 1 10:34:33 server1 kernel: [12347.890123] ERROR: Disk I/O error on /dev/sda1
Dec 1 10:35:55 server1 sshd[2345]: Failed password for alice from 192.168.1.200 port 54322 ssh2
Dec 1 10:36:12 server1 kernel: [12348.901234] CRITICAL: System temperature critical (95°C)
Dec 1 10:37:44 server1 crond[6789]: (root) CMD (monitoring script completed)
Dec 1 10:38:22 server1 kernel: [12349.012345] WARNING: CPU usage high (90%)
Dec 1 10:39:33 server1 sshd[3456]: Failed password for bob from 192.168.1.201 port 54323 ssh2
Dec 1 10:40:45 server1 kernel: [12350.123456] ERROR: Memory allocation failed
Dec 1 10:41:12 server1 kernel: [12351.234567] INFO: System check completed

#!/bin/bash
#分析系统日志错误信息echo "===系统日志错误分析报告==="
#提取不同级别的日志
echo "CRITICAL 级别日志"
grep "CRITICAL" syslog.txt | sed 's/^/  /'echo -e "\nERROR级别错误"
grep "ERROR" syslog.txt | sed 's/^/  /'echo -e "\nWARNING级别错误"
grep "WARNING" syslog.txt | sed 's/^/  /'#统计各级别数量
echo -e "\n===统计信息==="
critical_count=$(grep -c "CRITICAL" syslog.txt)
error_count=$(grep -c "ERROR" syslog.txt)
warnibg_count=$(grep -c "WARING" syslog.txt)echo "CRITICAL:$critical_count"
echo "ERROR:$error_count"
echo "WARNING:$warnibg_count"

查看全文

http://www.dtcms.com/a/487636.html