蓝色网站建设b2b电子商务平台
场景:检测服务器配置与基准配置的差异,防止未经授权的修改。
示例:使用Ansible Playbook对比当前配置与标准模板。
- hosts: alltasks:- name: Check SSH configuration against baselineansible.builtin.diff:path: /etc/ssh/sshd_configoriginal_baseline: trueregister: ssh_diff- name: Alert if SSH config has driftedansible.builtin.mail:to: 'ops-team@example.com'subject: '配置漂移告警 - SSH'body: 'SSH配置与基准不一致!差异:\n{{ ssh_diff.diff }}'when: ssh_diff.diff is defined
Shell脚本实现:
#!/bin/bash # 对比当前配置与基准文件的差异 BASELINE="/opt/baseline/sshd_config.baseline" CURRENT="/etc/ssh/sshd_config"if diff $BASELINE $CURRENT > /dev/null; thenecho "配置无差异" elseecho "配置存在差异!" | mail -s "SSH配置漂移告警" ops-team@example.comdiff $BASELINE $CURRENT >> /var/log/config_drift.log fi