生产环境经典shenll脚本案例

简述

日常运维工作中可能会用到一些常用的脚本,本文通过整理常用的经典脚本,当需要使用时可以进行修改使用。
参考视屏地址:案例讲解

1.服务器系统配置初始化

#!bin/bash
#背景:新购买10台服务器并已安装Linux操作
#需求:
#1)设置时区并同步时间
#2)禁用selinux
#3)清空防火墙默认策略
#4)历史命令显示操作时间
#5)禁止root远程登录
#6)禁止定时任务发送邮件
#7)设置最大打开文件数
#8)减少Swap使用
#9)系统内核参数优化
#10)安装系统性能分析工具及其他

#1)设置时区并同步时间
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
if ! crontab -l |grep ntpdata & >/dev/null;then
	(echo "* 1 * * * ntpdata time.wiindows.com >/dev/null 2>&1";crontab -l) |crontab
fi
	
#2)禁用selinux
sed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config

#3)清空防火墙默认策略-关闭防火墙
if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then
	systemctl stop firewalld
	systemctl disable firewalld
elif egrep "6.[0-9]" /etc/redhat-rekease &>dev/null; then
	service iptables stop
	chkconfig iptables off
fi

#4)历史命令显示操作时间
if ! grep HISTTIMEFORMAT /etc/bashrc;then
	echo 'export HISTTIMEFORMAT="%F %T `whoami`"' >> /etc/bashrc
fi

#ssh超时时间
if ! grep "TMOUT=600" /etc/profile &>/dev/null;then
	echo "export TMOUT=600" >> /etc/profile
fi
#5)禁止root远程登录
sed -i 's/#permitRootLogin yes/permitRootLogin no/' /etc/ssh/sshd_config

#6)禁止定时任务发送邮件
sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab
#7)设置最大打开文件数
if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null;then
cat >> /etc/security/limits.conf <<EOF
	* soft nofile 65535
	* hard nofile 65535
EOF
fi
	
#8)减少Swap使用
echo "0" > /proc/sys/vm/swappiness

#9)系统内核参数优化
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_syncookies = 1 
net.ipv4.tcp_max_tw_buckets = 20480
net.ipv4.tcp_max_syn_backlog = 20480
net.core.netdev_max_backlog = 262144
net,ipv4,tcp_fin_timeout = 20
EOF

#10)安装系统性能分析工具及其他
yum install gcc make autoconf vim sysstat net-toos iostat iftop iotp lrzsz -y

2.linux系统发告警邮件

#!/bin/bash
#安装邮箱服务器
yum install mailx -y

#配置邮箱
vim /etc/mail.rc
# 配置发件邮箱信息
set from=1294397385@qq.com   #发件邮箱
set smtp=smtp.qq.com     
set smtp-auth-user=1294397385@qq.com  #发件邮箱
set smtp-auth-password=itiwaejzatspqhaij  #配置授权码
set smtp-auth=login

#发油测试
echo "hello,小白,这是一个基于centos7系统配置的邮件发送端,用于服务器告警信息的通知,现在正在测试邮箱发送的可靠,性"|mail -s "邮箱发送的测试" 1294397385@qq.com

3.批量创建100个用户并设置密码

#!/bin/bash
USER_LIST=$@
USER_FILE=./user.info
for USER in $USER_LIST;do
    if ! id $USER &>/dev/null;then
        PASS=$(echo $RANDOM |md5sum |cut -c 1-8)
        useradd $USER
        echo $PASS | passwd --stdin $USER &>/dev/null
        echo "$USER" "$PASS" >> $USER_FILE
        echo "$USER User create successful"
    else
        echo "$USER User already exists!"
    fi
done

4.一键查看服务器资源利率

#!/bin/bash
#1) CPU 60%
#2) 内存 利用率
#3)硬盘 利用率
#4) TCP 链接状态


#1) CPU 60%
function cpu(){
	util=$(vmstat |awk '{if(NR==3)print $13+$14}')
	iowait=$(vmstat |awk '{if(NR==3)print $16}')
	echo "CPU使用率:${uti}%, 等待磁盘IO响应使用率: ${ioawit}%"
}

#2) 内存 利用率
function memory(){
    total=$(free -m |awk '{if(NR==2)printf "%.1f",$2/1024}')
    used=$(free -m |awk '{if(NR==2)printf "%.1f",($2-$NF)/1024}')
    available=$(free -m |awk '{if(NR==2)printf "%.1f",$NF/1024}')
echo "内存-总大小:${total}G,已使用:${used}G,可用:${available}G "
}

#3)硬盘 利用率
function disk(){
    fs=$(df -h |awk '/^\/dev/{print $1}')
    for p in $fs; do
        mounted=$(df -h |awk -v p=$p '$1==p{print $NF}')
        size=$(df -h |awk -v p=$p '$1==p{print $2}')
        used=$(df -h |awk -v p=$p '$1==p{print $3}')
        used_percent=$(df -h |awk -v p=$p '$1==p{print $5}')
        echo "硬盘-挂载点:${mounted},总大小:${size},已使用:${used},使用率:${used_percent}"
    done

}

#4) TCP 链接状态
function tcp_status(){
    summary=$(netstat -antp |awk '{a[$6]++}END{for(i in a)printf i":"a[i]"  "}')
    echo "tcp链接状态- ${summary}"
}
cpu
memory
disk
tcp_status
~        

5.找出占用cpu/内存过高的进

#!/bin/bash

#cputop
echo "---------cpu top 10-------------------"
ps -eo pid,pcpu,pmem,args --sort=-pcpu |head -n 10

#内存top
echo "---------memory top 10-------------------"
ps -eo pid,pcpu,pmem,args --sort=-pmem |head -n 10

6.查看网卡实时流量

使用时注意传入参数$1

#!/bin/bash

NIC=$1
echo -e "In ------ Out"
while true; do
    OLD_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev)
    OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)
    sleep 1

    NEW_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev)
    NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)

    IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s")
    OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s")

    echo "$IN $OUT"
    sleep 1
done

7.监控100台服务器磁盘利用率

#免密配置
#(1)在主服务器上生成密钥对
#(2)在主服务器上/etc/hosts 配置上免密服务器的主机名与ip地址
#(3)将公钥发给需要免密的服务器
#(4)配置完成后可以使用  “ssh root@ip”  或  “ssh ip”  或  “ssh 主机名” 直接登录免密服务器

#(1)在主服务器上生成密钥对
[root@mysql-master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mQlqMmc4YfHu8Mp30UTs892MCwrZNk4+tF4kCitT0SU root@mysql-master
The key's randomart image is:
+---[RSA 2048]----+
|  .   E..        |
|   o . oo        |
|  o o oo         |
| . + o .++       |
|  * O  =So.. +   |
|   % o+.Boo o o  |
|  o + .O +.. .   |
| . +. . *.  .    |
|  o. . ...       |
+----[SHA256]-----+

#(2)在主服务器上/etc/hosts 配置上免密服务器的主机名与ip地址
[root@mysql-master ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.51 mysql-node1

#(3)将公钥发给需要免密的服务器
[root@mysql-master ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.10.51 (192.168.10.51)' can't be established.
ECDSA key fingerprint is SHA256:Jzzsc0Qp45ZKRx6IQjhJVvx6ZQ/5sctyI+TeUR6snmE.
ECDSA key fingerprint is MD5:18:41:0b:6a:d3:14:7a:a7:da:a0:f0:9a:33:79:d9:c6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.


#(4)配置完成后可以使用  “ssh root@ip”  或  “ssh ip”  或  “ssh 主机名” 直接登录免密服务器
[root@mysql-master ~]# ssh '[email protected]'
Last login: Tue Jul 18 06:06:24 2023 from 192.168.10.1
[root@mysql-node1 ~]# exit
logout
Connection to 192.168.10.51 closed.
[root@mysql-master ~]# ssh [email protected]
Last login: Thu Jul 20 01:53:44 2023 from 192.168.10.50
[root@mysql-node1 ~]# exit
logout
Connection to 192.168.10.51 closed.
[root@mysql-master ~]# ssh 192.168.10.51
Last login: Thu Jul 20 01:54:10 2023 from 192.168.10.50
[root@mysql-node1 ~]# exit
#!/bin/bash

HOST_INFO=host.info
for IP in $(awk '/^[^#]/{print $1}' $HOST_INFO); do
    USER=$(awk -v ip=$IP 'ip==$1{print $2}' $HOST_INFO)
    PORT=$(awk -v ip=$IP 'ip==$1{print $3}' $HOST_INFO)
    TMP_FILE=/tmp/disk.tmp
    ssh -p $PORT $USER@$IP 'df -h' > $TMP_FILE
    USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^\/dev/{print $NF,int($5)}' $TMP_FILE)
    #循环获取到挂载目录和磁盘使用情况信息,满足设定的条件即输出结果
    for USE_RATE in $USE_RATE_LIST; do
    	#${USE_RATE%=*}表示取等号左边值
        PART_NAME=${USE_RATE%=*}
        #${USE_RATE#*=}表示取等号右边值
        USE_RATE=${USE_RATE#*=}
        if [ $USE_RATE -ge 15 ]; then
        	#-e指定换行 \n是换行符
            echo -e "$IP \n Warning: $PART_NAME Partition usage $USE_RATE%!"
        else
        	#-e指定换行 \n是换行符
            echo -e "$IP \n YES,在阀值内!!"
        fi
    done
done

8.批量检查网站是否正常

#!/bin/bash
URL_LIST="www.baidu.com www.ctnrs.com"
for URL in $URL_LIST; do
    FAIL_COUNT=0
    for ((i=1;i<=3;i++));do
        HTTP_CODE=$(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" $URL)
        if [ $HTTP_CODE -eq 200 ]; then
            echo "$URL OK"
            break
        else
            echo "retry $FAIL_COUNT"
            let FAIL_COUNT++
        fi
    done
    if [ $FAIL_COUNT -eq 3 ]; then
        echo "warning: $URL Access failure!"
    fi
done

9.批量主机执行命令

vim host_info

192.168.10.51 root 22
192.168.10.52 root 22

#!/bin/bash
HOST_INFO=host.info
for IP in $(awk '/^[^#]/{print $1}' $HOST_INFO); do
    USER=$(awk -v ip=$IP 'ip==$1{print $2}' $HOST_INFO)
    PORT=$(awk -v ip=$IP 'ip==$1{print $3}' $HOST_INFO)
    PASS=$(awk -v ip=$IP 'ip==$1{print $4}' $HOST_INFO)
    expect -c "
    spawn ssh -p $PORT $USER@$IP
    expect {
        \"(yes/no)\" {send \"yes\r\"; exp_continue}
        \"password:\" {send \"$PASS\r\"; exp_continue}
        \"$USER@*\"{send \"$COMMAND\r exit\r\"; exp_continue}
    }
    "
    echo "--------------------"
done

10.一键部署LNMP网站平台(需自行进一步优化补全)

#!/bin/bash
NGINX_V=1.15.6
PHP_V=5.6.36
TMP_DIR=/tmp

INSTALL_DIR=/usr/local
PWD_C=$PWD

echo
echo -e "\tMenu\n"
echo -e "1. Install Nginx"
echo -e "2. Install PHP"
echo -e "3. Install MySQL"
echo -e "4. Install LNMP"
echo -e "9. Quit"

function commnd_status_check(){
	if [ $? -ne 0 ];then
		echo $1
		exit 1
	fi
}

function install_nginx(){
	cd $TMP_DIR
	yum install-y gcc gcc-c++ make openssl-devel pcre-devel wget
	wget http://nginx.org/download/nginx-$[NGINX V}.tar.gz
	tar zxf nginx-$[NGINX_V}.tar.gz
	cd nginx-${NGINX V}
	-/configure --prefix=$INSTALL DIR/nginx 
	--with-http ssl module 
	--with-http stub status module 
	--with-stream
	 平台环境检查失败!command status check “Nginxmake -i4- 编译失败!
	make -j 4
	“command status_check “Nginx- 编译失败!make install
	command status check "Nginx安装失败!
	mkdir -p $INSTALL DIR/nginx/conf/vhost
	alias cp=cp;cp -rf $PWD C/nginx.conf $INSTALL DIR/nginx/conf
	rm -rf $INSTALL DIR/nginx/html/*
	
}

function install_php(){
	Cd $TMP DIR
	yum-install -y gcc gec-c++ make gd-devel libxml2-devellibcurl-devel libjpeg-devel libpng-devel openssl-devellibmcrypt-devel 	libxslt-devel libtidy-devel
	wget http://docs.php.net/distributions/php-${PHP_V}.tar.gz
	tar zxf php-${PHP V}.tar.gz
	cd php-$fPHP V}
	./configure --prefix=$INSTALL DIR/php-with-config-file-path=$INSTALL DIR/php/etc-enable-fpm
	--enable-opcache--with-mysql--with-mysqli 
	--with-pdo-mysgl--with-openssl --with-zlib 
	--with-curl --with-gd--with-jpeg-dir 
	--with-png-dir --with-freetype-dir-enable-mbstring 
	--enable-hash
	command status check “PHP -平台环境检查失败!“
	make-j4
	command status check “PHP编译失败!
	make install
	command status check “PHP - 安装失败!“
	Cpphp.ini-production $INSTALL DIR/php/etc/php.inisapi/fpm/php-fpm.conf $INSTALL DIR/php/etc/php-fpm.conf
	Cpcp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpmchmod +x /etc/init.d/php-fpm/etc/init.d/  		status check “PHP
	php-fpm start- 启动失败!“
}

read -p "请输入编号:" number
case $number in 
	1)
		install_nginx;;
	2)
		install_php;;
	3)
		install_mysql;;
	4)
		insatll_nginx
		install_php
		;;
	9)
		exit;;
esac

11.监控msyql主从同步状态是否异常

#!/bin/bash
change master to
master_host='192.168.10.130',
master_user='rep1',
master_password='password',
master_log_file='mysql-bin.000005',
master_log_pos=261;

# 主从同步
# master binlog
# slave

写 -》 master ->binlog <-relaylog -slave 读

mysql -uroot -p123.com -e "show slave status\G;" |awk '{print $}'


#!/bin/bash
HOST=localhost
USER=root
PASSWD=123.comIO SQL STATUS=$(mysgl -h$HOST -USUSER -pSPASSWD -e 'show slave statusiG'2>/dev/null awk/Slave .* Running:/{print $1$2]')for i in $IO SQL STATUS; doTHREAD STATUS NAME=$ i%:*]THREAD STATUS=${i#*:}if["STHREAD STATUS” != "Yes"]; thenecho "Error: MySQL MasterSlave $THREAD STATUS NAME status is $THREAD STATUS!"fi
done



#!/bin/bash
HOST=localhost
USER=root
PASSWD=123.com
IO_SQL_STATUS=$(mysgl -h$HOST -U$USER -p$PASSWD -e 'show slave statusiG' 2>/dev/null |awk '/Slave .*_Running:/{print $1$2]')
for i in $IO_SQL_STATUS; do
	THREAD_STATUS_NAME=${i%:*}
	THREAD_STATUS=${i#*:}
	if [ "STHREAD_STATUS” != "Yes" ]; then
		echo "Error: MySQL-MasterSlave $THREAD_STATUS_NAME status is $THREAD_TATUS!"fi
done

12.mysql 数据库备份

#备份数据库

#!/bin/bash
DATA=$(data +%F_%H_%M_%S)
HOST=localhost
UTSER=backup
PASS=123.com
BACKUPDIR=/data/db backup
DB_LISF=$(mysql -h$HOST -U$SUSER -P$PASS s -e "show databases;" 2>/dev/null |egrep -v "Dat-abase|information_ schema|mysgl|performance_schema|sys")
for DB in $DB LIST; do
	BACKUP_NAME=SBACKUP_DIR/${DB}_${DATE}.Sql
	if ! mysqldump -h$HOST -u$USER -p$PASS -B $DB > $BACKUP_NAME 2>/dev/null; then
		echo“$BACKUP_NAME 备份失败!"
done


#数据库表备份

#!/bin/bash
DATA=$(data +%F_%H_%M_%S)
HOST=localhost
UTSER=backup
PASS=123.com
BACKUPDIR=/data/db backup
DB_LISF=$(mysql -h$HOST -U$SUSER -P$PASS s -e "show databases;" 2>/dev/null |egrep -v "Dat-abase|information_ schema|mysgl|performance_schema|sys")
for DB in $DB LIST; do
	BACKUP_NAME=SBACKUP_DIR/${DB}_${DATE}.Sql
	[ ! -d $BACKUP_DB_DIR ] && mkdir -p $BACKUP_DB_DIR &>/dev/null
	TABLE_LIST=$(mysql -h$HOST -u$USER -P$PASS -s -e "use $DB;show tables;" 2>/dev/null)
	for TABLE IN $TABLE_LIST; do
		BACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.Sql	
		if ! mysqldump -h$HOST -u$USER -p$PASS  $DB  $TABLE  > $BACKUP_NAME 2>/dev/null; then
			echo“$BACKUP_NAME 备份失败!"
		fi
	done
done

13.Nginx 访问日志分析

#!/bain/bash
#1.访问最多的IP
#2.访问最多的页面
#3.访问状态码数量
#4.根据时间段来获取访问最多的IP

LOG_FILE=$1

echo "统计访问最多的ip"
awk '{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr |head -10

echo "-------------------"

echo "统计时间段访问最多的IP"
awk '$4>="[21/Jul/2023:20:40:22" && $4<="[21/Jul/2023:20:41:39" {a[$1]++}END{for(v in a)print a[v],v}' $LOG_FILE |sort -k2 -nr|head -10

echo "-------------------"

echo "统计访问最多的10个页面"
awk '{a[$7]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}' $LOG_FILE |sort -k2 -nr

echo "-------------------"

echo "统计访问页面状态码数量"
awk '{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}' $LOG_FILE |sort -k3 -nr

14.nginx访问日志自动按天切割

#!/bin/bash
L0G_DIR=/usr/local/nginx/logs
YESTERDAY_TIME=$(date -d“yesterday" +%F
L0G_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m")
L0G_FILE_LIST="access.log"

for LOG_FILE in $LOG_FILE_LIST; do
	[ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR
	mv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME}
done
kill -USR1 $(cat /var/run/nginx.pid)

15.自动发布java项目(tomcat)

#!/bin/bash
#代码已经到版本仓库,执行shell脚本一键部署


#!/bin/bash
DATE=$(date +%F_%T)

TOMCAT_NAME=$1
TOMCA1_DIR=/usr/local/$TOMCAT_NAME
R00T=${TOMCAT_DIR}/webapps/R00T

BACKUP_DIR=/data/backup
WORK_DIR=/tmp
PROJECT_NAME=tomcat-java-demo

#拉取代码与构建
cd $WORK_DIR
if [ ! -d $PROJECT_NAME ];then
    git clone https://github.com/lizhenliang/tomcat-java-demo
    cd $PROJECT_NAME
else
    cd SPROJECT_NAME
    git pull
fi

#构建
mvn clean package -Dmaven.test.skip=true
if [ $? -ne 0 ]; then
    echo "maven build failure!"
    exit 1
fi

# 部署
TOMTAT_PID=$(ps -ef |grep "$TOMCAT_NAME" |egrep -v "grep|$$" |awk 'NR==1{print $2}')
[ -n "TOMCAT_PID" ] && kill -9 $TOMCAT_PID
[ -d $ROOT ] && mv $ROOT $BACKUP_DIR/${TOMCAT_NAME}_ROOT$DATE
unzip $WORK DIR/$PROJECT_NAME/target/*.war -d $ROOT
$TOMCAT_DIR/bin/startup.sh

16.自动发布php项目

#!/bin/bash
#拉取代码
#同步代码 rsync

BACKUP_DIR=/data/backup
WORK_DIR=/tmp
PROJECT_NAME=php-demo


#拉取代码
cd $WORK_DIR
if [ ! -d $PROJECT_NAME ]; then
    git clone https://github.com/lizhenliang/php-demo
    cd $PROJECT_NAME
else
    cd  $PROJECT_NAME
    git pull
fi

# 部署
if [ ! d $WWWROOT ];then
    mkdir -p $WWWROOT
else
    rsync -avz --exclude=.git $WORK_DIR/$PROJECT_NAME $WWWROOT
fi

17.dos攻击防范(自动屏蔽攻击ip)

#!/bin/bash
DATA=$(date +%d/%b/%Y:%H:%M)
LOG_FILE=/usr/local/nginx/logs/demo.access.log
ABNORMAL_IP=$(tail -n 5000 $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>100)print i}')
for IP in $ABNORMAL_IP;do
    if [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; then
        iptables -I INPUT -s $IP -j DROP
        echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log
    fi
done
~       

18.入侵检测与告警

inotify可以对linux 文件系统进行高效性、细粒度、异步的监控,用于通知用户控件程序的文件系统变化。inotify可以监控文件,也可以监控目录,配合rsync实现文件的实时同步功能。

首先安装inotify软件,先检查自己的系统版本(uname -r),我的是centos 7的系统,我的步骤是

1、首先检查自己的电脑是否已经安装了这个软件。 rpm -qa inotify-tools

2、检查仓库中是否有这个软件。 yum search inotify-tools

3、发现这个软件不在yum仓库中,安装对应的epel源。

wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo

yum clean all

yum makecache

4、安装inotify-tools软件
yum install -y inotify-tools

#!/bin/bash
MON_DIR=/opt
inotifywait -mqr --format %f -e create $MON_DIR |\
while read files;do
    rsync -avz /opt /tmp/opt
    # 这可以配置邮件通知信息

    echo "$(date+'%F %T') $files"  >> file_mon.log
done

19.检测ssl证书剩余时间

#!/bin/bash

server_name=$1
#获取网站的证书有效期
#获取ssl过期时间的命令
#1.获取有效期的日志
ssl_time=$(echo | openssl s_client -servername ${server_name} -connect ${server_name}:443 2>/dev/null | openssl x509 -noout -dates|awk -F '=' '/notAfter/{print $2}')

#2.转换时间戳
#把日志转变为时间戳,时间戳就可以去计算了
#转为unix日期格式,然后可以对日期进行计算

ssl_unix_time=$(date +%s -d "${ssl_time}")

#获取今天时间戳
today=$(date +%s)

#计算剩余时间
#利用let命令去数学运算从到期时间,减去今天的日期,然后单位换算,看看过期还有多久
#最终将时间戳,转为天的单位
let expr_time=(${ssl_unix_time}-${today})/24/3600

echo "${server_name} 该ssl证书剩余时间:${expr_time} 天"

你可能感兴趣的:(运维杂谈,网络)