Linux系统漏洞一键检测与修复工具

支持检测及修复漏洞的列表

OpenSSL     CVE-2021-3712

OpenSSH     CVE-2021-41617

sudo     CVE-2021-3156

glibc     CVE-2018-11236

polkit     CVE-2021-4034

wget     CVE-2017-13090

kernel          CVE-2016-5195

bash     CVE-2016-7543

samba     CVE-2021-44142

传入参数选项设置为No,自动升级设置为No,则根据提示输入相应的数字,修复漏洞,效果如下:

Linux系统漏洞一键检测与修复工具_第1张图片

传入参数选项设置为No,自动升级设置为Yes,则无需干预,自动检测并修复漏洞,效果如下:

Linux系统漏洞一键检测与修复工具_第2张图片

传入参数选项设置为Yes,则根据提示检测或修复漏洞,效果如下:

Linux系统漏洞一键检测与修复工具_第3张图片

#!/bin/bash

################################ Linux主机漏洞一键检测与修复工具 ################################



###支持列表:
#OpenSSL  CVE-2021-3712
#OpenSSH  CVE-2021-41617
#sudo  CVE-2021-3156
#glibc  CVE-2018-11236
#polkit  CVE-2021-4034
#wget  CVE-2017-13090
#kernel CVE-2016-5195
#bash  CVE-2016-7543
#samba  CVE-2021-44142


###支持系统:
#RedHat 6/7/8 x86_64
#CentOS 6/7/8 x86_64

###使用须知
#1.RedHat/Centos7/8系统请配置好yum源,保持最新
#2.RedHat/Centos6系统由于yum源停止维护,故部分漏洞修复方式采用源码编译安装或者rpm包安装
#3.漏洞修复情况复杂,为防止意外,请先在测试环境进行测试
#4.编译安装OpenSSH和OpenSSL如出现编译失败会退出程序,需手动执行yum -y install gcc gcc-c++ automake autoconf libtool make zlib zlib-devel openssl-devel pam-devel
#5.传入参数选项开关,Yes为打开参数选项,No为关闭参数选项
#6.自动升级开关,Yes为检测后自动扫描,No为检测后手动输入


###传入参数选项开关(Yes/No),默认为关
#ARGUMENT=Yes
ARGUMENT=No

###自动升级开关(Yes/No),默认为关,当ARGUMENT=No时生效
#AUTO_UPDATE=Yes
AUTO_UPDATE=No

#################################### 检测 ####################################

# 检查当前账号是否为root
if [ $(id -u) != "0" ]; then
    echo -e "\n\033[31m当前账号为: $(whoami),请切换至root账号\n\033[31m"
    exit 1
fi

#升级包地址,可以将升级包放置内网环境,提高下载速度
OPENSSL_FILE='https://www.openssl.org/source/openssl-1.1.1m.tar.gz'
OPENSSH_FILE='https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz'
SUDO_FILE='https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_9/sudo-1.9.9-1.el6.x86_64.rpm'

#操作系统版本判断
SYS_VERSION=`cat /etc/redhat-release | tr -cd "[0-9.]" | cut -c1`
SYS_VERSION_DE=`cat /etc/redhat-release | tr -cd "[0-9.]" | cut -c1-3`

#初始化序号
NUM=0

#OpenSSL检测
Check_OpenSSL()
{
P=OpenSSL 
#C=`rpm -qa openssl`
#C=`openssl version|awk '{print $2}'|awk -F'-' '{print $1}'`

if [ "$SYS_VERSION" == '6' -o "$SYS_VERSION" == '7' -o "$SYS_VERSION" == '8' ];then
  if [ "$SYS_VERSION" == '6' ];then
    C=`openssl version|awk '{print $2}'|awk -F'-' '{print $1}'`
    D='1.1.1m'
  elif [  "$SYS_VERSION" == '7' ];then
    C=`rpm -qa openssl`
    D='openssl-1.0.2k-24.el7_9.x86_64'
  elif [  "$SYS_VERSION" == '8' ];then
    C=`rpm -qa openssl`
    D='openssl-1.1.1k-5.el8_5.x86_64'
  fi
  
  echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
  RES=`echo -e "$D\n$C" | sort -V | head -n 1`
  
  if [ $C == $D ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  elif [ $C != $RES ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  else
    echo -e "\033[31m存在漏洞\033[0m"
    NUM=$[$NUM+1]
    VUL=$P
    VUL_RES=$VUL_RES""$NUM.$P"\n"
  fi
else
  echo -e "\033[33m检测失败,请检查系统版本\033[0m"
fi
}


#OpenSSH检测
Check_OpenSSH()
{
P=OpenSSH
C=`ssh -V 2>&1 | awk -F',' '{print $1}'`
D='OpenSSH_8.8p1'

echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
RES=`echo -e "$D\n$C" | sort -V | head -n 1`
if [ $C == $D ]; then
  echo -e "\033[32m不存在漏洞\033[0m"
elif [ $C != $RES ]; then
  echo -e "\033[32m不存在漏洞\033[0m"
else
  echo -e "\033[31m存在漏洞\033[0m"
  NUM=$[$NUM+1]
  VUL=$P
  VUL_RES=$VUL_RES""$NUM.$P"\n"
fi
}


#sudo检测
Check_sudo()
{
P=sudo

sudoedit -s / 2>&1 | grep regular > /dev/null
if [ $? == '0' ];then
  echo -e "\033[31m存在漏洞\033[0m"
  NUM=$[$NUM+1]
  VUL=$P
  VUL_RES=$VUL_RES""$NUM.$P"\n"
else
  echo -e "\033[32m不存在漏洞\033[0m"
fi
}


#glibc检测
Check_glibc()
{
P=glibc
C=`rpm -qa glibc | grep 64`

if [ "$SYS_VERSION_DE" == '6.6' -o "$SYS_VERSION_DE" == '6.8' -o "$SYS_VERSION" == '7' ];then
  if [ "$SYS_VERSION_DE" == '6.6' ];then
    D='glibc-2.12-1.212.el6'
  elif [  "$SYS_VERSION_DE" == '6.8' ];then
    D='glibc-2.12-1.212.0.1.el6'
  elif [  "$SYS_VERSION" == '7' ];then
    D='glibc-2.17-260.el7'
  fi
  
  echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
  RES=`echo -e "$D\n$C" | sort -V | head -n 1`
  
  if [ $C == $D ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  elif [ $C != $RES ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  else
    echo -e "\033[31m存在漏洞\033[0m"
    NUM=$[$NUM+1]
    VUL=$P
    VUL_RES=$VUL_RES""$NUM.$P"\n"
  fi
  
elif [  "$SYS_VERSION" == '8' ];then
    echo -e "\033[32m不存在漏洞\033[0m"
else
  echo -e "\033[33m检测失败,请检查系统版本\033[0m"
fi
}


#wget检测
Check_wget()
{
P=wget
C=`rpm -qa wget`

rpm -qa wget | grep wget > /dev/null
if [ $? == '0' ];then
  if [ "$SYS_VERSION" == '6' -o "$SYS_VERSION" == '7' -o "$SYS_VERSION" == '8' ];then
    if [  "$SYS_VERSION" == '7' ];then
      D='wget-1.14-15.el7_4.1'
      echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
      RES=`echo -e "$D\n$C" | sort -V | head -n 1`
      if [ $C == $D ]; then
        echo -e "\033[32m不存在漏洞\033[0m"
      elif [ $C != $RES ]; then
        echo -e "\033[32m不存在漏洞\033[0m"
      else
        echo -e "\033[31m存在漏洞\033[0m"
        NUM=$[$NUM+1]
        VUL=$P
        VUL_RES=$VUL_RES""$NUM.$P"\n"
      fi
    else
      echo -e "\033[32m不存在漏洞\033[0m"
    fi
  else
    echo -e "\033[33m检测失败,请检查系统版本\033[0m"
  fi
else
  echo -e "\033[32m未安装wget\033[0m"
fi
}


#polkit检测
Check_polkit()
{
P=polkit
C=`rpm -qa polkit`

if [ -f /usr/bin/pkexec ];then
  ls -al /usr/bin/pkexec | grep -e \-rwx > /dev/null
  if [ $? == '0' ];then
    echo -e "\033[32m漏洞已经临时修复\033[0m"
  else
    if [ "$SYS_VERSION" == '6' -o "$SYS_VERSION" == '7' -o "$SYS_VERSION_DE" == '8.0' -o "$SYS_VERSION_DE" == '8.2' -o "$SYS_VERSION_DE" == '8.4' ];then
      if [ "$SYS_VERSION" == '6' ];then
        D='polkit-0.96-11.el6_10.2'
      elif [  "$SYS_VERSION" == '7' ];then
        D='polkit-0.112-26.el7_9.1'
      elif [  "$SYS_VERSION_DE" == '8.0' ];then
        D='polkit-0.115-13.el8_5.1'
      elif [  "$SYS_VERSION_DE" == '8.2' ];then
        D='polkit-0.115-11.el8_2.2'
      elif [  "$SYS_VERSION_DE" == '8.4' ];then
        D='polkit-0.115-11.el8_4.2'
      fi
      
      echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
      RES=`echo -e "$D\n$C" | sort -V | head -n 1`

      if [ $C == $D ]; then
        echo -e "\033[32m不存在漏洞\033[0m"
      elif [ $C != $RES ]; then
        echo -e "\033[32m不存在漏洞\033[0m"
      else
        echo -e "\033[31m存在漏洞\033[0m"
        NUM=$[$NUM+1]
        VUL=$P
        VUL_RES=$VUL_RES""$NUM.$P"\n"
      fi
    else
      echo -e "\033[33m检测失败,请检查系统版本\033[0m"
    fi
  fi
else
  echo -e "\033[32m未安装polkit\033[0m"
fi
}


#kernel检测
Check_kernel()
{
P=kernel

if [ "$SYS_VERSION" == '6' -o "$SYS_VERSION" == '7' ];then
  if [ "$SYS_VERSION" == '6' ];then
    C=`uname -r | sed "s/.el6.x86_64//"`
    D='2.6.32-642.6.2'
  elif [  "$SYS_VERSION" == '7' ];then
    C=`uname -r | sed "s/.el7.x86_64//"`
    D='3.10.0-327.36.3'
  fi
  
  echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
  RES=`echo -e "$D\n$C" | sort -V | head -n 1`
  
  if [ $C == $D ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  elif [ $C != $RES ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  else
    echo -e "\033[31m存在漏洞\033[0m"
    NUM=$[$NUM+1]
    VUL=$P
    VUL_RES=$VUL_RES""$NUM.$P"\n"
  fi
  
elif [  "$SYS_VERSION" == '8' ];then
  echo -e "\033[32m不存在漏洞\033[0m"
else
  echo -e "\033[33m检测失败,请检查系统版本\033[0m"
fi
}


#bash检测
Check_bash()
{
P=bash
C=`rpm -qa bash`

if [ "$SYS_VERSION" == '6' -o "$SYS_VERSION" == '7' ];then
  if [ "$SYS_VERSION" == '6' ];then
    D='bash-4.1.2-48.el6.x86_64'
  elif [  "$SYS_VERSION" == '7' ];then
    D='bash-4.2.46-28.el7.x86_64'
  fi
  echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
  RES=`echo -e "$D\n$C" | sort -V | head -n 1`
  if [ $C == $D ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  elif [ $C != $RES ]; then
    echo -e "\033[32m不存在漏洞\033[0m"
  else
    echo -e "\033[31m存在漏洞\033[0m"
    NUM=$[$NUM+1]
    VUL=$P
    VUL_RES=$VUL_RES""$NUM.$P"\n"
  fi
  
elif [  "$SYS_VERSION" == '8' ];then
  echo -e "\033[32m不存在漏洞\033[0m"
else
  echo -e "\033[33m检测失败,请检查系统版本\033[0m"
fi
}


#samba检测
Check_samba()
{
P=samba

C=`rpm -qa | grep -e ^samba-[0-9]`
if [ $? == '0' ];then
  if [ "$SYS_VERSION" == '7' -o "$SYS_VERSION" == '8' ];then
    if [  "$SYS_VERSION" == '7' ];then
      D='samba-4.10.16-18.el7_9.x86_64'
    elif [  "$SYS_VERSION" == '8' ];then
      D='samba-4.14.5-9.el8_5.s390x.rpm'
    fi
    
    echo -n -e "当前版本 \033[34m$C\033[0m ""安全版本 \033[34m$D\033[0m-------"
    RES=`echo -e "$D\n$C" | sort -V | head -n 1`
    
    if [ $C == $D ]; then
      echo -e "\033[32m不存在漏洞\033[0m"
    elif [ $C != $RES ]; then
      echo -e "\033[32m不存在漏洞\033[0m"
    else
      echo -e "\033[31m存在漏洞\033[0m"
      NUM=$[$NUM+1]
      VUL=$P
      VUL_RES=$VUL_RES""$NUM.$P"\n"
    fi
  elif [ "$SYS_VERSION" == '6' ];then
      echo -e "\033[32m不存在漏洞\033[0m"
  else
    echo -e "\033[33m检测失败,请检查系统版本\033[0m"
  fi
else
  echo -e "\033[32m未安装samba\033[0m"
fi
}


#################################### 修复 ####################################


###OpenSSL升级
Fix_OpenSSL()
{
#echo -e "\n\n\033[31m正在升级OpenSSL...\033[0m\n\n"

if [ "$SYS_VERSION" == '7' -o "$SYS_VERSION" == '8' ];then
  yum -y install openssl
elif [ "$SYS_VERSION" == '6' ];then
  NEW_OPENSSL_VERSION='1.1.1m'
  #下载新版OpenSSL
  cd /usr/local/src/
  #wget不检测证书
  wget --no-check-certificate $OPENSSL_FILE
    if [ -f "openssl-${NEW_OPENSSL_VERSION}.tar.gz" ];then
      tar zxf openssl-$NEW_OPENSSL_VERSION.tar.gz
      cd openssl-$NEW_OPENSSL_VERSION
      ./config shared zlib-dynamic --prefix=/usr/local/openssl
      make && make install
      if [ $? -eq 0 ]; then
        echo -e "\n\033[32mOpenSSL编译安装成功\033[0m"
        #备份证书文件和秘钥文件
        mv /usr/bin/openssl /usr/bin/openssl.old
        mv /usr/include/openssl /usr/include/openssl.old
        #替换原openssl文件
        ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
        ln -s /usr/local/openssl/include/openssl /usr/include/openssl
        #在/etc/ld.so.conf文件中写入openssl库文件的搜索路径
        echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
        ldconfig -v
      else
        echo -e "\n\033[31mOpenSSL编译安装失败\033[0m\n"
        exit 1
      fi
    else
      echo -e "\n\033[31m未检测到OpenSSL安装包\033[0m\n"
    fi
fi
}


###OpenSSH升级
Fix_OpenSSH()
{
#echo -e "\n\n\033[31m正在升级OpenSSH...\033[0m\n\n"
NEW_OPENSSH_NAME='openssh-8.8p1'

#下载新版OpenSSH
cd /usr/local/src/
wget $OPENSSH_FILE

if [ -f $NEW_OPENSSH_NAME.tar.gz ];then
  #备份ssh
  mv /etc/ssh /usr/local/src/ssh
  tar zxf $NEW_OPENSSH_NAME.tar.gz
  cd $NEW_OPENSSH_NAME
  ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/lib64 --without-hardening
  make && make install
  if [ $? -eq 0 ]; then
    echo -e "\n\033[32mOpenSSH安装成功\033[0m\n"
    #复制文件到系统服务目录
    cp -rf /usr/local/src/$NEW_OPENSSH_NAME/contrib/redhat/sshd.init /etc/init.d/sshd
    cp -rf /usr/local/src/$NEW_OPENSSH_NAME/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

    #添加执行权限
    chmod +x /etc/init.d/sshd

    #移除原服务,防止有时重启后ssh无法启动
    if [ -f "/usr/lib/systemd/system/sshd.service" ];then
      mv /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service.bak
    fi
    
    #开启UsePAM
    sed -i  's/#UsePAM no/UsePAM yes/g' /etc/ssh/sshd_config

    #重新启动openssh、添加启动项
    if [ "$SYS_VERSION" == '7' -o "$SYS_VERSION" == '8' ];then
      systemctl daemon-reload
      systemctl restart sshd
    elif [  "$SYS_VERSION" == '6' ];then
      service sshd restart
      chkconfig --add sshd
      chkconfig sshd on
    fi
  else
    echo -e "\n\033[31mOpenSSH编译安装失败\033[0m\n"
    mv /usr/local/src/ssh /etc/ssh 
    exit 1
  fi
else
  echo -e "\n\033[31m未检测到OpenSSH安装包\033[0m\n"
fi
}


###sudo升级
Fix_sudo()
{
if [ "$SYS_VERSION" == '6' ];then
  SUDO_FILE_6=`echo $SUDO_FILE | awk -F"/" '{print $NF}'`
  if [ -f $SUDO_FILE_6 ];then
    wget $SUDO_FILE
    cp /etc/sudoers /etc/sudoers.bak
    rpm -e sudo
    rpm -ivh $SUDO_FILE_6
    mv /etc/sudoers /etc/sudoers.new.bak
    cp /etc/sudoers.bak /etc/sudoers
    rm -f $SUDO_FILE_6
  else
    echo -e "\n\033[31m未检测到sudo安装包\033[0m\n"
  fi
elif [ "$SYS_VERSION" == '7' -o "$SYS_VERSION" == '8' ];then
  yum install -y sudo
fi
}


###glibc升级
Fix_glibc()
{
yum install -y glibc
}


###wget升级
Fix_wget()
{
yum install -y wget
}


###polkit升级
Fix_polkit()
{
if [ "$SYS_VERSION" == '6' ];then
  chmod 0755 /usr/bin/pkexec
else
  yum install -y polkit
fi
}


###kernel升级
Fix_kernel()
{
  yum install -y kernel*
}


###bash升级
Fix_bash()
{
  yum install -y bash
}


###samba升级
Fix_samba()
{
  yum install -y samba
}


################################### 检测项 ###################################

#检测项加入数组
D=(
OpenSSL
OpenSSH
sudo
glibc
polkit
wget
kernel
bash
samba
)

################################## 参数选项 ##################################

if [ "$ARGUMENT" == 'Yes' ];then
  if [ $# == '0' ];then
    echo -e "Linux主机漏洞一键检测与修复工具"
    echo -e "\r"
    echo -e "使用说明:$0\033[34m -h\033[0m或\033[34m--help\033[0m 查看帮助"
  elif [ $# == '1' ];then
    if [ "$1" == "-c" -o "$1" == '--check' ];then
      echo -e " \033[34m-c --check\033[0m  检测,如:sh $0 -c bash,检测是否存在bash漏洞"
    elif [ "$1" == "-f" -o "$1" == '--fix' ];then
      echo -e " \033[34m-f --fix\033[0m    修复,如:sh $0 -f bash,修复bash漏洞"
    elif [ "$1" == "-f" -o "$1" == '--fix' ];then
      echo -e " \033[34m-u --update\033[0m 检测并修复,如:sh $0 -f bash,检测是否存在bash漏洞,如果存在则修复漏洞"
    elif [ "$1" == "-h" -o "$1" == '--help' ];then
      echo -e "Linux主机漏洞一键检测与修复工具"
      echo -e "--使用说明:sh $0 [参数] [漏洞名称]"
      echo -e "\r"
      echo -e "参数说明:"
      echo -e " \033[34m-c --check\033[0m  检测,如:sh $0 -c bash,检测是否存在bash漏洞"
      echo -e " \033[34m-f --fix\033[0m    修复,如:sh $0 -f bash,修复bash漏洞"
      echo -e " \033[34m-u --update\033[0m 检测并修复,如:sh $0 -f bash,检测是否存在bash漏洞,如果存在则修复漏洞"
      echo -e " \033[34m-h --help\033[0m   帮助"
    else
      echo -e "Linux主机漏洞一键检测与修复工具"
      echo -e "\r"
      echo -e "使用说明:$0\033[34m -h\033[0m或\033[34m--help\033[0m 查看帮助"
    fi
  elif [ $# == '2' ];then  
    INFO=`echo "${D[@]}" | grep -wq $2`
    
    if [ "$?" == "0" ];then
      if [ "$1" == "-c" -o "$1" == "--check" ];then
        echo "正在检测$2..."
        Check_$2
      elif [ "$1" == "-f" -o "$1" == "--fix" ];then  
        echo "正在升级$2..."
        Fix_$2
      elif [ "$1" == "-u" -o "$1" == "--update" ];then
        echo -e "\n\033[31m正在升级$2...\033[0m\n"
        Fix_$2
        echo -e "\n重新检测中...\n"
        Check_$2
      else
        echo -e "Linux主机漏洞一键检测与修复工具"
        echo -e "\r"
        echo -e "使用说明:$0\033[34m -h\033[0m或\033[34m--help\033[0m 查看帮助"
      fi
    elif [ "$?" == "1" -a "$1" == "-c" -o "$1" == "--check" -o "$1" == "-f" -o "$1" == "--fix" -o "$1" == "-u" -o "$1" == "--update" ];then
      echo "$2 漏洞信息未收录"
    else
      echo -e "Linux主机漏洞一键检测与修复工具"
      echo -e "\r"
      echo -e "使用说明:$0\033[34m -h\033[0m或\033[34m--help\033[0m 查看帮助"
    fi
  else
    echo -e "Linux主机漏洞一键检测与修复工具"
    echo -e "\r"
    echo -e "使用说明:$0\033[34m -h\033[0m或\033[34m--help\033[0m 查看帮助"
  fi
  
elif [ "$ARGUMENT" == 'No' ];then

  ###检测函数调用

  #获取数组长度
  L_ARR=${#D[*]}

  #遍历数组
  for ((i=0; i<$L_ARR; i++))
  do
    eval echo -e -n [$[$i+1]/$L_ARR]
    echo -e -n "正在检测${D[i]}..."
    Check_${D[i]}

  done

  ###漏洞修复

  #获取行数
  INFO_LINE=`echo -e $VUL_RES | wc -l`

  #判断是否存在漏洞
  if [[ $INFO_LINE > 1 ]]; then

    echo -e "\n################# 漏洞信息如下,请输入对应的数字修复漏洞 ###################\n"
    
    if [ "$AUTO_UPDATE" == 'Yes' ];then
      echo -e $VUL_RES
      TIME=5
      while [[ $TIME > 0 ]]
      do
         echo -n -e "\r"
         echo -n -e "即将开始修复,请耐心等待..."
         echo -ne $TIME
         (( TIME-- ))
         sleep 1
      done
      
      #遍历修复
      for ((i=1; i<$INFO_LINE; i++))
      do
        INFO=`echo -e $VUL_RES | grep $i | awk -F. '{print $2}'`
        echo -e "\n\n\033[31m正在升级$INFO...\033[0m\n\n"
        Fix_$INFO
      done
      
      #重新检测
      echo -e "\n重新检测中...\n"
      for ((i=1; i<$INFO_LINE; i++))
      do
        INFO=`echo -e $VUL_RES | grep $i | awk -F. '{print $2}'`
        echo -e -n "正在检测$INFO..."
        Check_$INFO
      done
    else
      #只存在一个漏洞情况  
      if [[ $INFO_LINE == 2 ]]; then
        echo -e $VUL_RES
        read -p "请输入数字:" number
        INFO=`echo -e $VUL_RES | grep $number | awk -F. '{print $2}'`
        
        #判断输入
        if [[ $number == 1 ]] ;then
          Fix_$INFO
          echo -e "\n重新检测中...\n"
          Check_$INFO
        else
          echo -e "\n输入错误\n"
        fi
        
      #存在多个漏洞情况  
      else
        echo -e "0.修复所有漏洞\n"$VUL_RES
        read -p "请输入数字:" number
        
        #判断输入
        if [[ $number =~ ^[0-9]*$ ]] && [[ $number < $INFO_LINE ]] ;then
        INFO=`echo -e $VUL_RES | grep $number | awk -F. '{print $2}'`
          if [ "$number" == "0" ]; then
            echo "正在修复所有漏洞,请耐心等待..."
            
            #遍历修复
            for ((i=1; i<$INFO_LINE; i++))
            do
              INFO=`echo -e $VUL_RES | grep $i | awk -F. '{print $2}'`
              echo -e "\n\n\033[31m正在升级$INFO...\033[0m\n\n"
              Fix_$INFO
            done
            
            #重新检测
            echo -e "\n重新检测中...\n"
            for ((i=1; i<$INFO_LINE; i++))
            do
              INFO=`echo -e $VUL_RES | grep $i | awk -F. '{print $2}'`
              echo -e -n "正在检测$INFO..."
              Check_$INFO
            done
          else
            echo -e "\n\n\033[31m正在升级$INFO...\033[0m\n\n"
            Fix_$INFO
            echo -e "\n重新检测中...\n"
            echo -e -n "正在检测$INFO..."
            Check_$INFO
          fi
        else
          echo -e "\n输入错误\n"
        fi
      fi
    fi
  fi
fi

你可能感兴趣的:(安全运维,系统运维,安全漏洞,linux,系统漏洞,系统运维,漏洞检测,安全运维,漏洞修复工具,Linux系统安全)