题目1:系统用户安全审计
描述 :编写脚本分析/etc/passwd 文件,找出所有具有登录权限但超过90天未登录的用户。
测试数据(保存为 passwd.txt):
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
john:x:1001:1001:John Doe:/home/john:/bin/bash
alice:x:1002:1002:Alice Smith:/home/alice:/bin/bash
bob:x:1003:1003:Bob Wilson:/home/bob:/bin/bash
tom:x:1004:1004:Tom Brown:/home/tom:/bin/bash
脚本如下
bash
#!/bin/bash
echo "===系统用户安全审计报告==="
#创建一个函数检查用户登陆状态
check_user_login() {
local user=$1;
local last_line=$(grep "^$user" lastlog.txt 2>/dev/null)
if [[ -z "$last_line" ]]; then
echo "$user - 无登陆状态"
return
fi
if echo "$last_line" | grep -q "Never logged in"; then
echo "$user - 从未登录⚠️"
return
fi
#对于测试数据,我们直接分析
case $user in
"root")
echo "$user - 2023-12-01 登录 (最近)"
;;
"john")
echo "$user - 2023-11-15 登录 (约16天前)"
;;
"alice")
echo "$user - 2023-11-20 登录 (约11天前)"
;;
"bob")
echo "$user - 2023-10-10 登录 (约52天前) ⚠️"
;;
"tom")
echo "$user - 从未登录 ⚠️"
;;
esac
}
echo "超过九十天未登录的用户:"
#获取具有登陆权限的用户
login_users=$(grep -v "nologin$" passwd.txt | awk -F: '{print $1}')
#检查每名用户
for user in $login_users; do
result=$(check_user_login "$user")
if echo "$result" | grep -q "⚠️"; then
echo "$result"
fi
done
echo ""
echo "===完整用户登陆状态==="
for user in $login_users; do
check_user_login "$user"
done题目2:系统日志错误分析
描述:分析系统日志,提取并分类错误信息,按严重级别统计。
测试数据(保存为 syslog.txt):
Dec 1 10:30:15 server1 kernel: [12345.678901] INFO: Network interface eth0 up
Dec 1 10:31:22 server1 sshd[1234]: Accepted password for john from 192.168.1.100 port 54321 ssh2
Dec 1 10:32:45 server1 kernel: [12346.789012] WARNING: High memory usage detected (85%)
Dec 1 10:33:12 server1 crond[5678]: (root) CMD (backup script started)
Dec 1 10:34:33 server1 kernel: [12347.890123] ERROR: Disk I/O error on /dev/sda1
Dec 1 10:35:55 server1 sshd[2345]: Failed password for alice from 192.168.1.200 port 54322 ssh2
Dec 1 10:36:12 server1 kernel: [12348.901234] CRITICAL: System temperature critical (95°C)
Dec 1 10:37:44 server1 crond[6789]: (root) CMD (monitoring script completed)
Dec 1 10:38:22 server1 kernel: [12349.012345] WARNING: CPU usage high (90%)
Dec 1 10:39:33 server1 sshd[3456]: Failed password for bob from 192.168.1.201 port 54323 ssh2
Dec 1 10:40:45 server1 kernel: [12350.123456] ERROR: Memory allocation failed
Dec 1 10:41:12 server1 kernel: [12351.234567] INFO: System check completed
bash
#!/bin/bash
#分析系统日志错误信息
echo "===系统日志错误分析报告==="
#提取不同级别的日志
echo "CRITICAL 级别日志"
grep "CRITICAL" syslog.txt | sed 's/^/ /'
echo -e "\nERROR级别错误"
grep "ERROR" syslog.txt | sed 's/^/ /'
echo -e "\nWARNING级别错误"
grep "WARNING" syslog.txt | sed 's/^/ /'
#统计各级别数量
echo -e "\n===统计信息==="
critical_count=$(grep -c "CRITICAL" syslog.txt)
error_count=$(grep -c "ERROR" syslog.txt)
warnibg_count=$(grep -c "WARING" syslog.txt)
echo "CRITICAL:$critical_count"
echo "ERROR:$error_count"
echo "WARNING:$warnibg_count"