安全漏洞扫描脚本

1
#!/bin/bash
2

3
# 配置：安全扫描参数（可按需修改）
4
REPORT_DIR="$HOME/security_reports"
5
DATE=$(date +%Y%m%d_%H%M%S)
6
REPORT_FILE="$REPORT_DIR/security_report_$DATE.txt"
7
EMAIL="admin@example.com"
8

9
# 创建报告目录
10
mkdir -p "$REPORT_DIR"
11

12
# 初始化报告文件
13
echo "安全扫描报告 - $(date)" > "$REPORT_FILE"
14
echo "========================================" >> "$REPORT_FILE"
15

16
# 检查开放端口
17
echo "1. 开放端口检查：" >> "$REPORT_FILE"
18
netstat -tuln | grep LISTEN >> "$REPORT_FILE"
19
echo "" >> "$REPORT_FILE"
20

21
# 检查 SSH 配置
22
echo "2. SSH 配置检查：" >> "$REPORT_FILE"
23
if grep -q "PermitRootLogin yes" /etc/ssh/sshd_config; then
24
    echo "[警告] SSH 允许 root 登录" >> "$REPORT_FILE"
25
else
26
    echo "[安全] SSH 禁止 root 登录" >> "$REPORT_FILE"
27
fi
28

29
if grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config; then
30
    echo "[警告] SSH 允许密码认证" >> "$REPORT_FILE"
31
else
32
    echo "[安全] SSH 禁用密码认证" >> "$REPORT_FILE"
33
fi
34

35
if ! grep -q "Port 22" /etc/ssh/sshd_config; then
36
    echo "[安全] SSH 端口已更改" >> "$REPORT_FILE"
37
else
38
    echo "[警告] SSH 使用默认端口 22" >> "$REPORT_FILE"
39
fi
40
echo "" >> "$REPORT_FILE"
41

42
# 检查用户权限
43
echo "3. 用户权限检查：" >> "$REPORT_FILE"
44
echo "具有 sudo 权限的用户：" >> "$REPORT_FILE"
45
grep -Po '^sudo.+ALL=\(ALL\) .+' /etc/group | cut -d: -f4 >> "$REPORT_FILE"
46
echo "" >> "$REPORT_FILE"
47

48
# 检查弱密码用户
49
echo "4. 弱密码用户检查：" >> "$REPORT_FILE"
50
# 检查密码为空或过期的账户
51
awk -F: '($2==""){print $1" has empty password"}' /etc/shadow >> "$REPORT_FILE"
52
awk -F: '($2!="*" && $2!="!" && $2!~ /^\$[12356]/){print $1" has weak password hash"}' /etc/shadow >> "$REPORT_FILE"
53
echo "" >> "$REPORT_FILE"
54

55
# 检查系统更新
56
echo "5. 系统更新检查：" >> "$REPORT_FILE"
57
if command -v apt-get &> /dev/null; then
58
    UPDATES=$(apt-get -s -o Debug::NoLocking=true upgrade | grep -c "^Inst")
59
    echo "可用更新数量: $UPDATES" >> "$REPORT_FILE"
60
elif command -v yum &> /dev/null; then
61
    UPDATES=$(yum check-update --quiet | wc -l)
62
    echo "可用更新数量: $UPDATES" >> "$REPORT_FILE"
63
fi
64
echo "" >> "$REPORT_FILE"
65

66
# 检查防火墙状态
67
echo "6. 防火墙状态检查：" >> "$REPORT_FILE"
68
if command -v ufw &> /dev/null && ufw status | grep -q "Status: active"; then
69
    echo "[安全] UFW 防火墙已启用" >> "$REPORT_FILE"
70
    ufw status >> "$REPORT_FILE"
71
elif command -v iptables &> /dev/null && iptables -L | grep -q "policy"; then
72
    echo "[安全] iptables 防火墙已启用" >> "$REPORT_FILE"
73
    iptables -L -n >> "$REPORT_FILE"
74
else
75
    echo "[警告] 防火墙未启用或未安装" >> "$REPORT_FILE"
76
fi
77
echo "" >> "$REPORT_FILE"
78

79
# 检查系统日志中的异常登录
80
echo "7. 异常登录检查：" >> "$REPORT_FILE"
81
FAIL_LOGINS=$(grep -i "failed\|invalid\|error" /var/log/auth.log | tail -20)
82
if [ -n "$FAIL_LOGINS" ]; then
83
    echo "最近的登录失败记录：" >> "$REPORT_FILE"
84
    echo "$FAIL_LOGINS" >> "$REPORT_FILE"
85
else
86
    echo "未发现异常登录记录" >> "$REPORT_FILE"
87
fi
88
echo "" >> "$REPORT_FILE"
89

90
# 检查 Web 服务器安全配置（如果安装了 Apache 或 Nginx）
91
echo "8. Web 服务器安全配置检查：" >> "$REPORT_FILE"
92
if command -v apache2 &> /dev/null || command -v httpd &> /dev/null; then
93
    if [ -f /etc/apache2/conf-available/security.conf ] || [ -f /etc/httpd/conf.d/security.conf ]; then
94
        if grep -q "ServerTokens Prod" /etc/apache2/conf-available/security.conf 2>/dev/null || grep -q "ServerTokens Prod" /etc/httpd/conf.d/security.conf 2>/dev/null; then
95
            echo "[安全] Apache ServerTokens 已设置为 Prod" >> "$REPORT_FILE"
96
        else
97
            echo "[警告] Apache ServerTokens 可能暴露版本信息" >> "$REPORT_FILE"
98
        fi
99
    fi
100
elif command -v nginx &> /dev/null; then
101
    if grep -q "server_tokens off" /etc/nginx/nginx.conf 2>/dev/null || grep -q "server_tokens off" /etc/nginx/conf.d/*.conf 2>/dev/null; then
102
        echo "[安全] Nginx server_tokens 已禁用" >> "$REPORT_FILE"
103
    else
104
        echo "[警告] Nginx server_tokens 可能暴露版本信息" >> "$REPORT_FILE"
105
    fi
106
fi
107
echo "" >> "$REPORT_FILE"
108

109
# 检查文件权限
110
echo "9. 重要文件权限检查：" >> "$REPORT_FILE"
111
echo "/etc/passwd 权限: $(ls -l /etc/passwd)" >> "$REPORT_FILE"
112
echo "/etc/shadow 权限: $(ls -l /etc/shadow)" >> "$REPORT_FILE"
113
echo "/etc/hosts.allow 权限: $(ls -l /etc/hosts.allow)" >> "$REPORT_FILE"
114
echo "/etc/hosts.deny 权限: $(ls -l /etc/hosts.deny)" >> "$REPORT_FILE"
115
echo "" >> "$REPORT_FILE"
116

117
# 检查是否发现高风险问题
118
HIGH_RISK=$(grep -c "\[警告\]" "$REPORT_FILE")
119
if [ "$HIGH_RISK" -gt 0 ]; then
120
    echo "发现 $HIGH_RISK 个高风险问题，请立即处理！" >> "$REPORT_FILE"
121

122
    # 发送告警邮件
123
    if command -v mail &> /dev/null; then
124
        echo "安全扫描发现 $HIGH_RISK 个高风险问题，请立即查看报告: $REPORT_FILE" | mail -s "安全告警 - $(hostname)" "$EMAIL"
125
    fi
126
else
127
    echo "未发现高风险问题，系统安全状况良好。" >> "$REPORT_FILE"
128
fi
129

130
echo "安全扫描完成，报告已保存到: $REPORT_FILE"