19个一键脚本liux脚本
一、系统信息类(3个)
- 全面系统信息查看
#!/bin/bash
系统信息综合查看
echo -e “\n===== 系统基础信息 ="
uname -a # 内核版本
cat /etc/os-release | head -n 3 # 系统版本
hostname -I # 主机IP
echo -e "\n= 资源使用 ="
free -h # 内存状态
df -hT # 磁盘分区
top -bn 1 | head -n 10 # 进程占用
echo -e "\n= 网络与服务 =====”
ifconfig | grep "inet " # 网络接口
netstat -antp | head -n 5 # 网络连接
ps -ef | grep [s]ervice # 关键服务进程
2. 硬件信息检测
#!/bin/bash
硬件信息查看
echo -e “\n===== CPU信息 ="
lscpu | grep “Model name|CPU(s)”
echo -e "\n= 内存信息 ="
dmidecode -t memory | grep -E “Size|Type” | head -6
echo -e "\n= 磁盘信息 ="
fdisk -l | grep “Disk /dev”
lsblk -f # 磁盘挂载详情
echo -e "\n= 显卡信息 =====”
lspci | grep -i vga
3. 系统运行时间统计
#!/bin/bash
系统运行时长与负载
echo -e “\n系统已运行: ( u p t i m e − p ) " e c h o − e " 当 前 负 载 : (uptime -p)" echo -e "当前负载: (uptime−p)"echo−e"当前负载:(uptime | awk -F ‘load average:’ ‘{print $2}’)”
echo -e “\n最近登录用户:”
last -n 5 | head -n 4 # 最近登录记录
echo -e “\n当前登录用户:”
who
二、环境部署类(4个)
- LNMP环境部署(CentOS)
#!/bin/bash
LNMP环境部署(CentOS)
yum update -y
yum install -y nginx mariadb-server php-fpm php-mysqlnd
systemctl start nginx mariadb
systemctl enable nginx mariadb
配置Nginx
cat > /etc/nginx/conf.d/wordpress.conf << EOF
server {
listen 80;
server_name example.com;
root /usr/share/nginx/html;
index index.php index.html;
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
nginx -t && systemctl restart nginx
5. LAMP环境部署(Ubuntu)
#!/bin/bash
LAMP环境部署(Ubuntu)
apt update && apt upgrade -y
apt install -y apache2 mysql-server php php-mysql
systemctl start apache2 mysql
systemctl enable apache2 mysql
测试PHP
echo “<?php phpinfo(); ?>” > /var/www/html/info.php
echo “LAMP环境已部署,访问http://服务器IP/info.php测试”
6. Docker快速安装
#!/bin/bash
Docker一键安装
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
systemctl start docker
systemctl enable docker
添加当前用户到docker组(避免sudo)
usermod -aG docker $USER
echo “Docker安装完成,重启后生效”
7. Nginx虚拟主机创建
#!/bin/bash
Nginx虚拟主机创建
read -p “请输入域名:” domain
read -p “请输入网站根目录:” webroot
mkdir -p $webroot
chown -R nginx:nginx $webroot
cat > /etc/nginx/conf.d/$domain.conf << EOF
server {
listen 80;
server_name $domain;
root KaTeX parse error: Can't use function '\.' in math mode at position 57: … location ~ \̲.̲php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
nginx -t && systemctl restart nginx
echo “虚拟主机已创建,域名: d o m a i n , 根 目 录 : domain,根目录: domain,根目录:webroot”
三、服务管理类(4个)
- 服务状态批量检查
#!/bin/bash
服务状态检查脚本
services=(“nginx” “mysql” “docker” “sshd”)
echo -e “\n===== 服务状态检查 =====”
for service in ${services[@]}; do
if systemctl status KaTeX parse error: Expected 'EOF', got '&' at position 9: service &̲> /dev/null; th…(systemctl is-active s e r v i c e ) e c h o " service) echo " service)echo"service: [KaTeX parse error: Expected group after '^' at position 8: {status^̲^}]" else …service: [未安装]"
fi
done
9. 服务一键启停脚本
#!/bin/bash
服务快速启停工具
echo -e “\n请选择操作:”
echo “1. 启动所有服务”
echo “2. 停止所有服务”
echo “3. 重启所有服务”
read -p “请输入选项(1-3):” choice
services=(“nginx” “mysql” “php-fpm”)
case $choice in
1) for service in ${services[@]}; do systemctl start $service; done ;;
2) for service in ${services[@]}; do systemctl stop $service; done ;;
3) for service in ${services[@]}; do systemctl restart $service; done ;;
*) echo “无效选项” && exit 1 ;;
esac
echo -e “\n操作完成,当前服务状态:”
for service in ${services[@]}; do systemctl status $service | head -n 2; done
10. 防火墙基础配置
#!/bin/bash
Firewalld防火墙配置
systemctl start firewalld
systemctl enable firewalld
echo -e “\n请输入需要开放的端口(用空格分隔,如’80 443 22’):”
read -a ports
for port in p o r t s [ @ ] ; d o f i r e w a l l − c m d − − p e r m a n e n t − − a d d − p o r t = {ports[@]}; do firewall-cmd --permanent --add-port= ports[@];dofirewall−cmd−−permanent−−add−port=port/tcp
done
firewall-cmd --reload
echo -e “\n防火墙已配置,开放端口:${ports[*]}”
11. 日志服务管理
#!/bin/bash
系统日志管理脚本
echo -e “\n===== 日志管理工具 =====”
echo “1. 清理所有日志”
echo “2. 清理指定天数前的日志”
echo “3. 查看日志占用”
read -p “请选择操作(1-3):” choice
case c h o i c e i n 1 ) f i n d / v a r / l o g − t y p e f − e x e c t r u n c a t e − s 0 e c h o " 所 有 日 志 已 清 空 " ; ; 2 ) r e a d − p " 请 输 入 天 数 ( 如 30 ) : " d a y s f i n d / v a r / l o g − t y p e f − m t i m e + choice in 1) find /var/log -type f -exec truncate -s 0 {} \; echo "所有日志已清空" ;; 2) read -p "请输入天数(如30):" days find /var/log -type f -mtime + choicein1)find/var/log−typef−exectruncate−s0echo"所有日志已清空";;2)read−p"请输入天数(如30):"daysfind/var/log−typef−mtime+days -exec truncate -s 0 {} ;
echo “$days天前的日志已清空”
;;
3)
du -sh /var/log/*
;;
*) echo “无效选项” && exit 1 ;;
esac
四、系统维护类(4个)
- 磁盘空间清理
#!/bin/bash
磁盘空间清理脚本
echo -e “\n===== 开始清理系统 =====”
echo “1. 清理临时文件”
echo “2. 清理包缓存”
echo “3. 清理日志文件”
echo “4. 全部清理”
read -p “请选择操作(1-4):” choice
case $choice in
1) rm -rf /tmp/* /var/tmp/* ;;
2) yum clean all || apt clean ;;
3) find /var/log -type f -mtime +30 -exec truncate -s 0 {} ; ;;
4)
rm -rf /tmp/* /var/tmp/*
yum clean all || apt clean
find /var/log -type f -mtime +30 -exec truncate -s 0 {} ;
;;
*) echo “无效选项” && exit 1 ;;
esac
echo -e “\n清理完成,当前磁盘使用:”
df -h
13. 系统优化脚本(基础版)
#!/bin/bash
系统基础优化脚本
echo -e “\n===== 系统优化开始 =====”
关闭不必要的服务
systemctl stop postfix && systemctl disable postfix
调整文件描述符
cat >> /etc/security/limits.conf << EOF
-
soft nofile 65536 -
hard nofile 65536
EOF
优化内核参数
cat > /etc/sysctl.d/99-optimize.conf << EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_local_port_range = 1024 65000
EOF
sysctl -p
echo -e “\n系统优化完成,部分设置需重启生效”
14. 定时任务备份脚本
#!/bin/bash
数据定时备份脚本
backup_dir="/backup/$(date +%Y%m%d)"
mkdir -p $backup_dir
备份数据库(需提前设置MySQL密码)
read -p “请输入MySQL密码:” mysql_pass
mysqldump -u root -p$mysql_pass --all-databases > $backup_dir/all_databases.sql
备份网站目录
web_dirs=("/var/www/html" “/etc/nginx/conf.d”)
for dir in ${web_dirs[@]}; do
if [ -d $dir ]; then
tar -czf b a c k u p d i r backup_dir backupdir(basename $dir).tar.gz $dir
fi
done
保留7天备份
find /backup -type d -mtime +7 -exec rm -rf {} ;
echo -e “\n备份完成,路径:$backup_dir”
echo “7天前的备份已清理”
15. 系统垃圾文件清理
#!/bin/bash
系统垃圾文件清理
echo -e “\n===== 清理系统垃圾 =====”
清理yum缓存
if command -v yum &> /dev/null; then
yum clean all
echo “Yum缓存已清理”
清理apt缓存
elif command -v apt &> /dev/null; then
apt clean
echo “Apt缓存已清理”
fi
清理编译缓存
rm -rf /usr/src/debug/*
rm -rf /tmp/*~
清理旧内核(CentOS)
if [ -f /etc/redhat-release ]; then
package-cleanup --oldkernels --count=1
echo “旧内核已清理,保留最新1个”
fi
echo -e “\n垃圾清理完成”
五、安全与监控类(4个)
- 简单入侵检测脚本
#!/bin/bash
简单入侵检测脚本
echo -e “\n===== 系统安全检查 =====”
echo “1. 异常登录检查”
echo “2. 异常用户检查”
echo “3. 端口扫描”
echo “4. 全部检查”
read -p “请选择操作(1-4):” choice
case $choice in
1)
echo “最近异常登录:”
last | grep -i “failed” | head -10
;;
2)
echo “非标准用户:”
grep -vE “^(root|bin|daemon|sys|sync|shutdown|halt|mail|operator|games|nobody)” /etc/passwd
;;
3)
echo “开放端口:”
netstat -antp | grep LISTEN
;;
4)
echo “最近异常登录:”
last | grep -i “failed” | head -10
echo -e “\n非标准用户:”
grep -vE “^(root|bin|daemon|sys|sync|shutdown|halt|mail|operator|games|nobody)” /etc/passwd
echo -e “\n开放端口:”
netstat -antp | grep LISTEN
;;
*) echo “无效选项” && exit 1 ;;
esac
17. 监控服务安装脚本
#!/bin/bash
监控服务安装(Prometheus+Grafana)
echo -e “\n===== 安装监控服务 =====”
安装依赖
yum install -y wget unzip || apt install -y wget unzip
下载Prometheus
wget https://github.com/prometheus/prometheus/releases/download/v2.45.0/prometheus-2.45.0.linux-amd64.tar.gz
tar -xzf prometheus-2.45.0.linux-amd64.tar.gz -C /opt/
ln -s /opt/prometheus-2.45.0.linux-amd64 /opt/prometheus
下载Grafana
wget https://dl.grafana.com/oss/release/grafana-10.1.0-1.x86_64.rpm
yum install -y grafana-10.1.0-1.x86_64.rpm || dpkg -i grafana-10.1.0-1.x86_64.deb
启动服务
systemctl start prometheus grafana-server
systemctl enable prometheus grafana-server
echo -e “\n监控服务已安装:”
echo “Prometheus访问:http://服务器IP:9090”
echo “Grafana访问:http://服务器IP:3000(默认账号密码:admin/admin)”
18. 防火墙日志审计
#!/bin/bash
防火墙日志审计脚本
echo -e “\n===== 防火墙日志分析 =====”
检查防火墙日志是否启用
if grep -q “firewalld” /etc/rsyslog.conf; then
echo “防火墙日志已启用,分析最近100条记录:”
grep “firewalld” /var/log/messages | tail -n 100
else
echo “防火墙日志未启用,是否开启?(y/n)”
read -p “选择:” choice
if [ $choice == “y” ]; then
echo “local0.* /var/log/firewalld.log” >> /etc/rsyslog.conf
systemctl restart rsyslog
echo “防火墙日志已启用,重启后生效”
fi
fi
19. 系统安全加固脚本(基础版)
#!/bin/bash
系统基础安全加固
echo -e “\n===== 系统安全加固开始 =====”
禁止root远程登录
sed -i ‘s/PermitRootLogin yes/PermitRootLogin no/g’ /etc/ssh/sshd_config
限制SSH登录失败次数
sed -i ‘s/#MaxAuthTries 6/MaxAuthTries 3/g’ /etc/ssh/sshd_config
关闭IPv6(可选)
echo “net.ipv6.conf.all.disable_ipv6 = 1” >> /etc/sysctl.conf
禁止空密码
passwd -d “” 2>/dev/null
加强密码策略(CentOS)
if [ -f /etc/redhat-release ]; then
authconfig --passminlen=8 --passminclasses=3 --update
fi
systemctl restart sshd
echo -e “\n安全加固完成,建议创建普通用户并使用sudo”
重要使用提醒:
-
脚本执行权限:通过chmod +x 脚本名.sh赋予执行权限,用sudo bash 脚本名.sh运行(需root权限)。
-
环境适配:CentOS/Ubuntu的包管理命令(yum/apt)不同,部分脚本需手动修改。
-
风险意识:涉及系统修改的脚本(如内核优化、日志清理)可能影响服务,务必先备份数据。
-
定制需求:若需特定功能(如Redis部署、Python环境搭建),可进一步说明场景,避免盲目使用“一键脚本”。
Linux管理的核心是“理解每一步操作”,建议将脚本拆分成小功能逐步执行,避免因一键脚本的不可控性导致问题哦!