|
如果您正在运行大型Linux环境,则可能已经将Red Hat系统与Satellite集成在一起。如果是的话,有一种方法可以从Satellite服务器导出它,因此您不必担心修补合规报告。但是,如果您正在运行没有Satellite集成的小型Red Hat环境,或者它是CentOS系统,那么此脚本将帮助您创建报告。修补程序合规性报告通常根据公司的需求每月创建一次或三个月一次,根据您的需要添加一个cronjob以使其自动化。通常,此bash脚本可以在少于50个系统上运行,但是没有限制。本文包含四个shell脚本,请选择合适的脚本使用,同时脚本当中的邮箱请修改成自己的。
Bash脚本1:为CentOS/RHEL系统上的安全勘误生成补丁程序符合性报告 该脚本仅允许您创建安全性勘误补丁程序遵从性报告,它通过邮件以纯文本形式发送输出: # vi /opt/scripts/small-scripts/sec-errata.sh #!/bin/sh /tmp/sec-up.txt SUBJECT="Patching Reports on "date"" MESSAGE="/tmp/sec-up.txt" TO="249562751@qq.com" echo "+---------------+-----------------------------+" >> $MESSAGE echo "| Server_Name | Security Errata |" >> $MESSAGE echo "+---------------+-----------------------------+" >> $MESSAGE for server in `more /opt/scripts/server.txt` do sec=`ssh $server yum updateinfo summary | grep 'Security' | grep -v 'Important|Moderate' | tail -1 | awk '{print $1}'` echo "$server $sec" >> $MESSAGE done echo "+---------------------------------------------+" >> $MESSAGE mail -s "$SUBJECT" "$TO" < $MESSAGE 添加以上脚本后,运行脚本文件: # sh /opt/scripts/small-scripts/sec-errata.sh 您会得到类似下面的输出: # cat /tmp/sec-up.txt
添加以下cronjob以获得每月一次的补丁合规报告: # crontab -e @monthly /bin/bash /opt/scripts/system-uptime-script-1.sh 参考:在Linux系统下使用Crontab UI安全管理Cron定时任务。
Bash脚本2:为CentOS/RHEL系统上的安全勘误生成补丁程序符合性报告 该脚本允许您生成安全性勘误补丁合规性报告,它通过带有CSV文件的邮件发送输出: # vi /opt/scripts/small-scripts/sec-errata-1.sh #!/bin/sh echo "Server Name, Security Errata" > /tmp/sec-up.csv for server in `more /opt/scripts/server.txt` do sec=`ssh $server yum updateinfo summary | grep 'Security' | grep -v 'Important|Moderate' | tail -1 | awk '{print $1}'` echo "$server, $sec" >> /tmp/sec-up.csv done echo "Patching Report for `date +"%B %Y"`" | mailx -s "Patching Report on `date`" -a /tmp/sec-up.csv 249562751@qq.com rm /tmp/sec-up.csv 添加以上脚本后,运行脚本文件: # sh /opt/scripts/small-scripts/sec-errata-1.sh 您会得到类似下面的输出:
Bash脚本3:为CentOS/RHEL系统上的安全勘误、错误修正和增强功能生成补丁程序符合性报告 此脚本使您可以为安全勘误、错误修正和增强功能生成修补程序遵从性报告,它通过邮件以纯文本形式发送输出: # vi /opt/scripts/small-scripts/sec-errata-bugfix-enhancement.sh #!/bin/sh /tmp/sec-up.txt SUBJECT="Patching Reports on "`date`"" MESSAGE="/tmp/sec-up.txt" TO="249562751@qq.com" echo "+---------------+-------------------+--------+---------------------+" >> $MESSAGE echo "| Server_Name | Security Errata | Bugfix | Enhancement |" >> $MESSAGE echo "+---------------+-------------------+--------+---------------------+" >> $MESSAGE for server in `more /opt/scripts/server.txt` do sec=`ssh $server yum updateinfo summary | grep 'Security' | grep -v 'Important|Moderate' | tail -1 | awk '{print $1}'` bug=`ssh $server yum updateinfo summary | grep 'Bugfix' | tail -1 | awk '{print $1}'` enhance=`ssh $server yum updateinfo summary | grep 'Enhancement' | tail -1 | awk '{print $1}'` echo "$server $sec $bug $enhance" >> $MESSAGE done echo "+------------------------------------------------------------------+" >> $MESSAGE mail -s "$SUBJECT" "$TO" < $MESSAGE 添加以上脚本后,运行脚本文件: # sh /opt/scripts/small-scripts/sec-errata-bugfix-enhancement.sh 您会得到类似下面的输出: # cat /tmp/sec-up.txt
每三个月添加以下cronjob以获取修补程序合规性报告,该脚本计划在1月、4月、7月和10月1日运行: # crontab -e 0 0 01 */3 * /bin/bash /opt/scripts/system-uptime-script-1.sh
Bash脚本4:生成CentOS/RHEL系统上的安全勘误、错误修正和增强的补丁程序符合性报告 此脚本使您可以为安全勘误、错误修正和增强功能生成修补程序遵从性报告,它通过带有CSV文件的邮件发送输出: # vi /opt/scripts/small-scripts/sec-errata-bugfix-enhancement-1.sh #!/bin/sh echo "Server Name, Security Errata,Bugfix,Enhancement" > /tmp/sec-up.csv for server in `more /opt/scripts/server.txt` do sec=`ssh $server yum updateinfo summary | grep 'Security' | grep -v 'Important|Moderate' | tail -1 | awk '{print $1}'` bug=`ssh $server yum updateinfo summary | grep 'Bugfix' | tail -1 | awk '{print $1}'` enhance=`ssh $server yum updateinfo summary | grep 'Enhancement' | tail -1 | awk '{print $1}'` echo "$server,$sec,$bug,$enhance" >> /tmp/sec-up.csv done echo "Patching Report for `date +"%B %Y"`" | mailx -s "Patching Report on `date`" -a /tmp/sec-up.csv 249562751@qq.com rm /tmp/sec-up.csv 添加以上脚本后,运行脚本文件: # sh /opt/scripts/small-scripts/sec-errata-bugfix-enhancement-1.sh 您会得到类似下面的输出:
相关主题 |
