#!/bin/bash ######################################################################### # HW and SW inventory script for DEB/RHEL # # Created by PM-DoIT # # v 0.2 # ######################################################################### #----------------------------- VARIABLES -------------------------------# DMI=$(whereis dmidecode | awk '{print $2}') LSH=$(whereis lshw | awk '{print $2}') PCI=$(whereis lspci | awk '{print $2}') RPM=$(whereis rpm | awk '{print $2}') DPKG=$(whereis dpkg | awk '{print $2}') #------------------------------- TEMP ----------------------------------# LOG=/tmp/audit.log REP=/tmp/audit.rep SW=/tmp/audit.sw #------------------------------- AUDIT ---------------------------------# audit(){ echo "==================================================" echo -e " \e[1;32m*** AUDIT inventory by DoIT ***\e[0m" echo "==================================================" echo -e '\E[33m'"HOSTNAME:" `hostname -s` echo "OS $(cat /etc/os-release | egrep -w NAME | sed 's/"//g') $(cat /etc/os-release | egrep -w VERSION | sed 's/"//g')" echo "KERNEL: $(uname -r)" echo "IP: $(hostname -I | awk '{print $1}')" echo -e "UPTIME: $(uptime -p)\e[0m" echo "==================================================" echo -e " \e[1;36m*** DNS AUDIT ***\e[0m" echo "==================================================" cat /etc/resolv.conf | awk '{print $2}' | sort | uniq echo "==================================================" echo -e " \e[1;36m*** CPU AUDIT ***\e[0m" echo "==================================================" echo "CORES: $(cat /proc/cpuinfo | grep processor | wc -l)" echo "LOAD:$(uptime | grep -o 'average.*' | cut -f2- -d:)" if [ -z $LSH ]; then echo -e "\e[1;31m! lshw not installed\e[0m" else $LSH -c cpu | egrep "product:|size:" | uniq | sed 's/^[ \t]*//' fi echo "==================================================" echo -e " \e[1;36m*** RAM AUDIT ***\e[0m" echo "==================================================" if [ -z $DMI ]; then echo -e "\e[1;31m! dmidecode not installed\e[0m" else $DMI -t memory | egrep "Manufacturer|Part|Size|Speed" | \ egrep -v "Unknown|Not Installed|No Module Installed|Not Specified|Maximum|Supported|Connection" | \ sed 's/^[ \t]*//' fi echo -e "\e[1;35m- Memory Usage\e[0m" echo "--------------------------------------------------" free -h | grep -v + | awk '{print $1,$2,$3,$4}' | column -t echo "==================================================" echo -e " \e[1;36m*** NET AUDIT ***\e[0m" echo "==================================================" if [ -z $LSH ]; then echo -e "\e[1;31m! lshw not installed\e[0m" else $LSH -c net | egrep "product:|size:" | sed 's/^[ \t]*//' fi echo "--------------------------------------------------" echo -e "\e[1;35m- Network interfaces\e[0m" echo "--------------------------------------------------" ip a | egrep -v "lo:|127.0" | egrep -w "mtu|inet" | awk '{print $2}' | sed 's/^[ \t]*//' echo "--------------------------------------------------" echo -e "\e[1;35m- Network routes\e[0m" echo "--------------------------------------------------" route | sed 's/ */ /g;/^Kernel/d;/^Destination/d' | column -t echo "==================================================" echo -e " \e[1;36m*** HDD AUDIT ***\e[0m" echo "==================================================" if [ -z $LSH ]; then echo -e "\e[1;31m! lshw not installed\e[0m" else $LSH -short -C disk fi echo "--------------------------------------------------" echo -e "\e[1;35m- Locations\e[0m" echo "--------------------------------------------------" lsblk -o "NAME,SIZE,FSTYPE,MOUNTPOINT" echo "--------------------------------------------------" echo -e "\e[1;35m- Partitions\e[0m" echo "--------------------------------------------------" df -l -P -T -B GB | grep -v tmp echo "==================================================" echo -e " \e[1;36m*** BOARD INFO ***\e[0m" echo "==================================================" echo -e "\e[1;35m- MODEL\e[0m" echo "--------------------------------------------------" if [ -z $DMI ]; then echo -e "\e[1;31m! dmidecode not installed\e[0m" else $DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//' fi echo "--------------------------------------------------" echo -e "\e[1;35m- ONBOARD DEVICE\e[0m" echo "--------------------------------------------------" if [ -z $DMI ]; then echo -e "\e[1;31m! dmidecode not installed\e[0m" else $DMI -t baseboard | grep Reference | sed 's/^[ \t]*//' fi echo "--------------------------------------------------" echo -e "\e[1;35m- PCI DEVICE\e[0m" echo "--------------------------------------------------" if [ -z $PCI ]; then echo -e "\e[1;31m! lspci not installed\e[0m" else $PCI -vm | grep Device: | grep -v 0[0-9] | grep -v "Device " fi echo "--------------------------------------------------" echo -e "\e[1;35m- USB DEVICE\e[0m" echo "--------------------------------------------------" lsusb | cut -d" " -f7- | sort echo "" usb-devices | grep Product | sort echo "==================================================" echo -e " \e[1;36m*** USERS AUDIT ***\e[0m" echo "==================================================" echo -e "\e[1;35m- USERS LDAP\e[0m" echo "--------------------------------------------------" getent passwd |awk -F : '$3 >= 1000 && $3 < 65534' | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS all\e[0m" echo "--------------------------------------------------" awk -F: '($3<1000){print $1}' /etc/passwd | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS with bash\e[0m" echo "--------------------------------------------------" egrep 'bash' /etc/passwd | cut -d: -f1 | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS with home\e[0m" echo "--------------------------------------------------" grep '/home/' /etc/passwd | cut -d: -f1 | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS with password\e[0m" echo "--------------------------------------------------" awk -F: '$2 != "*" && $2 !~ /^!/ {print $1}' /etc/shadow | sort echo "==================================================" echo -e " \e[1;36m*** CRON AUDIT ***\e[0m" echo "==================================================" awk '$1 ~ /([0-9]+|\*)/{print $0}' /etc/crontab | sed 's/&&/AND/g;s/||/OR/g' | nl | sed 's/^[ \t]*//' echo "--------------------------------------------------" echo -e "\e[1;35m- CRONTAB users\e[0m" echo "--------------------------------------------------" for i in $(awk -F: '{print $1}' /etc/passwd | sort); do crontab -u $i -l | awk '$1 ~ /([0-9]+|\*|\@)/{print $0}' | sed 's/&&/AND/g;s/||/OR/g' | nl done echo "==================================================" echo -e " \e[1;36m*** SW AUDIT ***\e[0m" echo "==================================================" rm -rf $SW if [ -z $RPM ]; then echo -e "\e[1;31m! yum manager [RPM] not installed\e[0m" else $RPM -qa | sort >> $SW echo -e "\e[1;32m- Exporting SW[RPM] to => [$SW]\e[0m" fi if [ -z $DPKG ]; then echo -e "\e[1;31m! apt-get manager [DEB] not installed\e[0m" else $DPKG -l | awk '{print $2}' | sort >> $SW echo -e "\e[1;32m- Exporting SW[DEB] to => [$SW]\e[0m" fi echo "==================================================" echo -e " \e[1;36m*** LOG AUDIT ***\e[0m" echo "==================================================" echo -e "\e[1;32m- Exporting LOGs to => [$LOG]\e[0m" echo "==================================================" find /var/log/ -type f | grep -Ev "(\.gz$|\.zip$|\.tar$|packages\/|scripts\/)" | sort > $LOG echo -e " \e[1;36m*** FINAL REPORT ***\e[0m" echo "==================================================" echo -e "\e[1;32m- Exporting REPORT to => [$REP]\e[0m" echo "==================================================" } #----------------------------- CORE-CODE -------------------------------# Color_Off='\033[0m' echo "***** Started analyzing host `hostname -s` *****" audit > $REP clear cat $REP