def install_zabbix_agent():
print(green("准备安装'zabbix-agent'......"))
if os.path.exists('/usr/local/zabbix/'):
print(red("'/usr/local/zabbix/'文件已存在"))
else:
file_path = tar_file_path('zabbix_linux_2.6')
os.system('tar -xvf %s -C /usr/local' % file_path)
os.system('groupadd zabbix')
os.system('useradd -g zabbix -M -s /sbin/nologin zabbix')
os.system('chown -R zabbix.zabbix /usr/local/zabbix')
zabbix_conf_path = '/usr/local/zabbix/conf/zabbix_agentd.conf'
print(green("检测'%s'配置文件......" % zabbix_conf_path))
specs = []
# Server配置
if 'zabbix_agentd.Server' in os_dict:
exp_val = os_dict['zabbix_agentd.Server']
specs.append(
Spec('配置Server', zabbix_conf_path, 'Server', exp_val, '=', '='))
# ServerActive配置
if 'zabbix_agentd.ServerActive' in os_dict:
exp_val = os_dict['zabbix_agentd.ServerActive']
specs.append(
Spec('配置ServerActive', zabbix_conf_path, 'ServerActive', exp_val,
'=', '='))
# 配置hostname
ip = get_host()
specs.append(Spec('配置Hostname', zabbix_conf_path, 'Hostname', ip, '=',
'='))
display_colorful(specs)
modify_optional(specs)
# 启动zabbix-agent
startup_command = '/usr/local/zabbix/sbin/zabbix_agentd -c %s' % zabbix_conf_path
if promised("是否启动'zabbix-agentd' ? "):
os.system(startup_command)
# 开机自启
if len(
execute(
'cat /etc/rc.d/rc.local | grep /usr/local/zabbix/sbin/zabbix_agentd'
)) == 0:
if promised('是否开机自启 ? '):
os.system('chmod a+x /etc/rc.d/rc.local')
os.system("echo '%s' >> /etc/rc.d/rc.local" % startup_command)
else:
print(green('检测到已配置开机自启...'))
# 设置读权限
os.system('setfacl -m u:zabbix:r /var/log/messages')
def rpm_install_iperf():
print(green("准备安装'iperf'......"))
file_path = rpm_file_path("iperf")
if len(file_path) > 0:
if promised("是否安装'%s' ? " % file_path):
execute('rpm -Uvh %s' % file_path)
yum_install('iperf')
else:
print(red("'iperf'安装包不存在"))
def path_check():
"""
系统路径检测
"""
path = str(os.environ.get("PATH"))
prefix = "系统路径检测"
if path.find('.:') == -1:
print("%s [%s]" % (padding(prefix), green("通过")))
else:
print("%s [%s]" % (padding(prefix), red("不通过")))
def install_all_required_software():
yum_install('vim')
if promised(green("是否安装gcc(如果yum源有问题, 可以ctrl+c在此结束运行)")):
yum_install('gcc')
yum_install('telnet')
yum_install('tar')
yum_install('zip')
yum_install('unzip')
yum_install('lvm2')
yum_install('firewalld')
yum_install('bind-utils') # nslookup
yum_install('java')
yum_install(
'libpcap'
) # Fix error "Failed dependencies" when install iftop in some machines
rpm_install_iftop()
rpm_install_iperf()
install_zabbix_agent()
if promised(green("是否安装nginx(安装时间较长, 没有必要可以不安装)")):
install_nginx()
def display_colorful(specs, newline_at_end=True):
for spec in specs:
pad = padding(spec.desc)
if spec.status == -2:
print("%s [%s]" % (pad, red("文件不存在")))
elif spec.status == -1:
print(
"%s [%s]" %
(pad, red("配置错误, 期望'%s', 实际'%s'" %
(spec.exp_val, spec.act_val))))
elif spec.status == 0:
print("%s [%s]" % (pad, yellow("未配置")))
elif spec.status == 1:
print("%s [%s]" % (pad, green("配置正确")))
if newline_at_end:
print("")
def firewall_service_management():
"""防火墙服务管理"""
# 启动防火墙
os.system('systemctl start firewalld')
# 查看允许的服务
act_service_list = execute('firewall-cmd --list-services')[0:-1].split(" ")
print(green("实际允许的服务:"))
print(act_service_list)
exp_service_list = ['ssh', 'zabbix-agent', 'chronyd']
need_reload = False
# 删除非期望的服务
for act_service in act_service_list:
if act_service not in exp_service_list and len(act_service) > 0:
if promised("是否删除'%s'服务 ? " % act_service):
os.system('firewall-cmd --remove-service=%s --permanent' %
act_service)
need_reload = True
# 添加期望的服务
for exp_service in exp_service_list:
if exp_service not in act_service_list:
if promised("是否添加'%s'服务 ? " % exp_service):
if exp_service == 'chronyd':
# 自定义服务
os.system('firewall-cmd --new-service=chronyd --permanent')
os.system(
'firewall-cmd --service=chronyd --add-port=323/tcp --permanent'
)
os.system(
'firewall-cmd --service=chronyd --add-port=323/udp --permanent'
)
# 重新加载, 不然仍会服务无效
os.system('firewall-cmd --reload')
# 添加
os.system('firewall-cmd --add-service=chronyd --permanent')
else:
os.system("firewall-cmd --add-service=%s --permanent" %
exp_service)
need_reload = True
if need_reload:
os.system('firewall-cmd --reload')
def password_check():
"""
口令检测 /etc/shadow
"""
prefix = "口令检测"
pad = padding(prefix)
try:
f = open("/etc/shadow", "rb")
context = f.read()
f.close()
correct = True
for line in context.splitlines():
arr = line.split(b":")
if arr[1] == "":
correct = False
print("%s [%s]" % (pad, red("'%s'密码为空" % arr[0])))
elif arr[2] == "0":
correct = False
print("%s [%s]" % (pad, red("'%s'UID为0" % arr[0])))
if correct:
print("%s [%s]" % (pad, green("通过")))
except IOError:
print("%s [%s]" % (pad, red("文件不存在")))
def yum_install(name):
print(green("准备安装'%s'......" % name))
os.system("yum -y install %s" % name)
def install_nginx():
if not os.path.exists('/usr/local/nginx') or promised(
green("检测到nginx已安装, 是否覆盖安装")):
os.system('sh shell/nginx_install.sh')