Skip to content

Instantly share code, notes, and snippets.

@tomaszklim
Last active October 26, 2023 09:43
Show Gist options
  • Save tomaszklim/8a87eddf94ec4674629824d4ea1ebe59 to your computer and use it in GitHub Desktop.
Save tomaszklim/8a87eddf94ec4674629824d4ea1ebe59 to your computer and use it in GitHub Desktop.
Espeo Software initial server analysis script, for future customers
#!/bin/sh
# Espeo Software server analysis script
# Written by Tomasz Klim
# Version 1.2
#
# Run this script as root and send us the created TGZ package.
WD=`pwd`
path=$WD/analysis
mkdir -p $path/etc $path/log $path/ls $path/proc
# If this script runs very slow, this is usually the longest
# part. You can try to remove individual directories from this
# variable, if these directories are huge and irrelevant to
# the analysis. However please describe then, what is cut
# and why, to avoid any later misunderstandings.
LS="boot data db etc home media mnt opt root run srv var"
# This is the absolutely minimal version.
#LS="boot etc run var"
x=1
w=`echo "$LS" |wc -w`
echo "If this part is too slow, press Ctrl+C and follow the comments inside this script."
for D in $LS; do
if [ -d /$D ]; then
echo "[$x/$w] Listing /$D directory contents"
ls -alR /$D/ 2>/dev/null >$path/ls/$D.txt
fi
x=$(( $x + 1 ))
done
echo "Thanks for your patience! The rest of this script should execute in just a few seconds."
runif() {
log=$1
shift
if [ "`which $1 2>/dev/null`" != "" ]; then
$@ >$path/$log.txt
fi
}
if [ -d /sys/class/dmi/id ]; then
cat /sys/class/dmi/id/* 2>/dev/null >$path/dmi.txt
fi
ls -l / 2>/dev/null >$path/ls/main.txt
ls -lR /dev/disk/ 2>/dev/null >$path/ls/drives.txt
ls -alR /usr/local/ 2>/dev/null >$path/ls/local.txt
ls -lR /usr/lib/gcc/ 2>/dev/null >$path/ls/gcc.txt
DIRS="ansible apache2 apparmor.d apt avira bind binfmt.d ceph clamav cloud
cluster config cron.d cron.daily cron.hourly cron.monthly cron.weekly
courier dansguardian dbus-1 default dhcp dnsmasq.d docker dovecot dropbear
exim4 freeradius fstab.d haproxy httpd iet init init.d ipsec.d iscsi john
kav ldap lighttpd local logcheck logrotate.d lvm lxc mdadm mfs modprobe.d
motion mysql nagios network NetworkManager newrelic nginx ocsinventory
openattic openvpn opt pam.d php php5 pki polkit-1 postfix postgresql
postgresql-common prelude profile.d pve quagga redis resolvconf rsyslog.d
samba savapi security selinux sensors.d skel snmp snort ssh ssl ssmtp
subversion sudoers.d supervisor suricata sysctl.d sysstat systemd tomcat6
tomcat7 tomcat8 tomcat9 udev ufw virtual vsftpd xl2tpd zabbix zentyal zfs"
echo "Analyzing configuration directories in /etc directory"
for D in $DIRS; do
if [ -d /etc/$D ]; then
cp -a /etc/$D $path/etc
fi
done
FILES="adduser.conf aliases anacrontab avserver.conf blkid.* cron.deny
ca-certificates.* crontab crypttab debconf.conf debian_version
debsums-ignore deluser.conf devuan_version ec2_version elastix.conf
email-addresses environment exim.* exports fedora-release
freebsd-update.conf fstab ftpusers fuse.conf group gshadow host.conf
hostname hosts hosts.* image-id inittab ipsec.* issue issue.net krb5.conf
ld.so.conf ldap.* libaudit.conf locale.gen login.defs logrotate.conf
lsb-release machine-id mail.rc mailname memcached.conf mke2fs.conf
modules mongodb.conf mongod.conf mtab my.* nsswitch.conf ntp.conf
oracle-release os-release overlayroot.* pam.conf passwd profile proftpd.*
pure-ftpd.* qmail quotagrpadmins quotatab rarreg.key rc.* redhat-release
resolv.conf rkhunter.* rpi-issue rssh.conf rsyslog.* securetty shells
slackware-version subgid subuid sudoers SuSE-release sysctl.conf vsftpd.*
warnquota.conf"
echo "Analyzing configuration files in /etc directory"
for F in $FILES; do
FILES2=`ls /etc/$F 2>/dev/null |grep -v : |grep ^/`
for FF in $FILES2; do
if [ -h $FF ]; then
base=`basename $FF`
rm -f $path/etc/$base
cat $FF >$path/etc/$base
elif [ -f $FF ]; then
cp -a $FF $path/etc
fi
done
done
LOGS="syslog messages *.log mail.warn mail.info mail.err dmesg debug
aptitude apache2/*.log nginx/*.log postgresql/*.log clamav/*.log mysql/*.log
openvpn/*.log apt/*.log"
echo "Analyzing log files in /var/log directory"
for L in $LOGS; do
LOGS2=`ls /var/log/$L 2>/dev/null`
for LL in $LOGS2; do
base=`echo $LL |sed s@/var/log/@@g |tr '/' '-'`
rm -f $path/log/$base
tail -n 2000 $LL >$path/log/$base
done
done
PROC="cpuinfo meminfo modules slabinfo stat swaps mdstat partitions version
vmstat zoneinfo diskstats interrupts scsi/scsi vz/version"
echo "Analyzing system configuration"
for F in $PROC; do
if [ -f /proc/$F ]; then
cat /proc/$F >$path/proc/`echo $F |tr '/' '-'`.txt
fi
done
runif lshw lshw
runif route route -ne
runif arp arp -na
runif netstat netstat -nap
runif iptables iptables -nvL
runif iptables-nat iptables -nvL -t nat
runif ip6tables ip6tables -nvL
runif ip6tables-nat ip6tables -nvL -t nat
runif smbstatus smbstatus
runif ifconfig ifconfig -a
runif ip ip addr
runif hostname hostname
runif hostnamectl hostnamectl
runif systemctl systemctl
runif ps ps aux
runif sysctl sysctl -a
runif nfsstat nfsstat
runif exportfs exportfs
runif mount mount
runif df df -h
runif docker-ps docker ps -a
runif docker-vol docker volume list
runif docker-img docker images
runif virsh virsh list --all
runif smartctl smartctl --scan
runif sensors sensors
runif lspci lspci
runif lsusb lsusb
runif lspci-v lspci -v
runif lsusb-v lsusb -v
runif dpkg dpkg -l
runif dmesg dmesg
runif last last
runif w w
runif env env
runif uptime uptime
runif uname uname -a
runif node-v node -v
runif npm-v npm -v
runif php-v php -v
runif php-i php -i
runif php-m php -m
runif pm2 pm2 list
runif npm npm list
runif pip pip list
runif pip3 pip3 list
runif rpm-qa rpm -qa
runif rpm-ql rpm -ql
runif yum-list yum list installed
runif yum-repo yum repolist
runif yum-hist yum history
if [ -f /var/cpanel/cpanel.config ]; then
cp -a /var/cpanel/cpanel.config $path
fi
if [ -d /var/spool/cron ]; then
cp -a /var/spool/cron $path
fi
if [ -d /root/.gnupg ]; then
cp -a /root/.gnupg $path
elif [ -d /.gnupg ]; then
cp -a /.gnupg $path
fi
if [ -d /usr/local/etc ]; then
mkdir -p $path/local
cp -a /usr/local/etc $path/local
fi
if [ -d /usr/local/directadmin/conf ]; then
mkdir -p $path/directadmin
cp -a /usr/local/directadmin/conf $path/directadmin
fi
echo "Preparing the tarball"
tb="analysis-`hostname`-`date +%Y%m%d-%H%M`.tgz"
tar czf $WD/$tb $path 2>/dev/null
echo "Tarball created: $WD/$tb"
echo "Please send it to devops[at]espeo[dot]eu."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment