Last active
October 26, 2023 09:43
-
-
Save tomaszklim/8a87eddf94ec4674629824d4ea1ebe59 to your computer and use it in GitHub Desktop.
Espeo Software initial server analysis script, for future customers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Espeo Software server analysis script | |
# Written by Tomasz Klim | |
# Version 1.2 | |
# | |
# Run this script as root and send us the created TGZ package. | |
WD=`pwd` | |
path=$WD/analysis | |
mkdir -p $path/etc $path/log $path/ls $path/proc | |
# If this script runs very slow, this is usually the longest | |
# part. You can try to remove individual directories from this | |
# variable, if these directories are huge and irrelevant to | |
# the analysis. However please describe then, what is cut | |
# and why, to avoid any later misunderstandings. | |
LS="boot data db etc home media mnt opt root run srv var" | |
# This is the absolutely minimal version. | |
#LS="boot etc run var" | |
x=1 | |
w=`echo "$LS" |wc -w` | |
echo "If this part is too slow, press Ctrl+C and follow the comments inside this script." | |
for D in $LS; do | |
if [ -d /$D ]; then | |
echo "[$x/$w] Listing /$D directory contents" | |
ls -alR /$D/ 2>/dev/null >$path/ls/$D.txt | |
fi | |
x=$(( $x + 1 )) | |
done | |
echo "Thanks for your patience! The rest of this script should execute in just a few seconds." | |
runif() { | |
log=$1 | |
shift | |
if [ "`which $1 2>/dev/null`" != "" ]; then | |
$@ >$path/$log.txt | |
fi | |
} | |
if [ -d /sys/class/dmi/id ]; then | |
cat /sys/class/dmi/id/* 2>/dev/null >$path/dmi.txt | |
fi | |
ls -l / 2>/dev/null >$path/ls/main.txt | |
ls -lR /dev/disk/ 2>/dev/null >$path/ls/drives.txt | |
ls -alR /usr/local/ 2>/dev/null >$path/ls/local.txt | |
ls -lR /usr/lib/gcc/ 2>/dev/null >$path/ls/gcc.txt | |
DIRS="ansible apache2 apparmor.d apt avira bind binfmt.d ceph clamav cloud | |
cluster config cron.d cron.daily cron.hourly cron.monthly cron.weekly | |
courier dansguardian dbus-1 default dhcp dnsmasq.d docker dovecot dropbear | |
exim4 freeradius fstab.d haproxy httpd iet init init.d ipsec.d iscsi john | |
kav ldap lighttpd local logcheck logrotate.d lvm lxc mdadm mfs modprobe.d | |
motion mysql nagios network NetworkManager newrelic nginx ocsinventory | |
openattic openvpn opt pam.d php php5 pki polkit-1 postfix postgresql | |
postgresql-common prelude profile.d pve quagga redis resolvconf rsyslog.d | |
samba savapi security selinux sensors.d skel snmp snort ssh ssl ssmtp | |
subversion sudoers.d supervisor suricata sysctl.d sysstat systemd tomcat6 | |
tomcat7 tomcat8 tomcat9 udev ufw virtual vsftpd xl2tpd zabbix zentyal zfs" | |
echo "Analyzing configuration directories in /etc directory" | |
for D in $DIRS; do | |
if [ -d /etc/$D ]; then | |
cp -a /etc/$D $path/etc | |
fi | |
done | |
FILES="adduser.conf aliases anacrontab avserver.conf blkid.* cron.deny | |
ca-certificates.* crontab crypttab debconf.conf debian_version | |
debsums-ignore deluser.conf devuan_version ec2_version elastix.conf | |
email-addresses environment exim.* exports fedora-release | |
freebsd-update.conf fstab ftpusers fuse.conf group gshadow host.conf | |
hostname hosts hosts.* image-id inittab ipsec.* issue issue.net krb5.conf | |
ld.so.conf ldap.* libaudit.conf locale.gen login.defs logrotate.conf | |
lsb-release machine-id mail.rc mailname memcached.conf mke2fs.conf | |
modules mongodb.conf mongod.conf mtab my.* nsswitch.conf ntp.conf | |
oracle-release os-release overlayroot.* pam.conf passwd profile proftpd.* | |
pure-ftpd.* qmail quotagrpadmins quotatab rarreg.key rc.* redhat-release | |
resolv.conf rkhunter.* rpi-issue rssh.conf rsyslog.* securetty shells | |
slackware-version subgid subuid sudoers SuSE-release sysctl.conf vsftpd.* | |
warnquota.conf" | |
echo "Analyzing configuration files in /etc directory" | |
for F in $FILES; do | |
FILES2=`ls /etc/$F 2>/dev/null |grep -v : |grep ^/` | |
for FF in $FILES2; do | |
if [ -h $FF ]; then | |
base=`basename $FF` | |
rm -f $path/etc/$base | |
cat $FF >$path/etc/$base | |
elif [ -f $FF ]; then | |
cp -a $FF $path/etc | |
fi | |
done | |
done | |
LOGS="syslog messages *.log mail.warn mail.info mail.err dmesg debug | |
aptitude apache2/*.log nginx/*.log postgresql/*.log clamav/*.log mysql/*.log | |
openvpn/*.log apt/*.log" | |
echo "Analyzing log files in /var/log directory" | |
for L in $LOGS; do | |
LOGS2=`ls /var/log/$L 2>/dev/null` | |
for LL in $LOGS2; do | |
base=`echo $LL |sed s@/var/log/@@g |tr '/' '-'` | |
rm -f $path/log/$base | |
tail -n 2000 $LL >$path/log/$base | |
done | |
done | |
PROC="cpuinfo meminfo modules slabinfo stat swaps mdstat partitions version | |
vmstat zoneinfo diskstats interrupts scsi/scsi vz/version" | |
echo "Analyzing system configuration" | |
for F in $PROC; do | |
if [ -f /proc/$F ]; then | |
cat /proc/$F >$path/proc/`echo $F |tr '/' '-'`.txt | |
fi | |
done | |
runif lshw lshw | |
runif route route -ne | |
runif arp arp -na | |
runif netstat netstat -nap | |
runif iptables iptables -nvL | |
runif iptables-nat iptables -nvL -t nat | |
runif ip6tables ip6tables -nvL | |
runif ip6tables-nat ip6tables -nvL -t nat | |
runif smbstatus smbstatus | |
runif ifconfig ifconfig -a | |
runif ip ip addr | |
runif hostname hostname | |
runif hostnamectl hostnamectl | |
runif systemctl systemctl | |
runif ps ps aux | |
runif sysctl sysctl -a | |
runif nfsstat nfsstat | |
runif exportfs exportfs | |
runif mount mount | |
runif df df -h | |
runif docker-ps docker ps -a | |
runif docker-vol docker volume list | |
runif docker-img docker images | |
runif virsh virsh list --all | |
runif smartctl smartctl --scan | |
runif sensors sensors | |
runif lspci lspci | |
runif lsusb lsusb | |
runif lspci-v lspci -v | |
runif lsusb-v lsusb -v | |
runif dpkg dpkg -l | |
runif dmesg dmesg | |
runif last last | |
runif w w | |
runif env env | |
runif uptime uptime | |
runif uname uname -a | |
runif node-v node -v | |
runif npm-v npm -v | |
runif php-v php -v | |
runif php-i php -i | |
runif php-m php -m | |
runif pm2 pm2 list | |
runif npm npm list | |
runif pip pip list | |
runif pip3 pip3 list | |
runif rpm-qa rpm -qa | |
runif rpm-ql rpm -ql | |
runif yum-list yum list installed | |
runif yum-repo yum repolist | |
runif yum-hist yum history | |
if [ -f /var/cpanel/cpanel.config ]; then | |
cp -a /var/cpanel/cpanel.config $path | |
fi | |
if [ -d /var/spool/cron ]; then | |
cp -a /var/spool/cron $path | |
fi | |
if [ -d /root/.gnupg ]; then | |
cp -a /root/.gnupg $path | |
elif [ -d /.gnupg ]; then | |
cp -a /.gnupg $path | |
fi | |
if [ -d /usr/local/etc ]; then | |
mkdir -p $path/local | |
cp -a /usr/local/etc $path/local | |
fi | |
if [ -d /usr/local/directadmin/conf ]; then | |
mkdir -p $path/directadmin | |
cp -a /usr/local/directadmin/conf $path/directadmin | |
fi | |
echo "Preparing the tarball" | |
tb="analysis-`hostname`-`date +%Y%m%d-%H%M`.tgz" | |
tar czf $WD/$tb $path 2>/dev/null | |
echo "Tarball created: $WD/$tb" | |
echo "Please send it to devops[at]espeo[dot]eu." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment