my code:
import osproc
import strutils
import strformat
import nre
import streams
let users =
@["daemon","bin","sys","adm","uucp","nuucp","lpd","imnadm","ldap",
"lp","snapp","invscout","www","smbnull","iwww","owww","sshd",
"hpsmh","named","nobody","noaccess","hpdb","useradm"]
let services =
@["iptables","ip6tables","Bluetooth","postfix","cups","cpuspeed",
"NetworkManager","vsftpd","dhcpd","nfs","nfslock","ypbind"]
proc intToBool(x: int): bool =
if x==0: result = true
else: result = false
let fh = open("os.csv", fmWrite)
fh.write("序号,参数,配置\n")
var output = execCmdEx("df -Pm /boot | sed -n '2p' | awk '{print $2}'")
fh.write("1,/boot文件系统," & strip(output[0]) & " MB\n")
output = execCmdEx("df -Pm /var | sed -n '2p' | awk '{print $2}'")
let vargb = fmt"{parseInt(strip(output[0]))/1024:.1f}"
fh.write("2,/var文件系统," & vargb & " GB\n")
output = execCmdEx("df -Pm /tmp | sed -n '2p' | awk '{print $2}'")
let tmpgb = fmt"{parseInt(strip(output[0]))/1024:.1f}"
fh.write("3,/tmp文件系统," & tmpgb & " GB\n")
output = execCmdEx("grep SwapTotal /proc/meminfo | awk '{print $2}'")
let swapgb = fmt"{parseInt(strip(output[0]))/1024/1024:.1f}"
fh.write("4,swap文件系统," & swapgb & " GB\n")
output = execCmdEx("df -Pm / | sed -n '2p' | awk '{print $4}'")
let rootgb = fmt"{parseInt(strip(output[0]))/1024:.1f}"
fh.write("5,/文件系统剩余可用空间," & rootgb & " GB\n")
output = execCmdEx("df -PH | tail -n +2 | awk '{print $6,$5}'")
var index: int = 6
let dfs = strip(output[0]).split("\n")
for df in dfs:
var fs_name = df.split()[0]
var fs_usagerate = df.split()[1]
fh.write(intToStr(index) & "," & fs_name & "文件系统使用率," & fs_usagerate &
"\n")
index += 1
let fh1 = newFileStream("/etc/login.defs", fmRead)
var
fh1Content: string = ""
if not fh1.isNil:
fh1Content = fh1.readAll()
let PASS_MIN_LEN =
fh1Content.find(re"(?im)^\s*PASS_MIN_LEN\s+([1-9]\d*)\s*$")
if not PASS_MIN_LEN.isNone:
fh.write(intToStr(index) & ",口令长度,最少" & PASS_MIN_LEN.get.captures[0] &
"位\n")
index += 1
else:
fh.write(intToStr(index) & ",口令长度," & "NA\n")
index += 1
let fh2 = newFileStream("/etc/pam.d/system-auth", fmRead)
var
fh2Content: string = ""
if not fh2.isNil:
fh2Content = fh2.readAll()
let dcredit =
fh2Content.find(re"(?im)^\s*password\s+requisite\s+pam_cracklib\.so(\s+\S+)*\s+dcredit=(-\d+|\d+).*$")
if not dcredit.isNone:
fh.write(intToStr(index) & ",口令中数字数目," & dcredit.get.captures[1] &
"位\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中数字数目," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中数字数目," & "NA\n")
index += 1
if not fh2.isNil:
let lcredit =
fh2Content.find(re"(?im)^\s*password\s+requisite\s+pam_cracklib\.so(\s+\S+)*\s+lcredit=(-\d+|\d+).*$")
if not lcredit.isNone:
fh.write(intToStr(index) & ",口令中小写字母数目," & lcredit.get.captures[1] &
"位\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中小写字母数目," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中小写字母数目," & "NA\n")
index += 1
if not fh2.isNil:
let ucredit =
fh2Content.find(re"(?im)^\s*password\s+requisite\s+pam_cracklib\.so(\s+\S+)*\s+ucredit=(-\d+|\d+).*$")
if not ucredit.isNone:
fh.write(intToStr(index) & ",口令中大写字母数目," & ucredit.get.captures[1] &
"位\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中大写字母数目," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中大写字母数目," & "NA\n")
index += 1
if not fh2.isNil:
let ocredit =
fh2Content.find(re"(?im)^\s*password\s+requisite\s+pam_cracklib\.so(\s+\S+)*\s+ocredit=(-\d+|\d+).*$")
if not ocredit.isNone:
fh.write(intToStr(index) & ",口令中特殊字符数目," & ocredit.get.captures[1] &
"位\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中特殊字符数目," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",口令中特殊字符数目," & "NA\n")
index += 1
if not fh1.isNil:
let PASS_MAX_DAYS =
fh1Content.find(re"(?im)^\s*PASS_MAX_DAYS\s+([1-9]\d*)\s*$")
if not PASS_MAX_DAYS.isNone:
fh.write(intToStr(index) & ",口令最长过期时间," &
PASS_MAX_DAYS.get.captures[0] & "天\n")
index += 1
else:
fh.write(intToStr(index) & ",口令最长过期时间," & "NA\n")
index += 1
if not fh1.isNil:
let PASS_WARN_AGE =
fh1Content.find(re"(?im)^\s*PASS_WARN_AGE\s+([1-9]\d*)\s*$")
if not PASS_WARN_AGE.isNone:
fh.write(intToStr(index) & ",口令过期提前提醒时间," &
PASS_WARN_AGE.get.captures[0] & "天\n")
index += 1
else:
fh.write(intToStr(index) & ",口令过期提前提醒时间," & "NA\n")
index += 1
#let fh3 = newFileStream("/etc/ssh/sshd_config", fmRead)
#var
# fh3Content: string = ""
#if not fh3.isNil:
# fh3Content = fh3.readAll()
# let r = re"(?im)^[ \t]*Port[ \t]+(\d+)$"
#
# var port: string = ""
# for res in findAll(fh3Content, r):
# port = port & res.split()[1] & " "
#
# if port != "":
# fh.write(intToStr(index) & ",ssh端口号," & port.strip() & "\n")
# index += 1
# else:
# fh.write(intToStr(index) & ",ssh端口号," & "NA\n")
# index += 1
#else:
# fh.write(intToStr(index) & ",ssh端口号," & "NA\n")
# index += 1
let fh3 = newFileStream("/etc/ssh/sshd_config", fmRead)
var
fh3Content: string = ""
if not fh3.isNil:
fh3Content = fh3.readAll()
let r = re"(?im)^[ \t]*Port[[:blank:]]+(\d+)$" # [ \t]与[[:blank:]]是等价的
var start = 0
var port: string = ""
var m = find(fh3Content, r, start)
while m.isSome:
port = port & m.get().captures[0] & " "
start = m.get().captureBounds[0].b + 1
m = find(fh3Content, r, start)
if port != "":
fh.write(intToStr(index) & ",ssh端口号," & port.strip() & "\n")
index += 1
else:
fh.write(intToStr(index) & ",ssh端口号," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",ssh端口号," & "NA\n")
index += 1
if not fh2.isNil:
let unlock_time =
fh2Content.find(re"(?im)^\s*auth\s+required\s+pam_tally2\.so(\s+\S+)*\s+unlock_time=(\d+).*$")
if unlock_time.isSome:
fh.write(intToStr(index) & ",连续登陆失败锁定时长," & unlock_time.get.captures[1]
& "秒\n")
index += 1
else:
fh.write(intToStr(index) & ",连续登陆失败锁定时长," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",连续登陆失败锁定时长," & "NA\n")
index += 1
if not fh2.isNil:
let deny =
fh2Content.find(re"(?im)^\s*auth\s+required\s+pam_tally2\.so(\s+\S+)*\s+deny=(\d+).*$")
if deny.isSome:
fh.write(intToStr(index) & ",连续登陆失败尝试次数," & deny.get.captures[1] &
"次\n")
index += 1
else:
fh.write(intToStr(index) & ",连续登陆失败尝试次数," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",连续登陆失败尝试次数," & "NA\n")
index += 1
output = execCmdEx("grep -iln 'BONDING_OPTS[[:blank:]]*='
/etc/sysconfig/network-scripts/*")
if intToBool(output[1]):
let bonds = strip(output[0]).split("\n")
for bond in bonds:
var fh4 = newFileStream(bond, fmRead)
var fh4Content: string = ""
if not fh4.isNil:
fh4Content = fh4.readAll()
var bondr = re"""(?ims)^[ \t]*DEVICE[ \t]*=[ \t]*(\S+)[ \t]*$.*^[
\t]*BONDING_OPTS[ \t]*=[ \t]*"[ \t]*mode[ \t]*=[ \t]*(\d+)[ \t]+miimon[ \t]*=[
\t]*(\d+)[ \t]*"[ \t]*$"""
var bondm = fh4Content.find(bondr)
if bondm.isSome:
fh.write(intToStr(index) & "," & bondm.get.captures[0] & "双网卡绑定模式,"
& bondm.get.captures[1] & "\n")
index += 1
fh.write(intToStr(index) & "," & bondm.get.captures[0] &
"双网卡绑定检测时长," & bondm.get.captures[2] & "\n")
index += 1
else:
fh.write(intToStr(index) & "," & bond.split("-")[2] &
"双网卡绑定模式,NA\n")
index += 1
fh.write(intToStr(index) & "," & bond.split("-")[2] &
"双网卡绑定检测时长,NA\n")
index += 1
fh4.close()
else:
fh.write(intToStr(index) & ",双网卡绑定模式,NA\n")
index += 1
fh.write(intToStr(index) & ",双网卡绑定检测时长,NA\n")
index += 1
var fh5 = newFileStream("/etc/resolv.conf", fmRead)
var fh5Content: string = ""
if not fh5.isNil:
fh5Content = fh5.readAll()
let ns = re"(?im)^[ \t]*nameserver[[:blank:]]+(\S+)[ \t]*$"
var start: int = 0
var nameserver: string = ""
var nsm = find(fh5Content, ns, start)
while nsm.isSome:
nameserver = nameserver & nsm.get().captures[0] & " "
start = nsm.get().captureBounds[0].b + 1
nsm = find(fh3Content, ns, start)
if nameserver != "":
fh.write(intToStr(index) & ",DNS服务器," & nameserver.strip() & "\n")
index += 1
else:
fh.write(intToStr(index) & ",DNS服务器," & "NA\n")
index += 1
else:
fh.write(intToStr(index) & ",DNS服务器," & "NA\n")
index += 1
for user in users:
output = execCmdEx("passwd -S " & user)
if intToBool(output[1]):
fh.write(intToStr(index) & "," & user & "用户,不存在\n")
index += 1
else:
let matchObject = find(output[0], re"^\S+[ \t]+(\S+)[ \t]+")
if matchObject.get.captures[0] == "LK":
fh.write(intToStr(index) & "," & user & "用户,已锁定\n")
index += 1
else:
fh.write(intToStr(index) & "," & user & "用户,未锁定\n")
index += 1
for service in services:
output = execCmdEx("service " & service & " status")
if intToBool(output[1]):
fh.write(intToStr(index) & "," & service & "服务,已启动\n")
index += 1
else:
fh.write(intToStr(index) & "," & service & "服务,不存在或已关闭\n")
index += 1
output = execCmdEx("selinuxenabled")
if intToBool(output[1]):
fh.write(intToStr(index) & ",SELINUX,已开启\n")
else:
fh.write(intToStr(index) & ",SELINUX,已关闭\n")
if not fh1.isNil:
fh1.close()
if not fh2.isNil:
fh2.close()
if not fh3.isNil:
fh3.close()
if not fh5.isNil:
fh5.close()
fh.close()
Run
I compile it whit the following:
nim --gcc.exe:musl-gcc --gcc.linkerexe:musl-gcc --passL:-static -d:release
--opt:size `-l:"-lpcre"` c hello.nim
Run
or
nim -d:release --opt:size `-l:"-lpcre"` c osc.nim
Run
When I execute the code on other machine:
# ./osc
could not load: libpcre.so(.3|.1|)
compile with -d:nimDebugDlOpen for more information
Run
I can execute the code on my local machine.
