Linux服务器检查标准

1、linux平台服务器检查标准手册服务器配置:设备硬件配置信息机型号cpu内存硬盘系统信息操作系统red hatip主机名服务器硬件检查:检查项检查操作参考标准巡检情况电源指示 灯观察电源指示灯颜色绿色为正常黄色为冗余电源 异常不亮为无电源供 应硬盘指示 灯观察硬盘指示灯颜色绿色闪烁为正常 黄色为警告红色为严重错误风扇运作 情况用手感觉进风和出风口是 否正常进风和出风口有 强烈气流，反之异 常网线连接 情况检查网线与交换机之间的 连线是否正常，以及双机心 跳网线连接是否正常交换机连接主机 的所有端口指示 灯为长亮，双机系 统的公网与交换 机之间的连接应 为交叉连接网卡工作 状态网卡指示灯是否正常

2、闪烁服务器插上网线 后，若有数据传 输，则网卡指示灯 呈现规律性绿色 闪烁；若闪烁不正 常或指示灯指示 颜色不正常，则说 明系统数据传输将不正常服务器标皿标签是否松动、脱落，字体 是否模糊不清所有服务器必须 要有标签，字体清 晰服务器操作系统检查:检查项检查操作参考标准巡检情况操作系统 版本uname a 参考附录图示检查操作系统版 本及机器型号系统账户 检查cat /etc/group 参考附录图示检查系统账号，看 是否有非法账号服务器运行状况检查:检查项检查操作参考标准巡检情况cputop uptime参考附录图示1%wa 般情况不能 高于 20%30%id不能长期低 于50%内存free

3、 vmstat 2可用内存低于 200m swap空间不 能处于高位，一般 比较少用swap空 间，使用率不能高 于80%参考附录图示2文件系统cat /etc/fstab df - h fdisk -i iostat 2检查自动挂载 如有存储，看是否 已经加入启动自 己挂载中参考附录图示3文件系统可用容 量不能低于20%网络i fconf i g - a route - n检查网卡ip情况 检查路由状况ping ip -t netstat - an netstat - intp netstat -antp chkconf i g -list 参考附录图示4检查网络是否通 检查端口 检查后台服

4、务系统安全more /etc/passwd more /etc/shadow dmesgcat /etc/group 1ast 丨 ogw参考附录图示5查看哪些账号何 时做了登入，是否 有异常账号，异常 ip登入服务器 并查看服务器运 行日志，看是否有 报错日志more /var/log/message more /var/log/secure more /var/log/b oo 匸 log 参考附录图示6日志中没有关键 系统报错，不存储 非法登入报错数据库1snrct 丨 status检查1 i stener是 否开启tnsping tnsname检查tnsping是否 能够联通参考附录图

5、示7应用ps - ef|grep web logic应用后台进程存 在，占用资源情况 正常参考附录图乔8服务器巡检结果综述：巡检人：巡检日期：附录： 图示1:top:top - 14:31:11 up 27 days, 20:03,2 users, toad average: 0.17, 0. 39, 0.tasks: 257 total,1 running, 255.切呻“叩丿 fl1 zombiecpu(s): 0.0%us,0.0%sy,0.0%ni j 99.8%id,0.0%wa|0.0%hi,0.0%si , cmem: 32959764k total , 32639504k us

6、'c!"13202601'tfee,258380k buffersswap: 25165812k total,163400k used, 25002412k free, 30975104k cachedpid userpr ni virt res shr s %cpu %memtime+ command223982 544 3123456789012345oracle root root root root root root root root root root root root root root root root151515rt34rtrt34rtrt34

7、rtrt34rtrt34000595595-1 - - 1 -11. 9g9218410348814m3352688809m2612576s s s s s s s5ss s s s s s s5330000000000000006860.so.o.6660.o.60.o.60.50000000000000000660.o.60.o.666864:11.84 0:00.01 0:01.75 0:00.23 0:00.00 0:00.00 0:00.63 0:00.00 0:00.00 0:00.21 0:00.07 0:00.00 0:00.10 0:00.06 0:00.00

8、 0:00.09 0:00.00ecld -aht rf c rf c rf c rf c rf i go t go t got got go n s a s a sasas .lmkwmkwmkwmkwmkt.id tid t.id tid ath ath ath atht.l.ao o 1 1 2 2 3 3 4 4 /o/1/2/3/ nd/nd/nd/nd/nd. o qgo qgo qgo qgo q i r 0.1 r oi r r oi r%id越高越好 表示空闲的cpu越多长期低于50%要引起注意%wa越低越好 长期高于30%要引起注意upt ime：rootkpipri #

9、uptime14:36:35 up 27 days, 20:08,2 users, load averaqe: 0.59, 0.48, 0.34|cpu的平均负载 越低越好 图示2：free:rootkpipri # 幵眈 1 石+uspdsharedbufferscachedmem:3295976432642500317264 |025968430977680-/+ durrers/cache:swap:2516581214ubl3t>16340025002412vmstat 2:pri # vmstat 2procs r b 0 0 0 0 1 0 0 0 0 0 1 0swpd 1

10、63400 163400 163400 163400 163400 163400memorfree 312916 313272 313520 313768 314048 314172buff 260128 260128 260136 260136 260140 260148cache309782243097823630978236309782443097824830978244-swapsi so000000000000io- bibo-syste injmcs us sy-cpuid wa st7140199004181263286990005410351899900638107023495

11、000101050195990004410471969700红色标注部分表示内存的使用情况，特别注意buffer/cache的free也算是内 存的可复用空间，内存占用必须保证剩余300m以上图示3：cat /etc/fstab :rootkpipri # cat / label=/label=/boqtlproclabel=swtcci ss/c0d0p2/boot /dev/shm /dev/pts /sys/proc swapext 3 ext 3 tmpf s devpts sysfs proc swapdefaults1defaults1defaults0gid=5,mode=620

12、 0 defaults0defaults0defaults0红色部分为开机自动挂载的文件系统，加入存储需要启动的时候自动挂载，需要 再次添加挂载的文件系统信息fd i sk - i:rootkpipri 二# fdisk -1pisk dqv/cciss/cpdo: ?99.9 gbj 299959511040 byteszbb neads, bs sectors/track, jt>468 cyliriders un "its = cylinders of 16065 衣 512 = 8225280 bytesdevice bootstartendblocksidsystem

13、/dev/cciss/codopl*164514 04 8+83linux/dev/cci ss/c0d0p265319725165822+82linux swap / solaris/dev/cciss/c0d0p3319836468267249307+83linux第一排是实际的物理硬盘第二个红色框是物理盘上面的分区df - h：rootkpipri # df filesystem /dev/cciss/c0d0p3 /dev/cci ss/codopl tmpfs /dev/mapper/mpathosi zeusedavai1 iluse%kiounted on247g31g204g1

14、3%/487m17m44 5m4%1 boot16g016g0%1/dev/shm296g44g238g16%storage-h各个文件系统的空间使用情况，不能超过80% 22r# 49- 12 i ptk05/21/2012avg-cpu: %user%nice%system%iowait%steal%idle0.700.000.050.200.0099.05s s s ss s s s o a a a b cd - c c c cdddd m c c c c s s s sd12 3 ppp o o o o dddd oooo c c c csooo9o99o1p5 00407706t 2

15、002000021c ale 9 ool9809800505700606400blk_wrtn/s121.45087066030120990900109909 2 4 4 91blk_read 220881944 1973 216377 220663126 1640 20700710 20326320 1640 41023750blk.wrtn292309476443996029186951201202485441202504480240498992第一个显示的是cpu的一个使用情况第二个显示10的量，从这里可以看每秒10负载，越小表示10越低，访问量少图示4：ifeonfig - a：rro

16、otkdipri # ifconfigetholink encap:ethernet hwaddr 3c：4a：92：de：82：b0broadcast multicast mtu：1500 metric：lrx packets:0 errors:0 dropped:0 overruns:0 frame:0tx packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000rx bytes:0 (0.0 b) tx bytes:0 (0. 0 b)ethllink encap:ethernet hwa

17、ddr 3c：4a：92：de：82：b4iner addr:10.8& 103.64 beast:55 mask:255.2 55.2 55.0 inetb addr: rebo：:3e4a：92tr：rede：82d4/b4 scope:linkup broadcast running multicast mtu：1500 metric：lrx packets:71409899 errors:46 dropped:0 overruns:0 frame:0tx packets:71874874 errors:0 dropped:o overruns:0 carr

18、ier:0 collisions:© txqueuelen:1000rx bytes:11525216902 (10.7 gib) tx bytes:88347812517 (82.2 gib)loli nk encap:local loopbackinet addr: mask:iner6 addr: :1/128 scope:hostup loopback running mtu：16436 metric：!rx packets:116346 errors:0 dropped:0 overruns:0 frame:0tx packets :11

19、6346 errors :0 dropped:0 overruns :0 car让r:0 collisions:0 txqueuelen:0rx bytes:11844723 (11.2 m1b) tx bytes:11844723 (11.2 m1b)sitol"ink encap noarp mtu rx packets tx packets collisions rx bytes:0:ipv6-in-ipv4 :1480 metric:!oooe)ubx opp e pp t o o o v r r :b dd ne x oof to ooverruns:o frame:。 o

20、verruns:0 carrier:0(0.0 b)左侧显zf的网卡名称 右边显示该网卡的设定,比如ip,子网掩码等rooted izcmesdbl # routw kernel ip routing table gateway 10,8destination 0 0. 0. 0genmask255. 255.255.0255. 255.o.o0, 0. 0, 0flags metricuuugoooroooachlhlhl f 111 i e e e e o o o s查看路由表rootdlzcmesdbl # p

21、ing* 10*. 88.103.1ping () 56(84) 6464646464646464646464bytes bytes bytes bytes bytes bytes bytes bytes bytes bytesbytes of data. ttl=255 time=0.343 ttl=255 ttl=255 ttl=255 ttl=255 "1=255 icmp_seq=7 ttl=255 icmp_seq=8 tt1=255 icmp_seq=9 ttl=255icmp_seq=licmp_seq=2aa64from

22、:from :from : icmp_seq=3from : *from 10.8&103.1:from :from :from 10.8&103.1:from :from 10.8&103.1:from :es from : icmp_seq=12 ttl=255 time=0.290 msms ms ms ms ms ms ms ms ms ms icmp_seq=ll

23、ttl=255 time=0.287 mstime=0.341time=0.293time=0.320time=0.337 time=0.302 time=0.258 time=0.288 time=0.309 icmp_seq=10 ttl=255 time=0.280icmp_seq=4 icmp_seq=5 icmp_seq=6ping网关，看能否正常响应，如果可以，表示到服务器到网关的网络正常rootkpipri # networkmanager acpi d anacron atd auditd autofs avahi-daemon avahi-dnsconfd bluetooth

24、 capi conman cpuspeed crondcups dnsmasq dund firstbootn s c o e s n m ide ae b vi 1 d3 p 3eb 3 i i ddtii 3 ab s s n mldl6 m m td qc cd pa.1 pppppr r s s s qrn h h i i i i i i i -1 ilexeckdump kudzu libvirtd lisa lm_sensors 1vm2-monitor mcstrans mdmonitor mdmpd messagebus microcode_ctl multipathd net

25、backup netconsole-fffffffffff ffffffffffffffffff fffff ffffffff -fffffffffff nffffffffffffffffff nfffff nffffffff ooooooooooooooooooooooooooooooooooooooooooooo gi111111111111111111111111111111111111111111111 nfocffffffffffffffffffffffffffffff ffffffffffffff kffffffffffffffffffffffffffffff nfffffffff

26、fffff hooooooooooooooooooooooooooooooooooooooooooooo c ooooooooooooooooooooooooooooooooooooooooooooo1222222222222222222222222222222222222222222222sf f fff ff fff f ff f ff ffff ff f f f n nf nf f f nf f n n nf f f nf n n nf f nf nf f n nf f f f n n n nf f nf nf oooooooooooooooooooooooooooooooooooooo

27、ooooooof f f f f f f f f n n n n n nf nf f n n n n n n n ooooooooooooo o o o o oononmonof444444444444444444444444444444444444444444444查看后台开启了哪些服务，将一些不需要的服务可以关闭。f f f f f f f f f f f f f f n n n n n nf nf f n n nf f n n n n n nf f nf n n 门 n nf n nf n n n nf n n n nf ooooooooooooooooooooooooooooooooo

28、oooooooooooof f f f f f f f f f f f f f f f f n n n n n nf nf f n n nf f f n n n n nf f nf n n n n nf n nf n n n nf n nf f f ooooooooooooooooooooooooooooooooooooooooooooo666666666666666666666666666666666666666666666ooooooooooooooooooooooooooooooooooooooooooooorootkpipri -# netstat -intp active inter

29、net connections proto tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcprecvq000000000000000send-q000000000000000(only servers) local address :2208 :54308 :13701 :16712 4:1521 :1556:1557 :5:13782 :23 0.0.

30、0.0:13724 :2207 ：:1556：:22 :：1：631es3no oooooooooooigs 66666666666eoooooooooooostate listenpio/program name 4138/hpiodlisten28521/pbx_exchanqelisten29622/vmdlisten26600/orad000_kpilisten26801/tnslsnrlisten28521/pbx_exchangelisten28521/pbx_exchangelisten4464/dnsmasqlisten29527/bpcdlisten4179

31、/xinetdlisten29523/vnetdlisten4143/pythonlisten28521/pbx_exchangelisten4156/sshdlisten4165/cupsd查看正在监听的服务器端口，比如22端口对应sshd服务图示5：rootkpipri # more /etc/passwdroot:x:0:0:root:/root:/bin/bash bin:x:l:l:bir): /bi n:/sbi n/nol ogi n daemon:x:2:2:daemon:/sbi n:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nol

32、ogin lp:x:4:7:lp:/var/spool/ipd:/sbin/nologin sync:x:5:0:sync:/sbin:/bi n/sync snutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mai 1 :x:8:12:mail:/var/spool/mai 1:/sbin/nolog"in news:x:9:13:news:/et c/news:uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:

33、ll:0:operator:/root:/sbi n/nologi n games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/noyogjn ftp:x:14:50:ftp user:/var/ftp:/sbin/nologin nobody:x:99:99:nobody:/:/sbi n/nologi n nscd:x:28:28:nscd daemon:/:/sbin/nologin vcsa:x:69:69: virtual console memory owner :/

34、dev:/sbin/nolog*in pcap:x:77:77:/var/arpwatch:/sbi n/nologin ntp:x:38:38:/etc/ntp:/sbin/nologin rpc:x:32:32:portmapper rpc user:/:/sbin/nologi n mail null:x:47:47:/var/spool/mqueue:/sbi n/nologi n smmsp:x:51:51:/var/spool/mqueue:/sbi n/nologi n sshd:x:74:74：privilege-separated ssh:/var/empty/sshd:/s

35、bin/nologin rpcuser:x:29:29:rpc service user:/var/1ib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:anonymous nfs user:/var/iib/nfs:/sbin/nologin dbus:x:81:81:system message bus:/:/sbin/nologin avahi:x:70:70：avahi daemon:/:/sbilynologin haldaemon:x:68:68:hal daemon:/:/sbin/nologin avahi-autoip

36、d:x:100:101:avahi-autoipd:/var/1ib/avahi-autoipd:/sbin/nologin oprofile:x:16:16：special user account to be used by oprofiie:/home/oprori1e:/sbi n/nologin xfs:x:43:43：x font server:/etc/xll/fs:/sbin/nologin gdm:x:42:42:/var/qdm:/sbin/nologjn sabayon:x:86:86:sabayon user:/home/sabayon:/sbin/nologin si

37、mon:x:500:500:simon:/home/simon:/bin/oash oracle:x:501:501:/home/oracle:/bin/bashsnmp:x:502:503:/home/snmp:/bi n/bash nb:x:503:504:/home/nb:/bin/bash webloqic:x:504:505:/home/webloqi c:/bin/bash 查询系统中存在的账号，看是否有非法的rootkpipri lastlogusername root bin daemon adm ip sync snutdown halt mail news uucp ope

38、ratorport pts/2from10.8 & 103.148r s e eh m ppb ca o t o s 9qf n ndy odvcsa pcap ntp rpc mail null smmsp sshd rpcuserdbus avahi haldaemon avahi-autoipd oprofilexfs gdm sabayon simon oraclelatest mon may *never *never “never *never *never "never "never *never "never 存农never “never

39、*never *never "never *never "never *never *never “never *never *never *never *never *never *never *never *never “never “never "never *never "neversnmp nbweblogic prs/1图示6:444445555556666778888999900000 -p<5 0000000000000000000000011111 k7777777777777777777777777777771222222222

40、222222222222222222222 o yyyyyyyyyyyyyyyyyyyyyyyyyyyyyv raaaaaaaaaaaaaaaaaaaaaaaaaaaaaa .m mmmmmmmmmmmmmmmmmmmmmmmmmmmmm1290266123511755005500005555113r012440111453355001122000011223"never dc40a00463.geely wed dec 01 mon may 23 fri apr*never28 14:20:26 logged logged logged logg

41、ed logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged logged+08002012丁# more /var/1og/messages 02 * * 49270749314637495316460432324142050520204749555948480

42、91901kpipri kpipri kpipri kpip kpipri kpipri kpipri kpiprikpipri kpipri kpipri kpipri kpipri kpip kpipri kpipri kpipri kpipri kpip kpipri kpipri kpipri kpipri kpipri kpiprisyslog xineta xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xi

43、netd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetd xinetdj 14.i: restart.4179=4179=417954179'4179'：4179=4179=417954179 4179' 4179' 4179'417954179 4179'4179'4179'4179j41794179'4179'4179'l4179j4179*4179'4179'4179' 41794179

44、1查看系统日志message的信息in* in* in* in* in* in* in* in* in* in* in* in* in* in* in* in* in* in* in*in" in*in* in*in* in*in* in* in*14 09:25:16 28 14:12:35 20 11:32:26 logged in"+0800 +0800 +0800201120122012start： telnet pid-20167 from-01exit： telnet status=l pid=20167 duration=38(sec)sta

45、rt: telnet pid=20272 from=01exit： telnet status=l pid=20272 duration=282(sec)start： telnet pid=20634 from=01exit： telnet status«l pid-20634 duration-315(sec)start: telnet pid=20744 from=01exit： telnet status=l pid=20744 duration=72(sec)start： telnet pid=21188 from=10.

46、86.1.101exit: telnet status=l pid=21188 duration=323(sec) start： telnet pid=21784 from-01exit： telnet status=l pid=21784 duration=318(sec) start： telnet pid=22097 from=01start： telnet pid=22098 from=01exit: telnet status=l pid=22097 duration=309(sec)exit： telnet status-1 p

47、id-22098 duration-310(sec) start: telnet pid=23122 from=01start： telnet pid=23123 from=01exit： telnet status=l pid=23122 duration=315(sec)exit： telnet status=l pid=23123 duration=315(sec) start： telnet pid-23752 from-01start: telnet pid=23753 from=10. 86.1.101exit：telnetst

48、atus=lpid=23752duration=308(sec)exit：telnetstatus=lpid=23753duration=310(sec)start： telnet pid=24721 from=01start： telnet pid=24722 from«01exit：telnetstatus=lpid=24722duration=321(sec)exit：telnetstatus=lpid=24721duration=331(sec)start： telnet pid=25026 fromlo.86.1.101看是否有异常报错，

49、及异常登入rootokpipri may 27 04:20 27-27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may may272727272727272704 04 04 05 05 05 05

50、05 05 06 06 06 06 07 07 08 08 08 08 09 09 09 09 10 1010 10 10 10 11 11 11 1111111111121212204246061112 13 465131375555 00 0015152020 00 0005 051521213338 00 00 03 03 47475050303035more /var/log/secure '05 05154942464849071655043737414215152020505255595757091909113030262804043041131715kpipri kpip

51、ri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kpipri kplpr1login login login login l

52、ogin login login login login login login login login login login login login login login login login login login login logi n login login login login login login login login login login login login login login login loginpam_unix(remote:auth): bad username pam_succeed_if(remote:auth): error retrievi

53、ng information pam_unixfremote:sessionx 上一上 一 °pam_unix(remote:session pamunixcremote:session pancunix(remote:session panuunix(remote:session pamunixcremote:session pam_unix(remote:session panuunixcremote:session pamunix(remote:session panuunix(remote:session pam_unix(remote:session panuunixqremote:session pam