linux各版本基线检查脚本(centos6、centos7、ubuntu系列)
以下是centos7基线检查脚本:
1 #!/bin/bash
2 #version v1.0 by pensar
3 #操作系统linux 配置规范--centos7
4cat <<EOF
5 ***************************************************************
6 linux安全配置检查脚本:
71. 输出结果在/tmp/check/⽬录下查看
82.检查范围及检查项(共计4⼤类,33项)
9 *⽇志审计配置*:
10 [1]检查Cron任务授权
11 [2]检查是否对syslog登录事件记录
12 [3]检查是否对f配置审核
13 [4]检查系统⽇志读写权限
14 [5]检查是否对远程⽇志服务器配置
15 *系统⽂件管理*:
16 [1]检查是否对登录超时时间配置
17 [2]检查系统磁盘状态
18 [3]检查是否禁⽌匿名FTP访问
19 [4]检查是否修改FTP banner 信息
20 [5]检查是否关闭不必要的服务
21 [6]检查系统core dump状态
22 [7]检查系统补丁
23 *⽤户账号配置*:
24 [1]检查是否存在⽆⽤账号
25 [2]检查不同⽤户是否共享账号
26 [3]检查是否删除或锁定⽆⽤账号
27 [4]检查是否存在⽆⽤⽤户组
28 [5]检查是否指定⽤户组成员使⽤su命令
29 [6]检查密码长度及复杂度策略
30 [7]检查是否对⽤户远程登录进⾏限制
31 [8]检查是否配置加密协议
32 [9]检查是否配置密码的⽣存期
33 [10]检查⽤户缺省访问权限
34 [11]检查passwd group⽂件安全权限
35 [12]检查是否存在除root之外UID为0的⽤户
36 [13]检查是否配置环境变量
37 [14]检查是否对远程连接的安全性进⾏配置
38 [15]检查是否对⽤户的umask进⾏配置
39 [16]检查是否对重要⽬录和⽂件的权限进⾏设置
40 [17]检查是否存在未授权的suid/sgid⽂件
41 [18]检查是否存在异常隐含⽂件
42 *⽹络通信配置*:
43 [1]检查是否对基本⽹络服务进⾏配置
44 [2]检查是否开启NFS服务
45 [3]检查常规⽹络服务是否运⾏正常
46 ***************************************************************
47 EOF
48mkdir /tmp/check
49 str1=`/sbin/ifconfig -a | grep inet | grep -v 127.0.0.1 | grep -v inet6 | awk'{print $2}' | tr -d "addr:" | head -n 1`
50 str=`date +%Y%m%d%H%M`_"$str1"
51
52echo"----**⽇志审计配置**----" >> /tmp/check/${str}_
53echo"[1] 检查Cron任务授权" >> /tmp/check/${str}_
54if [ -e /etc/cron.deny ] && [ -e /etc/at.deny ];then
55 CRON_DENY=`ls -l /etc/cron.deny | awk'{print $1}'`
56 AT_DENY=`ls -l /etc/at.deny | awk'{print $1}'`
57echo"/etc/cron.deny⽂件授权情况为:${CRON_DENY:1:9}" >> /tmp/check/${str}_
58echo"/etc/at.deny⽂件授权情况为:${AT_DENY:1:9}" >> /tmp/check/${str}_
59echo"{'Check_point':'检查Cron任务授权','Check_result':{'/etc/cron.deny⽂件授权情况为':'${CRON_DENY:1:9}','/etc/at.deny⽂件授权情况为':'${AT_DENY:1:9}'}}" >> /tmp/check/${str}_ 60 CRON=`cat /f | grep"cron.\*"`
61echo"/f的配置情况为:${CRON}" >> /tmp/check/${str}_
62else
63echo"未到/etc/cron.deny和/etc/at.deny配置⽂件" >> /tmp/check/${str}_
64fi
65
66echo"----------------------------" >> /tmp/check/${str}_
67echo"[2]检查是否对syslog登录事件记录" >> /tmp/check/${str}_
68if [ -e /f ];then
69 Clog=`cat /f | grep /var/log/secure | grep -E "authpriv\.\*"`
70echo"/f的配置为:${Clog}" >> /tmp/check/${str}_
71else
72echo"未到/f配置⽂件" >> /tmp/check/${str}_
73fi
74
75echo"----------------------------" >> /tmp/check/${str}_
76echo"[3]检查是否对f配置审核" >> /tmp/check/${str}_
77if [ -e /f ];then
78 LOG=`cat /f | grep @loghost`
f⽂件的配置为${LOG}" >> /tmp/check/${str}_
80else
81echo"未到/f配置⽂件" >> /tmp/check/${str}_
82fi
83
84echo"----------------------------" >> /tmp/check/${str}_
85echo"[4]检查系统⽇志读写权限" >> /tmp/check/${str}_
86if [ -e /var/log/messages ];then
87 MESSAGES=`ls -l /var/log/messages | awk'{print $1}'`
88echo"/var/log/messages的⽂件权限为:${MESSAGES:1:9}" >> /tmp/check/${str}_
90echo"未到/var/log/messages的⽂件" >> /tmp/check/${str}_
91fi
92if [ -e /var/log/secure ];then
93 SECURE=`ls -l /var/log/secure | awk'{print $1}'`
94echo"/var/log/secure 的⽂件权限为:${SECURE:1:9}" >> /tmp/check/${str}_
95else
96echo"未到/var/log/secure的⽂件" >> /tmp/check/${str}_
97fi
98
99if [ -e /var/log/maillog ];then
100 MAILLOG=`ls -l /var/log/maillog | awk'{print $1}'`
101echo"/var/log/maillog 的⽂件权限为:${MAILLOG:1:9}" >> /tmp/check/${str}_
102else
103echo"未到/var/log/maillog的⽂件" >> /tmp/check/${str}_
104fi
105
106if [ -e /var/log/cron ];then
107 CRON=`ls -l /var/log/cron | awk'{print $1}'`
108echo"/var/log/cron 的⽂件权限为:${CRON:1:9}" >> /tmp/check/${str}_
109else
110echo"未到/var/log/cron的⽂件" >> /tmp/check/${str}_
111fi
112if [ -e /var/log/spooler ];then
113 SPOOLER=`ls -l /var/log/spooler | awk'{print $1}'`
114echo"/var/log/spooler 的⽂件权限为:${SPOOLER:1:9}" >> /tmp/check/${str}_
115else
116echo"未到/var/log/spooler的⽂件" >> /tmp/check/${str}_
117fi
118
119if [ -e /var/log/boot/log ];then
120 LOG=`ls -l /var/log/boot/log | awk'{print $1}'`
121echo"/var/log/boot/log 的⽂件权限为:${LOG:1:9}" >> /tmp/check/${str}_
122else
123echo"未到/var/log/boot/log的⽂件" >> /tmp/check/${str}_
124fi
125
126echo"----------------------------" >> /tmp/check/${str}_
127echo"[5]检查是否对远程⽇志服务器配置" >> /tmp/check/${str}_
128if [ -e /f ];then
129 RSYS=`cat /f | grep"@${str1}" | grep $'\t' | grep \.\*`
130echo"远程⽇志服务器配置情况为:${RSYS}" >> /tmp/check/${str}_
131else
132echo"未到/f配置⽂件" >> /tmp/check/${str}_
133fi
134echo"----------------------------" >> /tmp/check/${str}_
135echo""
136echo"----**系统⽂件管理**----" >> /tmp/check/${str}_
137echo"[1]检查是否对登录超时时间配置" >> /tmp/check/${str}_
138if [ -e /etc/profile ] && [ -e /etc/bashrc ]; then
139 TMOUT=`cat /etc/profile | grep HISTTIMEFORMAT | grep TMOUT`
140if [ -n ${TMOUT} ]; then
141echo"/etc/profile的超时时间设置情况为:${TMOUT}" >> /tmp/check/${str}_
142 FORMAT=`cat /etc/bashrc | grep export | grep HISTTIMEFORMAT`
143if [ -n ${FORMAT} ];then
144echo"/etc/bashrc的设置为${FORMAT}" >> /tmp/check/${str}_
145else
146echo"/etc/bashrc不存在对应配置" >> /tmp/check/${str}_
147fi
148else
149echo"/etc/profile⽂件不存在对应配置" >> /tmp/check/${str}_
150fi
151else
152echo"不存在/etc/profile⽂件以及/etc/bashrc⽂件" >> /tmp/check/${str}_
153fi
154
155
156echo"----------------------------" >> /tmp/check/${str}_
157echo"[2]检查系统磁盘状态" >> /tmp/check/${str}_
158 DF=`df -h | awk'NR!=1{print $5}' | awk -F[\%] '{print $1}'`
159for i in $DF
160do
161if [ $i -ge 80 ];then
162 flag=1
163else
164 flag=0
165fi
166done
167if [ $flag = 1 ];then
168echo"系统磁盘使⽤率⼤于80%" >> /tmp/check/${str}_
169else [ $flag = 0 ]
170echo"系统磁盘状态⼩于80%" >> /tmp/check/${str}_
171fi
172
173echo"----------------------------" >> /tmp/check/${str}_
174echo"[3]检查是否禁⽌匿名FTP访问" >> /tmp/check/${str}_
175if [ -e /f ];then
176cat /f | grep"anonymous_enable=NO"
177if [ $? -eq 0 ]; then
ubuntu网络配置178echo"/f⽂件有设置:anonymous_enable=NO" >> /tmp/check/${str}_
179else
180echo"不符合规范,需编辑/f⽂件,设置:anonymous_enable=NO" >> /tmp/check/${str}_ 181fi
182else
183echo"未到/f⽂件" >> /tmp/check/${str}_
184fi
186echo"----------------------------" >> /tmp/check/${str}_
187echo"[4]检查是否修改FTP banner 信息" >> /tmp/check/${str}_
188if [ -e /etc/vsftpd.f ];then
189 BANNER=`cat /etc/vsftpd.f | grep ftpd_banner | grep -F[=] awk'{print $1}'` 190if [ -n ${BANNER} ];then
191echo"banner信息为${BANNER}" >> /tmp/check/${str}_
192else
193echo"未设置banner信息" >> /tmp/check/${str}_
194fi
195else
196echo"未到/etc/vsftpd.f⽂件" >> /tmp/check/${str}_
197fi
198
199if [ -e /etc/ftpaccess ];then
200cat /etc/ftpaccess | grep"banner /path/to/ftpbanner"
201if [ -e -eq 0 ];then
202echo"/etc/ftpaccess⽂件中已经设置banner路径" >> /tmp/check/${str}_
203else
204echo"/etc/ftpaccess⽂件中未设置banner路径" >> /tmp/check/${str}_
205fi
206else
207echo"不存在/etc/ftpaccess⽂件" >> /tmp/check/${str}_
208fi
209
210echo"----------------------------" >> /tmp/check/${str}_
211echo"[5]检查是否关闭不必要的服务" >> /tmp/check/${str}_
212 SERVICE=`ps -ef`
213echo"系统服务情况为${SERVICE}" >> /tmp/check/${str}_
214 SER_LIST=`systemctl list-units -all --type=service`
215echo"服务有${SER_LIST}" >> /tmp/check/${str}_
216if [ -e /f ];then
217echo"在/f⽂件中禁⽌不必要的基本⽹络服务" >> /tmp/check/${str}_ 218else
219echo"未到/f⽂件" >> /tmp/check/${str}_
220fi
221
222
223echo"----------------------------" >> /tmp/check/${str}_
224echo"[6]检查系统core dump状态" >> /tmp/check/${str}_
225if [ -e /etc/f ];then
226cat /etc/f | grep \* | grep soft | grep core | grep0
227if [ $? -eq 0 ];then
228cat /etc/f | grep \* | grep hard | grep core | grep0
229if [ $? -eq 0 ];then
230echo"/etc/f符合安全配置" >> /tmp/check/${str}_
231else
232echo"/etc/f未安装规范进⾏设置" >> /tmp/check/${str}_ 233fi
234else
235echo"/etc/f未安装规范进⾏设置" >> /tmp/check/${str}_ 236fi
237else
238echo"未到/etc/f配置⽂件" >> /tmp/check/${str}_
239fi
240
241echo"----------------------------" >> /tmp/check/${str}_
242echo"[7]检查系统补丁" >> /tmp/check/${str}_
243 OS=`uname -a`
244echo"系统版本情况为${OS}" >> /tmp/check/${str}_
245
246
247
248echo"----**⽤户账号配置**----" >> /tmp/check/${str}_
249echo"[1]检查是否存在⽆⽤账号" >> /tmp/check/${str}_
250passwd=`ls -l /etc/passwd | awk'{print $1}'`
251if [ "${passwd:1:9}" = "rw-r--r--" ]; then
252echo"/etc/passwd⽂件权限为644,符合规范" >> /tmp/check/${str}_
253else
254echo"/etc/passwd⽂件权限为${passwd:1:9},不符合规范" >> /tmp/check/${str}_ 255fi
256 PASSWD_U=`cat /etc/passwd | awk -F[:] '{print $1}'`
257echo"查看是否存在⽆⽤账号:${PASSWD_U}" >> /tmp/check/${str}_
258
259
260echo"----------------------------" >> /tmp/check/${str}_
261echo"[2]检查不同⽤户是否共享账号" >> /tmp/check/${str}_
262 PASS=`cat /etc/passwd | awk -F[:] '{print $1}'`
263echo"cat /etc/passwd结果为${PASS}" >> /tmp/check/${str}_
264 #查看所有账号,与管理员确认是否有共享账号
265
266echo"----------------------------" >> /tmp/check/${str}_
267echo"[3]检查是否删除或锁定⽆⽤账号" >> /tmp/check/${str}_
268 NOlogin=`cat /etc/passwd | grep nologin | awk -F[:] '{print $1}'`
269echo"shell域中为nologin的账户有${NOlogin}" >> /tmp/check/${str}_
270
271
272echo"----------------------------" >> /tmp/check/${str}_
273echo"[4]检查是否存在⽆⽤⽤户组" >> /tmp/check/${str}_
274 GROUP=`ls -l /etc/group | awk'{print $1}'`
275echo"/etc/group⽂件权限为${GROUP}" >> /tmp/check/${str}_
276 GROUP_U=`cat /etc/group | awk -F[:] '{print $1}'`
277echo"/etc/group⽤户组有${GROUP}" >> /tmp/check/${str}_
278
279
280echo"----------------------------" >> /tmp/check/${str}_
281echo"[5]检查是否指定⽤户组成员使⽤su命令" >> /tmp/check/${str}_
282if [ -e /etc/pam.d/su ];then
283 SUFFI=`cat /etc/pam.d/su | grep auth | grep sufficient | grep pam_rootok.so`
284 REQUIRED=`cat /etc/pam.d/su | grep auth | grep required | grep group=`
285echo"是否指定⽤户组成员情况为${SUFFI}\n${REQUIRED}" >> /tmp/check/${str}_
286else
287echo"未到/etc/pam.d/su配置⽂件" >> /tmp/check/${str}_
288fi
289
290
291
292echo"----------------------------" >> /tmp/check/${str}_
293echo"[6]检查密码长度及复杂度策略" >> /tmp/check/${str}_
294if [ -e /etc/pam.d/system-auth ];then
295 passComplexity=`cat /etc/pam.d/system-auth | grep"pam_pwquality.so"`
296 passucredit=`cat /etc/pam.d/system-auth | grep"pam_pwquality.so" | grep -e ucredit | awk'{print $4}'` 297 passlcredit=`cat /etc/pam.d/system-auth | grep"pam_pwquality.so" | grep -e lcredit | awk'{print $5}'` 298 passdcredit=`cat /etc/pam.d/system-auth | grep"pam_pwquality.so" | grep -e dcredit | awk'{print $6}'` 299 passocredit=`cat /etc/pam.d/system-auth | grep"pam_pwquality.so" | grep -e ocredit | awk'{print $7}'` 300echo"密码复杂度策略为:${passComplexity}" >> /tmp/check/${str}_
301echo"密码复杂度策略中设置的⼤写字母个数为:${passucredit}" >> /tmp/check/${str}_
302echo"密码复杂度策略中设置的⼩写字母个数为:${passlcredit}" >> /tmp/check/${str}_
303echo"密码复杂度策略中设置的数字个数为:${passdcredit}" >> /tmp/check/${str}_
304echo"密码复杂度策略中设置的特殊字符个数为:${passocredit}" >> /tmp/check/${str}_
305else
306 ehco "不存在/etc/pam.d/system-auth⽂件" >> /tmp/check/${str}_
307fi
308
309echo"----------------------------" >> /tmp/check/${str}_
310echo"[7]检查是否对⽤户远程登录进⾏限制" >> /tmp/check/${str}_
311cat /etc/securetty | grep"#" | grep tty
312if [ $? -eq 0 ];then
313echo"注释掉所有tty设备" >> /tmp/check/${str}_
314else
315echo"未注释掉所有tty设备" >> /tmp/check/${str}_
316fi
317
318 RootLogin=`cat /etc/ssh/sshd_config | grep PermitRootLogin | awk'{print $2}'`
319if [ "${RootLogin}" == "yes" ];then
320echo"/etc/ssh/sshd_config中PermitRootLogin配置为yes" >> /tmp/check/${str}_
321else [ "${RootLogin}" == "no" ]
322echo"/etc/ssh/sshd_config中PermitRootLogin配置为no" >> /tmp/check/${str}_
323fi
324
325
326
327echo"----------------------------" >> /tmp/check/${str}_
328echo"[8]检查是否配置加密协议" >> /tmp/check/${str}_
329 SSH=`ps -elf | grep ssh`
330echo"ssh服务状态为${SSH}" >> /tmp/check/${str}_
331if [ -e /etc/ssh/sshd_config ];then
332cat /etc/ssh/sshd_config | grep"Host*" | grep"Protocol 2"
333if [ $? -eq 0 ];then
334echo"/etc/ssh/sshd_config⽂件符合安全配置" >> /tmp/check/${str}_
335else
336echo"/etc/ssh/sshd_config⽂件中未到相应配置" >> /tmp/check/${str}_
337fi
338else
339echo"未到/etc/ssh/sshd_config⽂件" >> /tmp/check/${str}_
340fi
341
342
343echo"----------------------------" >> /tmp/check/${str}_
344echo"[9]检查是否配置密码的⽣存期" >> /tmp/check/${str}_
345if [ -e /etc/login.defs ];then
346 passmax=`cat /etc/login.defs | grep PASS_MAX_DAYS | grep -v ^# | awk'{print $2}'`
347 passmin=`cat /etc/login.defs | grep PASS_MIN_DAYS | grep -v ^# | awk'{print $2}'`
348 passlen=`cat /etc/login.defs | grep PASS_MIN_LEN | grep -v ^# | awk'{print $2}'`
349 passage=`cat /etc/login.defs | grep PASS_WARN_AGE | grep -v ^# | awk'{print $2}'`
350echo"⼝令⽣存周期天数为: ${passmax}" >> /tmp/check/${str}_
351echo"⼝令更改最⼩时间间隔为天数为:${passmin}" >> /tmp/check/${str}_
352echo"⼝令最⼩长度天数为:${passlen}" >> /tmp/check/${str}_
353echo"⼝令过期告警时间天数为:${passage}" >> /tmp/check/${str}_
354else
355echo"未到/etc/login.defs配置⽂件" >> /tmp/check/${str}_
356fi
357
358echo"----------------------------" >> /tmp/check/${str}_
359echo"[10]检查⽤户缺省访问权限" >> /tmp/check/${str}_
360 fileumask=`cat /etc/login.defs | grep -i umask | awk'{print $2}'`
361if [ -n $fileumask ]; then
362echo"/etc/login.defs⽂件的umask的值为:${fileumask}" >> /tmp/check/${str}_
363else
364echo"/etc/login.defs⽂件未配置umask值" >> /tmp/check/${str}_
365fi
366
367
368echo"----------------------------" >> /tmp/check/${str}_
369echo"[11]检查passwd group⽂件安全权限" >> /tmp/check/${str}_
370
371grep ^+: /etc/passwd /etc/shadow /etc/group
372if [ $? -eq 0 ];then
373echo"低于安全要求" >> /tmp/check/${str}_
374else
375echo"符合安全要求" >> /tmp/check/${str}_
376fi
377passwd=`ls -l /etc/passwd | awk'{print $1}'`
378echo"/etc/passwd⽂件权限为${passwd:1:9}" >> /tmp/check/${str}_
379 ETC_group=`ls -l /etc/group | awk'{print $1}'`
380echo"/etc/group⽂件权限为${passwd:1:9}" >> /tmp/check/${str}_
381
382 igroup=`lsattr /etc/group | grep i`
383if [ "$igroup" = "i" ]; then
384echo"/etc/group⽂件存在i属性⽂件" >> /tmp/check/${str}_
385else
386echo"/etc/group⽂件不存在i⽂件属性" >> /tmp/check/${str}_
387fi
388 ipasswd=`lsattr /etc/passwd | grep i`
389if [ "$igshadow" = "i" ]; then
390echo"/etc/passwd存在i属性⽂件" >> /tmp/check/${str}_
391else
392echo"/etc/passwd不存在i⽂件属性" >> /tmp/check/${str}_
393fi
394
395
396echo"----------------------------" >> /tmp/check/${str}_
397echo"[12]检查是否存在除root之外UID为0的⽤户" >> /tmp/check/${str}_
398 uids=`awk -F[:] 'NR!=1{print $3}' /etc/passwd` #NR!=1意思的除了第⼀⾏不显⽰。1代表具体的⾏数
399 flag=0
400for i in $uids
401do
402if [ $i = 0 ]; then
403echo"存在⾮root账号的账号UID为0,不符合要求" >> /tmp/check/${str}_
404else
405 flag=1
406fi
407done
408if [ $flag = 1 ]; then
409echo"不存在⾮root账号的UID为0,符合要求" >> /tmp/check/${str}_
410fi
411
412
413
414echo"----------------------------" >> /tmp/check/${str}_
415echo"[13]检查是否配置环境变量" >> /tmp/check/${str}_
416echo $PATH | egrep'(^|:)(\.|:|$)'
417if [ $? -eq 0 ];then
418echo"检查是否包含⽗⽬录,低于安全要求" >> /tmp/check/${str}_
419else
420echo"检查是否包含⽗⽬录,符合安全要求" >> /tmp/check/${str}_
421fi
422
423echo"----------------------------" >> /tmp/check/${str}_
424echo"[14]检查是否对远程连接的安全性进⾏配置" >> /tmp/check/${str}_
425 filerhosts=`find / -maxdepth 3 -type f -name .rhosts 2>/dev/null`
426if [ -n "$filerhosts" ]; then
427echo"rhosts⽂件路径为:${filerhosts}" >> /tmp/check/${str}_
428else
429echo"未到.rhosts⽂件" >> /tmp/check/${str}_
430fi
431
432 fileequiv=`find / -maxdepth 2 -name hosts.equiv 2>/dev/null`
433if [ -n "$fileequiv" ]; then
434echo"hosts.equiv⽂件路径为:${fileequiv}" >> /tmp/check/${str}_
435else
436echo"未到hosts.equiv⽂件" >> /tmp/check/${str}_
437fi
438 filenetrc=`find / -maxdepth 3 -name rc 2>/dev/null`
439if [ -n "$filenetrc" ]; then
440echo"netrc⽂件路径为:${filenetrc}" >> /tmp/check/${str}_
441else
442echo"未到rc⽂件" >> /tmp/check/${str}_
443fi
444
445echo"----------------------------" >> /tmp/check/${str}_
446echo"[15]检查是否对⽤户的umask进⾏配置" >> /tmp/check/${str}_
447if [ -e /etc/profile ];then
448 PROFILE1=`cat /etc/profile | grep -i umask | grep -v '#' | head -n 1 | awk'{print $2}'`
449 PROFILE2=`cat /etc/profile | grep -i umask | grep -v '#' | tail -1 | awk'{print $2}'`
450if [ -n "$PROFILE" ]; then
451echo"在/etc/profile⽂件中umask的值为:${PROFILE}和${PROFILE1}" >> /tmp/check/${str}_ 452else
453echo"在/etc/profile⽂件中未到umask值" >> /tmp/check/${str}_
454fi
455fi
456
457 csh=`cat /etc/csh.login | grep -i umask`
458if [ -n "$csh" ]; then
459echo"在/etc/csh.login⽂件中umask的内容为:${csh}" >> /tmp/check/${str}_
460else
461echo"在/etc/csh.login⽂件中未到umask值" >> /tmp/check/${str}_
462fi
463
464 cshrc1=`cat /etc/csh.cshrc | grep -i umask | grep -v '#' | head -n 1 | awk'{print $2}'`
465 cshrc2=`cat /etc/csh.cshrc | grep -i umask | grep -v '#' | tail -1 | awk'{print $2}'`
466if [ -n "$cshrc" ]; then
467echo"在/etc/csh.cshrc⽂件中umask的值为:${cshrc1}和${cshrc2}" >> /tmp/check/${str}_
468else
469echo"在/etc/csh.login⽂件中未到umask值" >> /tmp/check/${str}_
470fi
471
472if [ -e /etc/bashrc ];then
发表评论