18 Must‑Know Bash Scripts to Automate Linux System Administration

1. Check file consistency between two servers

#!/bin/bash
#####################################
# Detect consistency of files in a specified directory on two servers
#####################################
# Compare MD5 values of files on both machines

dir=/data/web
b_ip=192.168.88.10

# Generate MD5 list for the local machine
find $dir -type f | xargs md5sum > /tmp/md5_a.txt
# Generate MD5 list for the remote machine
ssh $b_ip "find $dir -type f | xargs md5sum > /tmp/md5_b.txt"
scp $b_ip:/tmp/md5_b.txt /tmp

# Compare each file name
for f in `awk '{print $2}' /tmp/md5_a.txt`
do
    if grep -qw "$f" /tmp/md5_b.txt; then
        md5_a=`grep -w "$f" /tmp/md5_a.txt | awk '{print $1}'`
        md5_b=`grep -w "$f" /tmp/md5_b.txt | awk '{print $1}'`
        if [ $md5_a != $md5_b ]; then
            echo "$f changed."
        fi
    else
        echo "$f deleted."
    fi
done

2. Hourly log cleaning and size recording

#!/bin/bash
################################################################
# Every hour: at 00:00 or 12:00 clear file contents, otherwise record file sizes
################################################################
logfile=/tmp/$(date +%H-%F).log
n=$(date +%H)
if [ $n -eq 00 ] || [ $n -eq 12 ]; then
    for i in `find /data/log/ -type f`; do
        true > $i
    done
else
    for i in `find /data/log/ -type f`; do
        du -sh $i >> $logfile
    done
fi

3. Monitor network interface traffic and log it

#!/bin/bash
#######################################################
# Record network interface traffic every minute
#######################################################
while :
do
    LANG=en
    logfile=/tmp/$(date +%d).log
    exec >> $logfile
    date +"%F %H:%M"
    sar -n DEV 1 59 | grep Average | grep ens33 | awk '{print $2,"\t","input:\t",$5*1000*8,"bps","
",$2,"\t","output:\t",$6*1000*8,"bps"}'
    echo "####################"
    # No sleep needed because sar runs 59 seconds
 done

4. Count numbers per line and total numbers in a document

#!/bin/bash
#########################################################
# Count numeric characters per line and total in a file
#########################################################
 n=$(wc -l a.txt | awk '{print $1}')
 sum=0
 for i in `seq 1 $n`; do
    line=$(sed -n "${i}p" a.txt)
    n_n=$(echo $line | sed 's/[^0-9]//g' | wc -L)
    sum=$((sum + n_n))
 done
 echo "sum:$sum"

5. Download a file from an FTP server

#!/bin/bash
if [ $# -ne 1 ]; then
    echo "Usage: $0 filename"
    exit 1
fi

dir=$(dirname $1)
file=$(basename $1)
ftp -n -v <<EOF
open 192.168.1.10
user admin password
binary
cd $dir
get "$file"
EOF

6. Read five numbers (0‑100) and report sum, min, max

#!/bin/bash
COUNT=1
SUM=0
MIN=0
MAX=100
while [ $COUNT -le 5 ]; do
    read -p "Enter an integer (0‑100): " INT
    if [[ ! $INT =~ ^[0-9]+$ ]]; then
        echo "Input must be an integer!"
        exit 1
    elif [ $INT -gt 100 ]; then
        echo "Input must be within 100!"
        exit 1
    fi
    SUM=$((SUM + INT))
    [ $MIN -lt $INT ] && MIN=$INT
    [ $MAX -gt $INT ] && MAX=$INT
    let COUNT++
 done
 echo "SUM: $SUM"
 echo "MIN: $MIN"
 echo "MAX: $MAX"

7. Monitor Nginx access log for 502 errors and restart php‑fpm

#!/bin/bash
###########################################################
# Detect 502 errors in Nginx access log and restart php-fpm
###########################################################
log=/data/log/access.log
N=30   # threshold (30 out of last 300 lines ≈ 10%)
while :
do
    err=$(tail -n 300 $log | grep -c '502"')
    if [ $err -ge $N ]; then
        /etc/init.d/php-fpm restart 2>/dev/null
        sleep 60   # avoid rapid restart loops
    fi
    sleep 10
done

8. Count digits per line and total digits in a file (alternative method)

#!/bin/bash
n=$(wc -l a.txt | awk '{print $1}')
sum=0
for i in `seq 1 $n`; do
    line=$(sed -n "${i}p" a.txt)
    n_n=$(echo $line | sed 's/[^0-9]//g' | wc -L)
    sum=$((sum + n_n))
 done
 echo "sum:$sum"

9. Batch rename files (article_*.html → bbs_*.html)

# Example: rename article_1.html, article_2.html, article_3.html
for file in $(ls *html); do
    mv $file bbs_${file#*_}
 done

10. Compute total size of .html files in current directory

# Method 1
find . -name "*.html" -exec du -k {} \; | awk '{sum+=$1} END {print sum}'
# Method 2
sum=0
for size in $(ls -l *.html | awk '{print $5}'); do
    sum=$((sum + size))
 done
echo $sum

11. Scan host ports (22, 25, 80, 8080)

#!/bin/bash
HOST=$1
PORTS="22 25 80 8080"
for PORT in $PORTS; do
    if echo > /dev/tcp/$HOST/$PORT 2>/dev/null; then
        echo "$PORT open"
    else
        echo "$PORT close"
    fi
 done

12. Print words with fewer than six letters from a sample sentence

#!/bin/bash
for s in Bash also interprets a number of multi-character options.; do
    n=$(echo $s | wc -c)
    if [ $n -lt 6 ]; then
        echo $s
    fi
 done

13. Menu‑driven command execution based on numeric input

#!/bin/bash
echo "*cmd menu* 1-date 2-ls 3-who 4-pwd 0-exit"
while :
do
    read -p "please input number :" n
    [ -z "$n" ] && continue
    case $n in
        1) date ;;
        2) ls ;;
        3) who ;;
        4) pwd ;;
        0) break ;;
        *) echo "please input number is [1-4]" ;;
    esac
 done

14. Expect script for non‑interactive SSH command execution

#!/bin/bash
USER=root
PASS=123.com
IP=192.168.1.120
expect <<EOF
set timeout 30
spawn ssh $USER@$IP
expect {
    "(yes/no)" {send "yes\r"; exp_continue}
    "password:" {send "$PASS\r"}
}
expect "$USER@*" {send "$1\r"}
expect "$USER@*" {send "exit\r"}
expect eof
EOF

15. Create ten users with random 10‑character passwords and log them

#!/bin/bash
for u in `seq -w 0 09`; do
    useradd user_$u
    p=$(mkpasswd -s 0 -l 10)
    echo $p | passwd --stdin user_$u
    echo "user_$u $p" >> /tmp/userpassword
 done

16. Monitor httpd process count and restart Apache when it exceeds 500

#!/bin/bash
check_service() {
    for i in `seq 1 5`; do
        /usr/local/apache2/bin/apachectl restart 2>/var/log/httpderr.log
        if [ $? -eq 0 ]; then break; fi
        if [ $i -eq 5 ]; then mail.py; exit; fi
    done
}
while :
do
    n=$(pgrep -l httpd | wc -l)
    if [ $n -gt 500 ]; then
        /usr/local/apache2/bin/apachectl restart
        if [ $? -ne 0 ]; then
            check_service
        else
            sleep 60
            n2=$(pgrep -l httpd | wc -l)
            if [ $n2 -gt 500 ]; then mail.py; exit; fi
        fi
    fi
    sleep 10
done

17. Batch change server user passwords using expect and random passwords

#!/bin/bash
OLD_INFO=old_pass.txt
NEW_INFO=new_pass.txt
for IP in $(awk '/^[^#]/{print $1}' $OLD_INFO); do
    USER=$(awk -v I=$IP '$1==I{print $2}' $OLD_INFO)
    PASS=$(awk -v I=$IP '$1==I{print $3}' $OLD_INFO)
    PORT=$(awk -v I=$IP '$1==I{print $4}' $OLD_INFO)
    NEW_PASS=$(mkpasswd -l 8)
    echo "$IP $USER $NEW_PASS $PORT" >> $NEW_INFO
    expect -c "
        spawn ssh -p $PORT $USER@$IP
        set timeout 2
        expect {\"(yes/no)\" {send \"yes\r\"; exp_continue} \
                 \"password:\" {send \"$PASS\r\"; exp_continue} \
                 \"$USER@*\" {send \"echo '$NEW_PASS' | passwd --stdin $USER\r exit\r\"; exp_continue}}
    "
 done

18. Automatically block IPs that exceed request thresholds

#!/bin/bash
# Block IPs with >200 requests per minute (nginx example)
DATE=$(date +%d/%b/%Y:%H:%M)
ABNORMAL_IP=$(tail -n5000 access.log | grep $DATE | awk '{a[$1]++} END {for(i in a) if(a[i]>100) print i}')
for IP in $ABNORMAL_IP; do
    if ! iptables -vnL | grep -c "$IP" >/dev/null; then
        iptables -I INPUT -s $IP -j DROP
    fi
 done

# Block IPs with >10 SSH login failures per minute (auth.log example)
DATE=$(date +"%a %b %e %H:%M")
ABNORMAL_IP=$(lastb | grep "$DATE" | awk '{a[$3]++} END {for(i in a) if(a[i]>10) print i}')
for IP in $ABNORMAL_IP; do
    if ! iptables -vnL | grep -c "$IP" >/dev/null; then
        iptables -I INPUT -s $IP -j DROP
    fi
 done