BestHub
Sign in
Information Security 13 min read

Bash Scripts to Inspect Linux Processes, Users, and Harden System Security

This article presents a collection of Bash scripts for Linux administrators, covering how to retrieve detailed process information by PID or name, query user account details, and apply various system hardening measures such as password policies, login restrictions, and file immutability.

Open Source Linux
Open Source Linux
Open Source Linux
Bash Scripts to Inspect Linux Processes, Users, and Harden System Security

1. Filter process information by PID

This Bash script prompts the user for a PID, verifies its existence, and displays comprehensive details such as the command, owning user, CPU and memory usage, start time, runtime, status, virtual and shared memory.

#!/bin/bash
# Function: 根据用户输入的PID,过滤出该PID所有的信息
read -p "请输入要查询的PID: " P
n=`ps -aux| awk '$2~/^'$P'/{print $11}'|wc -l`
if [ $n -eq 0 ];then
 echo "该PID不存在!!"
 exit
fi
echo "--------------------------------"
echo "进程PID: $P"
echo "进程命令:`ps -aux| awk '$2~/^'$P'$/ {print $11}'`"
echo "进程所属用户: `ps -aux| awk '$2~/^'$P'$/ {print $1}'`"
echo "CPU占用率:`ps -aux| awk '$2~/^'$P'$/ {print $3}'`%"
echo "内存占用率:`ps -aux| awk '$2~/^'$P'$/ {print $4}'`%"
echo "进程开始运行的时刻:`ps -aux| awk '$2~/^'$P'$/ {print $9}'`"
echo "进程运行的时间:`ps -aux| awk '$2~/^'$P'$/ {print $10}'`"
echo "进程状态:`ps -aux| awk '$2~/^'$P'$/ {print $8}'`"
echo "进程虚拟内存:`ps -aux| awk '$2~/^'$P'$/ {print $5}'`"
echo "进程共享内存:`ps -aux| awk '$2~/^'$P'$/ {print $6}'`"
echo "--------------------------------"

2. Filter process information by name

This script asks for a process name, counts matching processes, and iterates through each PID to output the same set of details as in the first script.

#!/bin/bash
# Function: 根据输入的程序的名字过滤出所对应的PID,并显示出详细信息,如果有几个PID,则全部显示
read -p "请输入要查询的进程名:" NAME
N=`ps -aux | grep $NAME | grep -v grep | wc -l`
if [ $N -le 0 ];then
  echo "该进程名没有运行!"
fi
i=1
while [ $N -gt 0 ]
do
  echo "进程PID: `ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $2}'`"
  echo "进程命令:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $11}'`"
  echo "进程所属用户: `ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $1}'`"
  echo "CPU占用率:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $3}'`%"
  echo "内存占用率:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $4}'`%"
  echo "进程开始运行的时刻:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $9}'`"
  echo "进程运行的时间:` ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $11}'`"
  echo "进程状态:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $8}'`"
  echo "进程虚拟内存:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $5}'`"
  echo "进程共享内存:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $6}'`"
  echo "***************************************************************"
  let N-- i++
done

3. Query user information by username

The script reads a username, checks whether the account exists, and prints the username, UID, primary group, GID, home directory, and whether the account can log in (e.g., /bin/bash vs /sbin/nologin).

#!/bin/bash
# Function:根据用户名查询该用户的所有信息
read -p "请输入要查询的用户名:" A
echo "------------------------------"
n=`cat /etc/passwd | awk -F: '$1~/^'$A'$/{print}' | wc -l`
if [ $n -eq 0 ];then
 echo "该用户不存在"
 echo "------------------------------"
else
 echo "该用户的用户名:$A"
 echo "该用户的UID:`cat /etc/passwd | awk -F: '$1~/^'$A'$/{print}'|awk -F: '{print $3}'`"
 echo "该用户的组为:`id $A | awk {'print $3'}`"
 echo "该用户的GID为:`cat /etc/passwd | awk -F: '$1~/^'$A'$/{print}'|awk -F: '{print $4}'`"
 echo "该用户的家目录为:`cat /etc/passwd | awk -F: '$1~/^'$A'$/{print}'|awk -F: '{print $6}'`"
 Login=`cat /etc/passwd | awk -F: '$1~/^'$A'$/{print}'|awk -F: '{print $7}'`
 if [ $Login == "/bin/bash" ];then
   echo "该用户有登录系统的权限!!"
   echo "------------------------------"
 elif [ $Login == "/sbin/nologin" ];then
   echo "该用户没有登录系统的权限!!"
   echo "------------------------------"
 fi
fi

4. System hardening configurations

This section provides a series of Bash commands that enforce password policies, lockout thresholds, disable root SSH login, limit command‑history size, enforce wheel‑group usage for su, list users with login shells, detect empty passwords, and optionally make critical account files immutable.

#!/bin/bash
# Function:对账户的密码的一些加固
read -p "设置密码最多可多少天不修改:" A
read -p "设置密码修改之间最小的天数:" B
read -p "设置密码最短的长度:" C
read -p "设置密码失效前多少天通知用户:" D
sed -i '/^PASS_MAX_DAYS/c\PASS_MAX_DAYS '$A'' /etc/login.defs
sed -i '/^PASS_MIN_DAYS/c\PASS_MIN_DAYS '$B'' /etc/login.defs
sed -i '/^PASS_MIN_LEN/c\PASS_MIN_LEN '$C'' /etc/login.defs
sed -i '/^PASS_WARN_AGE/c\PASS_WARN_AGE '$D'' /etc/login.defs

echo "已对密码进行加固,新用户不得和旧密码相同,且新密码必须同时包含数字、小写字母,大写字母!!"
sed -i '/pam_pwquality.so/c\password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= difok=1 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1' /etc/pam.d/system-auth

echo "已对密码进行加固,如果输入错误密码超过3次,则锁定账户!!"
n=`cat /etc/pam.d/sshd | grep "auth required pam_tally2.so " | wc -l`
if [ $n -eq 0 ];then
sed -i '/%PAM-1.0/a\auth required pam_tally2.so deny=3 unlock_time=150 even_deny_root root_unlock_time300' /etc/pam.d/sshd
fi

echo "已设置禁止root用户远程登录!!"
sed -i '/PermitRootLogin/c\PermitRootLogin no'  /etc/ssh/sshd_config

read -p "设置历史命令保存条数:" E
read -p "设置账户自动注销时间:" F
sed -i '/^HISTSIZE/c\HISTSIZE='$E'' /etc/profile
sed -i '/^HISTSIZE/a\TMOUT='$F'' /etc/profile

echo "已设置只允许wheel组的用户可以使用su命令切换到root用户!"
sed -i '/pam_wheel.so use_uid/c\auth required pam_wheel.so use_uid ' /etc/pam.d/su
n=`cat /etc/login.defs | grep SU_WHEEL_ONLY | wc -l`
if [ $n -eq 0 ];then
echo SU_WHEEL_ONLY yes >> /etc/login.defs
fi

echo "即将对系统中的账户进行检查...."
echo "系统中有登录权限的用户有:"
awk -F: '($7=="/bin/bash"){print $1}' /etc/passwd
echo "********************************************"
echo "系统中UID=0的用户有:"
awk -F: '($3=="0"){print $1}' /etc/passwd
echo "********************************************"
N=`awk -F: '($2==""){print $1}' /etc/shadow|wc -l`
echo "系统中空密码用户有:$N"
if [ $N -eq 0 ];then
 echo "恭喜你,系统中无空密码用户!!"
 echo "********************************************"
else
 i=1
 while [ $N -gt 0 ]
 do
   None=`awk -F: '($2==""){print $1}' /etc/shadow|awk 'NR=='$i'{print}'`
   echo "------------------------"
   echo $None
   echo "必须为空用户设置密码!!"
   passwd $None
   let N--
 done
 M=`awk -F: '($2==""){print $1}' /etc/shadow|wc -l`
 if [ $M -eq 0 ];then
   echo "恭喜,系统中已经没有空密码用户了!"
 else
   echo "系统中还存在空密码用户:$M"
 fi
fi

echo "即将对系统中重要文件进行锁定,锁定后将无法添加删除用户和组"
read -p "警告:此脚本运行后将无法添加删除用户和组!!确定输入Y,取消输入N;Y/N:" i
case $i in
  [Y,y])
    chattr +i /etc/passwd
    chattr +i /etc/shadow
    chattr +i /etc/group
    chattr +i /etc/gshadow
    echo "锁定成功!"
    ;;
  [N,n])
    chattr -i /etc/passwd
    chattr -i /etc/shadow
    chattr -i /etc/group
    chattr -i /etc/gshadow
    echo "取消锁定成功!!"
    ;;
  *)
    echo "请输入Y/y or N/n"
esac
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

System AdministrationBashUser Managementprocess monitoringsecurity hardening
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment