Operations 23 min read
Master 18 Essential Bash Scripts for Linux System Automation
This article presents a curated collection of eighteen practical Bash scripts that automate common Linux system tasks such as file consistency checks, scheduled log cleaning, network traffic monitoring, user management, firewall rules, and service health checks, providing ready‑to‑run examples for sysadmins.
Open Source Linux
Open Source Linux
1. Detect file consistency between two servers
#!/bin/bash
#####################################
#检测两台服务器指定目录下的文件一致性
#####################################
#通过对比两台服务器上文件的md5值,达到检测一致性的目的
dir=/data/web
b_ip=192.168.88.10
#将指定目录下的文件全部遍历出来并作为md5sum命令的参数,进而得到所有文件的md5值,并写入到指定文件中
find $dir -type f | xargs md5sum > /tmp/md5_a.txt
ssh $b_ip "find $dir -type f | xargs md5sum > /tmp/md5_b.txt"
scp $b_ip:/tmp/md5_b.txt /tmp
#将文件名作为遍历对象进行一一比对
for f in $(awk '{print $2}' /tmp/md5_a.txt); do
if grep -qw "$f" /tmp/md5_b.txt; then
md5_a=$(grep -w "$f" /tmp/md5_a.txt | awk '{print $1}')
md5_b=$(grep -w "$f" /tmp/md5_b.txt | awk '{print $1}')
if [ $md5_a != $md5_b ]; then
echo "$f changed."
fi
else
echo "$f deleted."
fi
done2. Scheduled file content clearing and size logging
#!/bin/bash
################################################################
#每小时执行一次脚本(任务计划),当时间为0点或12点时,将目标目录下的所有文件内容清空,但不删除文件,其他时间则只统计各个文件的大小
################################################################
logfile=/tmp/$(date +%H-%F).log
n=$(date +%H)
if [ $n -eq 00 ] || [ $n -eq 12 ]; then
for i in $(find /data/log/ -type f); do
true > $i
done
else
for i in $(find /data/log/ -type f); do
du -sh $i >> $logfile
done
fi3. Monitor network interface traffic and log it
#!/bin/bash
#######################################################
#检测网卡流量,并按规定格式记录在日志中(每分钟记录一次)
#######################################################
while :
do
LANG=en
logfile=/tmp/$(date +%d).log
exec >> $logfile
date +"%F %H:%M"
sar -n DEV 1 59 | grep Average | grep ens33 | awk '{print $2,"\t","input:\t",$5*1000*8,"bps","
",$2,"\t","output:\t",$6*1000*8,"bps"}'
echo "####################"
# sar runs 59 seconds, no extra sleep needed
done4. Count numbers per line and total numbers in a document
#!/bin/bash
#########################################################
#计算文档每行出现的数字个数,并计算整个文档的数字总数
########################################################
n=$(wc -l a.txt | awk '{print $1}')
sum=0
for i in $(seq 1 $n); do
line=$(sed -n "${i}p" a.txt)
n_n=$(echo $line | sed 's/[^0-9]//g' | wc -L)
echo $n_n
sum=$((sum + n_n))
done
echo "sum:$sum"5. Download a file from an FTP server
#!/bin/bash
if [ $# -ne 1 ]; then
echo "Usage: $0 filename"
exit 1
fi
dir=$(dirname $1)
file=$(basename $1)
ftp -n -v <<EOF
open 192.168.1.10
user admin password
binary
cd $dir
get "$file"
EOF6. Read five numbers (0‑100) and report sum, min and max
#!/bin/bash
COUNT=1
SUM=0
MIN=0
MAX=100
while [ $COUNT -le 5 ]; do
read -p "请输入1-10个整数:" INT
if [[ ! $INT =~ ^[0-9]+$ ]]; then
echo "输入必须是整数!"
exit 1
elif [ $INT -gt 100 ]; then
echo "输入必须是100以内!"
exit 1
fi
SUM=$((SUM+INT))
[ $MIN -lt $INT ] && MIN=$INT
[ $MAX -gt $INT ] && MAX=$INT
let COUNT++
done
echo "SUM: $SUM"
echo "MIN: $MIN"
echo "MAX: $MAX"7. Monitor Nginx access log for 502 errors and restart php‑fpm
#!/bin/bash
###########################################################
#监测Nginx访问日志502情况,并做相应动作
###########################################################
log=/data/log/access.log
N=30 #阈值:30 条 502 错误(约 10%)
while :
do
err=$(tail -n 300 $log | grep -c '502')
if [ $err -ge $N ]; then
/etc/init.d/php-fpm restart 2>/dev/null
# 防止无限重启,延迟 60 秒
sleep 60
fi
sleep 10
done8. Scan host ports
#!/bin/bash
HOST=$1
PORTS="22 25 80 8080"
for PORT in $PORTS; do
if echo &>/dev/null > /dev/tcp/$HOST/$PORT; then
echo "$PORT open"
else
echo "$PORT close"
fi
done9. Print words with fewer than six letters from a sample sentence
#!/bin/bash
# 示例语句:Bash also interprets a number of multi-character options.
for s in Bash also interprets a number of multi-character options.; do
n=$(echo $s | wc -c)
if [ $n -lt 6 ]; then
echo $s
fi
done10. Expect script for password‑less SSH command execution
#!/bin/bash
USER=root
PASS=123.com
IP=192.168.1.120
expect <<EOF
set timeout 30
spawn ssh $USER@$IP
expect {
"(yes/no)" {send "yes\r"; exp_continue}
"password:" {send "$PASS\r"}
}
expect "$USER@*" {send "$1\r"}
expect "$USER@*" {send "exit\r"}
expect eof
EOF11. Create 10 users with random 10‑character passwords and log them
#!/bin/bash
##############################################################
#创建10个用户,并分别设置密码,密码要求10位且包含大小写字母以及数字
##############################################################
for u in $(seq -w 0 9); do
useradd user_$u
p=$(mkpasswd -s 0 -l 10)
echo $p | passwd --stdin user_$u
echo "user_$u $p" >> /tmp/userpassword
done12. Monitor httpd process count and restart when exceeding 500
#!/bin/bash
check_service(){
for i in $(seq 1 5); do
/usr/local/apache2/bin/apachectl restart 2>/var/log/httpderr.log
if [ $? -eq 0 ]; then
break
fi
done
}
while :
do
n=$(pgrep -l httpd | wc -l)
if [ $n -gt 500 ]; then
/usr/local/apache2/bin/apachectl restart
if [ $? -ne 0 ]; then
check_service
else
sleep 60
n2=$(pgrep -l httpd | wc -l)
if [ $n2 -gt 500 ]; then
mail.py
exit 0
fi
fi
fi
sleep 10
done13. iptables auto‑block IPs with excessive web requests
#!/bin/bash
DATE=$(date +%d/%b/%Y:%H:%M)
ABNORMAL_IP=$(tail -n5000 access.log | grep $DATE | awk '{a[$1]++} END {for(i in a) if(a[i]>100) print i}')
for IP in $ABNORMAL_IP; do
if ! iptables -vnL | grep -c "$IP" >/dev/null; then
iptables -I INPUT -s $IP -j DROP
fi
done14. Block IPs with too many SSH login failures
#!/bin/bash
DATE=$(date +"%a %b %e %H:%M")
ABNORMAL_IP=$(lastb | grep "$DATE" | awk '{a[$3]++} END {for(i in a) if(a[i]>10) print i}')
for IP in $ABNORMAL_IP; do
if ! iptables -vnL | grep -c "$IP" >/dev/null; then
iptables -I INPUT -s $IP -j DROP
fi
done15. Block IPs that exceed request thresholds in web logs and unblock later
#!/bin/bash
logfile=/data/log/access.log
ipt=/sbin/iptables
ips=/tmp/ips.txt
block(){
d1=$(date -d "-1 minute" +%H%M)
grep "$d1:" $logfile | awk '{print $1}' | sort -n | uniq -c | sort -n > $ips
for i in $(awk '$1>100 {print $2}' $ips); do
$ipt -I INPUT -p tcp --dport 80 -s $i -j REJECT
echo "$(date +%F-%T) $i" >> /tmp/badip.log
done
}
unblock(){
for a in $($ipt -nvL INPUT --line-numbers | grep '0.0.0.0/0' | awk '$2<10 {print $1}' | sort -nr); do
$ipt -D INPUT $a
done
$ipt -Z
}
# Run block every minute; run unblock at minute 00 and 30
while :; do
minute=$(date +%M)
if [ $minute -eq 00 ] || [ $minute -eq 30 ]; then
unblock
fi
block
sleep 60
done16. Validate user‑entered IP address
#!/bin/bash
function check_ip(){
IP=$1
if echo $IP | grep -E "^[0-9]{1,3}(\.[0-9]{1,3}){3}$" >/dev/null; then
VALID=$(echo $IP | awk -F. '$1<=255 && $2<=255 && $3<=255 && $4<=255 {print "yes"}')
if [ "$VALID" = "yes" ]; then
echo "$IP available."
return 0
else
echo "$IP not available!"
return 1
fi
else
echo "Format error!"
return 1
fi
}
while true; do
read -p "Please enter IP: " IP
check_ip $IP && break
echo "Please try again."
doneOriginal Source
Signed-in readers can open the original source through BestHub's protected redirect.
Republication Notice
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Written by
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
0 followers
Reader feedback
How this landed with the community
Rate this article
Was this worth your time?
Discussion
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.