BestHub
Sign in
Operations 12 min read

Master Linux Process & User Queries with Powerful Bash Scripts

This guide provides Bash scripts that let you retrieve detailed information about Linux processes by PID or name, query user account details, and apply a series of system hardening tweaks such as password policies, login restrictions, and file attribute protections.

Efficient Ops
Efficient Ops
Efficient Ops
Master Linux Process & User Queries with Powerful Bash Scripts

1. Retrieve all information for a given PID

#! /bin/bash
# Function: Filter all information of the entered PID
read -p "请输入要查询的PID: " P
n=`ps -aux| awk '$2~/^'$P'$/ {print $11}'|wc -l`
if [ $n -eq 0 ]; then
  echo "该PID不存在!!"
  exit
fi
echo "--------------------------------"
echo "进程PID: $P"
echo "进程命令:`ps -aux| awk '$2~/^'$P'$/ {print $11}'`"
echo "进程所属用户: `ps -aux| awk '$2~/^'$P'$/ {print $1}'`"
echo "CPU占用率:`ps -aux| awk '$2~/^'$P'$/ {print $3}'`%"
echo "内存占用率:`ps -aux| awk '$2~/^'$P'$/ {print $4}'`%"
echo "进程开始运行的时刻:`ps -aux| awk '$2~/^'$P'$/ {print $9}'`"
echo "进程运行的时间:`ps -aux| awk '$2~/^'$P'$/ {print $10}'`"
echo "进程状态:`ps -aux| awk '$2~/^'$P'$/ {print $8}'`"
echo "进程虚拟内存:`ps -aux| awk '$2~/^'$P'$/ {print $5}'`"
echo "进程共享内存:`ps -aux| awk '$2~/^'$P'$/ {print $6}'`"
echo "--------------------------------"

2. Retrieve process information by process name

#! /bin/bash
# Function: Filter PIDs and details for a given process name
read -p "请输入要查询的进程名:" NAME
N=`ps -aux | grep $NAME | grep -v grep | wc -l`  ##统计进程总数
if [ $N -le 0 ]; then
  echo "该进程名没有运行!"
  fi
i=1
while [ $N -gt 0 ]
do
  echo "进程PID: `ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $2}'`"
  echo "进程命令:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $11}'`"
  echo "进程所属用户: `ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $1}'`"
  echo "CPU占用率:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $3}'`%"
  echo "内存占用率:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $4}'`%"
  echo "进程开始运行的时刻:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $9}'`"
  echo "进程运行的时间:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $11}'`"
  echo "进程状态:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $8}'`"
  echo "进程虚拟内存:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $5}'`"
  echo "进程共享内存:`ps -aux | grep $NAME | grep -v grep | awk 'NR=='$i'{print $0}'| awk '{print $6}'`"
  echo "***************************************************************"
  let N-- i++
done

3. Query all information for a given username

#! /bin/bash
# Function: Retrieve all information of a user by username
read -p "请输入要查询的用户名:" A
echo "------------------------------"
n=`cat /etc/passwd | awk -F: '$1~/^'$A'$/ {print}' | wc -l`
if [ $n -eq 0 ]; then
  echo "该用户不存在"
  echo "------------------------------"
else
  echo "该用户的用户名:$A"
  echo "该用户的UID:`cat /etc/passwd | awk -F: '$1~/^'$A'$/ {print}'|awk -F: '{print $3}'`"
  echo "该用户的组为:`id $A | awk '{print $3}'`"
  echo "该用户的GID为:`cat /etc/passwd | awk -F: '$1~/^'$A'$/ {print}'|awk -F: '{print $4}'`"
  echo "该用户的家目录为:`cat /etc/passwd | awk -F: '$1~/^'$A'$/ {print}'|awk -F: '{print $6}'`"
  Login=`cat /etc/passwd | awk -F: '$1~/^'$A'$/ {print}'|awk -F: '{print $7}'`
  if [ $Login == "/bin/bash" ]; then
    echo "该用户有登录系统的权限!!"
    echo "------------------------------"
  elif [ $Login == "/sbin/nologin" ]; then
    echo "该用户没有登录系统的权限!!"
    echo "------------------------------"
  fi
fi

4. System hardening configurations

#! /bin/bash
# Function: Strengthen password policies and other security settings
read -p "设置密码最多可多少天不修改:" A
read -p "设置密码修改之间最小的天数:" B
read -p "设置密码最短的长度:" C
read -p "设置密码失效前多少天通知用户:" D
sed -i '/^PASS_MAX_DAYS/c\PASS_MAX_DAYS '$A'' /etc/login.defs
sed -i '/^PASS_MIN_DAYS/c\PASS_MIN_DAYS '$B'' /etc/login.defs
sed -i '/^PASS_MIN_LEN/c\PASS_MIN_LEN '$C'' /etc/login.defs
sed -i '/^PASS_WARN_AGE/c\PASS_WARN_AGE '$D'' /etc/login.defs

echo "已对密码进行加固,新用户不得和旧密码相同,且新密码必须同时包含数字、小写字母,大写字母!!"
sed -i '/pam_pwquality.so/c\password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= difok=1 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1' /etc/pam.d/system-auth

echo "已对密码进行加固,如果输入错误密码超过3次,则锁定账户!!"
n=`cat /etc/pam.d/sshd | grep "auth required pam_tally2.so "|wc -l`
if [ $n -eq 0 ]; then
  sed -i '/%PAM-1.0/a\auth required pam_tally2.so deny=3 unlock_time=150 even_deny_root root_unlock_time300' /etc/pam.d/sshd
fi

echo "已设置禁止root用户远程登录!!"
sed -i '/PermitRootLogin/c\PermitRootLogin no'  /etc/ssh/sshd_config

read -p "设置历史命令保存条数:" E
read -p "设置账户自动注销时间:" F
sed -i '/^HISTSIZE/c\HISTSIZE='$E'' /etc/profile
sed -i '/^HISTSIZE/a\TMOUT='$F'' /etc/profile

echo "已设置只允许wheel组的用户可以使用su命令切换到root用户!"
sed -i '/pam_wheel.so use_uid/c\auth required pam_wheel.so use_uid ' /etc/pam.d/su
n=`cat /etc/login.defs | grep SU_WHEEL_ONLY | wc -l`
if [ $n -eq 0 ]; then
  echo "SU_WHEEL_ONLY yes" >> /etc/login.defs
fi

echo "即将对系统中的账户进行检查...."
echo "系统中有登录权限的用户有:"
awk -F: '($7=="/bin/bash"){print $1}' /etc/passwd
echo "********************************************"
echo "系统中UID=0的用户有:"
awk -F: '($3=="0"){print $1}' /etc/passwd
echo "********************************************"
N=`awk -F: '($2==""){print $1}' /etc/shadow|wc -l`
echo "系统中空密码用户有:$N"
if [ $N -eq 0 ]; then
  echo "恭喜你,系统中无空密码用户!!"
  echo "********************************************"
else
  i=1
  while [ $N -gt 0 ]
  do
    None=`awk -F: '($2==""){print $1}' /etc/shadow|awk 'NR=='$i'{print}'`
    echo "------------------------"
    echo $None
    echo "必须为空用户设置密码!!"
    passwd $None
    let N--
  done
  M=`awk -F: '($2==""){print $1}' /etc/shadow|wc -l`
  if [ $M -eq 0 ]; then
    echo "恭喜,系统中已经没有空密码用户了!"
  else
    echo "系统中还存在空密码用户:$M"
  fi
fi

echo "即将对系统中重要文件进行锁定,锁定后将无法添加删除用户和组"
read -p "警告:此脚本运行后将无法添加删除用户和组!!确定输入Y,取消输入N;Y/N:" i
case $i in
  [Yy])
    chattr +i /etc/passwd
    chattr +i /etc/shadow
    chattr +i /etc/group
    chattr +i /etc/gshadow
    echo "锁定成功!"
    ;;
  [Nn])
    chattr -i /etc/passwd
    chattr -i /etc/shadow
    chattr -i /etc/group
    chattr -i /etc/gshadow
    echo "取消锁定成功!!"
    ;;
  *)
    echo "请输入Y/y or N/n"
    ;;
esac
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

process managementBashshell scriptsystem-hardening
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment