System auditing and health checking scripts

Mastering System Auditing and Health Checking with Linux Bash Scripts

Efficiently managing Linux servers requires a proactive approach to system auditing and health monitoring. By creating and using Bash scripts for these purposes, system administrators can keep a close eye on system health, performance, and security. This blog post provides an in-depth look at crafting user-friendly Bash scripts tailored for these tasks, along with instructions for ensuring your scripts work across different Linux distributions by using various package managers like apt, dnf, and zypper.

Why Use Bash for System Auditing and Health Checking?

Bash (Bourne Again SHell) is the default shell on most Linux distributions. It's powerful for scripting commands that manage system operations, automate tasks, and retrieve system data. By using Bash scripts, you can:

• Automate repetitive tasks.

• Schedule system health checks.

• Receive alerts based on system performance metrics or security scans.

• Ensure consistency across system evaluations.

Key Focus Areas of System Auditing and Health Checking

Your Bash scripts should aim to cover the following areas:

1. System Performance: Monitor CPU usage, memory consumption, disk I/O, and network activity.
2. Security Audits: Check for open ports, running services, and security updates.
3. System Health: Monitor system uptime, check the integrity of important system files, and review system logs for errors.

Installing Necessary Tools

Before diving into scripting, ensure you have the necessary tools installed on your system. Tools such as sysstat for performance monitoring, rsyslog for log management, and auditd for security auditing, are essential. Here’s how you can install these tools across different package managers:

Using apt (Debian, Ubuntu, and derivatives):

sudo apt update
sudo apt install sysstat rsyslog auditd

Using dnf (Fedora, CentOS):

sudo dnf install sysstat rsyslog auditd

Using zypper (openSUSE):

sudo zypper install sysstat rsyslog auditd

A Simple Bash Script for System Health Reporting

Below is a basic script that checks and reports on CPU and memory usage, disk space, and lists recent entries in system logs.

#!/bin/bash

# Check CPU load
echo "Checking CPU load..."
uptime

# Check Memory Usage
echo "Checking Memory Usage..."
free -h

# Check Disk Usage
echo "Checking Disk Usage..."
df -h

# Display last 10 system log entries
echo "Recent logs..."
journalctl -n 10

Save this script as system_health.sh, make it executable with chmod +x system_health.sh, and run it using ./system_health.sh.

Creating an Auditing Script

Similarly, a security audit script might check for listening ports, active services, and the status of the firewall:

#!/bin/bash

echo "Active Listening Ports:"
sudo lsof -i -P -n | grep LISTEN

echo "Active Services:"
systemctl list-units --type=service --state=running

echo "Firewall Status:"
sudo ufw status verbose

Make this script executable and run it similar to the first one.

Automation and Regular Checks

To automate these scripts, you can schedule them with cron:

1. Open crontab with crontab -e.
2. Add the following line to run the health check script daily at midnight: 0 0 * * * /path/to/system_health.sh >> /path/to/health.log
3. Similarly, for the audit script: 0 1 * * * /path/to/audit_script.sh >> /path/to/audit.log

Adjust the paths and timings according to your preferences.

Conclusion

Regular system audits and health checks can greatly improve the performance and security of Linux systems. By employing Bash scripts and utilizing the native package managers and tools available in Linux, system administrators can automate crucial monitoring tasks, thereby maintaining the health of the systems efficiently.

Remember to test every script in a controlled environment before deploying it in production, and ensure you have the appropriate permissions to execute system-level tasks. Happy scripting!