Linux Production Shell Scripts

Linux Production Shell Scripts

Purpose

Provide production-ready shell script templates for common Linux system administration tasks including backups, monitoring, user management, log analysis, and automation. These scripts serve as building blocks for security operations and penetration testing environments.

Prerequisites

Required Environment

Linux/Unix system (bash shell)

Appropriate permissions for tasks

Required utilities installed (rsync, openssl, etc.)

Required Knowledge

Basic bash scripting

Linux file system structure

System administration concepts

Outputs and Deliverables

Backup Solutions - Automated file and database backups

Monitoring Scripts - Resource usage tracking

Automation Tools - Scheduled task execution

Security Scripts - Password management, encryption

Core Workflow

Phase 1: File Backup Scripts

Basic Directory Backup

#!/bin/bash
backup_dir="/path/to/backup"
source_dir="/path/to/source"
Create a timestamped backup of the source directory

tar -czf "$backup_dir/backup_$(date +%Y%m%d_%H%M%S).tar.gz" "$source_dir"
echo "Backup completed: backup_$(date +%Y%m%d_%H%M%S).tar.gz"

Remote Server Backup

#!/bin/bash
source_dir="/path/to/source"
remote_server="user@remoteserver:/path/to/backup"
Backup files/directories to a remote server using rsync

rsync -avz --progress "$source_dir" "$remote_server"
echo "Files backed up to remote server."

Backup Rotation Script

#!/bin/bash
backup_dir="/path/to/backups"
max_backups=5
Rotate backups by deleting the oldest if more than max_backups

<div class="overflow-x-auto my-6"><table class="min-w-full divide-y divide-border border border-border"><thead><tr><th class="px-4 py-2 text-left text-sm font-semibold text-foreground bg-muted/50">while [ $(ls -1 &quot;$backup_dir&quot;</th><th class="px-4 py-2 text-left text-sm font-semibold text-foreground bg-muted/50">wc -l) -gt &quot;$max_backups&quot; ]; do</th></tr></thead><tbody class="divide-y divide-border"></tbody></table></div>
    rm -r "$backup_dir/$oldest_backup"
    echo "Removed old backup: $oldest_backup"
done
echo "Backup rotation completed."

Database Backup Script

#!/bin/bash
database_name="your_database"
db_user="username"
db_pass="password"
output_file="database_backup_$(date +%Y%m%d).sql"
Perform database backup using mysqldump

mysqldump -u "$db_user" -p"$db_pass" "$database_name" > "$output_file"
gzip "$output_file"
echo "Database backup created: $output_file.gz"

Phase 2: System Monitoring Scripts

CPU Usage Monitor

#!/bin/bash
threshold=90
Monitor CPU usage and trigger alert if threshold exceeded

cpu_usage=$(top -bn1 | grep "Cpu(s)" | awk '{print $2}' | cut -d. -f1)
if [ "$cpu_usage" -gt "$threshold" ]; then
    echo "ALERT: High CPU usage detected: $cpu_usage%"
    # Add notification logic (email, slack, etc.)
    # mail -s "CPU Alert" admin@example.com <<< "CPU usage: $cpu_usage%"
fi

Disk Space Monitor

#!/bin/bash
threshold=90
partition="/dev/sda1"
Monitor disk usage and trigger alert if threshold exceeded

disk_usage=$(df -h | grep "$partition" | awk '{print $5}' | cut -d% -f1)
if [ "$disk_usage" -gt "$threshold" ]; then
    echo "ALERT: High disk usage detected: $disk_usage%"
    # Add alert/notification logic here
fi

CPU Usage Logger

#!/bin/bash
output_file="cpu_usage_log.txt"
Log current CPU usage to a file with timestamp

timestamp=$(date '+%Y-%m-%d %H:%M:%S')
cpu_usage=$(top -bn1 | grep 'Cpu(s)' | awk '{print $2}' | cut -d. -f1)
echo "$timestamp - CPU Usage: $cpu_usage%" >> "$output_file"
echo "CPU usage logged."

System Health Check

#!/bin/bash
output_file="system_health_check.txt"
Perform system health check and save results to a file

{
    echo "System Health Check - $(date)"
    echo "================================"
    echo ""
    echo "Uptime:"
    uptime
    echo ""
    echo "Load Average:"
    cat /proc/loadavg
    echo ""
    echo "Memory Usage:"
    free -h
    echo ""
    echo "Disk Usage:"
    df -h
    echo ""
    echo "Top Processes:"
    ps aux --sort=-%cpu | head -10
} > "$output_file"
echo "System health check saved to $output_file"

Phase 3: User Management Scripts

User Account Creation

#!/bin/bash
username="newuser"
Check if user exists; if not, create new user

if id "$username" &>/dev/null; then
    echo "User $username already exists."
else
    useradd -m -s /bin/bash "$username"
    echo "User $username created."
    
    # Set password interactively
    passwd "$username"
fi

Password Expiry Checker

#!/bin/bash
output_file="password_expiry_report.txt"
Check password expiry for users with bash shell

echo "Password Expiry Report - $(date)" > "$output_file"
echo "=================================" >> "$output_file"
IFS=$'\n'
<div class="overflow-x-auto my-6"><table class="min-w-full divide-y divide-border border border-border"><thead><tr><th class="px-4 py-2 text-left text-sm font-semibold text-foreground bg-muted/50">for user in $(grep &quot;/bin/bash&quot; /etc/passwd</th><th class="px-4 py-2 text-left text-sm font-semibold text-foreground bg-muted/50">cut -d: -f1); do</th></tr></thead><tbody class="divide-y divide-border"></tbody></table></div>
    echo "User: $user - Password Expires: $password_expires" >> "$output_file"
done
unset IFS
echo "Password expiry report saved to $output_file"

Phase 4: Security Scripts

Password Generator

#!/bin/bash
length=${1:-16}
Generate a random password

password=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9!@#$%^&' | head -c"$length")
echo "Generated password: $password"

File Encryption Script

#!/bin/bash
file="$1"
action="${2:-encrypt}"
if [ -z "$file" ]; then
    echo "Usage: $0 <file> [encrypt|decrypt]"
    exit 1
fi
if [ "$action" == "encrypt" ]; then
    # Encrypt file using AES-256-CBC
    openssl enc -aes-256-cbc -salt -pbkdf2 -in "$file" -out "$file.enc"
    echo "File encrypted: $file.enc"
elif [ "$action" == "decrypt" ]; then
    # Decrypt file
    output_file="${file%.enc}"
    openssl enc -aes-256-cbc -d -pbkdf2 -in "$file" -out "$output_file"
    echo "File decrypted: $output_file"
fi

Phase 5: Log Analysis Scripts

Error Log Extractor

#!/bin/bash
logfile="${1:-/var/log/syslog}"
output_file="error_log_$(date +%Y%m%d).txt"
Extract lines with "ERROR" from the log file

grep -i "error\|fail\|critical" "$logfile" > "$output_file"
echo "Error log created: $output_file"
echo "Total errors found: $(wc -l < "$output_file")"

Web Server Log Analyzer

#!/bin/bash
log_file="${1:-/var/log/apache2/access.log}"
echo "Web Server Log Analysis"
echo "========================"
echo ""
echo "Top 10 IP Addresses:"
awk '{print $1}' "$log_file" | sort | uniq -c | sort -rn | head -10
echo ""
echo "Top 10 Requested URLs:"
awk '{print $7}' "$log_file" | sort | uniq -c | sort -rn | head -10
echo ""
echo "HTTP Status Code Distribution:"
awk '{print $9}' "$log_file" | sort | uniq -c | sort -rn

Phase 6: Network Scripts

Network Connectivity Checker

#!/bin/bash
hosts=("8.8.8.8" "1.1.1.1" "google.com")
echo "Network Connectivity Check"
echo "=========================="
for host in "${hosts[@]}"; do
    if ping -c 1 -W 2 "$host" &>/dev/null; then
        echo "[UP] $host is reachable"
    else
        echo "[DOWN] $host is unreachable"
    fi
done

Website Uptime Checker

#!/bin/bash
websites=("https://google.com" "https://github.com")
log_file="uptime_log.txt"
echo "Website Uptime Check - $(date)" >> "$log_file"
for website in "${websites[@]}"; do
    if curl --output /dev/null --silent --head --fail --max-time 10 "$website"; then
        echo "[UP] $website is accessible" | tee -a "$log_file"
    else
        echo "[DOWN] $website is inaccessible" | tee -a "$log_file"
    fi
done

Network Interface Info

#!/bin/bash
interface="${1:-eth0}"
echo "Network Interface Information: $interface"
echo "========================================="
ip addr show "$interface" 2>/dev/null || ifconfig "$interface" 2>/dev/null
echo ""
echo "Routing Table:"
ip route | grep "$interface"

Phase 7: Automation Scripts

Automated Package Installation

#!/bin/bash
packages=("vim" "htop" "curl" "wget" "git")
echo "Installing packages..."
for package in "${packages[@]}"; do
    if dpkg -l | grep -q "^ii  $package"; then
        echo "[SKIP] $package is already installed"
    else
        sudo apt-get install -y "$package"
        echo "[INSTALLED] $package"
    fi
done
echo "Package installation completed."

Task Scheduler (Cron Setup)

#!/bin/bash
scheduled_task="/path/to/your_script.sh"
schedule_time="0 2   "  # Run at 2 AM daily
Add task to crontab

(crontab -l 2>/dev/null; echo "$schedule_time $scheduled_task") | crontab -
echo "Task scheduled: $schedule_time $scheduled_task"

Service Restart Script

#!/bin/bash
service_name="${1:-apache2}"
Restart a specified service

if systemctl is-active --quiet "$service_name"; then
    echo "Restarting $service_name..."
    sudo systemctl restart "$service_name"
    echo "Service $service_name restarted."
else
    echo "Service $service_name is not running. Starting..."
    sudo systemctl start "$service_name"
    echo "Service $service_name started."
fi

Phase 8: File Operations

Directory Synchronization

#!/bin/bash
source_dir="/path/to/source"
destination_dir="/path/to/destination"
Synchronize directories using rsync

rsync -avz --delete "$source_dir/" "$destination_dir/"
echo "Directories synchronized successfully."

Data Cleanup Script

#!/bin/bash
directory="${1:-/tmp}"
days="${2:-7}"
echo "Cleaning files older than $days days in $directory"
Remove files older than specified days

find "$directory" -type f -mtime +"$days" -exec rm -v {} \;
echo "Cleanup completed."

Folder Size Checker

#!/bin/bash
folder_path="${1:-.}"
echo "Folder Size Analysis: $folder_path"
echo "===================================="
Display sizes of subdirectories sorted by size

du -sh "$folder_path"/* 2>/dev/null | sort -rh | head -20
echo ""
echo "Total size:"
du -sh "$folder_path"

Phase 9: System Information

System Info Collector

#!/bin/bash
output_file="system_info_$(hostname)_$(date +%Y%m%d).txt"
{
    echo "System Information Report"
    echo "Generated: $(date)"
    echo "========================="
    echo ""
    echo "Hostname: $(hostname)"
    echo "OS: $(uname -a)"
    echo ""
    echo "CPU Info:"
    lscpu | grep -E "Model name|CPU\(s\)|Thread"
    echo ""
    echo "Memory:"
    free -h
    echo ""
    echo "Disk Space:"
    df -h
    echo ""
    echo "Network Interfaces:"
    ip -br addr
    echo ""
    echo "Logged In Users:"
    who
} > "$output_file"
echo "System info saved to $output_file"

Phase 10: Git and Development

Git Repository Updater

#!/bin/bash
git_repos=("/path/to/repo1" "/path/to/repo2")
for repo in "${git_repos[@]}"; do
    if [ -d "$repo/.git" ]; then
        echo "Updating repository: $repo"
        cd "$repo"
        git fetch --all
        git pull origin "$(git branch --show-current)"
        echo "Updated: $repo"
    else
        echo "Not a git repository: $repo"
    fi
done
echo "All repositories updated."

Remote Script Execution

#!/bin/bash
remote_server="${1:-user@remote-server}"
remote_script="${2:-/path/to/remote/script.sh}"
Execute a script on a remote server via SSH

ssh "$remote_server" "bash -s" < "$remote_script"
echo "Remote script executed on $remote_server"

Quick Reference

Common Script Patterns

Useful Commands

Cron Format

Minute(0-59) Hour(0-23) Day(1-31) Month(1-12) Weekday(0-7, 0/7=Sun)

Constraints and Limitations

Always test scripts in non-production first

Use absolute paths to avoid errors

Quote variables to handle spaces properly

Many scripts require root/sudo privileges

Use bash -x script.sh for debugging