linux shell实现批量关闭局域网中主机端口
2016-03-08 14:38
585 查看
假设局域网中有多台主机,只能开通ssh服务(端口22),如果发现其他服务打开,则全部关闭。通过运行一个shell脚本,完成以上功能。在实际运维中,可以通过puppet等工具更快更好的完成这个功能,所以本案例仅仅用来练手,为了熟悉sed, awk, grep等常见的shell命令而已。
1、通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中。
以nmap 192.168.20.1-10为例,输出结果为:
2、从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态)。
3、在端口状态行首添加所对应的主机ip信息,并将结果保存到文件nmap2.txt中。
nmap2.txt文件内容为:
4、提取出需要关闭的端口(除了端口22之外,其余端口全部关闭)。通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令。
5、运行脚本,查看结果。
1、通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中。
# 通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中 mkdir -p /wuhao/sh/files nmap $1 > /wuhao/sh/files/nmap1.txt
以nmap 192.168.20.1-10为例,输出结果为:
Starting Nmap 5.51 ( http://nmap.org ) at 2016-03-03 16:37 CST Nmap scan report for oos01 (192.168.20.1) Host is up (0.0000040s latency). Not shown: 997 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp filtered http Nmap scan report for oos02 (192.168.20.2) Host is up (0.000099s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql MAC Address: 00:1C:42:FF:5A:B5 (Parallels) Nmap scan report for oos03 (192.168.20.3) Host is up (0.000097s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql MAC Address: 00:1C:42:38:94:3C (Parallels) Nmap done: 10 IP addresses (3 hosts up) scanned in 1.57 seconds
2、从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态)。
# 从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态) sed -n '/\(Nmap scan report for\|^[0-9]\+\/\)/p' /wuhao/sh/files/nmap1.txt > /wuhao/sh/files/nmap2.txt hosts=($(grep -on '(.*)' /wuhao/sh/files/nmap2.txt | sed -n 's/(\|)//gp')) declare -i len=${#hosts[*]} declare -i i=0 while [[ $i -lt $len ]] do lines[$i]=$(echo ${hosts[$i]} | awk -F ':' '{print $1}') ips[$i]=$(echo ${hosts[$i]} | awk -F ':' '{print $2}') i=$i+1 done # echo ${lines[*]}=1 5 9 # echo ${ips[*]}=192.168.20.1 192.168.20.2 192.168.20.3
3、在端口状态行首添加所对应的主机ip信息,并将结果保存到文件nmap2.txt中。
# 在端口状态行首添加所对应的主机ip信息 declare -i j=0 while [[ $j -lt $len ]] do declare -i k=$j+1 if [ $j -ne $(($len-1)) ]; then sed -i "$((${lines[$j]}+1)),$((${lines[$k]}-1))s/^/${ips[$j]} /" /wuhao/sh/files/nmap2.txt else sed -i "$((${lines[$j]}+1)),$""s/^/${ips[$j]} /" /wuhao/sh/files/nmap2.txt fi j=$j+1 done # 将多个空格以及/替换为一个空格 sed -i 's/ \+\|\// /g' /wuhao/sh/files/nmap2.txt
nmap2.txt文件内容为:
Nmap scan report for oos01 (192.168.20.1) 192.168.20.1 21 tcp open ftp 192.168.20.1 22 tcp open ssh 192.168.20.1 80 tcp filtered http Nmap scan report for oos02 (192.168.20.2) 192.168.20.2 22 tcp open ssh 192.168.20.2 80 tcp open http 192.168.20.2 3306 tcp open mysql Nmap scan report for oos03 (192.168.20.3) 192.168.20.3 22 tcp open ssh 192.168.20.3 80 tcp open http 192.168.20.3 3306 tcp open mysql
4、提取出需要关闭的端口(除了端口22之外,其余端口全部关闭)。通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令。
# 提取出需要关闭的端口(除了端口22之外,其余端口如果打开则全部关闭) awk '{if($4~/open/ && $2!=22) print $0}' /wuhao/sh/files/nmap2.txt > /wuhao/sh/files/nmap3.txt hostip=($(awk -F " " '{print $1}' /wuhao/sh/files/nmap3.txt)) port=($(awk -F " " '{print $2}' /wuhao/sh/files/nmap3.txt)) protocol=($(awk -F " " '{print $3}' /wuhao/sh/files/nmap3.txt)) # 通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令 for((m=0;m<${#hostip[*]};m=m+1)) do sshpass -p 123456 ssh root@${hostip[$m]} "iptables -A INPUT -p ${protocol[$m]} --dport ${port[$m]} -j DROP;service iptables save;service iptables restart;exit" done echo "success!"
5、运行脚本,查看结果。
[root@oos01 sh]# sh shutdownport.sh 192.168.20.1-10 iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] success!
相关文章推荐
- shell快捷方式总结
- Shell基础
- cmder git bash 使用
- python 调取 shell 命令的几种方法
- SQL Server 阻止了对组件“xp_cmdshell”的 过程“sys.xp_cmdshell”的访问,因为此组件已作为此服务器安全配置的一部分而被关闭。
- Ubuntu14.0.4下,shell编译-打包-运行Hadoop2.7.2的MapReduce程序
- HBase Shell手动移动Region
- bash配置与shell脚本编程
- shell脚本批量ping测试IP是否通
- shell、cmd、DOS、python、php区别
- shell中变量自增的实现方法
- Linux初学:(二)Shell环境与命令基础
- PowerShell命令部署WSP
- 注册表ShellIconOverlayIdentifiers中没有svn相关的选项
- Shell基础(一):入门基础
- PowerShell 解析DNS VS Nslookup
- shell重定向小记
- java -jar shell 启动、停止
- Hadoop 1.x HDFS常见Shell命令
- if中的-n -z linux_Shell