zoukankan      html  css  js  c++  java
  • linux shell实现批量关闭局域网中主机端口

    假设局域网中有多台主机,只能开通ssh服务(端口22),如果发现其他服务打开,则全部关闭。通过运行一个shell脚本,完成以上功能。在实际运维中,可以通过puppet等工具更快更好的完成这个功能,所以本案例仅仅用来练手,为了熟悉sed, awk, grep等常见的shell命令而已。

    1、通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中。

    1 # 通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中
    2 mkdir -p /wuhao/sh/files
    3 nmap $1 > /wuhao/sh/files/nmap1.txt

    以nmap 192.168.20.1-10为例,输出结果为:

    Starting Nmap 5.51 ( http://nmap.org ) at 2016-03-03 16:37 CST
    Nmap scan report for oos01 (192.168.20.1)
    Host is up (0.0000040s latency).
    Not shown: 997 closed ports
    PORT   STATE    SERVICE
    21/tcp open     ftp
    22/tcp open     ssh
    80/tcp filtered http
    
    Nmap scan report for oos02 (192.168.20.2)
    Host is up (0.000099s latency).
    Not shown: 997 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    80/tcp   open  http
    3306/tcp open  mysql
    MAC Address: 00:1C:42:FF:5A:B5 (Parallels)
    
    Nmap scan report for oos03 (192.168.20.3)
    Host is up (0.000097s latency).
    Not shown: 997 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    80/tcp   open  http
    3306/tcp open  mysql
    MAC Address: 00:1C:42:38:94:3C (Parallels)
    
    Nmap done: 10 IP addresses (3 hosts up) scanned in 1.57 seconds

    2、从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态)。

     1 # 从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态)
     2 sed -n '/(Nmap scan report for|^[0-9]+/)/p' /wuhao/sh/files/nmap1.txt > /wuhao/sh/files/nmap2.txt
     3 hosts=($(grep -on '(.*)' /wuhao/sh/files/nmap2.txt | sed -n 's/(|)//gp'))
     4 declare -i len=${#hosts[*]}
     5 declare -i i=0
     6 while [[ $i -lt $len ]]
     7 do
     8   lines[$i]=$(echo ${hosts[$i]} | awk -F ':' '{print $1}')
     9   ips[$i]=$(echo ${hosts[$i]} | awk -F ':' '{print $2}')
    10   i=$i+1
    11 done
    12 # echo ${lines[*]}=1 5 9
    13 # echo ${ips[*]}=192.168.20.1 192.168.20.2 192.168.20.3

    3、在端口状态行首添加所对应的主机ip信息,并将结果保存到文件nmap2.txt中。

     1 # 在端口状态行首添加所对应的主机ip信息
     2 declare -i j=0
     3 while [[ $j -lt $len ]]
     4 do
     5   declare -i k=$j+1
     6   if [ $j -ne $(($len-1)) ]; then
     7     sed -i "$((${lines[$j]}+1)),$((${lines[$k]}-1))s/^/${ips[$j]} /" /wuhao/sh/files/nmap2.txt
     8   else
     9     sed -i "$((${lines[$j]}+1)),$""s/^/${ips[$j]} /" /wuhao/sh/files/nmap2.txt
    10   fi
    11   j=$j+1
    12 done
    13 
    14 # 将多个空格以及/替换为一个空格
    15 sed -i 's/ +|// /g' /wuhao/sh/files/nmap2.txt

    nmap2.txt文件内容为:

    Nmap scan report for oos01 (192.168.20.1)
    192.168.20.1 21 tcp open ftp
    192.168.20.1 22 tcp open ssh
    192.168.20.1 80 tcp filtered http
    Nmap scan report for oos02 (192.168.20.2)
    192.168.20.2 22 tcp open ssh
    192.168.20.2 80 tcp open http
    192.168.20.2 3306 tcp open mysql
    Nmap scan report for oos03 (192.168.20.3)
    192.168.20.3 22 tcp open ssh
    192.168.20.3 80 tcp open http
    192.168.20.3 3306 tcp open mysql

    4、提取出需要关闭的端口(除了端口22之外,其余端口全部关闭)。通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令。

     1 # 提取出需要关闭的端口(除了端口22之外,其余端口如果打开则全部关闭)
     2 awk '{if($4~/open/ && $2!=22) print $0}' /wuhao/sh/files/nmap2.txt > /wuhao/sh/files/nmap3.txt
     3 
     4 hostip=($(awk -F " " '{print $1}' /wuhao/sh/files/nmap3.txt))
     5 port=($(awk -F " " '{print $2}' /wuhao/sh/files/nmap3.txt))
     6 protocol=($(awk -F " " '{print $3}' /wuhao/sh/files/nmap3.txt))
     7 
     8 # 通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令
     9 for((m=0;m<${#hostip[*]};m=m+1))
    10 do
    11   sshpass -p 123456 ssh root@${hostip[$m]} "iptables -A INPUT -p ${protocol[$m]} --dport ${port[$m]} -j DROP;service iptables save;service iptables restart;exit"
    12 done
    13 
    14 echo "success!"

    5、运行脚本,查看结果。

    [root@oos01 sh]# sh shutdownport.sh 192.168.20.1-10
    iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
    iptables: Setting chains to policy ACCEPT: filter [  OK  ]
    iptables: Flushing firewall rules: [  OK  ]
    iptables: Unloading modules: [  OK  ]
    iptables: Applying firewall rules: [  OK  ]
    iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
    iptables: Setting chains to policy ACCEPT: filter [  OK  ]
    iptables: Flushing firewall rules: [  OK  ]
    iptables: Unloading modules: [  OK  ]
    iptables: Applying firewall rules: [  OK  ]
    iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
    iptables: Setting chains to policy ACCEPT: filter [  OK  ]
    iptables: Flushing firewall rules: [  OK  ]
    iptables: Unloading modules: [  OK  ]
    iptables: Applying firewall rules: [  OK  ]
    iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
    iptables: Setting chains to policy ACCEPT: filter [  OK  ]
    iptables: Flushing firewall rules: [  OK  ]
    iptables: Unloading modules: [  OK  ]
    iptables: Applying firewall rules: [  OK  ]
    iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
    iptables: Setting chains to policy ACCEPT: filter [  OK  ]
    iptables: Flushing firewall rules: [  OK  ]
    iptables: Unloading modules: [  OK  ]
    iptables: Applying firewall rules: [  OK  ]
    success!
  • 相关阅读:
    MySQL约束条件
    MySQL基本数据类型
    MySQL基本sql语句,存储引擎,创建表的语法,严格模式
    MySQL环境变量配置及系统服务制作,设置及修改密码,跳过授权表并重置密码,统一编码
    数据库及SQL语句由来,重要概念介绍,MySQL安装,启动服务端及连接,初识SQL语句
    图书管理系统前端页面搭建
    Bootstrap组件2
    c#版工作流之流程发起(3)
    C#版工作流运行机制(1)
    c#版本工作流引擎状态机(2)
  • 原文地址:https://www.cnblogs.com/everSeeker/p/5253986.html
Copyright © 2011-2022 走看看