Linux shell实现批量关闭局域网中主机端口
作者:网络转载 发布时间:[ 2016/4/7 11:39:36 ] 推荐标签:操作系统 Linux
假设局域网中有多台主机,只能开通ssh服务(端口22),如果发现其他服务打开,则全部关闭。通过运行一个shell脚本,完成以上功能。在实际运维中,可以通过puppet等工具更快更好的完成这个功能,所以本案例仅仅用来练手,为了熟悉sed, awk, grep等常见的shell命令而已。
1、通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中。
1 # 通过nmap命令查询局域网中所有主机打开的端口,并存入文件nmap1.txt中
2 mkdir -p /wuhao/sh/files
3 nmap $1 > /wuhao/sh/files/nmap1.txt
以nmap 192.168.20.1-10为例,输出结果为:
Starting Nmap 5.51 ( http://nmap.org ) at 2016-03-03 16:37 CST
Nmap scan report for oos01 (192.168.20.1)
Host is up (0.0000040s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp filtered http
Nmap scan report for oos02 (192.168.20.2)
Host is up (0.000099s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
MAC Address: 00:1C:42:FF:5A:B5 (Parallels)
Nmap scan report for oos03 (192.168.20.3)
Host is up (0.000097s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
MAC Address: 00:1C:42:38:94:3C (Parallels)
Nmap done: 10 IP addresses (3 hosts up) scanned in 1.57 seconds
2、从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态)。
1 # 从文件nmap1.txt中提取出需要的信息(主机ip,以及端口状态)
2 sed -n '/(Nmap scan report for|^[0-9]+/)/p' /wuhao/sh/files/nmap1.txt > /wuhao/sh/files/nmap2.txt
3 hosts=($(grep -on '(.*)' /wuhao/sh/files/nmap2.txt | sed -n 's/(|)//gp'))
4 declare -i len=${#hosts[*]}
5 declare -i i=0
6 while [[ $i -lt $len ]]
7 do
8 lines[$i]=$(echo ${hosts[$i]} | awk -F ':' '{print $1}')
9 ips[$i]=$(echo ${hosts[$i]} | awk -F ':' '{print $2}')
10 i=$i+1
11 done
12 # echo ${lines[*]}=1 5 9
13 # echo ${ips[*]}=192.168.20.1 192.168.20.2 192.168.20.3
3、在端口状态行首添加所对应的主机ip信息,并将结果保存到文件nmap2.txt中。
1 # 在端口状态行首添加所对应的主机ip信息
2 declare -i j=0
3 while [[ $j -lt $len ]]
4 do
5 declare -i k=$j+1
6 if [ $j -ne $(($len-1)) ]; then
7 sed -i "$((${lines[$j]}+1)),$((${lines[$k]}-1))s/^/${ips[$j]} /" /wuhao/sh/files/nmap2.txt
8 else
9 sed -i "$((${lines[$j]}+1)),$""s/^/${ips[$j]} /" /wuhao/sh/files/nmap2.txt
10 fi
11 j=$j+1
12 done
13
14 # 将多个空格以及/替换为一个空格
15 sed -i 's/ +|// /g' /wuhao/sh/files/nmap2.txt
nmap2.txt文件内容为:
Nmap scan report for oos01 (192.168.20.1)
192.168.20.1 21 tcp open ftp
192.168.20.1 22 tcp open ssh
192.168.20.1 80 tcp filtered http
Nmap scan report for oos02 (192.168.20.2)
192.168.20.2 22 tcp open ssh
192.168.20.2 80 tcp open http
192.168.20.2 3306 tcp open mysql
Nmap scan report for oos03 (192.168.20.3)
192.168.20.3 22 tcp open ssh
192.168.20.3 80 tcp open http
192.168.20.3 3306 tcp open mysql
相关推荐
更新发布
功能测试和接口测试的区别
2023/3/23 14:23:39如何写好测试用例文档
2023/3/22 16:17:39常用的选择回归测试的方式有哪些?
2022/6/14 16:14:27测试流程中需要重点把关几个过程?
2021/10/18 15:37:44性能测试的七种方法
2021/9/17 15:19:29全链路压测优化思路
2021/9/14 15:42:25性能测试流程浅谈
2021/5/28 17:25:47常见的APP性能测试指标
2021/5/8 17:01:11