主机列表IP
cat host_list.log
100
102
102
按主机列表查询现有服务的iptables都配置了哪些规则并保存到port_all.tmp中,然后去重排序保存到port_all.log
cat find_iptables_port.sh
#!/bin/bash
#for i in $(cat host_list.log)
> port_all.tmp
> port_all.log
for i in $(cat host_list.log)
do
ssh 192.168.100.${i} -C iptables -nL|sed -nr '/dpt:/s#^.*dpt:([0-9]+).*$#\1#p'>> port_all.tmp
done
cat port_all.tmp |sort|uniq|sort -n > port_all.log
将去重排序后的port_all.log增加端口解释,格式为 "协议 端口"
cat port_all.log
SMTP 25
DNS 53
HTTP 80
RPC 111
NTP 123
HTTPS 443
RSYNC 873
NFS 999
UDP 1199
NFS 2049
MYSQL 3306
kibana 5601
根据主机列表和端口定义列表批量查询服务器上开启的端口并保存到日志里,命名规则为IP_port.log
cat find_host_port.sh
#!/bin/bash
unset service_name
unset service_port
service_list_path='/root/scripts/find_port/port_all.log'
service_list_line=$(cat ${service_list_path}|wc -l)
service_list_num=$((${service_list_line} -1 ))
service_name=($(awk '{print $1}' ${service_list_path}))
service_port=($(awk '{print $2}' ${service_list_path}))
main(){
for i in $(cat host_list.log)
do
> ${i}_port.log
echo "start ${i}"
for num in $(seq 0 ${service_list_num})
do
service_pro=$(ssh 192.168.100.${i} -C lsof -i:${service_port[${num}]}|wc -l)
if [ ${service_pro} -gt 0 ]
then
echo -e "${service_port[${num}]} \t ${service_name[${num}]}"
echo -e "${service_port[${num}]} \t ${service_name[${num}]}" >> ${i}_port.log
fi
done
done
}
main
浙公网安备 33010602011771号