- 论坛徽章:
- 5
|
本帖最后由 godsad 于 2014-07-16 17:21 编辑
下面这是对check_file_md5做了个小改,主要是为了实现对服务器新增监听端口进行监测,对新增监听端口进程进行反查并记录- function check_file_md5() {
- if [ -f $ARG ]; then
- if [ `grep $ARG $MD5_LIST | wc -l` -eq 1 ]; then
- if [ `grep $ARG $MD5_LIST | cut -d\ -f1` = `$MD5 $ARG | cut -d\ -f1` ]; then
- echo "OK - $ARG."
- exit 0
- else
- echo "CRITICAL - $ARG is modified."
- # rebuild_md5_list
- # echo $ARG > /home/godsad/pso.txt
- # if ["$ARG" == "/home/godsad/portScan.log"]; then #这一加条件就无法执行函数,不知道咋回事
- # echo 'ps' > /home/godsad/ps.txt
- genlog
- # fi
- exit 2
- fi
- else
- echo "CRITICAL - $ARG is modified."
- # echo `$MD5 $ARG` >> $MD5_LIST
- #echo $ARG > /home/godsad/pso.txt
- # if ["$ARG" == "/home/godsad/portScan.log"]; then
- # echo 'ps' > /home/godsad/ps.txt
- genlog
- # fi
- exit 2
- fi
- else
- echo "CRITICAL - file does not exist!"
- exit 2
- fi
- }
复制代码 下面这是自己的写的新增端口反查函数- function genlog() {
- rm -f /tmp/plist
- rm -f /tmp/dlist
- diff /home/godsad/portScan.log /home/godsad/portScan.log1 | egrep '>|<' | egrep -o '[0-9]+' > /tmp/dlist #生成新增监听端口列表
- for loop in `cat /tmp/dlist`
- do
- netstat -lnpu --inet | grep $loop | awk '{print $6}' | egrep -o '[0-9]+' >> /tmp/plist #生成进程id列表总是空
- netstat -lnpt --inet | grep $loop | awk '{print $7}' | egrep -o '[0-9]+' >> /tmp/plist
- done
- cat /tmp/plist | sort | uniq > /tmp/plist1
- for loop in `cat /tmp/plist1`
- do
- ls -l /proc/$loop/exe >> /home/godsad/proPath_`date +%Y%m%d_%H:%M`.log
- done
- }
复制代码 |
|