今天在网上看到一个监控端口的脚本,觉得不错,就把他抄下来了。
echo "Now ,the service of your linux system will be detectl"
echo "the sshd , 80 ,"
echo " "
#1. sshd
sshd='netstat -an|grep LISTEN|grep :22'
if [ "$sshd" != " " ] ; then
echo "SSHD is running"
else
echo "SSHD is STOP!"
fi
#2.80
www='netstat -an|grep LISTEN|grep :80'
if [ "$www" != "" ] ; then
echo "WWW is running"
else
echo "WWW is STOP!"
fi
最近学习shell编程中,写了个脚本,可以监控当前服务器使用的端口,PID,程序名称等;
可以用于发现是否有不常用的端口被侦听,进而判断是否被黑客“搞”了;
代码如下:
#!/bin/bash
#tcp part
port1=`netstat -an|grep LISTEN|egrep "0.0.0.0|:::"|awk '/^tcp/ {print $4}'|awk -F: '{print $2$4}'|sort -n`
echo "TCP state:"
echo "--------------------------------"
echo "PORT PID COMMAND"
for a in $port1
do
b=`lsof -n -i:$a|grep TCP|grep LISTEN|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
echo "$a $b"
done
echo "--------------------------------"
#udp part
echo ""
port2=`netstat -an|grep udp|awk '{print $4}'|awk -F: '{print $2}'|sed '/^$/d'|sort -n`
echo "UDP state:"
echo "--------------------------------"
echo "PORT PID COMMAND"
for a in $port2
do
b=`lsof -n -i:$a|grep UDP|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
if [ -n "$b" ];then
echo "$a $b"
fi
done
echo "--------------------------------"
exit 0