今天在网上看到一个监控端口的脚本，觉得不错，就把他抄下来了。-CSDN博客

本文链接：https://blog.csdn.net/myquan/article/details/84493278

linux 下监控端口脚本

2009-02-04 16:12

今天在网上看到一个监控端口的脚本，觉得不错，就把他抄下来了。

echo "Now ,the service of your linux system will be detectl"
echo "the sshd , 80 ,"
echo " "
#1. sshd
sshd='netstat -an|grep LISTEN|grep :22'
if [ "$sshd" != " " ] ; then
echo "SSHD is running"
else
echo "SSHD is STOP!"
fi

#2.80
www='netstat -an|grep LISTEN|grep :80'
if [ "$www" != "" ] ; then
echo "WWW is running"

else
echo "WWW is STOP!"
fi

最近学习shell编程中，写了个脚本，可以监控当前服务器使用的端口，PID，程序名称等；
可以用于发现是否有不常用的端口被侦听，进而判断是否被黑客“搞”了；
代码如下：

#!/bin/bash
#tcp part
port1=`netstat -an|grep LISTEN|egrep "0.0.0.0|:::"|awk '/^tcp/ {print $4}'|awk -F: '{print $2$4}'|sort -n`
echo "TCP state:"
echo "--------------------------------"
echo "PORT      PID     COMMAND"
for a in $port1
do
b=`lsof -n -i:$a|grep TCP|grep LISTEN|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
echo "$a        $b"
done
echo "--------------------------------"

#udp part
echo ""
port2=`netstat -an|grep udp|awk '{print $4}'|awk -F: '{print $2}'|sed '/^$/d'|sort -n`
echo "UDP state:"
echo "--------------------------------"
echo "PORT      PID     COMMAND"
for a in $port2
do
b=`lsof -n -i:$a|grep UDP|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
if [ -n "$b" ];then
echo "$a        $b"
fi
done
echo "--------------------------------"

exit 0