介绍:Nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统(这是亦称 fingerprinting)。它是网络管理员必用的软件之一,以及用以评估网络系统安全。
脚本需求:
做一个端口扫描脚本,把机房自己网络里面的服务器都扫一遍。发现有增删改查端×××着主机的邮件提醒。凌晨12点执行回报操作
提升:用nmap可以扫描出端口的情况,遍历的时候每天生成两个目录根据相同的主机名做对比。用diff做对比,一样就发送没变化,不一样就发送哪些端口增加、删除
[root@centos-1 tmp]# cat open_ip.txt
192.168.5.1
192.168.5.2
centos-4
www.cml.com
centos-3
[root@centos-1 ~]# cat check_nmap.sh
#!/bin/bash ##name=nmap-check-port ##actor=cml ##phone=13926109782 DATE_now=`date +%F` DATE_yes=`date -d "1 days ago" +%F` check_ip="/tmp/hosts_list" list_ip=`cat $check_ip` mail_check="/tmp/mail_check.txt" mail_ok="/tmp/mail_ok.txt" open_ip="/tmp/open_ip.txt" mail_ip="/tmp/mail_ip.txt" nmap_check_port(){ if [ ! -f "$mail_ip" ];then touch $mail_ip else rm -rf $mail_ip touch $mail_ip fi if [ ! -d "/tmp/$DATE_now" ];then mkdir /tmp/$DATE_now else rm -rf /tmp/$DATE_now mkdir /tmp/$DATE_now fi if [ ! -f $check_ip ];then touch $check_ip else rm -rf $check_ip touch $check_ip fi if [ ! -f $mail_ok ];then touch $mail_ok else rm -rf $mail_ok touch $mail_ok fi if [ ! -f $mail_check ];then touch $mail_check else rm -rf $mail_check touch $mail_check fi #####先检查有哪些主机存活主机增加或者减少发改变邮件,没改变时发一封正常邮件 nmap -sP 192.168.5.0/24 | awk '/Nmap scan/{print $5}' >> $check_ip diff $open_ip $check_ip >> $mail_ip mail=`cat $mail_ip | wc -l` if [ $mail == 0 ];then echo "hosts is normal!" | mail -s "check hosts" 406552227@qq.com else mail -s "nmap check hosts change('<'=down,'>'=up)" 406552227@qq.com < $mail_ip fi for i in $list_ip;do touch /tmp/$DATE_now/$i.txt nmap -sS $i | egrep "Nmap scan |open" >> /tmp/$DATE_now/$i.txt check_port=`diff /tmp/$DATE_now/$i.txt /tmp/$DATE_yes/$i.txt | awk '/open/{print $1,$2}'` diff /tmp/$DATE_now/$i.txt /tmp/$DATE_yes/$i.txt >> /dev/null if [ $? -eq 0 ];then echo "$i is normal!" >> $mail_ok else echo "$i:" >> $mail_check diff /tmp/$DATE_now/$i.txt /tmp/$DATE_yes/$i.txt | awk '/open/{print $1,$2,$4}' >> $mail_check fi done } while true;do nmap_check_port sleep 1800 ###半小时执行一次 DATE_time=`date +%H` if [ $DATE_time == "00" ];then ###到凌晨12点发送邮件汇报这个可以是用crontab12点执行代替更理想 mail -s "nmap check port is ok('<'=down,'>'=up)" 406552227@qq.com < $mail_ok mail -s "nmap check port is change('<'=down,'>'=up)" 406552227@qq.com < $mail_check break else nmap_check_port fi done
[root@centos-1 ~]# bash check_nmap.sh &
转载于:https://blog.51cto.com/legehappy/1974922