linux命令采集用户信息&刷新iptables

# root权限执行
#!/bin/bash

log_path="/tmp/log"
tmp_path="/tmp/tmp"
collect_log="$log_path/collect.log"
mkdir -p $log_path

USER="xx"
DATABASE="xx"
HOST="xx"
PORT=xx
MY_NAME=`basename $0`
mip=`/sbin/ifconfig -a| grep -A 3 eth0 |grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`

function log_error(){
   time=`date "+%Y-%m-%d %H:%M:%S"`
   echo $time "ERROR" $MY_NAME:$1 $2 >> $collect_log
}
function log_info(){
   time=`date "+%Y-%m-%d %H:%M:%S"`
   echo $time "INFO" $MY_NAME:$1 $2 >> $collect_log
}

#解析最近登陆用户
#dataList2---i---0---1
#dataList2---i---1---2019-12-11
#dataList2---i---2---xxf
#2019-12-11:xiaoxiaofang:1次
# 最近用户的访问历史
function collect_machine_info() {
    loginer=`who /var/log/wtmp | grep -v sysrd | grep -v root |grep -v xiaoju |grep -v guest| grep -v sysadmin | tail -100 | awk '{print $1}' | sort | uniq -c | sort -rn | head -3 | tr "\n" " "`
    # 第1，2行
    recentLoginer=`who /var/log/wtmp | grep -v sysrd | grep -v root |grep -v xiaoju |grep -v guest| grep -v sysadmin | tail -100 | awk '{print $3, $1}' | sort -r | uniq -c | awk 'NR==1 || NR==2'| tr "\n" " "`
    dataList=($loginer);
    dataList2=($recentLoginer);
    recentInfo="";
     # recent login users
    for(( i=0;i<${#dataList2[@]};i++))
    do
        #三个字段组成一个信息： 1 2019-12-11 xx
        if [ $((i%3)) == 0 ]; then
            if [ $i == 0 ]; then
                recentInfo="${dataList2[i+1]}:${dataList2[i+2]}:${dataList2[i]}"
            else
                recentInfo="$recentInfo  ${dataList2[i+1]}:${dataList2[i+2]}:${dataList2[i]}"
            fi
        fi
    done
    # most login users
    recentInfo="$recentInfo --- "
    for(( i=0;i<${#dataList[@]};i++))
    do
        if [ $((i%2)) == 0 ]; then
           recentInfo="$recentInfo ${dataList[i+1]}:${dataList[i]}"
        fi
    done

    curdate=`date "+%Y-%m-%d %H:%M"`
    recentInfo="$recentInfo --- at:${curdate}"

   #res=`/sbin/iptables-save|grep -v Completed|grep -v iptables-save|grep -v COMMIT|grep -v filter|grep -v :INPUT|grep -v :OUTPUT|grep -v :FORWARD|awk '{print $4}'|sed 's/\/32//g'| wc -l`
   res=`/sbin/iptables -L | grep ACCEPT | grep anywhere | grep all | wc -l`
   if [ $res -gt 500 ];then
          mysql -u $USER -plahmyyc $DATABASE -h$HOST -P${PORT} -e "update machines set whiteLen=${res},userNow='${recentInfo}' where mip = '${mip}'"
   else
          mysql -u $USER -plahmyyc $DATABASE -h$HOST -P${PORT} -e "update machines set whiteLen=${res},userNow='${recentInfo}' where mip = '${mip}'"
   fi
}


# crontab -l > /tmp/crontab.bak
# echo 'something new...' >> /tmp/crontab.bak
# crontab /tmp/crontab.bak
function switch_whitelist() {
   res=`mysql -u $USER -p$PASSWORD $DATABASE -h$HOST -P${PORT} -e "select istag from machines where ip = '${mip}'"`

   res1=`echo ${res}| grep 1`      #标识有没有包含1
   res0=`echo ${res}| grep 0`

   #echo "${res1}--${res0}"

   crontab -l > /tmp/crontab.bak

   echo "*/2 * * * * cd /home/xxf/monitor/;sh collect_info.sh" > /tmp/tmp_crontab

   # read each line  for /tmp/crontab.bak, if not monitor related sentence, remain as it was
   while read line;
   do
        if [[ "$line" != *"/home/xxf/monitor"* ]]
        then
            echo "$line" >> /tmp/tmp_crontab
        fi
        i=`expr $i + 1`;
   done  < /tmp/crontab.bak

   if [ -n "${res1}" ]; then # 不为空
        log_info "iswhite=1,open whitelist"
        echo "*/2 * * * * cd /home/xxf/test/;sh haha.sh" >> /tmp/tmp_crontab
        crontab /tmp/tmp_crontab

   elif [ -n "${res0}" ]; then
        log_info "iswhite=0,close whitelist"
        echo "#*/2 * * * * cd /home/xxf/monitor/;sh haha.sh" >> /tmp/tmp_crontab
     
        #tmp=`cat /tmp/tmp_crontab`
        #log_info "${tmp}"
        crontab /tmp/tmp_crontab
        /sbin/iptables -F  >> ${collect_log} 2>&1

   else
        echo "other--skip"
        crontab /tmp/tmp_crontab
   fi

}


function run()
{
   switch_whitelist
   collect_machine_info

}

run