# root权限执行 #!/bin/bash log_path="/tmp/log" tmp_path="/tmp/tmp" collect_log="$log_path/collect.log" mkdir -p $log_path USER="xx" DATABASE="xx" HOST="xx" PORT=xx MY_NAME=`basename $0` mip=`/sbin/ifconfig -a| grep -A 3 eth0 |grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"` function log_error(){ time=`date "+%Y-%m-%d %H:%M:%S"` echo $time "ERROR" $MY_NAME:$1 $2 >> $collect_log } function log_info(){ time=`date "+%Y-%m-%d %H:%M:%S"` echo $time "INFO" $MY_NAME:$1 $2 >> $collect_log } #解析最近登陆用户 #dataList2---i---0---1 #dataList2---i---1---2019-12-11 #dataList2---i---2---xxf #2019-12-11:xiaoxiaofang:1次 # 最近用户的访问历史 function collect_machine_info() { loginer=`who /var/log/wtmp | grep -v sysrd | grep -v root |grep -v xiaoju |grep -v guest| grep -v sysadmin | tail -100 | awk '{print $1}' | sort | uniq -c | sort -rn | head -3 | tr "\n" " "` # 第1,2行 recentLoginer=`who /var/log/wtmp | grep -v sysrd | grep -v root |grep -v xiaoju |grep -v guest| grep -v sysadmin | tail -100 | awk '{print $3, $1}' | sort -r | uniq -c | awk 'NR==1 || NR==2'| tr "\n" " "` dataList=($loginer); dataList2=($recentLoginer); recentInfo=""; # recent login users for(( i=0;i<${#dataList2[@]};i++)) do #三个字段组成一个信息: 1 2019-12-11 xx if [ $((i%3)) == 0 ]; then if [ $i == 0 ]; then recentInfo="${dataList2[i+1]}:${dataList2[i+2]}:${dataList2[i]}" else recentInfo="$recentInfo ${dataList2[i+1]}:${dataList2[i+2]}:${dataList2[i]}" fi fi done # most login users recentInfo="$recentInfo --- " for(( i=0;i<${#dataList[@]};i++)) do if [ $((i%2)) == 0 ]; then recentInfo="$recentInfo ${dataList[i+1]}:${dataList[i]}" fi done curdate=`date "+%Y-%m-%d %H:%M"` recentInfo="$recentInfo --- at:${curdate}" #res=`/sbin/iptables-save|grep -v Completed|grep -v iptables-save|grep -v COMMIT|grep -v filter|grep -v :INPUT|grep -v :OUTPUT|grep -v :FORWARD|awk '{print $4}'|sed 's/\/32//g'| wc -l` res=`/sbin/iptables -L | grep ACCEPT | grep anywhere | grep all | wc -l` if [ $res -gt 500 ];then mysql -u $USER -plahmyyc $DATABASE -h$HOST -P${PORT} -e "update machines set whiteLen=${res},userNow='${recentInfo}' where mip = '${mip}'" else mysql -u $USER -plahmyyc $DATABASE -h$HOST -P${PORT} -e "update machines set whiteLen=${res},userNow='${recentInfo}' where mip = '${mip}'" fi } # crontab -l > /tmp/crontab.bak # echo 'something new...' >> /tmp/crontab.bak # crontab /tmp/crontab.bak function switch_whitelist() { res=`mysql -u $USER -p$PASSWORD $DATABASE -h$HOST -P${PORT} -e "select istag from machines where ip = '${mip}'"` res1=`echo ${res}| grep 1` #标识有没有包含1 res0=`echo ${res}| grep 0` #echo "${res1}--${res0}" crontab -l > /tmp/crontab.bak echo "*/2 * * * * cd /home/xxf/monitor/;sh collect_info.sh" > /tmp/tmp_crontab # read each line for /tmp/crontab.bak, if not monitor related sentence, remain as it was while read line; do if [[ "$line" != *"/home/xxf/monitor"* ]] then echo "$line" >> /tmp/tmp_crontab fi i=`expr $i + 1`; done < /tmp/crontab.bak if [ -n "${res1}" ]; then # 不为空 log_info "iswhite=1,open whitelist" echo "*/2 * * * * cd /home/xxf/test/;sh haha.sh" >> /tmp/tmp_crontab crontab /tmp/tmp_crontab elif [ -n "${res0}" ]; then log_info "iswhite=0,close whitelist" echo "#*/2 * * * * cd /home/xxf/monitor/;sh haha.sh" >> /tmp/tmp_crontab #tmp=`cat /tmp/tmp_crontab` #log_info "${tmp}" crontab /tmp/tmp_crontab /sbin/iptables -F >> ${collect_log} 2>&1 else echo "other--skip" crontab /tmp/tmp_crontab fi } function run() { switch_whitelist collect_machine_info } run
08-24
748
![](https://csdnimg.cn/release/blogv2/dist/pc/img/readCountWhite.png)
05-02
1068
![](https://csdnimg.cn/release/blogv2/dist/pc/img/readCountWhite.png)
09-26
“相关推荐”对你有帮助么?
-
非常没帮助
-
没帮助
-
一般
-
有帮助
-
非常有帮助
提交