批量获取所有主机上的iptables已经设置的端口
主机列表IP
cat host_list.log 100 102 102
按主机列表查询现有服务的iptables都配置了哪些规则并保存到port_all.tmp中,然后去重排序保存到port_all.log
cat find_iptables_port.sh #!/bin/bash #for i in $(cat host_list.log) > port_all.tmp > port_all.log for i in $(cat host_list.log) do ssh 192.168.100.${i} -C iptables -nL|sed -nr '/dpt:/s#^.*dpt:([0-9]+).*$#\1#p'>> port_all.tmp done cat port_all.tmp |sort|uniq|sort -n > port_all.log
将去重排序后的port_all.log增加端口解释,格式为 "协议 端口"
cat port_all.log SMTP 25 DNS 53 HTTP 80 RPC 111 NTP 123 HTTPS 443 RSYNC 873 NFS 999 UDP 1199 NFS 2049 MYSQL 3306 kibana 5601
根据主机列表和端口定义列表批量查询服务器上开启的端口并保存到日志里,命名规则为IP_port.log
cat find_host_port.sh #!/bin/bash unset service_name unset service_port service_list_path='/root/scripts/find_port/port_all.log' service_list_line=$(cat ${service_list_path}|wc -l) service_list_num=$((${service_list_line} -1 )) service_name=($(awk '{print $1}' ${service_list_path})) service_port=($(awk '{print $2}' ${service_list_path})) main(){ for i in $(cat host_list.log) do > ${i}_port.log echo "start ${i}" for num in $(seq 0 ${service_list_num}) do service_pro=$(ssh 192.168.100.${i} -C lsof -i:${service_port[${num}]}|wc -l) if [ ${service_pro} -gt 0 ] then echo -e "${service_port[${num}]} \t ${service_name[${num}]}" echo -e "${service_port[${num}]} \t ${service_name[${num}]}" >> ${i}_port.log fi done done } main