批量获取所有主机上的iptables已经设置的端口

主机列表IP

cat host_list.log

100
102
102

  

按主机列表查询现有服务的iptables都配置了哪些规则并保存到port_all.tmp中,然后去重排序保存到port_all.log

cat find_iptables_port.sh

#!/bin/bash

#for i in $(cat host_list.log)
> port_all.tmp
> port_all.log
for i in $(cat host_list.log)
do
    ssh  192.168.100.${i} -C iptables -nL|sed -nr '/dpt:/s#^.*dpt:([0-9]+).*$#\1#p'>> port_all.tmp
done

cat port_all.tmp |sort|uniq|sort -n > port_all.log 

 

将去重排序后的port_all.log增加端口解释,格式为 "协议 端口"

cat port_all.log

SMTP 25
DNS 53
HTTP 80
RPC 111
NTP 123
HTTPS 443
RSYNC 873
NFS 999
UDP 1199
NFS 2049
MYSQL 3306
kibana 5601

 

根据主机列表和端口定义列表批量查询服务器上开启的端口并保存到日志里,命名规则为IP_port.log

cat find_host_port.sh

#!/bin/bash

unset service_name
unset service_port
service_list_path='/root/scripts/find_port/port_all.log'
service_list_line=$(cat ${service_list_path}|wc -l)
service_list_num=$((${service_list_line} -1 ))
service_name=($(awk '{print $1}' ${service_list_path}))
service_port=($(awk '{print $2}' ${service_list_path}))

main(){
for i in $(cat host_list.log)
do
  > ${i}_port.log
  echo "start ${i}"
  for num in $(seq 0 ${service_list_num})
  do
      service_pro=$(ssh  192.168.100.${i} -C lsof -i:${service_port[${num}]}|wc -l)
      if [ ${service_pro} -gt 0 ]
      then
          echo -e "${service_port[${num}]} \t ${service_name[${num}]}" 
          echo -e "${service_port[${num}]} \t ${service_name[${num}]}" >> ${i}_port.log
      fi
  done
done
}

main

 

posted @ 2020-08-20 20:34  BUG弄潮儿  阅读(253)  评论(0编辑  收藏  举报