使用expect免交互批量验证主机密码

安装expect包

yum install expect

将脚本audit.sh，expect_ad和配置文件passfile上传至/home/system目录下，也可自己指定目录，将两个脚本和配置文件放在同级目录下

修改脚本权限

chmod +x audit.sh expect_ad

自定义配置文件

格式如下：ip，端口，登录账号，登录密码，管理员，每列之间由空格或tab键分隔

然后执行脚本

sh audit.sh

输出验证信息

密码正确打印OK，密码错误打印Wrong，无法ssh connect主机的打印Null。

最后输出总结信息

audit.sh:

 1 #!/bin/sh
 2 [ -f ./password_report.`date +"%Y-%m-%d"`.txt ]&& rm -f ./password_report.{`date +"%Y-%m-%d"`}.txt
 3 [ -f ./tmp ]&&`rm -f ./tmp`
 4 
 5 ERR_COUNT=0
 6 RIGHT_COUNT=0
 7 CANNOT_PING=0
 8 TOTAL=`wc -l ./passfile|awk '{print $1}'`
 9 echo -e "\nCHECKING NOW...\n"
10 while read i
11 do
12 IP=`echo $i|awk '{print $1}'`
13 PORT=`echo $i|awk '{print $2}'`
14 USERNAME=`echo $i|awk '{print $3}'`
15 PASS=`echo $i|awk '{print $4}'`
16 OWNER=`echo $i|awk '{print $5}'`
17 ping -c 1 $IP >/dev/null 2>&1
18 if [ $? -eq 0 ];then
19     ./expect_ad ${USERNAME} ${IP} ${PASS} ${PORT} >/dev/null 2>&1
20     if [ $? -eq 0 ];then
21     #    echo "${USERNAME}@${IP} password: $PASS        OK !"
22         printf "%s@%-30s%-20s%10s\n" ${USERNAME} ${IP} ${OWNER} "OK !"| tee -a ./tmp
23         let RIGHT_COUNT=RIGHT_COUNT+1
24     else
25     #    echo "${USERNAME}@${IP} password: $PASS        Wrong!!!"
26         printf "%s@%-30s%-20s%10s\n" ${USERNAME} ${IP} ${OWNER} "Wrong !"| tee -a ./tmp
27         let ERR_COUNT=ERR_COUNT+1
28     fi
29 else
30     printf "%s@%-30s%-20s%10s\n" ${USERNAME} ${IP} ${OWNER} "Null !"| tee -a ./tmp
31         let CANNOT_PING=CANNOT_PING+1
32 fi
33 done < passfile 
34 echo -e "\nCHECK TIME: `date +"%Y-%m-%d %H:%M:%S"`" |tee ./password_report.`date +"%Y-%m-%d"`.txt
35 echo "TOTAL ${TOTAL} : ${RIGHT_COUNT} OK!    ${ERR_COUNT} Wrong !    ${CANNOT_PING} Null !" |tee -a ./password_report.`date +"%Y-%m-%d"`.txt
36 if [ ${ERR_COUNT} -ne 0 ];then
37     echo -e "\n*******************BELOW ARE WRONG PASSWORD LIST:\n" |tee -a ./password_report.`date +"%Y-%m-%d"`.txt
38     grep "Wrong" ./tmp |awk 'BEGIN{printf("%s\n","-------------------------")}{printf("%-45s%-10s\n",$1,$2)}END{print "\n"}'|tee -a ./password_report.`date +"%Y-%m-%d"`.txt
39     else
40         :
41 fi
42 if [ ${CANNOT_PING} -ne 0 ];then
43     echo -e "\n*******************BELOW ARE CAN NOT PING LIST:\n"|tee -a ./password_report.`date +"%Y-%m-%d"`.txt
44     grep "Null" ./tmp |awk 'BEGIN{printf("%s\n","-------------------")}{printf("%-45s%-10s\n",$1,$2)}END{print "\n"}'|tee -a ./password_report.`date +"%Y-%m-%d"`.txt
45     else
46         :
47 fi

expect_ad:

 1 #!/usr/bin/expect
 2 set timeout 2
 3 set RET 0
 4 set USERNAME [lindex $argv 0]
 5 set IP [lindex $argv 1]
 6 set PASSWD [lindex $argv 2]
 7 set PORT [lindex $argv 3]
 8 spawn ssh -p ${PORT} ${USERNAME}@${IP}
 9 expect {
10     "Are you sure you want to continue connecting (yes/no)?" {
11         send "yes\r"
12         expect {
13             "*password:" {
14             send "${PASSWD}\r"
15             expect "*]# " {send "exit\r";exit 0}
16             expect "*$ " {send "exit\r";exit 0}
17             expect "*Permission denied, please try again*" {set RET 1}
18             }
19             }
20     }
21     "*password:" {
22         send "${PASSWD}\r"
23         expect "*]# " {send "exit\r";exit 0}
24         expect "*$ " {send "exit\r";exit 0}
25         expect "*Permission denied, please try again*" {set RET 1}
26     }
27 }
28 expect eof
29 exit $RET

posted @ 2016-08-12 15:38 RockinRobin 阅读(774) 评论(0) 编辑收藏举报

刷新页面返回顶部

菜鸟也能飞

使用expect免交互批量验证主机密码

公告