今天在网上看到一个监控端口的脚本,觉得不错,就把他抄下来了。
#1. sshd
??? sshd='netstat -an|grep LISTEN|grep :22'
if [ "$sshd" != " " ] ; then
??? echo "SSHD is running"
else
echo "SSHD is STOP!"
fi
#2.80
www='netstat -an|grep LISTEN|grep :80'
if [ "$www" != "" ] ; then
echo "WWW is running"
else
echo "WWW is STOP!"
fi
?
?
最近学习shell编程中,写了个脚本,可以监控当前服务器使用的端口,PID,程序名称等;
可以用于发现是否有不常用的端口被侦听,进而判断是否被黑客“搞”了;
代码如下:
?
#!/bin/bash
#tcp part
port1=`netstat -an|grep LISTEN|egrep "0.0.0.0|:::"|awk '/^tcp/ {print $4}'|awk -F: '{print $2$4}'|sort -n`
echo "TCP state:"
echo "--------------------------------"
echo "PORT????? PID???? COMMAND"
for a in $port1
do
b=`lsof -n -i:$a|grep TCP|grep LISTEN|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
echo "$a??????? $b"
done
echo "--------------------------------"
#udp part
echo ""
port2=`netstat -an|grep udp|awk '{print $4}'|awk -F: '{print $2}'|sed '/^$/d'|sort -n`
echo "UDP state:"
echo "--------------------------------"
echo "PORT????? PID???? COMMAND"
for a in $port2
do
b=`lsof -n -i:$a|grep UDP|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
if [ -n "$b" ];then
echo "$a??????? $b"
fi
done
echo "--------------------------------"
exit 0
