## 批量获取所有主机上的iptables已经设置的端口 ### 主机列表IP cat host_list.log ``` 100 102 102 ``` ### 按主机列表查询现有服务的iptables都配置了哪些规则并保存到port_all.tmp中,然后去重排序保存到port_all.log cat find_iptables_port.sh ``` #!/bin/bash #for i in $(cat host_list.log) > port_all.tmp > port_all.log for i in $(cat host_list.log) do ssh 192.168.100.${i} -C iptables -nL|sed -nr '/dpt:/s#^.*dpt:([0-9]+).*$#\1#p'>> port_all.tmp done cat port_all.tmp |sort|uniq|sort -n > port_all.log ``` ### 将去重排序后的port_all.log增加端口解释,格式为 "协议 端口" cat port_all.log ``` SMTP 25 DNS 53 HTTP 80 RPC 111 NTP 123 HTTPS 443 RSYNC 873 NFS 999 UDP 1199 NFS 2049 MYSQL 3306 kibana 5601 ``` ### 根据主机列表和端口定义列表批量查询服务器上开启的端口并保存到日志里,命名规则为IP_port.log cat find_host_port.sh ``` #!/bin/bash unset service_name unset service_port service_list_path='/root/scripts/find_port/port_all.log' service_list_line=$(cat ${service_list_path}|wc -l) service_list_num=$((${service_list_line} -1 )) service_name=($(awk '{print $1}' ${service_list_path})) service_port=($(awk '{print $2}' ${service_list_path})) main(){ for i in $(cat host_list.log) do > ${i}_port.log echo "start ${i}" for num in $(seq 0 ${service_list_num}) do service_pro=$(ssh 192.168.100.${i} -C lsof -i:${service_port[${num}]}|wc -l) if [ ${service_pro} -gt 0 ] then echo -e "${service_port[${num}]} \t ${service_name[${num}]}" echo -e "${service_port[${num}]} \t ${service_name[${num}]}" >> ${i}_port.log fi done done } main ```