meta data for this page
Ez a dokumentum egy előző változata!
Shell szkript felderítő szkript
Felderíti a hoszton lévő shell szkripteket, és megmutatja a sha hast-üket, a módosítási dátumukat, meg van-e hívva valakinek a crontab-jából, illetve van-e benne IP cím, email cím, vagy előre definiált parancsok valamelyike. Paraméterként meg lehet neki adni, hogy mely könyvtárra fusson, egyébként az egész fájlrendszerben keres.
- collect_crontab_scripts.sh
#!/bin/sh #grep -R ".*" /var/spool/cron/ | sed -e 's/^\/var\/spool\/cron\/crontabs\///' | grep -v ':#' | grep -v '^$' | egrep -v '(errclear|clcycle|dumpcheck|lpar2rrd|pmcfg|motd|mkpasswd|logrotate|dumpctrl|sa1|sa2|Internal-Function|======|at.allow)' find /var/spool/cron/ -type f | xargs -I{} cat {} | grep -v '^#' | grep -v '^$' | egrep -v '(errclear|clcycle|dumpcheck|lpar2rrd|pmcfg|motd|mkpasswd|logrotate|dumpctrl|sa1|sa2|Internal-Function|======|at.allow)' | sed -e 's/^[^/$]*//' -e 's/[ >].*$//' | sort | uniq | while read SOR; do if echo $SOR | egrep -s '^\$'; then VARIABLE=$(echo $SOR | sed 's/^.*\(\$[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$/\1/') USER=$(grep -R "$SOR" /var/spool/cron/ | sed 's/^.*\/\([a-z]*\):.*/\1/') HOME=$(lsuser -a home $USER | awk -F'=' '{print $2}' | sed 's/\//\\\//g') echo "$SOR" | sed "s/$VARIABLE/$HOME/" fi echo $SOR done
- find_shell_scripts.sh
#!/bin/ksh COMMAND_LIST="ssh ftp sftp rsh rdist rsync scp dsh rdsh mail sqlplus mutt" TMPFILE="/tmp/find_shell_scripts.sh.tmp" CSVFILE=$(hostname)_script_catalog.out >$CSVFILE if [[ -d $1 ]]; then STARTDIR="$1" elif [[ -f $1 ]]; then FILE_LISTA="$1" else STARTDIR='/' fi echo "FILE NAME;MTIME;CRONTAB;IPS;COMMANDS;EMAILS" | awk -F';' '{printf "%-60s %-21s %-15s %-20s %-20s %-30s\n",$1,$2,$3,$4,$5,$6}' echo "FILE NAME;MTIME;CRONTAB;IPS;COMMANDS;EMAILS;SHASUM" | awk -F';' '{printf "%-60s;%-21s;%-15s;%-20s;%-20s;%-30s;%-41s\n",$1,$2,$3,$4,$5,$6,$7}' >> $CSVFILE if [[ -n $FILE_LISTA ]]; then cat $FILE_LISTA > $TMPFILE else find $STARTDIR -type f \( -perm -u=x -o -perm -g=x -o -perm -o=x \) > $TMPFILE fi cat $TMPFILE | grep -v '^$' | while read FILE; do if [[ -f $FILE ]]; then if [[ $(file $FILE | egrep -c '(: shell script|: commands text)') -eq 1 || -n $FILE_LISTA ]]; then MTIME=$(istat $FILE | awk -F' ' '/Last modified/{print $8"."$4"."$5"-"$6}') CRONTABS=$(grep -R "$FILE" /var/spool/cron/ | while read SOR; do echo "$SOR" | awk -F':' '{print $1}' | awk -F'/' '{print $NF}'; done | sort | uniq | tr '\n' ',' | sed -e 's/^/crontab:/' -e 's/,*$//') ATJOBS=$(grep -R "$FILE" /var/spool/atjobs/ | while read SOR; do echo "$SOR" | awk -F':' '{print $1}' | awk -F'/' '{print $NF}'; done | sort | uniq | tr '\n' ',' | sed -e 's/^/atjobs:/' -e 's/,*$//') if [[ -n $CRONTABS && -n $ATJOBS ]]; then CRONTABS="$CRONTABS,$ATJOBS"; fi IPS=$(egrep "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" "$FILE" | while read SOR; do echo "$SOR" | perl -wne'while(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/g){print "$&\n"}' done | sort | uniq | tr '\n' ',' | sed -e 's/^/ips:/' -e 's/,*$//') EMAILS=$(egrep "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}" "$FILE" | while read SOR; do echo "$SOR" | perl -wne'while(/[\w\.\-]+@[\w\.\-]+\w+/g){print "$&\n"}' done | sort | uniq | tr '\n' ',' | sed -e 's/^/emails:/' -e 's/,*$//') COMMANDS=$(for COMMAND in $COMMAND_LIST; do if [[ $(grep -c "$COMMAND" $FILE) -gt 0 ]]; then echo "$COMMAND" fi done | sort | uniq | tr '\n' ',' | sed -e 's/^/commands:/' -e 's/,*$//') echo "$FILE;$MTIME;$CRONTABS;$IPS;$COMMANDS;$EMAILS" | awk -F';' '{printf "%-60s %-21s %-15s %-20s %-20s %-30s\n",$1,$2,$3,$4,$5,$6}' echo "$FILE;$MTIME;$CRONTABS;$IPS;$COMMANDS;$EMAILS;$(shasum $FILE | awk '{print $1}')" | awk -F';' '{printf "%-60s;%-21s;%-15s;%-20s;%-20s;%-30s;%-41s\n",$1,$2,$3,$4,$5,$6,$7}' | sed -e 's/crontab://' -e 's/emails://' -e 's/commands://' -e 's/ips://' -e 's/atjobs://' >> $CSVFILE fi else echo "$FILE;Nem nyithato meg a fajl." | awk -F';' '{printf "%-60s %-41s\n",$1,$2}' echo "$FILE;Nem nyithato meg a fajl." | awk -F';' '{printf "%-60s;%-41s\n",$1,$2}' >> $CSVFILE fi done rm -f $TMPFILE