meta data for this page
  •  

Ez a dokumentum egy előző változata!


Shell szkript felderítő szkript

Felderíti a hoszton lévő shell szkripteket, és megmutatja a sha hast-üket, a módosítási dátumukat, meg van-e hívva valakinek a crontab-jából, illetve van-e benne IP cím, email cím, vagy előre definiált parancsok valamelyike. Paraméterként meg lehet neki adni, hogy mely könyvtárra fusson, egyébként az egész fájlrendszerben keres.

collect_crontab_scripts.sh
#!/bin/sh
#grep -R ".*" /var/spool/cron/ | sed -e 's/^\/var\/spool\/cron\/crontabs\///' | grep -v ':#' | grep -v '^$' | egrep -v '(errclear|clcycle|dumpcheck|lpar2rrd|pmcfg|motd|mkpasswd|logrotate|dumpctrl|sa1|sa2|Internal-Function|======|at.allow)'
find /var/spool/cron/ -type f | xargs -I{} cat {} | grep -v '^#' | grep -v '^$' | egrep -v '(errclear|clcycle|dumpcheck|lpar2rrd|pmcfg|motd|mkpasswd|logrotate|dumpctrl|sa1|sa2|Internal-Function|======|at.allow)' | sed -e 's/^[^/$]*//' -e 's/[ >].*$//' | sort | uniq | while read SOR; do
        if echo $SOR | egrep -s '^\$'; then
                VARIABLE=$(echo $SOR | sed 's/^.*\(\$[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$/\1/')
                USER=$(grep -R "$SOR" /var/spool/cron/ | sed 's/^.*\/\([a-z]*\):.*/\1/')
                HOME=$(lsuser -a home $USER | awk -F'=' '{print $2}' | sed 's/\//\\\//g')
                echo "$SOR" | sed "s/$VARIABLE/$HOME/"
        fi
        echo $SOR
done
find_shell_scripts.sh
#!/bin/ksh
COMMAND_LIST="ssh ftp sftp rsh rdist rsync scp dsh rdsh mail sqlplus mutt"
TMPFILE="/tmp/find_shell_scripts.sh.tmp"
CSVFILE=$(hostname)_script_catalog.out
>$CSVFILE
if [[ -d $1 ]]; then
        STARTDIR="$1"
elif [[ -f $1 ]]; then
        FILE_LISTA="$1"
else
        STARTDIR='/'
fi
 
echo "FILE NAME;MTIME;CRONTAB;IPS;COMMANDS;EMAILS" | awk -F';' '{printf "%-60s %-21s %-15s %-20s %-20s %-30s\n",$1,$2,$3,$4,$5,$6}'
echo "FILE NAME;MTIME;CRONTAB;IPS;COMMANDS;EMAILS;SHASUM" | awk -F';' '{printf "%-60s;%-21s;%-15s;%-20s;%-20s;%-30s;%-41s\n",$1,$2,$3,$4,$5,$6,$7}' >> $CSVFILE
if [[ -n $FILE_LISTA ]]; then
        cat $FILE_LISTA > $TMPFILE
else
        find $STARTDIR -type f \( -perm -u=x -o -perm -g=x -o -perm -o=x \) > $TMPFILE
fi
 
cat $TMPFILE | grep -v '^$' | while read FILE; do
    if [[ -f $FILE ]]; then
        if [[ $(file $FILE | egrep -c '(: shell script|: commands text)') -eq 1 || -n $FILE_LISTA ]]; then
                MTIME=$(istat $FILE | awk -F' ' '/Last modified/{print $8"."$4"."$5"-"$6}')
 
                CRONTABS=$(grep -R "$FILE" /var/spool/cron/ | while read SOR; do
                        echo "$SOR" | awk -F':' '{print $1}' | awk -F'/' '{print $NF}';
                done | sort | uniq | tr '\n' ',' | sed -e 's/^/crontab:/' -e 's/,*$//')
                ATJOBS=$(grep -R "$FILE" /var/spool/atjobs/ | while read SOR; do
                        echo "$SOR" | awk -F':' '{print $1}' | awk -F'/' '{print $NF}';
                done | sort | uniq | tr '\n' ',' | sed -e 's/^/atjobs:/' -e 's/,*$//')
                if [[ -n $CRONTABS && -n $ATJOBS ]]; then CRONTABS="$CRONTABS,$ATJOBS"; fi
 
                IPS=$(egrep "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" "$FILE" | while read SOR; do
                        echo "$SOR" | perl -wne'while(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/g){print "$&\n"}'
                done | sort | uniq | tr '\n' ',' | sed -e 's/^/ips:/' -e 's/,*$//')
 
                EMAILS=$(egrep "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}" "$FILE" | while read SOR; do
                        echo "$SOR" | perl -wne'while(/[\w\.\-]+@[\w\.\-]+\w+/g){print "$&\n"}'
                done | sort | uniq | tr '\n' ',' | sed -e 's/^/emails:/' -e 's/,*$//')
 
                COMMANDS=$(for COMMAND in $COMMAND_LIST; do
                        if [[ $(grep -c "$COMMAND" $FILE) -gt 0 ]]; then
                                echo "$COMMAND"
                        fi
                done | sort | uniq | tr '\n' ',' | sed -e 's/^/commands:/' -e 's/,*$//')
                echo "$FILE;$MTIME;$CRONTABS;$IPS;$COMMANDS;$EMAILS" | awk -F';' '{printf "%-60s %-21s %-15s %-20s %-20s %-30s\n",$1,$2,$3,$4,$5,$6}'
                echo "$FILE;$MTIME;$CRONTABS;$IPS;$COMMANDS;$EMAILS;$(shasum $FILE | awk '{print $1}')" | awk -F';' '{printf "%-60s;%-21s;%-15s;%-20s;%-20s;%-30s;%-41s\n",$1,$2,$3,$4,$5,$6,$7}' | sed -e 's/crontab://' -e 's/emails://' -e 's/commands://' -e 's/ips://' -e 's/atjobs://' >> $CSVFILE
        fi
    else
        echo "$FILE;Nem nyithato meg a fajl." | awk -F';' '{printf "%-60s %-41s\n",$1,$2}'
        echo "$FILE;Nem nyithato meg a fajl." | awk -F';' '{printf "%-60s;%-41s\n",$1,$2}' >> $CSVFILE
    fi
done
rm -f $TMPFILE