Shell scripts monitor server processes and ports
Recently learned shell programming, wrote a script that can monitor the port, PID, program name, etc. used by the current server; it can be used to find out if there are any ports that are not commonly used to be intercepted, and then judge whether it has been “engaged” by the hacker;
code show as below:
#tcp part
Port1=`netstat -an|grep LISTEN|egrep "0.0.0.0|:::"|awk '/^tcp/ {print $4}'|awk -F: '{print $2$4}'|sort -n`
Echo "TCP state:"
Echo "--------------------------------"
Echo "PORT PID COMMAND"
For a in $port1
Do
b=`lsof -n -i:$a|grep TCP|grep LISTEN|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
Echo "$a $b"
Done
Echo "--------------------------------"
#udp part
Echo ""
Port2=`netstat -an|grep udp|awk '{print $4}'|awk -F: '{print $2}'|sed '/^$/d'|sort -n`
Echo "UDP state:"
Echo "--------------------------------"
Echo "PORT PID COMMAND"
For a in $port2
Do
b=`lsof -n -i:$a|grep UDP|grep IPv4|awk '{printf("%d\t%s\n"),$2,$1}'`
If [ -n "$b" ];then
Echo "$a $b"
Fi
Done
Echo "--------------------------------"
Exit 0