1、lnoi.sh: 列出当前系统下每个IP(IPv4)的连接数:
# cat lnoi.sh
#!/bin/bash
# Use for list connect numbers and IP address.
netstat -n | awk '/^tcp/{print $5}' | awk -F: '!/^::/{print $1}' | sort | uniq -c | sort -rn | awk 'BEGIN{printf "%-10s%s\n","ConNum","IP"}{printf "%-10s%s\n",$1,$2}'
2、lu.sh: 列出UID>=500并且!=65534的帐户:
# cat lu.sh
#!/bin/bash
# Use for list conut for UID > 500 and not eq 65534.
awk -F: 'BEGIN{printf "%-15s%-7s%s\n%-s\n", "Username","UID","GID","=========================="} $3 >= 500 && $3 != 65534 {printf "%-15s%-7s%s\n", $1,$3,$4} END{printf "%s\n%s\n", "==========================","List Over"}' /etc/passwd
3、lla.sh: 列出nginx或apache日志中访问量最高的前10个IP:
#!/bin/bash
# List top 10 IP on the http's access_log.
PATH=${PATH}
#access_file="/var/log/httpd/access_log-20131214"
access_file="/var/log/nginx/access.log"
cat $access_file | awk '{print $1}' | sort |uniq -c | sort -rn | head -n 10
4、两个检测内网下活跃主机的小脚本:
(1)、# cat pinghost.sh
#!/bin/bash
netid="10.1.2."
n=0
for i in $(seq 1 254)
do
ping -c1 -W1 -n $netid$i &> /dev/null
if [ $? == 0 ]
then
echo -e "$netid$i is UP!"
let n+=1
fi
done
echo -e "====================\nTotle: $n\n"
(2)、# cat scanhost.sh
#!/bin/bash
PATH=${PATH}
network="10.1.2.0/24"
#if [ $UID -ne 0 ]; then
# echo "Run this script need as root identity."
# exit 1
#fi
which nmap &> /dev/null
if [ $? -ne '0' ]; then
echo "This script relies on "nmap" program, please install it first."
exit 2
fi
nmap -sn $network | awk 'BEGIN{i=0}{i++}/report/{print $NF," is UP!"}END{printf "%-s\n%-s%s\n","==================","Totla: ",i}' | sed 's/(//' |sed 's/)//'
exit 0
对比这两小script,实际效果“scanhost.sh”更好一些,速度快,探测的也比较多。因为scanhost是使用nmap这个探测工具来探测,而ping有时会因为延迟过长(不能在1秒内返回数据包,有可能会因为ICMP包被客户机防火墙拦截下来)而不能探测到导致结果不准确。
转载于:https://blog.51cto.com/yinkai/1615523