Mini Shell
#!/bin/bash
#This script has become somewhat terrible. oops. -T.
function getTotalConnections()
{
local port="$1"
local total=$(echo "${data}"|egrep ":${port} "|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN})
#echo "$total"
return $total
}
function printMatch()
{
local port="$1"
# echo "egrep \":${port} \"|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN}"
match=$(echo "${data}"|egrep ":${port} "|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN})
#if `eval echo ${match} | awk '{print NF}' -lt 2`
echo "${match}"
}
function printMatchPOP()
{
local port="$1"
# echo "egrep \":${port} \"|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN}"
#netstat -plan|grep :143|awk '{print $5}'|sed -e "s/::ffff://;"
netstat -plan|grep :110|awk '{print $5}'|sed -e "s/::ffff://;" |awk 'FS=":"{ print $1}'| sort -nk1 | uniq -c | sort -nk1 | tail -${MAX_RETURN}
#match=$(echo "${data}"|egrep ":${port} "|awk {'print $5'}|cut -d: -f 1|sed 's/:.*//g' | sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN})
#if `eval echo ${match} | awk '{print NF}' -lt 2`
#echo "${match}"
}
function printMatchIMAP()
{ #this got broken, ugly fix.
# echo "egrep \":${port} \"|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN}"
#netstat -plan|grep :143|awk '{print $5}'|sed -e "s/::ffff://;"
netstat -plan|grep ":143"|awk '{print $5}'|sed -e "s/::ffff://;" |awk 'FS=":"{ print $1}'| sort -nk1 | uniq -c | sort -nk1 | tail -${MAX_RETURN}
#match=$(echo "${data}"|egrep ":${port} "|awk {'print $5'}|cut -d: -f 1|sed 's/:.*//g' | sort|uniq -c|sort -nk 1 | tail -${MAX_RETURN})
#if `eval echo ${match} | awk '{print NF}' -lt 2`
#echo "${match}"
}
function printhelp()
{
echo -e "\nYou can use this script to get basic reports on the number"
echo "of times an IP address has connected to a certain service."
echo "The following is a list go the services you can get information"
echo " on: http mail mysql cpanel"
echo ""
echo "E.g. \"check_conn http\" - this will give you information"
echo "on the number of IP addresses connected to port 80 and 443"
echo ""
echo "You can also get a global report using the argument \"all\""
echo "like so: \"check_conn all\"";
echo -e "\nFor a summary of connections, you can also try \"summary\"\n"
}
if [ $# -lt 1 ];then
echo "You must supply an argument!";echo;
printhelp
exit 1;
fi
if [ "$1" == "--help" ];then
printhelp
exit 1;
fi
SERVICE=$1
MAX_RETURN="10"
#Get one run, then parse repeated
data=`netstat -plan`
if [ "$SERVICE" == "http" ] || [ "$SERVICE" == "all" ];then
echo "HTTP Connections"
echo "================"
echo "Highest Number of connections on Port 80:"
printMatch "80"
echo "Highest Number of connections on Port 443:"
printMatch 443
fi
if [ "$SERVICE" == "mail" ] || [ "$SERVICE" == "all" ];then
echo "Mail Connections - Sending"
echo "=========================="
echo "SMTP Connections (Port 25)"
echo "=========================="
printMatch "25"
echo "SMTP Connections (Port 465)"
echo "=========================="
printMatch "465"
echo "Mail Connections - Receiving"
echo "============================"
echo "Pop3 connections (Port 110)"
printMatchPOP "110"
echo "Mail Connections (IMAP - Port 143)"
echo "=================================="
printMatchIMAP "143"
fi
if [ "$SERVICE" == "mysql" ] || [ "$SERVICE" == "all" ];then
echo "MySql"
echo "==============="
printMatch "3306"
fi
if [ "$SERVICE" == "cpanel" ] || [ "$SERVICE" == "all" ];then
echo "cPanel"
echo "==============="
printMatch "2082"
printMatch "2083"
echo "WebMail"
echo "==============="
printMatch "2095"
printMatch "2096"
fi
#if [ "$SERVICE" == "" ] || [ "$SERVICE" == "all" ];then
# echo "Other Services"
# echo "==============="
#fi
if [ "$SERVICE" == "summary" ];then
PARSED=`echo "${data}"|awk '/.*[0-9]+.[0-9]+.[0-9]+.[0-9].*/{gsub(/::ffff:/,"",$0);print $4"\t" $5}'|cut -sd. -f 1-`
echo -e "Overall Summary\n--------------------------------------------"
echo -e "# |\tPort Number"
echo "${PARSED}"|awk {'print $1'}|cut -d: -f 2|sort|uniq -c|sort -nk 1|tail|awk {'print $1"\t"$2'}
echo -e "\n# |\tIncoming IP"
echo "${PARSED}"|awk {'print $2'}|cut -d: -f 1|sort|uniq -c|sort -nk 1|tail|awk {'print $1"\t"$2'}
echo -e "\n# |\tPort |\tIP"
echo "${PARSED}"|awk {'print $1 "\t" $2'}|cut -d: -f 2|sort|uniq -c|sort -nk 1|tail| awk {'print $1"\t"$2"\t"$3'}
#clear;echo "Netstat report";echo;echo "Number of Connections to each port:";cat netstat.log |awk {'print $1'}|cut -d: -f 2|sort|uniq -c|sort -nk 1|tail;echo;echo "Number of connections from each IP:";cat netstat.log |awk {'print $2'}|cut -d: -f 1|sort|uniq -c|sort -nk 1|tail;echo;echo "The number of instances of a particular IP connecting to particular port";cat netstat.log |awk {'print $1 "\t" $2'}|cut -d: -f 2|sort|uniq -c|sort -nk 1|tail;
fi
Zerion Mini Shell 1.0