Différences

Ci-dessous, les différences entre deux révisions de la page.

--- wiki:monitoring:userparameters [2016/07/16 13:08]
tamayo_j [NMap]
+++ wiki:monitoring:userparameters [2020/06/27 18:16] (Version actuelle)
@@ Ligne 59: / Ligne 59: @@
 </code>
-===== Postgrey SQL =====
+===== Postgre SQL =====
 On peu obtenir directement les informations depuis le client en ligne de commande : **psql**
@@ Ligne 85: / Ligne 85: @@
 Pensez à ajouter les machines dans le 102 qui ont aussi une IP de développement.
-Un cron éxécute donc nmap depuis l'utilisateur nmap <code> su -c "crontab -l" nmap </code> :
+Un cron éxécute donc nmap depuis l'utilisateur nmap <code> su -c "crontab -l" nmap </code>
+il serait bon de passer ce script en full awk :
 <code bash>
 #!/bin/bash
-#file /home/nmap/NnapScanner.sh
+# Romain Cherré (varens) 2017
+# varens@minet.net
+# Inspired by the precedent from
+# Ignacio Tamayo (localhost) 2016
+# tamayo_j@minet.net
-cd /home/nmap
-# ------ Vlans Publics----------
+#Script pour sniffer les ports SSH et TELNET sur plusieurs vlans
+#Several files are written with the number or SSH/Telnet server found. Then the Zabbix agent monitores these files and raises alerts
+#The files _detail.txt are used to identify which host has the ports opened
-# Vlan 2 = Public Prod
+#Check the wiki.minet.net
-nmap -F 157.159.40.0/25 | egrep -e "(repor|ssh)" > ssh_2_detail.txt;
-grep -e "ssh"  ssh_2_detail.txt | wc -l >  ssh_2.txt
-nmap -F 157.159.40.0/25 | egrep -e "(repor|telnet)"  >  telnet_2_detail.txt;
-grep -e "telnet"  telnet_2_detail.txt | wc -l >  telnet_2.txt
-# Vlan 3 = Public Dev
+SCRIPTPATH=$(cd -P $(dirname $0); pwd -P)
-nmap -F 157.159.40.128/26 | egrep -e "(repor|telnet)"  >  telnet_3_detail.txt;
-grep -e "telnet"   telnet_3_detail.txt  | wc -l >  telnet_3.txt
-# ------ Vlans Private----------
-# Vlan 103 = Private Dev
+#### Usage ####:
+##
+### Add ranges, ... ###
+# Add port : add port in ports variable and add it behind the list of addresses and range on which you want to test that port
+# Add vlan : add vlan number VLAN array index and add to it ranges and addresses then ports you want to scan
+# VLAN syntax : VLAN[<id_vlan>]="<address|range>{1,n} <ports>{1,n} <address|range>{0,n} <ports>{1,n} ..."
+#
+#
+# Ex VLAN[103]="192.168.103.0/24 23 192.168.103.15 192.168.103.21 192.168.103.18 192.168.103.80 22" will scan 192.168.103.0/24 on port 23 and 192.168.103.15 ... 192.168.103.82 on port 22
+# and VLAN[2]="157.159.40.0/25 22 23" will scan in vlan 2 on range 157.159.40.0/25 the ports 22 and 23
-# List de hosts a monitorer pour SSH, keep this list updated
+### Reports ###
-listHosts=" 192.168.103.15 192.168.103.1  192.168.103.13 192.168.103.18 192.168.103.80 "
+#
+# The full nmap report for vlan VLAN_ID is found under VLAN_ID_full.txt
+# The number of host with open port corresponding to protocol P in the vlan VLAN_ID is found in P_VLAN_ID.txt
+# The addresses of host with an open port corresponding to protocol P in vlan VLAN_ID is found in P_VLAN_ID_detail.txt
-echo . >  ssh_103_detail.txt ;
-for host in $listHosts ; do
-	nmap -F $host | egrep  -e "(repor|ssh)" >>  ssh_103_detail.txt;
-done;
-grep -e "ssh"  ssh_103_detail.txt | wc -l >  ssh_103.txt
-nmap -F 192.168.103.0/24 | egrep -e "(repor|telnet)"  >  telnet_103_detail.txt ;
-grep -e "telnet"  telnet_103_detail.txt | wc -l >  telnet_103.txt
-# Vlan 14 = Admin Wifi
+ports=(22 23)
-nmap -F 192.168.14.0/24 |  egrep -e "(repor|telnet)"  >  telnet_14_detail.txt;
+subnets=(2 3 14 102 103)
-grep -e "telnet"  telnet_14_detail.txt  | wc -l >  telnet_14.txt
+VLAN[2]="157.159.40.0/25 22 23"
+VLAN[3]="157.159.40.128/26 23"
+VLAN[14]="192.168.14.0/24 23"
+VLAN[102]="192.168.102.0/24 23"
+VLAN[103]="192.168.103.0/24 23 192.168.103.15 192.168.103.21 192.168.103.18 192.168.103.80 22"
+for i in ${subnets[@]}; do
+	rm "$i""_full.txt"
+	echo ${VLAN[$i]} | awk '{k=1;
+				while($k!=""){
+					addr=""
+					portList=""
+					while($k~/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/){
+						addr=addr $k " ";
+						k++;
+					}
+					while($k!="" && $k!~/[0-9]+\./){
+						portList=portList $k ",";
+						k++;
+					}
+					system("nmap -sT -PN -p" portList " --append-output -oG " '$SCRIPTPATH/$i'"_full.txt " addr);
+			       	}
+		      		}'
+ 	for j in ${ports[@]};do
+		proto=$(awk '{j=5;while($j!=""){if($j~/'$j'\//){split($j, a ,/\//)}j++}}END{print a[5]}' "$SCRIPTPATH$i""_full.txt" )
+		if [ -n "$proto" ]; then
+			awk '{j=5;while($j!=""){if($j~/'$j'\/open/){print $2};j++}}' "$SCRIPTPATH$i""_full.txt" > "$SCRIPTPATH$proto""_$i""_detail.txt"
+			cat "$SCRIPTPATH$proto""_$i""_detail.txt" | wc -l > "$SCRIPTPATH$proto""_$i"".txt"
+		fi
+	done
+done
 </code>
@@ Ligne 169: / Ligne 205: @@
 UserParameter=archit[*],/etc/zabbix/arcstat.pl -f read,hits,miss,hit%,l2read,l2hits,l2miss,l2hit%,arcsz,l2size 1 2 | tail -n 1 | awk '{print $ $1}'
 UserParameter=last_snap_date[*],zfs list -t snapshot | grep '$1/$2@' | tail -n 1 | cut -d "@" -f 2 | cut -d " " -f 1 | cut -c7-12
+</code>
+Avec le fichier //zstat.sh//:
+<code bash>
+#!/bin/sh
+case "$2" in
+        operations_read)
+                 zpool iostat $1 | tail -n 1 | awk '{print $4}'
+                 ;;
+        operations_write)
+                 zpool iostat $1 | tail -n 1 | awk '{print $5}'
+                 ;;
+        bandwidth_read)
+                 zpool iostat $1 | tail -n 1 | awk '{print $6}' | cut -d "K" -f 1
+                 ;;
+        bandwidth_write)
+                 zpool iostat $1 | tail -n 1 | awk '{print $7}' | cut -d "K" -f 1
+                 ;;
+        latency_read)
+#                 zpool iostat $1 | tail -n 1 | awk '{print $8}'
+                 iostat | tail -n 1 | awk '{print $5}'
+                 ;;
+        latency_write)
+                 zpool iostat $1 | tail -n 1 | awk '{print $8}'
+                 ;;
+        *)
+                exit 1
+                ;;
+esac
+exit 0
 </code>

WikiMiNET

Outils pour utilisateurs

Outils du site

Différences

Outils de la page