shell记录报警系统执行的危险命令
2011-09-13 10:29
337 查看
#!/bin/bash
cd /u1/Operation_log/
##format log
for i in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
cat $i | perl -pe 's/\e([^\[\]]|\[.*?[a-zA-Z]|\].*?\a)//g' | col -b > /home/Operation_filter_log/clean/$i
done
###--------------------------------------------------------###
##normal commmand
cd /home/Operation_filter_log/clean/
for j in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
egrep "Script|@$HOSTNAME" $j > /home/Operation_filter_log/normal/$j.txt
done
##dangerous commmand
#if [ "$(ls -A /home/Operation_filter_log/dangerous/)" != "" ];then
#ls -l /home/Operation_filter_log/dangerous/ | awk '{if(NR==1)next;print $NF}' > /root/list.txt
cd /home/Operation_filter_log/normal/
for k in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
file1=`ls -l /home/Operation_filter_log/dangerous/$k |awk '{print $5}'`
egrep -w 'rm|reboot|shutdown|init|poweroff|passwd|mkfs|kill|pkill|stop|clusvcadm|fence_drac|fence_ipmilan' $k > /dev/null
if [ "$?" = "0" ];then
egrep -w "Script|@$HOSTNAME|rm|reboot|shutdown|init|poweroff|passwd|mkfs|kill|pkill|stop|clusvcadm|fence_drac|fence_ipmilan" $k > /home/Operation_filter_log/dangerous/$k
ls -l /home/Operation_filter_log/dangerous/ | awk '{if(NR==1)next;print $NF}' > /root/list.txt
file2=`ls -l /home/Operation_filter_log/dangerous/$k |awk '{print $5}'`
else
exit 2
fi
done
if [ "$file1" != "$file2" ];then
for u in `awk -F"$HOSTNAME-|-" '{print $2}' /root/list.txt|sort -u`
do
content=(`grep "$u" /root/list.txt`)
content_LEN=${#content[@]}
i=0
while [ $i -lt $content_LEN ]
do
/usr/local/mysql/bin/mysql -h 192.168.177.66 -uxxx -pxxx -P3306 mon -e "insert into operation_log(hostname,user,execution_time,content) values('$HOSTNAME','$u',now(),'`cat /home/Operation_filter_log/dangerous/${content[$i]}`');"
let i++
done
done
fi
cd /u1/Operation_log/
##format log
for i in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
cat $i | perl -pe 's/\e([^\[\]]|\[.*?[a-zA-Z]|\].*?\a)//g' | col -b > /home/Operation_filter_log/clean/$i
done
###--------------------------------------------------------###
##normal commmand
cd /home/Operation_filter_log/clean/
for j in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
egrep "Script|@$HOSTNAME" $j > /home/Operation_filter_log/normal/$j.txt
done
##dangerous commmand
#if [ "$(ls -A /home/Operation_filter_log/dangerous/)" != "" ];then
#ls -l /home/Operation_filter_log/dangerous/ | awk '{if(NR==1)next;print $NF}' > /root/list.txt
cd /home/Operation_filter_log/normal/
for k in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
file1=`ls -l /home/Operation_filter_log/dangerous/$k |awk '{print $5}'`
egrep -w 'rm|reboot|shutdown|init|poweroff|passwd|mkfs|kill|pkill|stop|clusvcadm|fence_drac|fence_ipmilan' $k > /dev/null
if [ "$?" = "0" ];then
egrep -w "Script|@$HOSTNAME|rm|reboot|shutdown|init|poweroff|passwd|mkfs|kill|pkill|stop|clusvcadm|fence_drac|fence_ipmilan" $k > /home/Operation_filter_log/dangerous/$k
ls -l /home/Operation_filter_log/dangerous/ | awk '{if(NR==1)next;print $NF}' > /root/list.txt
file2=`ls -l /home/Operation_filter_log/dangerous/$k |awk '{print $5}'`
else
exit 2
fi
done
if [ "$file1" != "$file2" ];then
for u in `awk -F"$HOSTNAME-|-" '{print $2}' /root/list.txt|sort -u`
do
content=(`grep "$u" /root/list.txt`)
content_LEN=${#content[@]}
i=0
while [ $i -lt $content_LEN ]
do
/usr/local/mysql/bin/mysql -h 192.168.177.66 -uxxx -pxxx -P3306 mon -e "insert into operation_log(hostname,user,execution_time,content) values('$HOSTNAME','$u',now(),'`cat /home/Operation_filter_log/dangerous/${content[$i]}`');"
let i++
done
done
fi
相关文章推荐
- linux系统中shell中执行命令是报:bash: ifconfig: command not found错误的解决办法
- java代码中执行shell或调用系统命令
- 执行系统命令并且将输出写到指定日志文件的shell脚本(1)
- 让history命令可以记录所有shell命令的执行时间
- 执行系统命令并且将输出写到指定日志文件的shell脚本(2)
- Android执行shell脚本命令(备忘记录与实际应用)
- java 中调用window系统中的文件,或者执行命令(shell、.CMD、.EXE)并获取返回值
- QProcess 执行系统命令 shell 如:执行tftp命令
- PHP执行系统外部命令函数:exec()、passthru()、system()、shell_exec()
- 使用Java代码执行系统命令/shell命令, 并获取输出结果
- Linux的系统调用、网络连接状态、磁盘I/O;可疑行为监控/日志收集、SHELL命令执行流程
- PHP执行系统外部命令函数:exec()、passthru()、system()、shell_exec()
- IPython下执行shell命令-魔力函数(alias store rehash)- 千月的python linux 系统管理指南学习笔记(6)
- Linux的系统调用、网络连接状态、磁盘I/O;可疑行为监控/日志收集、SHELL命令执行流程
- Linux系统的rm命令太危险,一不小心就会删除系统文件。写一个shell脚本来替换系统的rm命令,
- 初学shell,为了练习sed,写了个简单的批量修改文件名的脚本,后来执行时发现系统竟然自带有一个rename命令,顺便也记下了
- Java调用linux系统shell执行命令
- awk里面执行shell/系统命令
- android中的HandlerThread类 Runtime.getRuntime()报错null environmentAndroid执行shell命令Android获取系统剩余可用内存信息
- java 中调用window系统中的文件,或者执行命令(shell、.CMD、.EXE)并获取返回值(如果有的话)