shell记录报警系统执行的危险命令

来源:网络 责任编辑:栏目编辑 发表时间:2013-07-01 14:25 点击:

#!/bin/bash

cd /u1/Operation_log/

##format log
for i in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
   cat $i | perl -pe 's/\e([^\[\]]|\[.*?[a-zA-Z]|\].*?\a)//g' | col -b > /home/Operation_filter_log/clean/$i
done

###--------------------------------------------------------###

##normal commmand
cd /home/Operation_filter_log/clean/

for j in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
   egrep "Script|@$HOSTNAME" $j > /home/Operation_filter_log/normal/$j.txt
done

##dangerous commmand
#if [ "$(ls -A /home/Operation_filter_log/dangerous/)" != "" ];then

#ls -l /home/Operation_filter_log/dangerous/ | awk '{if(NR==1)next;print $NF}' > /root/list.txt

cd /home/Operation_filter_log/normal/
for k in `ls -l | awk '{if(NR==1)next;print $NF}'`
do
   file1=`ls -l /home/Operation_filter_log/dangerous/$k |awk '{print $5}'`
   egrep -w 'rm|reboot|shutdown|init|poweroff|passwd|mkfs|kill|pkill|stop|clusvcadm|fence_drac|fence_ipmilan' $k > /dev/null
  
if [ "$?" = "0" ];then
   egrep -w "Script|@$HOSTNAME|rm|reboot|shutdown|init|poweroff|passwd|mkfs|kill|pkill|stop|clusvcadm|fence_drac|fence_ipmilan" $k > /home/Operation_filter_log/dangerous/$k
   ls -l /home/Operation_filter_log/dangerous/ | awk '{if(NR==1)next;print $NF}' > /root/list.txt       
   file2=`ls -l /home/Operation_filter_log/dangerous/$k |awk '{print $5}'`

else
   exit 2
fi
done
     
if [ "$file1" != "$file2" ];then
   for u in `awk -F"$HOSTNAME-|-" '{print $2}' /root/list.txt|sort -u`
   do
      content=(`grep "$u" /root/list.txt`)
      content_LEN=${#content[@]}
      i=0
      while [ $i -lt $content_LEN ]
      do
      /usr/local/mysql/bin/mysql -h 192.168.177.66 -uxxx -pxxx -P3306 mon -e "insert into operation_log(hostname,user,execution_time,content) values('$HOSTNAME','$u',now(),'`cat /home/Operation_filter_log/dangerous/${content[$i]}`');"
      let i++
      done
   done
fi


作者“linux”

    发表评论
    请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
    用户名: 验证码:点击我更换图片
    最新评论 更多>>

    推荐热点

    • /etc/fstab 详解
    • nginx主主集群
    •  LVS-NAT和LVS-DR模式的实现详解
    •  RHCE考试之磁盘配额
    • 学习笔记:ACL详解
    •  LVM逻辑卷管理器
    • suse linux双网卡双网关配置
    •  Nginx主主负载均衡架构
    • ubuntu学习Mysql

    快速直达

    操作系统导航

    LinuxWindows虚拟机
    网站首页 - 友情链接 - 网站地图 - TAG标签 - RSS订阅 - 内容搜索
    Copyright © 2008-2015 计算机技术学习交流网. 版权所有

    豫ICP备11007008号-1