安全运维之端口安全-蒲公英云

兼职安全半年了，分享一下我这里是如何做安全的，当然作为兼职，不是太深入，进攻参考。

下面介绍端口安全，主要是公司IDC机房所有ip段开放端口情况，比如一个服务器，默认仅要求开放ssh端口，但如果开启了其他未允许端口，可能是被人误开或者被入侵，这样就需要运维提前知晓并解决。

如何实现：

1、使用nmap+diff来对公司所有idc，进行端口扫描；

2、当天的扫描结果与昨天扫描的结果进行对比；

3、如果新增主机或已存在主机有新增与关闭端口的情况，也进行邮件通知。

结果展示：

1、没有差异的情况

2、有新增主机情况

$wKiom1OngQLidxwsAADW\_XPWq-I425.jpg$

3、已存在主机有新增或关闭端口情况

下面是端口安全扫描脚本内容：

#!/bin/bash

#This script name is scan_analyse.sh

.
/etc/profile

echo
“start time is $(date)”

time
=$(
date
+
“%Y-%m-%d”
)

yesterday=</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">date</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-d&nbsp;</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#0000FF;">"1&nbsp;day&nbsp;ago&nbsp;"</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">+</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#0000FF;">"%Y-%m-%d"</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">

work_dir=
“/root/nmap_scan”

now_dir=
“$work_dir/scan_result/$time”

IP=
‘1.1.1.0/24’

contact_mail=
‘xx@mail.com’

rm
-rf $now_dir

if
[ ! -d
“$work_dir/scan_result/$time”
];
then

mkdir
-p $work_dir
/scan_diff_result/
$
time

fi

rm
-rf $work_dir
/scan_diff_result/
$
time
/result
.log

ip_32=</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">echo</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">$IP|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">cut</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-d&nbsp;.&nbsp;-f&nbsp;1-3

if
[ ! -d $now_dir/$ip_32 ];
then

mkdir
-p $now_dir/$ip_32

fi

for
i
in
{1..254}

do

nmap -sS -r -n $ip_32.$i |
egrep
-
v
“(Starting|scanned)”
|
egrep
“(Nmap|open)”
>$now_dir/$ip_32/$ip_32.$i

if

[ </code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">cat</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">$now_dir/$ip_32/$ip_32.$i|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">wc</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-l -

eq
1 ];
then

rm
-rf $now_dir/$ip_32/$ip_32.$i

fi

done

echo
“stop time is $(date)”

for
b
in
$ip_32

do

for
i
in
$(
ls
$now_dir/$b)

do

if
[ ! -f
“$work_dir/scan_source/$b/$i”
];
then

echo
“增加新主机 $i,下面是全部信息:”
>>$work_dir
/scan_diff_result/
$
time
/result
.log

if

[ </code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">cat</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">$now_dir/$b/$i|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">wc</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-l -gt 100 ];

then

echo
“开启了所有端口,怀疑是有nat或者负载均衡!”
>>$work_dir
/scan_diff_result/
$
time
/result
.log

else

cat
$now_dir/$b/$i>>$work_dir
/scan_diff_result/
$
time
/result
.log

fi

else

if

[ </code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">diff</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-u&nbsp;$now_dir/$b/$i&nbsp;$work_dir</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">/scan_source/</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">$b/$i|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">egrep</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">v</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#0000FF;">"(\-\-\-|\+\+\+|@@)"</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">egrep</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#0000FF;">"(Nmap|\-|\+)"</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">wc</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-l -gt 100 ];

then

head
-n 1 $now_dir/$b/$i>>$work_dir
/scan_diff_result/
$
time
/result
.log

echo
“开启了所有端口,怀疑是有nat或者负载均衡!”
>>$work_dir
/scan_diff_result/
$
time
/result
.log

else

diff
-u $now_dir/$b/$i $work_dir
/scan_source/
$b/$i|
egrep
-
v
“(---|+++|@@)”
|
egrep
“(Nmap|-|+)”
|
sed
-e
‘s# Nmap scan report for#扫描主机#g’
|
sed
-e
‘s#^+#关闭了 #g’
-e
‘s#^-#开启了 #g’
>>$work_dir
/scan_diff_result/
$
time
/result
.log

fi

done

if

[ </code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">cat</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">$work_dir</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">/scan_diff_result/</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">$</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">time</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">/result</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">.log|</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(255,20,147);">wc</code>&nbsp; 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">-l -

eq
0 ];
then

echo
“今日一切正常，没有变化的端口!”
|mail -s
“【$time】所有IDC机房差异端口扫描结果”
$contact_mail

else

sed
-i

“1i 大家好: \n    下面是$time日所有IDC机房扫描新增主机或已有主机新增或关闭端口情况,请各项目负责人及时认领与确认.\n”

$work_dir
/scan_diff_result/
$
time
/result
.log

cat
$work_dir
/scan_diff_result/
$
time
/result
.log|mail -s
“【$time】所有IDC机房差异端口扫描结果”
$contact_mail

fi

rm
-rf $work_dir
/scan_source/

cp
-a $work_dir
/scan_result/
$
time
$work_dir
/scan_source

if
[ $? -
eq
0 ];
then

echo
“运行完成,操作成功!”

else

echo
“运行完成,操作失败!”

fi

请修改IP与contact_mail就可以

结构：

12:55:17
# tree /root/nmap_scan/

/root/nmap_scan/

|— scan_diff_result
#今天与昨天扫描对比结构

|   --&nbsp;2014-06-23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(0,130,0);">#当天的目录</code> 
     </div> 
     <div style="font-size:1em;background-image:none;border:0px;line-height:1.1em;vertical-align:baseline;"> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;— result.log

#对比结果内容

|— scan_result
#存放今天扫描的结果

|— scan_shell
#存放扫描脚本

|   --&nbsp;scan_analyse.sh&nbsp;&nbsp;&nbsp;&nbsp;</code> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:rgb(0,130,0);">#安全端口扫描脚本</code> 
     </div> 
     <div style="font-size:1em;background-image:none;border:0px;line-height:1.1em;vertical-align:baseline;"> 
      <code style="font-family:Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;font-size:1em;background:none;border:0px;line-height:1.1em;vertical-align:baseline;color:#000000;">— scan_source

#昨天扫描结果，作为与今天对比的源

5 directories, 2 files

使用方法：

1、先运行此脚本

创建脚本目录