1. CMD 자동입력, 파일 자동복사.
200, 201, 202 에서 동시에 입력하는 CMD , CP 를 진행 하도록 하자.
1) CMD 자동입력
#!/bin/bash
IP=192.168.10
if [ ] ; then
echo "Usage: $0 <CMD OPTS ARGS>"
exit 1
fi
for HOST in $IP.200 $IP.201 $IP.202
do
echo "========$HOST========"
ssh $HOST $*
echo
done
2) CP 자동입력
#!/bin/bash
IP=192.168.10
if [ $# -ne 2 ] ; then
echo "Usage: $0 <FILE> <DIR>"
exit 1
fi
FILE1=$1
DIR1=$2
for HOST in $IP.200 $IP.201 $IP.202
do
echo "========$HOST========"
scp -r $FILE1 $HOST:$DIR1
echo
done3) FTP 자동화
#!/bin/bash
SERVERINFO=/root/bin/server.txt
cat $SERVERINFO | while read IP1 UNAME UPASS
do
# echo "$IP1 : $UNAME $UPASS"
ftp -n $IP1 << E0F
user #UNAME $UPASS
cd /tmp
lcd /test
bin
hash
prompt
mput linux200.txt
bye
E0F
done
* $IP1에 EOF 를 입력값으로 받은걸 확인할 수 있다.
2. 원격 서버 자동명령 프로그램.
telnet 을 통해 원격 서버 자동 명령 프로그램을 작성한다.
[root@linux200 ~/bin]# cat server.list
192.168.10.200 root soldesk1.
192.168.10.201 fedora fedora
192.168.10.202 user01 user01
* 위 리스트 파일을 참조하여 제작한다.
#!/bin/bash
SERVERINFO=/root/bin/server.list
cat $SERVERINFO | while read IP UNAME UPASS
do
echo "========$IP========"
cmd (){
sleep 2 ; echo "$UNAME"
sleep 1 ; echo "$UPASS"
sleep 3 ; echo 'hostname'
sleep 1 ; echo 'date'
sleep 1 ; echo 'exit'
}
cmd | telnet $IP
echo
done[추가] auto telnet + ftp 동시구현하는 프로그램 제작
#!/bin/bash
# auto Telnet
IP1=192.168.10.201
UNAME='root'
UPASS='soldesk1.'
BACKUP=home.tar.gz
BACKUPTARGET=/etc/sysconfig
cmd (){
sleep 2 ; echo "$UNAME"
sleep 1 ; echo "$UPASS"
sleep 3 ; echo 'hostname'
sleep 1 ; echo 'mkdir -p /backup'
sleep 1 ; echo "tar czf /backup/$BACKUP $BACKUPTARGET"
sleep 1 ; echo 'exit'
}
cmd | telnet $IP1
# auto FTP
ftp -n $IP1 <<EOF
user #UNAME $UPASS
cd /backup
lcd /test
bin
hash
prompt
mput $BACKUP
bye
EOF
ls -l /test/$BACKUP*[실습] server ON/OFF 유무 확인 후 서버 자동종료 프로그램
#!/bin/bash
SERVER=/root/bin/server.list
cat $SERVER | while read IP UNAME UPASS
do
ping -c2 $IP >/dev/null 2>&1
if [ $? -eq 0 ] ; then
cmd() {
sleep 2 ; echo "$UNAME"
sleep 1 ; echo "$UPASS"
sleep 1 ; wall 'server down for 3 second'
sleep 3 ; echo 'reboot'
sleep 0.5 ; echo 'exit'
}
else
echo "====================="
echo " $UNAME is not on server. "
echo "====================="
fi
cmd | telnet $IP
done
3. 파일 확장자 자동변경 프로그램
파일의 확장자를 자동 변경하는 프로그램을 제작해보자.
#!/bin/bash
if [ $# -ne 1 ] ; then
echo " Usage : $0 <dir>"
exit 1
fi
WORK=$1
FILE=/tmp/.tmp1
EXT1=txt
EXT2=els
ls -1 $WORK | grep ".${EXT1}" > $FILE
for CFILE in $(cat $FILE)
do
mv $WORK/$CFILE $(echo $WORK/$CFILE | sed "s/${EXT1}\$/$EXT2/g")
done
4. 환경설정 자동세팅 프로그램
telnet와 vsftp를 자동으로 설치 및 환경설정 서비스on등.. 작업과 bashrc 환경설정을 바꿔주고, 소프트웨어도 설치하는 프로그램을 작성한다.
1) 전체 실행하는 프로그램
/bin/bash
./env1.sh
./env2.sh
./env3.sh2) telnet 설치 및 설정
#!/bin/bash
PKG_NAME="telnet telnet-server"
PKG_EN="telnet.socket"
PKG_CONF="/etc/securetty"
PKG_FW="telnet"
# package install (telnet, telnet-server)
echo " [ LOAD ] install packahes... - $PKG_NAME "
yum install -q -y $PKG_NAME >/dev/null 2>&1
rpm -q $PKG_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo " [ OK ] packages installed! - $PKG_NAME "
else
echo " [ FAIL ] packages not install. - $PKG_NAME "
exit 1
fi
# service enable
echo " [ LOAD ] Enable service.. - $PKG_EN "
systemctl enable $PKG_EN >/dev/null 2>&1
ENABLE_STATUS=$(systemctl is-enabled $PKG_EN)
systemctl restart $PKG_EN >/dev/null 2>&1
START_STATUS=$(systemctl is-active $PKG_EN)
if [ $ENABLE_STATUS = enabled -a $START_STATUS = active ] ; then
echo " [ OK ] the service is started now ! - $PKG_EN "
else
echo " [ FAIL ] the service is not start - $PKG_EN "
exit 2
fi
# service configuration
echo " [ LOAD ] configuration $PKG_NAME service. "
grep -q 'pts/' $PKG_CONF
if [ $? -ne 0 ] ; then
for i in $(seq 0 11)
do
echo "pts/$i" >> $PKG_CONF
done
else
echo " [ FAIL ] $PKG_NAME service already "
fi
echo " [ OK ] $PKG_NAME service has been set up "
# firewall configration
FW_STATUS=$(systemctl is-active firewalld)
echo " [ LOAD ] firewall configration ... "
if [ $FW_STATUS = 'active' ] ; then
firewall-cmd --add-server $PKG_FW >/dev/null 2>&1
firewall-cmd --reload >/dev/null 2>&1
echo " [ OK ] firewall service has been set up "
else
echo " [ FAIL ] firewall service desable "
exit 3
fi3) bashrc 환경걸정
#!/bin/bash
BASHRC=$HOME/.bashrc
grep -q 'THIS contents was added automatically' $BASHRC
if [ $? -ne 0 ] ; then
cat << EOF >> $BASHRC
# ======= START: THIS contents was added automatically ======= #
#
# Sfecific Configuration
#
# .bashrc
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
#
# Sfecific Configuration
#
#
# (1) Alias
#
alias c='clear'
alias ls='/bin/ls --color=tty -h'
alias grep='/bin/grep --color -i'
alias vi='/usr/bin/vim'
alias df='df -T -h'
alias dff='df -T -h ; echo ; df -i'
alias pss='ps -ef | head -1 ; ps -ef | grep $1'
#
# (2) Variable Definition
#
#export PS1='[\u@\h \w]\$'
export HISTTIMEFORMAT='%C %T'
#export PS1='\[\032[01;31m\][\h:\w]\[\032[00m\]\$'
export PS1='\[\033[01;32m\][\h:\w]\[\033[00m\]\$ '
#
# (3) bash Shell Function
#
set -o vi
#
# (4) SHell SCript
#
alias aa='chmod 755 /root/bin/*.sh'
======= END: THIS contents was added automatically =======
EOF
fi4) 소프트웨어 설치
#!/bin/bash
#gcc
yum -q -y install gcc >/dev/null 2>&1
echo "[ OK ] service installed. - gcc"
#tree
yum -q -y install tree >/dev/null 2>&1
echo "[ OK ] service installed. - tree "[실습] vsftp 를 주제로 제작.
5. 네트워크 설정 점검 프로그램
1. local 통신 가능여부 2. gateway 통신 가능여부 3. dns 통신 가능여부 를 테스트 하는 프로그램을 작성한다.
#!/bin/bash
LOCAL=192.168.10.201
GATEWAY=8.8.8.8
DNS=www.daum.net
. functions.sh
# local server test
echo "======================================================"
ping -c 1 $LOCAL >/dev/null 2>&1
print_info "ping $LOCAL"
if [ $? -eq 0 ] ; then
print_good "[ OK ] Local Netwark Connection !!"
else
print_error "[ FAIL ] Local Network Connection
(A) VMware > Edit > Virtual Network Editor
(B) VMware > VM > Settings > Network Adapter
(C) # ifconfig "
fi
# external gateway test
ping -c 1 $GATEWAY >/dev/null 2>&1
print_info "ping $GATEWAY"
if [ $? -eq 0 ] ; then
print_good "[ OK ] External Netwrok Connection !! "
else
print_error "[ FAIL ] External Network Connection
(A) # netstat -nr (# route -n) "
fi
# DNS server test
nslookup $DNS >/dev/null 2>&1
print_info "ping $DNS"
if [ $? -eq 0 ] ; then
print_good "[ OK ] DNS Client Configuration !!"
else
print_error "[ FAIL ] DNS Client Configuration
(A) # cat /etc/resolv.conf "
fi
echo "======================================================"
6. 퍼미션 점검 프로그램 제작하기.
find -perm옵션을 활용하여 퍼미션을 점검하는 프로그램을 제작한다. 644 퍼미션 이하를 기준으로 삼는다.
* find -perm -644 = 644 이상 ( 단 이하의 경우는 없다. )
#!/bin/bash
FILE1=/root/bin/pem/perm.list
RESULT=/root/bin/pem/result.txt
TMP1=/tmp/tmp1
> $RESULT
cat $FILE1 | while read FILENAME PERM1 PERM2
do
#echo "$FILENAME : $PERM1 : $PERM2"
if [ -f $FILENAME ] ; then
find $FILENAME -type f -perm -$PERM1 -ls \
| fgrep -v "$PERM2" > $TMP1
if [ -s $TMP1 ] ; then
BADPERM=$(cat $TMP1 | awk '{print $3}')
echo "[ WARN ] $PERM2 : $FILENAME 변경 내용 : ($BADPERM)" >> $RESULT
else
echo "[ OK ] $PERM2 : $FILENAME" >> $RESULT
fi
else
echo "[ ERROR ] $FILENAME not found." >> $RESULT
fi
'모의해킹 침해대응 과정 > 본 과정' 카테고리의 다른 글
| 네트워크 이론_1 / day31 (0) | 2021.05.10 |
|---|---|
| 쉘 프로그래밍(bash)_3 / day31 (0) | 2021.05.10 |
| 쉘 프로그래밍(bash)_1 / day29 (0) | 2021.05.06 |
| 쉘 스크립트(bash)_2 / day29 (0) | 2021.05.04 |
| 쉘 스크립트(bash)_1 / day28 (0) | 2021.05.04 |