-
Notifications
You must be signed in to change notification settings - Fork 0
/
OS_Admin__VerifyDetailsOfNetwork_Public.sh
145 lines (118 loc) · 4.67 KB
/
OS_Admin__VerifyDetailsOfNetwork_Public.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/bin/sh
#23456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+
####################################################################################################
###
### $Id: OS_Admin__VerifyDetailsOfNetwork_Public.sh,v 1.3 2020/08/19 21:04:51 root Exp $
###
### This script will use nmap to report on scan of the computer's ports to identify any exposures.
###
####################################################################################################
##FIRSTBOOT##
BASE=`basename "$0" ".sh" `
STRT=`pwd`
REPORT="${STRT}/${BASE}_report.`date +%Y%m%d-%H%M%S `.txt"
rm -f "${REPORT}"
TMP=/tmp/${BASE}.tmp
testor=`which netstat`
if [ -z "${testor}" ]
then
echo "\n\t Unable to find 'netstat' in PATH. Unable to proceed.\n Bye!\n" ; exit 1
fi
echo "
####################################################################################################
#
# Extent of scans attempted below are limited to 'outward-facing' NETWORK interfaces/services.
#
####################################################################################################"
###
### Report current IP address for connection provided by ISP (i.e. IP address of firewall modem)
###
modemIP=`curl ipecho.net/plain 2>>/dev/null ; echo `
echo "\n IP address for Firewall Modem = ${modemIP} ..."
echo "\t ( == ignored in this context == )"
#myIP=`ip -o addr 2>&1 | grep -v 'lo\\\' | awk '{ print $4 }' | cut -f1 -d/ `
#echo "\n Outward-facing NETWORK interface address = ${myIP} ...\n"
#echo "\t ( == ignored in this context == )"
hostNAME=`hostname`
thisHOST=`grep ${hostNAME} /etc/hosts | awk '{ print $1 }' `
loclHOST=`grep localhost /etc/hosts | grep '^127' | awk '{ print $1 }' `
echo "\n Identifying host-private NETWORK interface addresses ...\n\t ${loclHOST} for 'localhost' [private]\n\t ${thisHOST} for '${hostNAME}' [private]"
echo "\t ( == ignored in this context == )"
{
echo "\n\n Identifying outward-facing NETWORK interface devices ...\n"
### FUTURES CONSIDER: ip -o addr OR ip -a addr
INTERFACES=`netstat --interfaces | tail --lines=+3 | awk '{ print $1 }' | grep -v '^lo$' `
allIPs=""
count=0
for IF in `echo $INTERFACES `
do
iNetAddr=`ifconfig ${IF} | grep 'inet' | awk '{ printf("%s\n", $2 ) ; }' `
if [ -n "${iNetAddr}" ]
then
allIPs="${iNetAddr},${allIPs}"
echo "\t Interface: ${IF}|${iNetAddr}"
count=`expr ${count} + 1 `
fi
done
echo "\t Done."
#echo "allIPs= ${allIPs}"
###
### The following 2 commands provide the same response
###
### 1) hostname --all-ip-addresses`
###
### 2) INTERFACES=`netstat --interfaces | tail --lines=+3 | awk '{ print $1 }' | grep -v '^lo$' `
### for IF in ${INTERFACES} ; do ifconfig ${IF} | grep 'inet' | awk '{ print $2 }' ; done
###
if [ ${count} -eq 0 ]
then
echo "\n\t No interenet interfaces identified, hence no IP address identified. Unable to proceed.\n Bye!\n" ; exit 1
fi
###
### for IP in `hostname --all-ip-addresses` `hostname` localhost
### is equivalent to
### for IP in 192.168.0.11 OasisMini localhost
###
echo "\n\n Will perform scan using 'nmap' on above-reported devices to identify exposures ...\n\t (NOTE: this can take some time)\n"
for IP in `echo "${allIPs}" | awk 'BEGIN{ FS="," }{ for ( i = 1 ; i<=NF-1 ; i++ ) { print $i } ; }' `
do
#COM="nmap -v -sS -p1-65535 --host-timeout 2 --max-retries 3 --max-scan-delay 1 -T5 ${IP}"
#COM="nmap -v -sS -p1-65535 --max-retries 3 --max-scan-delay 1 -T5 ${IP}"
#COM="nmap -v -sS -p1-65535 --max-scan-delay 1 ${IP}"
#COM="nmap -v -sS -p1-65535 --max-retries 3 --max-scan-delay 5 --max-parallelism 5 -A ${IP}"
COM="nmap -v -sS -p1-65535 -T5 ${IP}"
echo "Scanning ${IP} [ ${COM} ] ...\n"
${COM}
done 2>&1 # | awk '{ printf("\t %s\n", $0 ) ; }'
echo "\n\n Performing PORT scans using 'netstat' to identify exposures ..."
for standard in inet inet6
do
case ${standard} in
inet ) descr="IPv4" ; dir="ipv4" ;;
inet6 ) descr="IPv6" ; dir="ipv6" ;;
esac
if [ -d "/proc/sys/net/${dir}" ]
then
for protocol in tcp udp
do
echo "\nReport of ports listening to `echo ${protocol} | tr '[a-z]' '[A-Z]' ` on ${descr}: \c"
rm -f ${TMP}
netstat --listening --numeric --${protocol} --program --${standard} 2>&1 >${TMP}
testor=`grep '^'${protocol} ${TMP} | awk '{ print $4 }' | cut -f1 -d\: | grep -v '^127.0.0' | grep -v '^0.0.0' | sort | uniq `
if [ -n "${testor}" ]
then
echo ""
cat ${TMP} | awk '{ printf("\t %s\n", $0 ) ; }'
else
echo "None listening to external ..."
fi
done
else
echo "\nAll services for ${descr} standard have been disabled at KERNEL level. Skipping scan for those services ..."
fi
done 2>&1 | awk '{ printf("\t %s\n", $0 ) ; }'
echo "\n\t Done.\n Bye!\n"
} 2>&1 | tee "${REPORT}"
exit 0
exit 0
exit 0