安全类和远程类shell脚本
批量杀php小马脚本
find /home/hatdot/ -name "*.php" |xargs egrep "phpspy|c99sh|milw0rm|eval\(gunerpress|eval\(base64_decoolcode|spider_bc">>/tmp/test.txt grep -r -include=*.php '[^a-z]eval($_POST' . >> /tmp/test.txt grep -r -include=*.php 'file_put_contents(.*$_POST\[ .*\ ]);' . >> /tmp/test.txt find /home/hatdot/ -name "*.php" -type f -print 0 | xargs -0 egrep "(phpspy|c99sh|milw0rm|eval\(gzuncompress\(base64_decoolcode|eval\(base64_decoolcode|spider_bc|gzinflate)" | awk -F: '{print $1}' | sort | uniq >> /tmp/test.txt
python批量杀php小马
#!/usr/bin/python
# -*- coding: utf-8 -*-
#blog:www.sinesafe.com import os
import sys
import re rulelist = [
'(\$_(GET|POST|REQUEST)\[.{0,15}\]\(\$_(GET|POST|REQUEST)\[.{0,15}\]\))',
'(base64_decode\([\'"][\w\+/=]{200,}[\'"]\))',
'eval\(base64_decode\(',
'(eval\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
'(assert\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
'(\$[\w_]{0,15}\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
'(wscript\.shell)',
'(gethostbyname\()',
'(cmd\.exe)',
'(shell\.application)',
'(documents\s+and\s+settings)',
'(system32)',
'(serv-u)',
'(提权)',
'(phpspy)',
'(后门)',
'(webshell)',
'(Program\s+Files)'
] def Scan(path):
for root,dirs,files in os.walk(path):
for filespath in files:
isover = False
if '.' in filespath:
ext = filespath[(filespath.rindex('.')+1):]
if ext=='php':
file= open(os.path.join(root,filespath))
filestr = file.read()
file.close()
for rule in rulelist:
result = re.compile(rule).findall(filestr)
if result:
print '文件:'+os.path.join(root,filespath)
print '恶意代码:'+str(result[0])
print '\n\n'
break if os.path.lexists(sys.argv[1]):
print('\n\n开始扫描:'+sys.argv[1])
print(' 可疑文件 ')
print('########################################')
Scan(sys.argv[1])
print('提示:扫描完成-- O(∩_∩)O哈哈~')
else:
print '提示:指定的扫描目录不存在--- 我靠( \'o′)!!凸'
#!/bin/bash
echo "check ssh...."
while true
do
who | awk -F"(" '{print $2}' | sed 's/.$//' | while read ip
do
if [ `echo $ip | awk -F"." 'END{print NF}'` -eq 4 ]
then
echo "$ip ssh close"
iptables -A INPUT -p tcp --dport 22 -s $ip -j REJECT
ipssh=`who | awk '{print $2}' | head -$i | tail -1`
ipsshid=`ps -ef | grep "@$ipssh" | awk '{print $2}'`
kill -9 $ipsshid 2> /dev/null
echo iptables -D INPUT -p tcp --dport 22 -s $ip -j REJECT | at now + 30 minutes
fi
done
sleep 2
done
版本2:
#!/bin/bash
while true
do
line=`who |grep -v "(:" |wc -l` for i in `seq $line`
do
pts=`who |grep -v "(:" |awk '{print $2}' |head -$i |tail -1`
ip=`who |grep -v "(:" |awk -F"(" '{print $2}'|awk -F")" '{print $1}' |head -$i |tail -1`
pid=`ps -ef |grep $pts |grep sshd |grep -v grep |awk '{print $2}'`
kill -9 $pid
iptables -A INPUT -p tcp --dport 22 -s $ip -j REJECT
at now + 30 minutes << EOF > /dev/null 2>&1
iptables -D INPUT -p tcp --dport 22 -s $ip -j REJECT
EOF
done sleep 2
done
rsync+ssh批量自动化部署:
#!/bin/bash
#-------------------------------------#
# author by bossco #
# auto change server files #
# 2015.12.24 #
#-------------------------------------#
#前提:先要做SSH等效性,让SSH远程登陆不需要输入密码
#ssh-keygen 回车回车回车
#ssh-copy-id -i /root/.ssh/id_rsa.pub 远程服务器IP flush()
{
if [ ! f rsync.list ];then
echo -e "\033[34mPlease Create rsync.list files,
The rsync.list contents as follows! \033[0m"
cat <<EOF
192.168.10.128 src_dir des_dir
192.168.10.129 src_dir des_dir
EOF
exit
fi
rm -rf rsync.list.swp;cat rsync.list | grep -v "#" >rsync.list.swp
COUNT=`cat rsync.list.swp | wc -l`
NUM=0
while (($(NUM) < $COUNT))
do
NUM=`expr $NUM + 1`
LINE=`sed -n "$(NUM)p" rsync.list.swp`
SRC=`echo $LINE | awk '{print $2}'`
DES=`echo $LINE | awk '{print $3}'`
IP=`echo $LINE | awk '{print $1}'`
rsync -av $(SRC)/ root@$(IP):$(DES)/
done
} restart ()
{
if [ ! f restart.list ];then
echo -e "\033[34mPlease Create restart.list files,
The restart.list contents as follows! \033[0m"
cat <<EOF
192.168.10.128 COMMAND
192.168.10.129 COMMAND
EOF
exit
fi
rm -rf restart.list.swp;cat restart.list | grep -v "#" >> restart.list.swap
COUNT=`cat restart.list.swp | wc -l`
NUM=0
while (($(NUM) < $COUNT))
do
NUM=`expr $NUM + 1`
LINE=`sed -n "$(NUM)p" restart.list.swp`
COMMAND=`echo $LINE | awk '{print $2}'`
IP=`echo $LINE | awk '{print $1}'`
ssh -l root $IP
"sh $COMMAND;echo -e '------------\nThe $IP Exec commands:sh $COMMAND success!'"
done
} case $1 in
flush )
flush ;;
restart )
restart ;;
*)
echo -e "\033[31mUsage: $0 command,example{flush | restart} \033[0m"
esac
批量远程执行命令:
#!/bin/bash
#-------------------------------------#
# author by bossco #
# remote exec command #
# 2015.12.24 #
#-------------------------------------#
#前提:先要做SSH等效性,让SSH远程登陆不需要输入密码
#ssh-keygen 回车回车回车
#ssh-copy-id -i /root/.ssh/id_rsa.pub 远程服务器IP
#把远程服务器的IP地址ip.txt文件里 if [ ! -f ip.txt ];then
echo -e "\033[31m please create ip.txt\033[0m"
exit
fi if [ -z "$*" ];then
echo -e "\033[32mUsage: $0 command,example{rm /tmp/test.txt | mkdir /tmp/20150505}\033[0m"
exit
fi count=`cat ip.txt | wc -l`
rm -rf ip.txt.swap
i=0
while ((i< $count))
do
i=`expr $i + 1`
sed "$(i)s/^/&$(i) /g" ip.txt >> ip.txt.swp
IP=`awk -v I="$i" '{if(I==$1)print $2}' ip.txt.swp`
ssh -q -l root $IP "$*;echo -e '\033[35m-------------------\nThe $IP Exec Commands: $* success !';sleep 2"
done
批量拷贝文件或目录至远程服务器:
#!/bin/bash
#-------------------------------------#
# author by bossco #
# cp file/dir to remote server #
# 2015.12.24 #
#-------------------------------------#
#前提:先要做SSH等效性,让SSH远程登陆不需要输入密码
#ssh-keygen 回车回车回车
#ssh-copy-id -i /root/.ssh/id_rsa.pub 远程服务器IP
#把远程服务器的IP地址ip.txt文件里 if [ ! -f ip.txt ];then
echo -e "\033[31m please create ip.txt\033[0m"
exit
fi if [ -z "$1" ];then
echo -e "\033[32mUsage: $0 command,example{src_files|src_dir des_dir}\033[0m"
exit
fi count=`cat ip.txt | wc -l`
rm -rf ip.txt.swap
i=0
while ((i< $count))
do
i=`expr $i + 1`
sed "$(i)s/^/&$(i) /g" ip.txt >> ip.txt.swp
IP=`awk -v I="$i" '{if(I==$1)print $2}' ip.txt.swp`
scp -r $1 root@${ip}:$2
#rsync -aP --delete $1 root${ip}:$2
done
自动阻止3次SSH远程登陆输入密码错误的恶意IP
#!/bin/bash
#auto drop ssh failed IP address
#-------------------------------------#
# author by bossco #
# auto drop ssh failed IP address #
# 2015.12.23 #
#-------------------------------------#
#定义变量
SEC_FILE=/var/log/secure
IP_ADDR=`tail -n 1000 /var/log/secure | grep "failed password" | egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" | sort -nr | uniq -c | awk ' $1>=3 {print $2}'`
IPTABLE_CONF=/etc/sysconfig/iptables
echo
cat <<EOF
+++++++++++++++welcome to use ssh login drop failed ip +++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
EOF
for i in `echo IP_ADDR`
do
cat $IPTABLE_CONF | grep $i >/dev/null
if
[ $? -ne 0 ];then
sed -i "/lo/a -A INPUT -s $i -m state --state NEW -p tcp --dport 22 -j DROP" $IPTABLE_CONF
else
echo "$i is exists in iptalbes"
fi
done
安全类和远程类shell脚本的更多相关文章
- JAVA远程执行Shell脚本类
1.java远程执行shell脚本类 package com.test.common.utility; import java.io.IOException; import java.io.Input ...
- Java SSH远程执行Shell脚本实现(转)
前言 此程序需要ganymed-ssh2-build210.jar包(下载地址:http://www.ganymed.ethz.ch/ssh2/) 为了调试方便,可以将\ganymed-ssh2-bu ...
- Java实践 — SSH远程执行Shell脚本(转)
原文地址:http://www.open-open.com/lib/view/open1384351384024.html 1. SSH简介 SSH是Secure Shell的缩写,一 ...
- Java实践 — SSH远程执行Shell脚本
1. SSH简介 SSH是Secure Shell的缩写,一种建立在应用层和传输层基础上的安全协议.SSH在连接和传送过程中会加密所有数据,可以用来在不同系统或者服务器之间进行安全连接 ...
- Java实践-远程调用Shell脚本并获取输出信息
1.添加依赖 <dependency> <groupId>ch.ethz.ganymed</groupId> <artifactId>ganymed-s ...
- 远程调用shell脚本文件和远程复制文件
1.安装sshpass yum install sshpass 2.本地调用远程服务器的shell脚本文件: sshpass -p sa ssh root@192.168.56.105 -C &quo ...
- Shell 脚本 —— java 代码远程调用shell脚本重启 tomcat
个人博客网:https://wushaopei.github.io/ (你想要这里多有) 1.创建maven 工程 maven 依赖: <dependency> <grou ...
- 远程执行shell脚本
ssh -p2016 apache@10.10.18.130 '/bin/sh /data/www/vhosts/WOStest3_ENV/update_env.sh' 需要设置shell远程免密码登 ...
- SaltStack远程执行shell脚本
编辑文件fansik.sh 脚本内容: #!/bin/bash # Author: fansik # data: 2017年 09月 26日 星期二 :: CST touch /tmp/fansik. ...
随机推荐
- dedecmsV5.7 arclist标签同时取出主表和附表里的数据
{dede:arclist}{/dede:arclist}标签默认取出来的是主表x_archives中的数据,如果要取出附表中的数据,需要满足两个条件: 指定channelid属性(注意:channe ...
- 当您解开后您从 Internet 上下载的压缩的文件时,文件的修改日期更改为您提取它的日期
用鼠标右键单击该压缩的文件,然后单击属性. 单击常规选项卡,请单击取消阻止,然后单击确定. 从压缩文件中提取文件.
- Vue中的导航守卫(路由守卫)
当做Vue-cli项目的时候感觉在路由跳转前做一些验证,比如登录验证,是网站中的普遍需求. 对此,vue-router 提供的 beforeEach可以方便地实现全局导航守卫(navigation-g ...
- WPF 在使用 ItemsSource 之前,项集合必须为空
原文:WPF 在使用 ItemsSource 之前,项集合必须为空 <DataGrid x:Name="datagrid" ItemsSource="{Bindin ...
- WPF 精修篇 依赖属性
原文:WPF 精修篇 依赖属性 依赖属性使用场景 1. 希望可在样式中设置属性. 2. 希望属性支持数据绑定. 3. 希望可使用动态资源引用设置属性. 4. 希望从元素树中的父元素自动继承属性值. 5 ...
- <Array> 54 (高频+hard )45
55. Jump Game 希望知道能否到达末尾,也就是说我们只对最远能到达的位置感兴趣,所以维护一个变量 reach,表示最远能到达的位置,初始化为0.遍历数组中每一个数字,如果当前坐标大于 rea ...
- Codeforces Round #603 (Div. 2) E. Editor 线段树
E. Editor The development of a text editor is a hard problem. You need to implement an extra module ...
- Java读写分离实现
1.查看源码 AbstractRoutingDataSource类中有个determineTargetDataSource方法 protected DataSource determineTarget ...
- [06]ASP.NET Core中的进程内(InProcess)托管
ASP.NET Core 进程内(InProcess)托管 本文作者:梁桐铭- 微软最有价值专家(Microsoft MVP) 文章会随着版本进行更新,关注我获取最新版本 本文出自<从零开始学 ...
- ASH裸数据dba_hist_active_sess_history的分析
之前在一则案例<记录一则enq: TX - row lock contention的分析过程>使用过这种方法. 因为最近故障处理经常会用到这类查询进行ASH裸数据的分析,下面以m_ash0 ...