yannweb
/
shcheck
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Activity
Browse Source

Add tests on open/closed ports

Yann Weber 4 months ago
parent
60a8cb4b93
commit
5e3484a25d
2 changed files with 117 additions and 0 deletions
Split View Show Diff Stats
  1. 1
    0
      check.sh
  2. 116
    0
      checks/firewall.sh

+ 1
- 0
check.sh View File 

@@ -208,6 +208,7 @@ CHECK_REPORT() {
208 208 
 . ./checks/mail.sh
209 209 
 . ./checks/mpd.sh
210 210 
 . ./checks/net.sh
211 
+. ./checks/firewall.sh
211 212 
 . ./checks/ssh.sh
212 213 
 . ./checks/webradio.sh
213 214 
 . ./checks/xmpp.sh

+ 116
- 0
checks/firewall.sh View File 

@@ -0,0 +1,116 @@
1 
+_check_port() {
2 
+	ipv_arg=$1
3 
+	ports=$2
4 
+	hosts=$3
5 
+	state=$4
6 
+	case "$ipv_arg" in
7 
+		ipv4)ipv=-4;;
8 
+		ipv6)ipv=-6;;
9 
+		*)ipv="";;
10 
+	esac
11 
+	case "$state" in
12 
+		open)grep_opt="grep -v";;
13 
+		*)grep_opt="grep";;
14 
+	esac
15 
+	tmpres=$(mktemp)
16 
+
17 
+	nmap $ipv -oG - -n -Pn -p $ports $hosts >$tmpres
18 
+
19 
+	if [ -n "$(cat $tmpres |grep "Ports: " |$grep_opt "/open/")" ]
20 
+	then
21 
+		fail "Port not $state '$hosts':$ports $ipv_arg"
22 
+		if [ "$verbose" -gt 1 ]
23 
+		then
24 
+			cat $tmpres |grep "Ports: " |$grep_opt "/open/" | while read line
25 
+			do
26 
+				logdate ERR "$line" 1
27 
+			done
28 
+		fi
29 
+	else
30 
+		success "Port $state '$hosts':$ports $ipv_arg"
31 
+	fi
32 
+	rm $tmpres
33 
+}
34 
+
35 
+check_port_open()
36 
+{
37 
+	_check_ports_state "$1" "$2" "$3" "$4" "10" "open"
38 
+}
39 
+
40 
+check_port_close()
41 
+{
42 
+	_check_ports_state "$1" "$2" "$3" "$4" "50" "close"
43 
+}
44 
+
45 
+_fw_progress() {
46 
+	sz=$1
47 
+	timeout=$2
48 
+	if [ "$verbose" -gt 1 ]
49 
+	then
50 
+		cat | pv -l -s $sz -i $timeout -apte
51 
+	else
52 
+		cur=0
53 
+		printf "%4d/%4d" "$cur" "$sz" >&2
54 
+		while read line
55 
+		do
56 
+			printf "\b\b\b\b\b\b\b\b\b%4d/%4d" "$cur" "$sz" >&2
57 
+			cur="$(expr $cur + 1)"
58 
+		done
59 
+		echo -n "\b\b\b\b\b\b\b\b\b         \b\b\b\b\b\b\b\b\b" >&2
60 
+	fi
61 
+}
62 
+
63 
+_check_ports_state() {
64 
+	ipv_arg=$1
65 
+	ports_arg=$2
66 
+	host=$3
67 
+	timeout=$4
68 
+	nprocs=$5
69 
+	state=$6
70 
+	case "$ipv_arg" in
71 
+		ipv4)ipv=-4;;
72 
+		ipv6)ipv=-6;;
73 
+		*)ipv="";;
74 
+	esac
75 
+	if [ -z "$timeout" ]
76 
+	then
77 
+		timeout=1
78 
+	fi
79 
+	if [ -z "$nprocs" ]
80 
+	then
81 
+		nprocs=10
82 
+	fi
83 
+
84 
+	tmp_scan=$(mktemp -t port_scan_XXXXXXX.sh)
85 
+	echo "nc $ipv -z -w $timeout $host \$1 && echo \"\$1 open\"||echo \"\$1 close\"" > $tmp_scan
86 
+	chmod +x $tmp_scan
87 
+
88 
+	ports=$(echo $ports_arg |tr -s ',' ' '| tr -s " " "\n" | while read port;
89 
+		do
90 
+			if echo $port | grep '-' >/dev/null
91 
+			then
92 
+				echo $(seq $(echo $port |tr -s '-' ' '))
93 
+			else
94 
+				echo $port
95 
+			fi
96 
+		done)
97 
+
98 
+	ports_count=$(echo $ports | tr -s ' ' "\n" |wc -l)
99 
+
100 
+	if [ "$verbose" -gt 1 ]
101 
+	then
102 
+		logdate INFO "$tc_name: Checking $ports_count ports ($ports_arg) are $state on $host $ipv_arg"
103 
+	fi
104 
+
105 
+	#failures=$(echo $ports | tr -s ' ' "\n" | xargs -I '{}' -P $nprocs $tmp_scan '{}'| pv -l -s $ports_count -i $timeout -apte | grep -v "$state" | cut -d " " -f1)
106 
+	failures=$(echo $ports | tr -s ' ' "\n" | xargs -I '{}' -P $nprocs $tmp_scan '{}'| _fw_progress $ports_count $timeout | grep -v "$state" | cut -d " " -f1)
107 
+
108 
+	if [ -n "$failures" ]
109 
+	then
110 
+		fail "Port not $state : $failures"
111 
+	else
112 
+		success "All ports $state : $ports_arg"
113 
+	fi
114 
+
115 
+	rm $tmp_scan
116 
+}

Write Preview
Loading…
Cancel
Save