centminmod/netstat-info.sh Secret

## netstat-info.sh
#!/bin/bash
#####################################################
# netstats display for centminmod.com servers
#####################################################
VER='0.1'
sshclient=$(echo $SSH_CLIENT | awk '{print $1}')
nic=$(ifconfig -s 2>&1 | egrep -v '^Iface|^lo|^gre' | awk '{print $1}')
bandwidth_avg=$(sar -n DEV 1 1)
bandwidth_inout=$(echo "$nic" | while read i; do echo "$bandwidth_avg" | grep 'Average:' | awk -v tnic="$i" '$0~tnic{print tnic, "In: ",$5,"Out:",$6}'; done | column -t)
packets_inout=$(echo "$nic" | while read i; do echo "$bandwidth_avg" | grep 'Average:' | awk -v tnic="$i" '$0~tnic{print tnic, "In: ",$3,"Out:",$3}'; done | column -t)
netstat_http=$(netstat -an | fgrep ':80 ')
netstat_https=$(netstat -an | fgrep ':443 ')
netstat_outbound=$(netstat -plant | egrep -v 'and|servers|Address' | awk '{print $5,$6,$7}' | grep -v ':\*' | grep -v '127.0.0.1' | sed -e "s|$sshclient|ssh-client-ip|g" | sort | uniq -c | sort -rn | head -n10 | column -t)
netstat_ips=$(netstat -tn)
netstat_ipstop=$(echo "$netstat_ips" | egrep -v 'servers|Address' | awk '{print $5}' | rev | cut -d: -f2- | rev | sort | uniq -c | sort -rn | head -n10)
netstat_ipstopf=$(echo "$netstat_ipstop" | awk '{"getent hosts " $2 | getline getent_hosts_str; split(getent_hosts_str, getent_hosts_arr, " "); print $1, $2, getent_hosts_arr[2], $3}' | sed -e "s|$sshclient|ssh-client-ip|g" | column -t)
tt_states_http=$(echo "$netstat_http" | awk '{print $6}' | sort | uniq -c | sort -n)
tt_states_https=$(echo "$netstat_https" | awk '{print $6}' | sort | uniq -c | sort -n)
uniq_states_http=$(echo "$netstat_http" | fgrep -v "0.0.0.0" | awk '{print $6}' | sort | uniq -c | sort -n)
uniq_states_https=$(echo "$netstat_https" | fgrep -v "0.0.0.0" | awk '{print $6}' | sort | uniq -c | sort -n)
ttconn_http=$(echo "$tt_states_http" | awk '{sum += $1} END {print sum;}')
ttconn_https=$(echo "$tt_states_https" | awk '{sum += $1} END {print sum;}')
uniqconn_http=$(echo "$uniq_states_http" | awk '{sum += $1} END {print sum;}')
uniqconn_https=$(echo "$uniq_states_https" | awk '{sum += $1} END {print sum;}')
econn_http=$(echo "$tt_states_http" | awk '/ESTABLISHED/ {print $1}')
econn_https=$(echo "$tt_states_https" | awk '/ESTABLISHED/ {print $1}')
wconn_http=$(echo "$tt_states_http" | awk '/TIME_WAIT/ {print $1}')
wconn_https=$(echo "$tt_states_https" | awk '/TIME_WAIT/ {print $1}')

echo -e "\nNetwork Bandwidth In/Out (KB/s):"
echo "$bandwidth_inout"
echo -e "\nNetwork Packets   In/Out (pps):"
echo "$packets_inout"
echo -e "\nTotal Connections For:"
echo "Port 80:   $ttconn_http"
echo "Port 443:  $ttconn_http"
echo -e "\nUnique IP Connections For:"
echo "Port 80:   $uniqconn_http"
echo "Port 443:  $uniqconn_http"
echo -e "\nEstablished Connections For:"
echo "Port 80:   ${econn_http:-0}"
echo "Port 443:  ${econn_https:-0}"
echo -e "\nTIME_WAIT Connections For:"
echo "Port 80:   ${wconn_http:-0}"
echo "Port 443:  ${wconn_https:-0}"
echo -e "\nTop IP Address Connections:"
echo "$netstat_ipstopf"
echo -e "\nTop Outbound Connections:"
echo "$netstat_outbound"

if [ -f /etc/csf/csf.deny ]; then
  echo -e "\nTop CSF Firewall Denied Country Codes:"
  csfdeny_country=$(grep -oP '(?<=\()[^\)]+' /etc/csf/csf.deny | awk -F "/" 'length($1)<=2 {print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_country"

  echo -e "\nTop CSF Firewall Denied Country Codes + Reverse Lookups:"
  csfdeny_iplookups=$(grep -oP '(?<=\()[^\)]+' /etc/csf/csf.deny | grep -wv sshd | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_iplookups"

  echo -e "\nTop CSF Firewall Denied Distributed sshd Attacks:"
  csfdeny_sshdlookups=$(grep 'distributed sshd attacks' /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_sshdlookups"

  echo -e "\nTop CSF Firewall Denied Distributed sshd Attacks Target Usernames:"
  csfdeny_attackusernames=$(grep 'distributed sshd attacks' /etc/csf/csf.deny | grep -oP '(?<=\[)[^\]]+' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_attackusernames"

  echo -e "\nTop CSF Firewall Failed SSH Logins:"
  csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_sshlogins"

  echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes:"
  csfdeny_country=$(grep "$(date -d "1 day ago"  +"%a %b  %-d")" /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_country"

  echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:"
  csfdeny_iplookups=$(grep "$(date -d "1 day ago"  +"%a %b  %-d")" /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | grep -wv sshd | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_iplookups"

  echo -e "\nLast 24hrs Top CSF Firewall Denied Distributed sshd Attacks:"
  csfdeny_sshdlookups=$(grep 'distributed sshd attacks' /etc/csf/csf.deny | grep "$(date -d "1 day ago"  +"%a %b  %-d")" | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_sshdlookups"

  echo -e "\nLast 24hrs Top CSF Firewall Failed SSH Logins:"
  csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep "$(date -d "1 day ago"  +"%a %b  %-d")" | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
  echo "$csfdeny_sshlogins"
fi
	#!/bin/bash
	#####################################################
	# netstats display for centminmod.com servers
	#####################################################
	VER='0.1'
	sshclient=$(echo $SSH_CLIENT \| awk '{print $1}')
	nic=$(ifconfig -s 2>&1 \| egrep -v '^Iface\|^lo\|^gre' \| awk '{print $1}')
	bandwidth_avg=$(sar -n DEV 1 1)
	bandwidth_inout=$(echo "$nic" \| while read i; do echo "$bandwidth_avg" \| grep 'Average:' \| awk -v tnic="$i" '$0~tnic{print tnic, "In: ",$5,"Out:",$6}'; done \| column -t)
	packets_inout=$(echo "$nic" \| while read i; do echo "$bandwidth_avg" \| grep 'Average:' \| awk -v tnic="$i" '$0~tnic{print tnic, "In: ",$3,"Out:",$3}'; done \| column -t)
	netstat_http=$(netstat -an \| fgrep ':80 ')
	netstat_https=$(netstat -an \| fgrep ':443 ')
	netstat_outbound=$(netstat -plant \| egrep -v 'and\|servers\|Address' \| awk '{print $5,$6,$7}' \| grep -v ':\*' \| grep -v '127.0.0.1' \| sed -e "s\|$sshclient\|ssh-client-ip\|g" \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	netstat_ips=$(netstat -tn)
	netstat_ipstop=$(echo "$netstat_ips" \| egrep -v 'servers\|Address' \| awk '{print $5}' \| rev \| cut -d: -f2- \| rev \| sort \| uniq -c \| sort -rn \| head -n10)
	netstat_ipstopf=$(echo "$netstat_ipstop" \| awk '{"getent hosts " $2 \| getline getent_hosts_str; split(getent_hosts_str, getent_hosts_arr, " "); print $1, $2, getent_hosts_arr[2], $3}' \| sed -e "s\|$sshclient\|ssh-client-ip\|g" \| column -t)
	tt_states_http=$(echo "$netstat_http" \| awk '{print $6}' \| sort \| uniq -c \| sort -n)
	tt_states_https=$(echo "$netstat_https" \| awk '{print $6}' \| sort \| uniq -c \| sort -n)
	uniq_states_http=$(echo "$netstat_http" \| fgrep -v "0.0.0.0" \| awk '{print $6}' \| sort \| uniq -c \| sort -n)
	uniq_states_https=$(echo "$netstat_https" \| fgrep -v "0.0.0.0" \| awk '{print $6}' \| sort \| uniq -c \| sort -n)
	ttconn_http=$(echo "$tt_states_http" \| awk '{sum += $1} END {print sum;}')
	ttconn_https=$(echo "$tt_states_https" \| awk '{sum += $1} END {print sum;}')
	uniqconn_http=$(echo "$uniq_states_http" \| awk '{sum += $1} END {print sum;}')
	uniqconn_https=$(echo "$uniq_states_https" \| awk '{sum += $1} END {print sum;}')
	econn_http=$(echo "$tt_states_http" \| awk '/ESTABLISHED/ {print $1}')
	econn_https=$(echo "$tt_states_https" \| awk '/ESTABLISHED/ {print $1}')
	wconn_http=$(echo "$tt_states_http" \| awk '/TIME_WAIT/ {print $1}')
	wconn_https=$(echo "$tt_states_https" \| awk '/TIME_WAIT/ {print $1}')

	echo -e "\nNetwork Bandwidth In/Out (KB/s):"
	echo "$bandwidth_inout"
	echo -e "\nNetwork Packets In/Out (pps):"
	echo "$packets_inout"
	echo -e "\nTotal Connections For:"
	echo "Port 80: $ttconn_http"
	echo "Port 443: $ttconn_http"
	echo -e "\nUnique IP Connections For:"
	echo "Port 80: $uniqconn_http"
	echo "Port 443: $uniqconn_http"
	echo -e "\nEstablished Connections For:"
	echo "Port 80: ${econn_http:-0}"
	echo "Port 443: ${econn_https:-0}"
	echo -e "\nTIME_WAIT Connections For:"
	echo "Port 80: ${wconn_http:-0}"
	echo "Port 443: ${wconn_https:-0}"
	echo -e "\nTop IP Address Connections:"
	echo "$netstat_ipstopf"
	echo -e "\nTop Outbound Connections:"
	echo "$netstat_outbound"

	if [ -f /etc/csf/csf.deny ]; then
	echo -e "\nTop CSF Firewall Denied Country Codes:"
	csfdeny_country=$(grep -oP '(?<=\()[^\)]+' /etc/csf/csf.deny \| awk -F "/" 'length($1)<=2 {print $1}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_country"

	echo -e "\nTop CSF Firewall Denied Country Codes + Reverse Lookups:"
	csfdeny_iplookups=$(grep -oP '(?<=\()[^\)]+' /etc/csf/csf.deny \| grep -wv sshd \| awk -F "/" 'length($1)<=2 {print $1,$2,$3}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_iplookups"

	echo -e "\nTop CSF Firewall Denied Distributed sshd Attacks:"
	csfdeny_sshdlookups=$(grep 'distributed sshd attacks' /etc/csf/csf.deny \| grep -oP '(?<=\()[^\)]+' \| awk -F "/" 'length($1)<=2 {print $1,$2,$3}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_sshdlookups"

	echo -e "\nTop CSF Firewall Denied Distributed sshd Attacks Target Usernames:"
	csfdeny_attackusernames=$(grep 'distributed sshd attacks' /etc/csf/csf.deny \| grep -oP '(?<=\[)[^\]]+' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_attackusernames"

	echo -e "\nTop CSF Firewall Failed SSH Logins:"
	csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny \| grep -oP '(?<=\()[^\)]+' \| awk -F "/" 'length($1)<=2 {print $1,$2,$3}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_sshlogins"

	echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes:"
	csfdeny_country=$(grep "$(date -d "1 day ago" +"%a %b %-d")" /etc/csf/csf.deny \| grep -oP '(?<=\()[^\)]+' \| awk -F "/" 'length($1)<=2 {print $1}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_country"

	echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:"
	csfdeny_iplookups=$(grep "$(date -d "1 day ago" +"%a %b %-d")" /etc/csf/csf.deny \| grep -oP '(?<=\()[^\)]+' \| grep -wv sshd \| awk -F "/" 'length($1)<=2 {print $1,$2,$3}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_iplookups"

	echo -e "\nLast 24hrs Top CSF Firewall Denied Distributed sshd Attacks:"
	csfdeny_sshdlookups=$(grep 'distributed sshd attacks' /etc/csf/csf.deny \| grep "$(date -d "1 day ago" +"%a %b %-d")" \| grep -oP '(?<=\()[^\)]+' \| awk -F "/" 'length($1)<=2 {print $1,$2,$3}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_sshdlookups"

	echo -e "\nLast 24hrs Top CSF Firewall Failed SSH Logins:"
	csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny \| grep "$(date -d "1 day ago" +"%a %b %-d")" \| grep -oP '(?<=\()[^\)]+' \| awk -F "/" 'length($1)<=2 {print $1,$2,$3}' \| sort \| uniq -c \| sort -rn \| head -n10 \| column -t)
	echo "$csfdeny_sshlogins"
	fi