-
-
Save centminmod/73b730edaa13b636c87ae4b63cdafeea to your computer and use it in GitHub Desktop.
netstat display info for centminmod.com = curl -sL https://gist.github.com/centminmod/73b730edaa13b636c87ae4b63cdafeea/raw/netstat-info.sh | bash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
##################################################### | |
# netstats display for centminmod.com servers | |
##################################################### | |
VER='0.1' | |
sshclient=$(echo $SSH_CLIENT | awk '{print $1}') | |
nic=$(ifconfig -s 2>&1 | egrep -v '^Iface|^lo|^gre' | awk '{print $1}') | |
bandwidth_avg=$(sar -n DEV 1 1) | |
bandwidth_inout=$(echo "$nic" | while read i; do echo "$bandwidth_avg" | grep 'Average:' | awk -v tnic="$i" '$0~tnic{print tnic, "In: ",$5,"Out:",$6}'; done | column -t) | |
packets_inout=$(echo "$nic" | while read i; do echo "$bandwidth_avg" | grep 'Average:' | awk -v tnic="$i" '$0~tnic{print tnic, "In: ",$3,"Out:",$3}'; done | column -t) | |
netstat_http=$(netstat -an | fgrep ':80 ') | |
netstat_https=$(netstat -an | fgrep ':443 ') | |
netstat_outbound=$(netstat -plant | egrep -v 'and|servers|Address' | awk '{print $5,$6,$7}' | grep -v ':\*' | grep -v '127.0.0.1' | sed -e "s|$sshclient|ssh-client-ip|g" | sort | uniq -c | sort -rn | head -n10 | column -t) | |
netstat_ips=$(netstat -tn) | |
netstat_ipstop=$(echo "$netstat_ips" | egrep -v 'servers|Address' | awk '{print $5}' | rev | cut -d: -f2- | rev | sort | uniq -c | sort -rn | head -n10) | |
netstat_ipstopf=$(echo "$netstat_ipstop" | awk '{"getent hosts " $2 | getline getent_hosts_str; split(getent_hosts_str, getent_hosts_arr, " "); print $1, $2, getent_hosts_arr[2], $3}' | sed -e "s|$sshclient|ssh-client-ip|g" | column -t) | |
tt_states_http=$(echo "$netstat_http" | awk '{print $6}' | sort | uniq -c | sort -n) | |
tt_states_https=$(echo "$netstat_https" | awk '{print $6}' | sort | uniq -c | sort -n) | |
uniq_states_http=$(echo "$netstat_http" | fgrep -v "0.0.0.0" | awk '{print $6}' | sort | uniq -c | sort -n) | |
uniq_states_https=$(echo "$netstat_https" | fgrep -v "0.0.0.0" | awk '{print $6}' | sort | uniq -c | sort -n) | |
ttconn_http=$(echo "$tt_states_http" | awk '{sum += $1} END {print sum;}') | |
ttconn_https=$(echo "$tt_states_https" | awk '{sum += $1} END {print sum;}') | |
uniqconn_http=$(echo "$uniq_states_http" | awk '{sum += $1} END {print sum;}') | |
uniqconn_https=$(echo "$uniq_states_https" | awk '{sum += $1} END {print sum;}') | |
econn_http=$(echo "$tt_states_http" | awk '/ESTABLISHED/ {print $1}') | |
econn_https=$(echo "$tt_states_https" | awk '/ESTABLISHED/ {print $1}') | |
wconn_http=$(echo "$tt_states_http" | awk '/TIME_WAIT/ {print $1}') | |
wconn_https=$(echo "$tt_states_https" | awk '/TIME_WAIT/ {print $1}') | |
echo -e "\nNetwork Bandwidth In/Out (KB/s):" | |
echo "$bandwidth_inout" | |
echo -e "\nNetwork Packets In/Out (pps):" | |
echo "$packets_inout" | |
echo -e "\nTotal Connections For:" | |
echo "Port 80: $ttconn_http" | |
echo "Port 443: $ttconn_http" | |
echo -e "\nUnique IP Connections For:" | |
echo "Port 80: $uniqconn_http" | |
echo "Port 443: $uniqconn_http" | |
echo -e "\nEstablished Connections For:" | |
echo "Port 80: ${econn_http:-0}" | |
echo "Port 443: ${econn_https:-0}" | |
echo -e "\nTIME_WAIT Connections For:" | |
echo "Port 80: ${wconn_http:-0}" | |
echo "Port 443: ${wconn_https:-0}" | |
echo -e "\nTop IP Address Connections:" | |
echo "$netstat_ipstopf" | |
echo -e "\nTop Outbound Connections:" | |
echo "$netstat_outbound" | |
if [ -f /etc/csf/csf.deny ]; then | |
echo -e "\nTop CSF Firewall Denied Country Codes:" | |
csfdeny_country=$(grep -oP '(?<=\()[^\)]+' /etc/csf/csf.deny | awk -F "/" 'length($1)<=2 {print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_country" | |
echo -e "\nTop CSF Firewall Denied Country Codes + Reverse Lookups:" | |
csfdeny_iplookups=$(grep -oP '(?<=\()[^\)]+' /etc/csf/csf.deny | grep -wv sshd | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_iplookups" | |
echo -e "\nTop CSF Firewall Denied Distributed sshd Attacks:" | |
csfdeny_sshdlookups=$(grep 'distributed sshd attacks' /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_sshdlookups" | |
echo -e "\nTop CSF Firewall Denied Distributed sshd Attacks Target Usernames:" | |
csfdeny_attackusernames=$(grep 'distributed sshd attacks' /etc/csf/csf.deny | grep -oP '(?<=\[)[^\]]+' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_attackusernames" | |
echo -e "\nTop CSF Firewall Failed SSH Logins:" | |
csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_sshlogins" | |
echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes:" | |
csfdeny_country=$(grep "$(date -d "1 day ago" +"%a %b %-d")" /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_country" | |
echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:" | |
csfdeny_iplookups=$(grep "$(date -d "1 day ago" +"%a %b %-d")" /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | grep -wv sshd | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_iplookups" | |
echo -e "\nLast 24hrs Top CSF Firewall Denied Distributed sshd Attacks:" | |
csfdeny_sshdlookups=$(grep 'distributed sshd attacks' /etc/csf/csf.deny | grep "$(date -d "1 day ago" +"%a %b %-d")" | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_sshdlookups" | |
echo -e "\nLast 24hrs Top CSF Firewall Failed SSH Logins:" | |
csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep "$(date -d "1 day ago" +"%a %b %-d")" | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t) | |
echo "$csfdeny_sshlogins" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment