4、提取出需要关闭的端口(除了端口22之外,其余端口全部关闭)。通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令。
1 # 提取出需要关闭的端口(除了端口22之外,其余端口如果打开则全部关闭) 2 awk '{if($4~/open/ && $2!=22) print $0}' /wuhao/sh/files/nmap2.txt > /wuhao/sh/files/nmap3.txt 3 4 hostip=($(awk -F " " '{print $1}' /wuhao/sh/files/nmap3.txt)) 5 port=($(awk -F " " '{print $2}' /wuhao/sh/files/nmap3.txt)) 6 protocol=($(awk -F " " '{print $3}' /wuhao/sh/files/nmap3.txt)) 7 8 # 通过sshpass远程登录到各主机,并且在iptables执行关闭端口命令 9 for((m=0;m<${#hostip[*]};m=m+1)) 10 do 11 sshpass -p 123456 ssh root@${hostip[$m]} "iptables -A INPUT -p ${protocol[$m]} --dport ${port[$m]} -j DROP;service iptables save;service iptables restart;exit" 12 done 13 14 echo "success!" |
5、运行脚本,查看结果。
[root@oos01 sh]# sh shutdownport.sh 192.168.20.1-10 iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] success! |