get_cpu_mem_info.bat
该脚本适用于windows系统。会每10秒记录一次当前所有进程消耗的CPU和内存使用量。可以用于找出占用资源异常的进程。 该脚本会将日志记录到脚本当前目录下的get_cpu_mem_info.log里。
@rem This batch script to collect cpu and memory usage info. @rem version 1.0 time:2014-3-9 set log=get_cpu_mem_info.log set timeout=10 :check @rem "The CPUusage and Memusage" wmic path Win32_PerfFormattedData_PerfProc_Process get Name,PercentUserTime,WorkingSet >>%log% wmic os get localdatetime >>%log% ping -n %timeout% 127.0.0.1>nul goto check
get_cpu_mem_info.sh
该脚本适用于linux系统。会每10秒记录一次当前所有进程消耗的CPU和内存使用量以及。可以用于找出占用资源异常的进程。日志名称和位置:/tmp/get_cpu_mem_info.sh.log。
#!/bin/bash #When the free memory very less ,this script to collect CPU/memory usage information and dmessage information. #Version 1.0 time:2014-03-11 #Version 2.0 time:2014-12-23 #Version 3.0 time:2015-04-21 #Version 4.0 time:2015-05-07 logfile=/tmp/$0.log check_os_release() { while true do os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null) os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=redhat5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=redhat6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null) os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=aliyun5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=aliyun6 echo "$os_release" elif echo "$os_release"|grep "release 7" >/dev/null 2>&1 then os_release=aliyun7 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release_2=$(grep "CentOS" /etc/*release 2>/dev/null) if [ "$os_release_2" ] then if echo "$os_release_2"|grep "release 5" >/dev/null 2>&1 then os_release=centos5 echo "$os_release" elif echo "$os_release_2"|grep "release 6" >/dev/null 2>&1 then os_release=centos6 echo "$os_release" elif echo "$os_release_2"|grep "release 7" >/dev/null 2>&1 then os_release=centos7 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null) os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1 then os_release=ubuntu10 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1 then os_release=ubuntu1210 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 14.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "debian" /etc/issue 2>/dev/null) os_release_2=$(grep -i "debian" /proc/version 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1 then os_release=debian6 echo "$os_release" elif echo "$os_release"|grep "Linux 7" >/dev/null 2>&1 then os_release=debian7 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "opensuse" /etc/issue 2>/dev/null) os_release_2=$(grep -i "opensuse" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "openSUSE 13.1" >/dev/null 2>&1 then os_release=opensuse1301 echo "$os_release" else os_release="" echo "$os_release" fi break fi break done } rhel56_fun() { while true do vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}') cpu=$(top -bn2|grep "Cpu(s)"|awk '{print $5}'|awk -F'%' '{print $1}'|tail -n1) check_cpu=$(echo "$cpu <20" |bc) echo "======================================================" >>$logfile date >>$logfile if [[ $vm_mem -le 100 ]] then echo "======================================================" >>$logfile echo "The memory is too less." >>$logfile free -m >>$logfile echo "=======================Memory info=====================" >>$logfile (ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile date >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c elif [[ $check_cpu -eq 1 ]] then echo "======================================================" >>$logfile echo "The idle cpu is too less." >>$logfile echo "=======================CPU info========================" >>$logfile (ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfiles echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c fi sleep 10 done } rhel7_fun() { while true do vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}') cpu=$(top -bn2|grep "Cpu(s)"|awk -F, '{print $4}'|awk '{print $1}'|tail -n1) check_cpu=$(echo "$cpu <20" |bc) echo "======================================================" >>$logfile date >>$logfile if [[ $vm_mem -le 100 ]] then echo "======================================================" >>$logfile echo "The memory is too less." >>$logfile free -m >>$logfile echo "=======================Memory info=====================" >>$logfile (ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile date >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c elif [[ $check_cpu -eq 1 ]] then echo "======================================================" >>$logfile echo "The idle cpu is too less." >>$logfile echo "=======================CPU info========================" >>$logfile (ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfiles echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c fi sleep 10 done } debian_fun() { while true do vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}') cpu=$(top -bn2|grep "Cpu(s)"|awk '{print $8}'|awk -F'%' '{print $1}'|tail -n1) check_cpu=$(echo "$cpu <20" |bc) echo "======================================================" >>$logfile date >>$logfile if [[ $vm_mem -le 100 ]] then echo "======================================================" >>$logfile echo "The memory is too less." >>$logfile free -m >>$logfile echo "=======================Memory info=====================" >>$logfile (ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile date >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c elif [[ $check_cpu -eq 1 ]] then echo "======================================================" >>$logfile echo "The idle cpu is too less." >>$logfile echo "=======================CPU info========================" >>$logfile (ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c fi sleep 10 done } check_os_release case "$os_release" in aliyun5|centos5|centos6|aliyun6) yum install bc -y rhel56_fun ;; centos7) yum install bc -y rhel7_fun ;; ubuntu10|ubuntu1204|ubuntu1210|ubuntu1404|debian6|debian7) apt-get install bc -y debian_fun ;; opensuse1301) echo "Can not support openSUSE." exit 1 ;; *) echo "Unknow OS system." exit 1 ;; esac
get_network_info.bat
该脚本适用于windows系统。会每5秒钟对目标地址进行ping检测,有丢包或不通时会搜集用户本地网络配置信息、路由表、ARP表并进行traceroute。这些信息都记录到脚本当前目录下的checknet.log文件里。
@rem this batch script to collect network information for analysis. @rem version 2.0 time:2014-5-20 color 1f set log=checknet.log Set tm1=%time:~0,2% Set tm2=%time:~3,2% Set tm3=%time:~6,2% set /p destip=目标IP地址: :check_ping @rem Get the client network infomation. echo %date% %tm1%点%tm2%分%tm3%秒 >>%log% echo —————————————————ping infomation————————————————————>>%log% ping -n 10 -w 1 %destip% >>%log% if %ERRORLEVEL% NEQ 0 goto check_trace echo —————————————————interface infomation————————————————————>>%log% ipconfig /all >>%log% echo —————————————————route infomation————————————————————>>%log% netstat -rn >>%log% echo —————————————————arp infomation————————————————————>>%log% arp -a >>%log% :check_trace echo —————————————————trace route infomation————————————————————>>%log% tracert -d -w 2000 %destip% >>%log% ping -n 5 127.0.0.1>nul goto check_ping
check_destination_port.sh
该脚本适用于linux系统。该脚本每5秒检查目标地址端口可用性,当无法连接的时候搜集网络连接情况、路由探测信息和dmesg信息并保存到日志里。日志名称和位置:/tmp/check_destination_port.sh.log。
#!/bin/bash #This script collect network information and check the destination port. #Version 1.0 time:2014-3-11 logfile=/tmp/$0.log dmesg_file1=/tmp/1 dmesg_file2=/tmp/2 read -p "Input the destination IP or URL: " ip read -p "Input the destination PORT: " port get_dmesg() { echo "===================dmessages info==============================" >>$logfile dmesg >$dmesg_file2 diff $dmesg_file1 $dmesg_file2 >>$logfile cat $dmesg_file2 >$dmesg_file1 } dmesg -c dmesg >$dmesg_file1 while true do if [ "X$ip" == "X" ] || [ "X$port" == "X" ] then echo "Error:The IP or URL or PORT is not define.Will exit." exit 1 else echo "===================port info==============================" >>$logfile date >>$logfile nc -vzw 2 $ip $port >>$logfile if [ "$?" -ne 0 ] then get_dmesg echo "===================network connection info==============================" >>$logfile (netstat -antlp >>$logfile) echo "===================trace route info==============================" >>$logfile (traceroute -Tnp $port $ip >>$logfile) else sleep 5 fi fi done
windows2003_drop_port.bat
该脚本适用于windows 2003系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
@rem 配置windows2003系统的IP安全策略 @rem version 3.0 time:2014-5-12 netsh ipsec static add policy name=drop netsh ipsec static add filterlist name=drop_port netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=21 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=22 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=23 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=25 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=53 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=80 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=135 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=139 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=443 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=445 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1314 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1433 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1521 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=2222 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3306 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3433 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3389 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=4899 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=8080 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=18186 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=no netsh ipsec static add filteraction name=denyact action=block netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact netsh ipsec static set policy name=drop assign=y
windows2008_drop_port.bat
该脚本适用于windows 2008系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
@rem 配置windows2008系统的IP安全策略 @rem version 3.0 time:2014-5-12 @rem 重置防火墙使用默认规则 netsh firewall reset netsh firewall set service remotedesktop enable all @rem 配置高级windows防火墙 netsh advfirewall firewall add rule name="drop" protocol=TCP dir=out remoteport="21,22,23,25,53,80,135,139,443,445,1433,1314,1521,2222,3306,3433,3389,4899,8080,18186" action=block netsh advfirewall firewall add rule name="dropudp" protocol=UDP dir=out remoteport=any action=block
linux_drop_port.sh
该脚本适用于linux系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
#!/bin/bash ######################################### #Function: linux drop port #Usage: bash linux_drop_port.sh #Author: Customer Service Department #Company: Alibaba Cloud Computing #Version: 2.0 ######################################### check_os_release() { while true do os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null) os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=redhat5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=redhat6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null) os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=aliyun5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=aliyun6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "CentOS release" /etc/issue 2>/dev/null) os_release_2=$(grep "CentOS release" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=centos5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=centos6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null) os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1 then os_release=ubuntu10 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1 then os_release=ubuntu1210 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "debian" /etc/issue 2>/dev/null) os_release_2=$(grep -i "debian" /proc/version 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1 then os_release=debian6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "openSUSE" /etc/issue 2>/dev/null) os_release_2=$(grep "openSUSE" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "13.1" >/dev/null 2>&1 then os_release=opensuse131 echo "$os_release" else os_release="" echo "$os_release" fi break fi break done } exit_script() { echo -e "