OS X: 实用脚本程序(bash scripts)系列-14
显示所有服务是否开启的状态(System Preferences->Sharing)运行logger.sh程序,
#!/bin/bash# Logger, software to display information about the "divisions" in Mac OS X # 2011-05-31 / Peter Morller, Computer Science# Version 0.2# Moved to / usr / bin (from / bin)# 2011-06-13,14: bugfixhelp() {echoecho "Usage: $0 [-u]"echoecho "-u: Update the script"echoecho "If run by root: datafiles in /Library/OpenPorts are created, but no output."echo "If run by any other user: output is displayed based on those datafiles."echoecho "This script is supposed to be used in conjunction with a launchd-component, se.lth.cs.open_ports,"echo "that creates the datafiles in /Library/OpenPorts every two minutes. The use of GeekTool to display the result"echo "is also part of the idea behind this script!"exit 0}# Locating an IP address. Publishes: locate_ip() {curl http://www.geoiptool.com/en/?IP=$1 2>/dev/null | awk '/<td.*>(Country:|City)/ {record="t";gsub("[\t ]*<[^>]*>",""); printf("%-1s ",$0);next;}record == "t" { gsub("[\t ]*<[^>]*>[\t ]*","");print $0;record="f";next}{next}END{print ""}'}# Check if $ IP's $ IP_CACHE and dig out $ $ Country and City# If not, look it up and update $ IP_CACHE# Provides: $ $ Country & City (and updates $ IP_CACHE) check_ip() {if [ "`grep "$IP:" $IP_CACHE`" ]; then#say "Found address in cache"City=`grep "$IP:" $IP_CACHE | cut -d: -f3`Country=`grep "$IP:" $IP_CACHE | cut -d: -f2`else#say "Performing a lookup"locate_ip "$IP" | iconv --from-code=ISO-8859-1 --to-code=UTF-8 > "$IP_LOCATE_CACHE"City=`grep "City" "$IP_LOCATE_CACHE" | awk '{ print $2" "$3" "$4 }' | sed 's/\ *$//g'`Country=`grep "Country:" "$IP_LOCATE_CACHE" | awk '{ print $2" "$3" "$4 }' | sed 's/\ *$//g'`echo "$IP:$Country:$City" >> "$IP_CACHE"fi}# Call up the DNS for $ IP# Provides: $ HOSTNAME# Also take care of the private addresses:# · 10.x.x.x# · 172.16.x.x# · 192.168.x.x# As well as self-assigned address:# 169.254.x.x GetDNS() {PrivateAddress="No"if [ "$(echo "$IP" | cut -d\. -f1)" = "10" ]; thenHOSTNAME="Private address ($IP)"PrivateAddress="Yes"elif [ "$(echo "$IP" | cut -d\. -f1,2)" = "172.16" ]; thenHOSTNAME="Private address ($IP)"PrivateAddress="Yes"elif [ "$(echo "$IP" | cut -d\. -f1,2)" = "192.168" ]; thenHOSTNAME="Private address ($IP)"PrivateAddress="Yes"elif [ "$(echo "$IP" | cut -d\. -f1,2)" = "169.254" ]; thenHOSTNAME="Self-assigned address ($IP)"PrivateAddress="Yes"elseHOSTNAME_tmp=`host $IP`ERR="$?"if [ ! "$ERR" = "0" ]; thenHOSTNAME="$IP could not be looked up! (DNS timeout)"elseHOSTNAME=`echo $HOSTNAME_tmp | awk '{ print $NF }' | sed 's/\.$//g'`fifi}# Exit if there are already running a open_ports if [ "`ps -ef | grep ogger.sh | wc -l`" -gt "2" ]; thenecho "\"logger.sh\" already running -- will exit now"exit 0fi# Read parameters: while getopts ":hu" opt; docase $opt inu ) fetch_new=t;;\?|h ) help;;esacdone# Default values:# PREFIX pointing out where all data files are stored. Change this if PREFIX="/Library/com.any/Logger"# IP_CACHE is a growing list of IP addresses and their geographical locations. Built on post# Because this file is used by other scripts, is it not open the Ports directory IP_CACHE="/Library/com.any/ip_cache.txt"# IP_LOCATE_CACHE save the geographic locations of the computer's exterior (external) address. Temporary IP_LOCATE_CACHE="$PREFIX"/ip_locate_cache.txtSharingFile="$PREFIX"/Sharing.txt# Logfile for Apple File SharingAFS_Log=/Library/Logs/AppleFileService/AppleFileServiceAccess.log# FieldSeparator indicates IFS file FieldSeparator="_"# String for printf (used for printing EST Relations) Formatstring="%-23s%-4s"# String for printf (used to print lists, links) FormatstringListen="%-6s%-6s%-18s%-15s%6s%2s%-17s%-15s"# (The colors can be found on http://en.wikipedia.org/wiki/ANSI_escape_code, http://graphcomp.com/info/specs/ansi_col.html etc.) Reset="\e; then#set -xrm "$SharingFile"########################## Check AFP ########################AFP_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.AppleFileServer 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"AFP_Verification="$(lsof -i :548)"if [ "$AFP_Share" = "0" -a -n "$AFP_Verification" ]; thenShare_AFP="t"elseShare_AFP="f"fiAFP_Verification="$(lsof -i :548)"echo "Apple file share_$(if [ "$Share_AFP" = "t" ]; then echo "ON"; else echo "OFF"; fi)" > "$SharingFile"# Check the logs and report# Typical logfile entry (login and logout) set like this:# IP 90230245202 - - "Login Johnnie" 0 0 0# IP 90230245202 - - "Logout Johnnie" 0 0 0# 1. Is log file? if [ -f "$AFS_Log" ]; then# 2. OK, it's there. Is any assembly started? if [ -n "$(ps -ef | grep ppleFileServer)" ]; then# 3. Go through the active links for IP in $(lsof -i :548 -n | grep EST | cut -d\> -f2 | cut -d: -f1); do # 4. Locate the last log from the machine LastLine="$(grep " $IP " $AFS_Log | grep \"Login\ | tail -1)"AuthUser="$(echo $LastLine | awk '{print $8}' | cut -d\" -f1)"AuthTime="$(echo $LastLine | cut -d\[ -f2 | cut -d\] -f1)"GetDNScheck_ipLocation=" ($Country, $City)"# Now we have all the pieces in place: write them in $ file-sharing! # echo " - mounted by \"$AuthUser\" from $(echo $HOSTNAME | sed s/\.$DOMAIN//g)$(if [ -z "$(echo $HOSTNAME | grep -o $DOMAIN)" ]; then echo " ($City, $Country)"; fi) at ${AuthTime}${FieldSeparator}" >> "$SharingFile"echo " - mounted by \"$AuthUser\" from ${HOSTNAME%%.$DOMAIN}${Location%%$Localhost_Location} at ${AuthTime}${FieldSeparator}" >> "$SharingFile"donefielseecho " - NO LOGFILE FOR AFP!! See:${FieldSeparator}" >> "$SharingFile"echo " - http://com.any/kontakt/peter_moller/unix/applefileserver/${FieldSeparator}" >> "$SharingFile"echo " - for info on how to enable it!${FieldSeparator}" >> "$SharingFile"fi######################### # Check SMB #########################SMB_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides org.samba.nmbd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"SMB_Share="$(grep "enable disk services" /var/db/smb.conf | cut -d= -f2 | sed 's/^\ *//g')"SMB_Verification_139="$(lsof -i :139)"SMB_Verification_445="$(lsof -i :445)"if [ "$SMB_Share" = "yes" -a -n "$SMB_Verification_139" -a -n "$SMB_Verification_445" ]; thenShare_SMB="t"elseShare_SMB="f"fiecho "Samba file share${FieldSeparator}$(if [ "$Share_SMB" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"# List of those who are logged SMB_loggfile=/var/log/samba/log.smbd# Check the logs and report# Typical logfile (login and logout) looks like this:# / SourceCache/samba/samba-235.5/samba/source/smbd/service.c: make_connection_snum (1092)# 130.235.16.20 (130.235.16.20) connect to service peterm initially as user peterm (uid = 503, gid = 20) (pid 78387)# ...# / SourceCache/samba/samba-235.5/samba/source/smbd/service.c: close_cnum (1289)# 130.235.16.20 (130.235.16.20) closed connection to service peterm# So divided in two lines! for IP in $(lsof -i -n | grep EST | grep smbd | cut -d\> -f2 | cut -d: -f1)dogrep -n "$IP\b" $SMB_loggfile | grep "connect to service" | tail -1 > /tmp/smb_slaskRAD="$(less /tmp/smb_slask | cut -d: -f1)"SMB_user="$(less /tmp/smb_slask | awk '{print $11}')"# SMB_from="$(less /tmp/smb_slask | awk '{print $2}')"SMB_from="$(less /tmp/smb_slask | cut -d\( -f2 | cut -d\) -f1)"IP="$SMB_from"SMB_time="$(sed -n $(echo $(( $(echo $RAD) - 1 )))p /var/log/samba/log.smbd | cut -d, -f1 | cut -d\[ -f2)"GetDNScheck_ipLocation=" ($Country, $City)"echo " - mounted by \"$SMB_user\" from ${HOSTNAME%%.$DOMAIN}${Location%%$Localhost_Location} at $SMB_time${FieldSeparator}" >> "$SharingFile"rm -f /tmp/smb_slask 2> /dev/nulldone######################### # Check FTP########################FTP_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.ftpd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"FTP_Verification="$(lsof -i :20)"#if [ "$FTP_Share" = "0" -a -n "$FTP_Verification" ]; thenif [ "$FTP_Share" = "0" ]; thenShare_FTP="t"elseShare_FTP="f"fiecho "FTP${FieldSeparator}$(if [ "$Share_FTP" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"# List of those who are logged FTP_loggfile=/var/log/ftp.log# Check the logs and report# Typical logfile (login and logout) looks like this:# December 20 16:32:03 paravel ftpd : Connection from 130.235.16.41 to 130.235.16.211# December 20 16:32:08 paravel ftpd : FTP LOGIN FROM 130.235.16.41 as peterm (class: real, type: REAL)# December 20 16:32:30 paravel ftpd : Data Traffic: 6552 bytes in 2 files# December 20 16:32:30 paravel ftpd : Total traffic: 7623 bytes in 2 transfers for FTP_pid in $(lsof -i -n | grep EST | grep ftpd | awk '{print $2}' | uniq)dogrep -n "$FTP_pid" $FTP_loggfile | grep "LOGIN" > /tmp/ftp_slaskFTP_user="$(less /tmp/ftp_slask | cut -d\] -f2 | awk '{print $7}')"IP="$(less /tmp/ftp_slask | cut -d\] -f2 | awk '{print $5}')"FTP_time="$(less /tmp/ftp_slask | awk '{print $1" "$2" "$3}')"GetDNScheck_ipLocation=" ($Country, $City)"echo " - authenticated by \"$FTP_user\" from ${HOSTNAME%%.$DOMAIN}${Location%%$Localhost_Location} at $SMB_time${FieldSeparator}" >> "$SharingFile"rm -f /tmp/ftp_slask 2> /dev/nulldone######################### # Check HTTP ########################HTTP_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides org.apache.httpd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"HTTP_Verification="$(lsof -i :80)"if [ "$HTTP_Share" = "0" -a -n "$HTTP_Verification" ]; thenShare_HTTP="t"elseShare_HTTP="f"fiecho "Web-server (http)${FieldSeparator}$(if [ "$Share_HTTP" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"########################## Check SSH########################SSH_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.openssh.sshd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"SSH_Verification="$(lsof -i :22)"if [ "$SSH_Share" = "0" -a -n "$SSH_Verification" ]; thenShare_SSH="t"elseShare_SSH="f"fiecho "Secure shell${FieldSeparator}$(if [ "$Share_SSH" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"# Rapportera ssh-inloggningarSuccessfulSSH=/Library/com.any/Breakins/Successful_ssh.txtif [ -f "$SuccessfulSSH" ]; thenexec 6<"$SuccessfulSSH"while read -u 6 Month Day Time PID Way Who IP# December 13 17:35:04 18 759 interactively peterm 130.235.16.20 do# Is the user still logged in? if [ "`ps -ef | grep sh | grep -v "^ 0 " | grep "\b$(echo $PID | sed 's/sshd\[//g' | sed 's/\]://g')\b"`" ]; then# Determine hostname (a) for IP. Scale of the ending point# This function gives: $ HOSTGetDNS# Look up geolokationen# This function gives: $ City, $ Country check_ipecho " - \"$Who\" logged in from ${HOSTNAME%%.$DOMAIN}${Location%%$Localhost_Location} at $Month $Day $Time${FieldSeparator}" >> "$SharingFile"fidonefi########################## Check Printer Sharing #########################SMB_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides org.samba.nmbd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"Print_Share="$(grep "enable print services" /var/db/smb.conf | cut -d= -f2 | sed 's/^\ *//g')"Print_Verification_139="$(lsof -i :139)"Print_Verification_445="$(lsof -i :445)"if [ "$Print_Share" = "yes" -a -n "$Print_Verification_139" -a -n "$Print_Verification_445" ]; thenShare_Print="t"elseShare_Print="f"fiecho "Printer-sharing${FieldSeparator}$(if [ "$Share_Print" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"########################## Check ARD########################ARD_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.openssh.sshd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"ARD_Verification_5900="$(lsof -i :5900)"ARD_Verification_3283="$(lsof -i :3283)"if [ "$ARD_Share" = "0" -a -n "$ARD_Verification_5900" -a -n "$ARD_Verification_3283" ]; thenShare_ARD="t"elseShare_ARD="f"fiVNC="$(defaults read /Library/Preferences/com.apple.RemoteManagement VNCLegacyConnectionsEnabled)"echo "Apple Remote Desktop${FieldSeparator}$(if [ "$Share_ARD" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"# List of those who are logged ARD_loggfile=/var/log/appfirewall.log# Check the logs and report# Typical logfile (only login - logout visible only through the process is over) looks like this:# December 20 paravel 16:34:20 Firewall : Allow AppleVNCServer connecting from 130.235.225.135:50940 to port 5900 proto = 6# The name of the user authenticate themselves visible only by seeing who owns the process! for IP in $(lsof -i -n | grep EST | grep AppleVNCS | cut -d\> -f2 | cut -d\] -f1 | cut -d\[ -f2 | sed 's/:*//g')dogrep "$IP:" $ARD_loggfile | grep "Allow AppleVNCServer connecting from $IP" | tail -1 > /tmp/ard_slaskARD_user="$(lsof -i -n | grep EST | grep AppleVNCS | grep "$IP" | awk '{print $3}')"ARD_time="$(less /tmp/ard_slask | awk '{print $1" "$2" "$3}')"GetDNScheck_ipLocation=" ($Country, $City)"echo " - accessed by \"$ARD_user\" from ${HOSTNAME%%.$DOMAIN}${Location%%$Localhost_Location} at $ARD_time${FieldSeparator}" >> "$SharingFile"rm -f /tmp/ard_slask 2> /dev/nulldoneecho "VNC${FieldSeparator}$(if [ "$VNC" = "1" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"########################## Check Internet Sharing########################Internet_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.InternetSharing 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"Internet_Verification="$(lsof -i :53)"if [ "$Internet_Share" = "0" -a -n "$Internet_Verification" ]; thenShare_Internet="t"elseShare_Internet="f"fiecho "Internet-sharing${FieldSeparator}$(if [ "$Share_Internet" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"########################## Check RemoteAppleEvents########################RAE_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.AEServer 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"RAE_Verification="$(lsof -i :3031)"if [ "$RAE_Share" = "0" -a -n "$RAE_Verification" ]; thenRAE_Internet="t"elseRAE_Internet="f"fiecho "Remote Apple Events${FieldSeparator}$(if [ "$RAE_Internet" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"########################## Check Xgrid########################Xgrid_Share="$(defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.xgridagentd 2> /dev/null | grep isabled | awk '{print $3}' | sed 's/;//g')"if [ "$Xgrid_Share" = "0" ]; thenXgrid_Internet="t"elseXgrid_Internet="f"fiecho "Xgrid${FieldSeparator}$(if [ "$Xgrid_Internet" = "t" ]; then echo "ON"; else echo "OFF"; fi)" >> "$SharingFile"exit 0fi## <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><># +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++# Print! IFS=_exec 5<"$SharingFile"if [ -s "$SharingFile" ]; thenDATE=$(ls -ls "$SharingFile" | awk '{ print $7" "$8" "$9 }')printf "${ESC}1;40;37mFile-sharing status:$Reset ${ESC}47;30m($DATE)${Reset}\n\n"# printf "\n\n${ESC}${BoldFace}mStatus of File Sharing:$Reset ($DATE)\n\n"printf "${ESC}${UnderlineFace};${YellowFont}m$Formatstring$Reset\n" "Sharing" "Status"fiwhile read -u 5 Share Statusdoif [ "$Status" = "ON" -o -z "$Status" ]; thenFontColor="$WhiteFont"elseFontColor="$RedFont"fiif [ "$(echo $Share | cut -c1-2)" = " -" ]; thenprintf "${ESC}${BGColor};${ItalicFace};${FontColor}m$Formatstring$Reset\n" "$Share" "$Status"elseprintf "${ESC}${BGColor};${FontColor}m$Formatstring$Reset\n" "$Share" "$Status"fidone# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++exit 0
如果需要定时运行,将下面文件存放在/Library/LaunchDaemons/com.any.plist,之后
launchctl load /Library/LaunchDaemons/com.any.com.plist
launchctl start com.any.com.plist:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>Label</key><string>se.lth.cs.logger</string><key>ProgramArguments</key><array><string>/usr/bin/logger.sh</string></array><key>StartInterval</key><integer>300</integer></dict></plist>
Tony Liu, July 2011
Tony Liu - Http://cs.lth.se/kontakt/peter_moller/script/loggersh/Tony Liu - http://cs.lth.se/kontakt/peter_moller/script/
页:
[1]