| sag47 |
04-25-2014 11:03 AM |
You can't close the ports from the outside unless the listening application has an admin port exposed which allows you to close that specific application (e.g. Tomcat has such a port). Otherwise you would need SSH access to said system which would then require you to log in (with a password if manual, or with a key pair if automated) which would then execute a program scan the /proc filesystem for open network ports, use lsof, or use netstat to find the PID of programs listing on said ports and kill them. Not all programs allow themselves to be killed with SIGTERM so you may have to handle that with SIGKILL.
Basically the point I'm making with the above description is you'll not have the ability to close network ports on a remote system simply by using bash.
Here are some bash tips.
- Always quote your variables. What if $1 or $2 argument has a space in the argument?
- You should practice regularly using braces with variables so the variable is explicit. e.g. ${1} instead of $1 or ${hello} instead of $hello. A good example is when you set `hello="tree"` and then execute `echo "$hello_friend"` expecting to see `tree_friend` but instead get a null result because underscores are considered part of the variable. So it's a good habit to practice.
- You should style your code with indenting. It improves readability. Take for example this deploy script. I doubt anyone could easily read it if there was no indenting. Concise and clear comments are recommended too. Describe your functions.
- You should make better user of POSIX exit codes. In your script, you have functions reaching out and exiting the script. This is bad practice. Functions should have return values and not exit commands. Then you should use bash logic to handle those functions.
- I also tend to include environment information at the top of each script and the date it was created. This way 2 years down the road when you've forgotten how this script was made you at least know which versions of software it was written against to ease updating it or creating the same environment.
- You should do preflight checks which validate user input. You should never trust user input to be what you expect it to be. If the last two arguments are supposed to be integers then they better be integers. You should also check the bounds of the user input because there's only so many ports (65535 to be exact) so the program should show meaningful error messages when they enter wrong input arguments.
- Use getopt and properly parse arguments for the user. Look at example scripts for getopt usage.
Here's an example of your code rewritten in the way I describe my recommendations (most but not all as I only have so much time).
Code:
#!/bin/bash
#Created by John Doe
#Fri Apr 25 11:56:07 EDT 2014
#Ubuntu 14.04 LTS
#Linux 3.13.0-24-generic x86_64
#GNU bash, version 4.3.8(1)-release (x86_64-pc-linux-gnu)
#DESCRIPTION
# Checks if the remote host is up. If the host is up
# then it will attempt to scan the requested port range
# and report open ports.
#define variables
host="${1}"
firstport="${2}"
lastport="${3}"
#ping a host to see if it is up
function pingup(){
ping="$(ping -c 1 -w 10 "${host}" | grep bytes | wc -l)"
if [ "${ping}" -gt "1" ]; then
echo "${host} is up, now scanning for open ports";
return 0
else
echo "${host} is down, program will close";
return 1
fi
}
#test a port to see if it is open
function portscan(){
for ((port=${firstport}; port<=${lastport}; port++)); do
( echo > "/dev/tcp/${host}/${port}" ) > /dev/null 2>&1 && echo "${port} is open"
done
}
#run functions
pingup && portscan
I tend to list the different versions of programs I'm using in the script e.g. Python version if it is python, etc.
I use vim so I used the following commands to get that environment information.
Code:
:r!date
:r!head -n1 /etc/issue
:r!uname -rms
:r!bash --version | head -n1
SAM |
