时间戳

首页 > 技术文章 > 使用expect免交互批量验证主机密码

使用expect免交互批量验证主机密码

williamwan 2016-08-12 15:38 原文

安装expect包
yum install expect
将脚本audit.sh,expect_ad和配置文件passfile上传至/home/system目录下,也可自己指定目录,将两个脚本和配置文件放在同级目录下
修改脚本权限
chmod +x audit.sh expect_ad
自定义配置文件
格式如下:ip,端口,登录账号,登录密码,管理员,每列之间由空格或tab键分隔
 
然后执行脚本
sh audit.sh
输出验证信息
密码正确打印OK,密码错误打印Wrong,无法ssh connect主机的打印Null。
最后输出总结信息
 
audit.sh:
 1 #!/bin/sh
 2 [ -f ./password_report.`date +"%Y-%m-%d"`.txt ]&& rm -f ./password_report.{`date +"%Y-%m-%d"`}.txt
 3 [ -f ./tmp ]&&`rm -f ./tmp`
 4 
 5 ERR_COUNT=0
 6 RIGHT_COUNT=0
 7 CANNOT_PING=0
 8 TOTAL=`wc -l ./passfile|awk '{print $1}'`
 9 echo -e "\nCHECKING NOW...\n"
10 while read i
11 do
12 IP=`echo $i|awk '{print $1}'`
13 PORT=`echo $i|awk '{print $2}'`
14 USERNAME=`echo $i|awk '{print $3}'`
15 PASS=`echo $i|awk '{print $4}'`
16 OWNER=`echo $i|awk '{print $5}'`
17 ping -c 1 $IP >/dev/null 2>&1
18 if [ $? -eq 0 ];then
19     ./expect_ad ${USERNAME} ${IP} ${PASS} ${PORT} >/dev/null 2>&1
20     if [ $? -eq 0 ];then
21     #    echo "${USERNAME}@${IP} password: $PASS        OK !"
22         printf "%s@%-30s%-20s%10s\n" ${USERNAME} ${IP} ${OWNER} "OK !"| tee -a ./tmp
23         let RIGHT_COUNT=RIGHT_COUNT+1
24     else
25     #    echo "${USERNAME}@${IP} password: $PASS        Wrong!!!"
26         printf "%s@%-30s%-20s%10s\n" ${USERNAME} ${IP} ${OWNER} "Wrong !"| tee -a ./tmp
27         let ERR_COUNT=ERR_COUNT+1
28     fi
29 else
30     printf "%s@%-30s%-20s%10s\n" ${USERNAME} ${IP} ${OWNER} "Null !"| tee -a ./tmp
31         let CANNOT_PING=CANNOT_PING+1
32 fi
33 done < passfile 
34 echo -e "\nCHECK TIME: `date +"%Y-%m-%d %H:%M:%S"`" |tee ./password_report.`date +"%Y-%m-%d"`.txt
35 echo "TOTAL ${TOTAL} : ${RIGHT_COUNT} OK!    ${ERR_COUNT} Wrong !    ${CANNOT_PING} Null !" |tee -a ./password_report.`date +"%Y-%m-%d"`.txt
36 if [ ${ERR_COUNT} -ne 0 ];then
37     echo -e "\n*******************BELOW ARE WRONG PASSWORD LIST:\n" |tee -a ./password_report.`date +"%Y-%m-%d"`.txt
38     grep "Wrong" ./tmp |awk 'BEGIN{printf("%s\n","-------------------------")}{printf("%-45s%-10s\n",$1,$2)}END{print "\n"}'|tee -a ./password_report.`date +"%Y-%m-%d"`.txt
39     else
40         :
41 fi
42 if [ ${CANNOT_PING} -ne 0 ];then
43     echo -e "\n*******************BELOW ARE CAN NOT PING LIST:\n"|tee -a ./password_report.`date +"%Y-%m-%d"`.txt
44     grep "Null" ./tmp |awk 'BEGIN{printf("%s\n","-------------------")}{printf("%-45s%-10s\n",$1,$2)}END{print "\n"}'|tee -a ./password_report.`date +"%Y-%m-%d"`.txt
45     else
46         :
47 fi

expect_ad:

 1 #!/usr/bin/expect
 2 set timeout 2
 3 set RET 0
 4 set USERNAME [lindex $argv 0]
 5 set IP [lindex $argv 1]
 6 set PASSWD [lindex $argv 2]
 7 set PORT [lindex $argv 3]
 8 spawn ssh -p ${PORT} ${USERNAME}@${IP}
 9 expect {
10     "Are you sure you want to continue connecting (yes/no)?" {
11         send "yes\r"
12         expect {
13             "*password:" {
14             send "${PASSWD}\r"
15             expect "*]# " {send "exit\r";exit 0}
16             expect "*$ " {send "exit\r";exit 0}
17             expect "*Permission denied, please try again*" {set RET 1}
18             }
19             }
20     }
21     "*password:" {
22         send "${PASSWD}\r"
23         expect "*]# " {send "exit\r";exit 0}
24         expect "*$ " {send "exit\r";exit 0}
25         expect "*Permission denied, please try again*" {set RET 1}
26     }
27 }
28 expect eof
29 exit $RET

 

推荐阅读