nacadmin
/
NAC_Blockchain
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NAC_Blockchain/nac_port_audit.sh

168 lines
4.3 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# NAC端口审计和标准化脚本
# 版本: 1.0.0
# 日期: 2026-02-20
set -e
echo "=========================================="
echo "NAC端口审计和标准化工具"
echo "=========================================="
echo ""
# 颜色定义
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# 1. 检查当前端口占用
echo "1. 检查当前NAC端口占用情况"
echo "----------------------------------------"
echo -e "${YELLOW}核心服务端口9500-9599:${NC}"
netstat -tlnp 2>/dev/null | grep -E ":95[0-9]{2}" | awk '{print $4 "\t" $7}' || echo " 无占用"
echo ""
echo -e "${YELLOW}网络协议端口39000-39999:${NC}"
netstat -tlnp 2>/dev/null | grep -E ":39[0-9]{3}" | awk '{print $4 "\t" $7}' || echo " 无占用"
echo ""
echo -e "${YELLOW}管理服务端口:${NC}"
netstat -tlnp 2>/dev/null | grep -E ":9090|:3000|:3333|:8081" | awk '{print $4 "\t" $7}'
echo ""
echo ""
# 2. 检查配置文件
echo "2. 检查配置文件中的端口定义"
echo "----------------------------------------"
if [ -f "/opt/nac/config/api-server.toml" ]; then
echo -e "${GREEN}${NC} /opt/nac/config/api-server.toml"
grep -E "port\s*=" /opt/nac/config/api-server.toml | head -5
else
echo -e "${RED}${NC} /opt/nac/config/api-server.toml 不存在"
fi
echo ""
if [ -f "/opt/nac/config/mainnet_config.toml" ]; then
echo -e "${GREEN}${NC} /opt/nac/config/mainnet_config.toml"
grep -E "port\s*=" /opt/nac/config/mainnet_config.toml | head -10
else
echo -e "${RED}${NC} /opt/nac/config/mainnet_config.toml 不存在"
fi
echo ""
echo ""
# 3. 检查systemd服务
echo "3. 检查systemd服务状态"
echo "----------------------------------------"
for service in nac-cbpp-node nac-api-server nac-auth-service; do
if systemctl list-unit-files | grep -q "$service"; then
status=$(systemctl is-active $service 2>/dev/null || echo "inactive")
if [ "$status" = "active" ]; then
echo -e "${GREEN}${NC} $service: $status"
else
echo -e "${YELLOW}${NC} $service: $status"
fi
else
echo -e "${RED}${NC} $service: 未安装"
fi
done
echo ""
echo ""
# 4. NAC标准端口清单
echo "4. NAC标准端口清单"
echo "----------------------------------------"
cat << 'EOF'
L0层网络层
39303 CSNP主节点TCP/UDP
39304 CSNP发现服务UDP
39305 CSNP同步服务TCP
L1层协议层
9545 CBPP节点RPCHTTP
9546 CBPP WebSocket
9547 NRPC4.0 HTTP
9548 NRPC4.0 WebSocket
9549 NVM RPC
L2层应用层
9550 NAC API Gateway ✓ 运行中
9554 CNNL编译服务
9555 Charter编译服务
9556 ACC-20协议服务
管理服务:
9090 Prometheus ✓ 运行中
9091 Prometheus Metrics
3000 量子浏览器 ✓ 运行中
3333 Gitea ✓ 运行中
8081 认证服务 ✓ 运行中
EOF
echo ""
echo ""
# 5. 以太坊端口检查
echo "5. 以太坊端口残留检查"
echo "----------------------------------------"
ETH_PORTS="8545 8546 30303"
found_eth=0
for port in $ETH_PORTS; do
if netstat -tlnp 2>/dev/null | grep -q ":$port "; then
echo -e "${RED}✗ 发现以太坊端口占用: $port${NC}"
netstat -tlnp 2>/dev/null | grep ":$port "
found_eth=1
fi
done
if [ $found_eth -eq 0 ]; then
echo -e "${GREEN}✓ 无以太坊端口占用${NC}"
fi
echo ""
echo ""
# 6. 防火墙规则检查
echo "6. 防火墙规则检查"
echo "----------------------------------------"
if command -v ufw &> /dev/null; then
echo "UFW状态:"
ufw status | grep -E "9550|39303|80|443" || echo " 未找到NAC相关规则"
else
echo "UFW未安装"
fi
echo ""
echo ""
# 7. 生成端口映射表
echo "7. 当前端口映射表"
echo "----------------------------------------"
echo "端口 状态 进程"
echo "---- ---- ----"
for port in 9550 9545 9546 9547 9548 9549 9554 9555 9556 39303 39304 39305 9090 9091 3000 3333 8081; do
pid=$(lsof -ti :$port 2>/dev/null || echo "")
if [ -n "$pid" ]; then
proc=$(ps -p $pid -o comm= 2>/dev/null || echo "unknown")
echo -e "$port\t${GREEN}监听${NC}\t$proc"
else
echo -e "$port\t${YELLOW}未用${NC}\t-"
fi
done
echo ""
echo "=========================================="
echo "审计完成"
echo "=========================================="
Reference in New Issue View Git Blame Copy Permalink