nacadmin
/
NAC_Blockchain
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NAC_Blockchain/scripts/binary_scanner.sh

140 lines
4.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# NAC二进制文件位置监控脚本
# /opt/nac/scripts/binary_scanner.sh
set -e
# 配置项
NAC_BASE_DIR="/opt/nac"
OUTPUT_FILE="/var/lib/prometheus/node_exporter/binary_metrics.prom"
LOG_FILE="/var/log/nac/binary_scanner.log"
# 日志函数
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1" | tee -a $LOG_FILE
}
# 初始化指标文件
init_metrics() {
cat > $OUTPUT_FILE << 'EOF'
# HELP nac_binary_file_exists 二进制文件是否存在 (1=存在, 0=不存在)
# TYPE nac_binary_file_exists gauge
# HELP nac_binary_file_size_bytes 二进制文件大小(字节)
# TYPE nac_binary_file_size_bytes gauge
# HELP nac_binary_file_mtime 二进制文件最后修改时间(timestamp)
# TYPE nac_binary_file_mtime gauge
# HELP nac_binary_file_permissions 二进制文件权限(八进制)
# TYPE nac_binary_file_permissions gauge
# HELP nac_binary_file_hash_changed 二进制文件哈希是否变更 (1=变更, 0=未变更)
# TYPE nac_binary_file_hash_changed gauge
EOF
}
# 生成文件唯一标识
get_file_label() {
local file_path=$1
echo "$file_path" | sed -e 's/[^a-zA-Z0-9]/_/g' -e 's/__*/_/g' -e 's/^_//' -e 's/_$//'
}
# 加载历史哈希值
load_history_hashes() {
local history_file="/var/lib/nac/binary_hashes.history"
if [ ! -f $history_file ]; then
touch $history_file
fi
cat $history_file
}
# 保存当前哈希值
save_current_hash() {
local file_path=$1
local hash_value=$2
local history_file="/var/lib/nac/binary_hashes.history"
# 删除旧记录
sed -i "/^$(echo $file_path | sed 's/\//\\\//g')=/d" $history_file
# 添加新记录
echo "$file_path=$hash_value" >> $history_file
}
# 扫描二进制文件
scan_binaries() {
log "开始扫描二进制文件,根目录: $NAC_BASE_DIR"
# 查找所有二进制文件
local binary_files=()
while IFS= read -r file; do
binary_files+=("$file")
done < <(find $NAC_BASE_DIR/bin -type f -executable 2>/dev/null)
log "共发现 ${#binary_files[@]} 个二进制文件"
# 加载历史哈希
local history_hashes=$(load_history_hashes)
# 处理每个文件
for file in "${binary_files[@]}"; do
# 基础信息
local file_label=$(get_file_label "$file")
local file_exists=1
local file_size=$(stat -c %s "$file" 2>/dev/null || echo 0)
local file_mtime=$(stat -c %Y "$file" 2>/dev/null || echo 0)
local file_perm=$(stat -c %a "$file" 2>/dev/null || echo 0)
local file_owner=$(stat -c %U "$file" 2>/dev/null || echo "unknown")
local file_group=$(stat -c %G "$file" 2>/dev/null || echo "unknown")
# 计算SHA256哈希
local current_hash=$(sha256sum "$file" 2>/dev/null | awk '{print $1}' || echo "")
# 检查哈希是否变更
local hash_changed=0
local history_hash=$(echo "$history_hashes" | grep "^$(echo $file | sed 's/\//\\\//g')=" | cut -d= -f2)
if [ -n "$history_hash" ] && [ -n "$current_hash" ] && [ "$current_hash" != "$history_hash" ]; then
hash_changed=1
log "警告: 文件哈希变更 - $file"
fi
# 保存当前哈希
if [ -n "$current_hash" ]; then
save_current_hash "$file" "$current_hash"
fi
# 确定文件类型
local file_type="executable"
local basename=$(basename "$file")
# 输出Prometheus指标
echo "nac_binary_file_exists{path=\"$file\",label=\"$file_label\",name=\"$basename\",type=\"$file_type\",owner=\"$file_owner\",group=\"$file_group\"} $file_exists" >> $OUTPUT_FILE
echo "nac_binary_file_size_bytes{path=\"$file\",label=\"$file_label\",name=\"$basename\",type=\"$file_type\"} $file_size" >> $OUTPUT_FILE
echo "nac_binary_file_mtime{path=\"$file\",label=\"$file_label\",name=\"$basename\",type=\"$file_type\"} $file_mtime" >> $OUTPUT_FILE
echo "nac_binary_file_permissions{path=\"$file\",label=\"$file_label\",name=\"$basename\",type=\"$file_type\"} $file_perm" >> $OUTPUT_FILE
echo "nac_binary_file_hash_changed{path=\"$file\",label=\"$file_label\",name=\"$basename\",type=\"$file_type\"} $hash_changed" >> $OUTPUT_FILE
log "处理完成: $basename (大小: $file_size 字节, 权限: $file_perm)"
done
log "二进制文件扫描完成"
}
# 主流程
main() {
# 创建必要目录
mkdir -p /var/lib/prometheus/node_exporter /var/lib/nac /var/log/nac
# 初始化指标文件
init_metrics
# 执行扫描
scan_binaries
# 设置文件权限
chmod 644 $OUTPUT_FILE
log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
}
# 执行主流程
main
Reference in New Issue View Git Blame Copy Permalink