netstat -an | grep 2049 | grep "ESTABLISHED"
showmount -a
NFS Monitoring ScriptÂ
#!/bin/bash #NFS Mount Monitoring HOSTIP="$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')" NFS=($(netstat -an | grep 2049 | grep "ESTABLISHED" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | grep -v "$HOSTIP")) echo "#####################" >> /tmp/hacker.info echo "NFS Mount(s) Mounted!" >> /tmp/hacker.info echo "#####################" >> /tmp/hacker.info for i in "${NFS[@]}" do echo "#####################" >> /tmp/hacker.info echo "HACKER DETECTED W/ IP $i" >> /tmp/hacker.info echo >> /tmp/hacker.info nbtscan "$i" >> /tmp/hacker.info nslookup "$i" >> /tmp/hacker.info arp -a "$i" >> /tmp/hacker.info echo >> /tmp/hacker.info done echo "#####################" >> /tmp/hacker.info echo "NFS General Information" >> /tmp/hacker.info echo >> /tmp/hacker.info echo "netstat" >> /tmp/hacker.info netstat -an | grep 2049 | grep "ESTABLISHED" >> /tmp/hacker.info echo >> /tmp/hacker.info echo "showmount -a" >> /tmp/hacker.info showmount -a >> /tmp/hacker.info echo "" >> /tmp/hacker.info echo "End NFS Information" >> /tmp/hacker.info echo "#####################" >> /tmp/hacker.info