Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata
netstat -an | grep 2049 | grep "ESTABLISHED"
showmount -a

NFS Monitoring Script 

#!/bin/bash

#NFS Mount Monitoring
HOSTIP="$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')"
NFS=($(netstat -an | grep 2049 | grep "ESTABLISHED" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | grep -v "$HOSTIP"))

echo "#####################" >> /tmp/hacker.info
echo "NFS Mount(s) Mounted!" >> /tmp/hacker.info
echo "#####################" >> /tmp/hacker.info
for i in "${NFS[@]}"
 do
        echo "#####################" >> /tmp/hacker.info
        echo "HACKER DETECTED W/ IP $i" >> /tmp/hacker.info
        echo >> /tmp/hacker.info
        nbtscan "$i" >> /tmp/hacker.info
        nslookup "$i" >> /tmp/hacker.info
        arp -a "$i" >> /tmp/hacker.info
        echo >> /tmp/hacker.info
done

echo "#####################" >> /tmp/hacker.info
echo "NFS General Information" >> /tmp/hacker.info
echo >> /tmp/hacker.info
echo "netstat" >> /tmp/hacker.info
netstat -an | grep 2049 | grep "ESTABLISHED" >> /tmp/hacker.info
echo >> /tmp/hacker.info
echo "showmount -a" >> /tmp/hacker.info
showmount -a >> /tmp/hacker.info
echo "" >> /tmp/hacker.info
echo "End NFS Information" >> /tmp/hacker.info
echo "#####################" >> /tmp/hacker.info
  • No labels