wu-ftp管理脚本
自己写的,可能有用,如果有问题,可以给我发站内短信
注:test_client.sh可以根据自己的情况,如果与test_server.sh 不在同一台机器,
需要调用autotelnet.sh
-----------说明---------
一、testftp_server.sh
1、用法:
Usage:
./testftp_server.sh {start|stop|restart|status|userconf|mini|limit|loginfails
|view|access|message|guest|denyuser|denyhost}
2、参数说明:
start:
改变配置文件,并启动FTP服务器;下一次系统启动时,会自动启动该服务。
stop:
改变配置文件,并停止FTP服务器;下一次系统启动时,不自动启动该服务。
restart:
重新启动FTP服务器。
status:
查看FTP服务器的运行状态(运行或停止)。
userconf:
为系统添加FTP用户,具体用法为:
./testftp_server.sh userconf username
新添加的用户继承超级用户的密码。
mini:
最小化FTP服务器的配置文件,只留下FTP服务器正常运行所必须的配置项。
limit:
设置FTP服务器限制的各类用户的最大在线数目,具体用法为:
./testftp_server.sh limit user_count times
user_count---为最大在线数目,脚本会根据FTP服务器的配置文件自动处理某类用户。
times---times中的字符串用逗号隔开,每一个字串表示一天。星期一到星期日分别用
Mo、Tu、We、Th、Fr、Sa和Su表示,周末也可以用Wk表示。
表示时间的小时和分钟之间不要用冒号隔开。“-”用来表示范围。
loginfails:
设置用户最大的登录失败次数,具体用法为:
./testftp_server.sh loginfails failed_counts
failed_counts---为用户最大的登录失败次数。
view:
查看FTP服务器的主配置文件的内容。
access:
设置FTP用户的存取权限,具体请查看使用脚本该功能的输出信息。
message:
设置FTP服务器显示的信息。
guest:
设置作为guest对待的用户,具体用法为:
./testftp_server.sh guest username
denyuser:
设置哪些用户不能登录FTP服务器,可以删除或者添加用户,用法:
./testftp_server.sh denyuser del/add username
del/add---指明是从拒绝的用户列表中删除用户还是添加用户到拒绝的用户列表中。
denyhost:
指明哪些用户可以从哪些地址或拒绝哪些用户可以从哪些地址访问FTP服务器,用法:
./testftp_server.sh denyhost add/del allow/deny username hostname
add---为添加一条规则到配置文件;如果用户名和主机名相同,则认为是同一条规则;
del---为从配置文件删除一条规则;如果用户名和主机名相同,则认为是同一条规则;
allow / deny---指明允许还是拒绝。
username---为欲对其执行该规则的用户;
hostname---为主机名。
二、testftp_client.sh
客户端脚本只测试服务器端的limit选项,即最大在线用户限制。用法:
./testftp_client.sh conn_count username password hostname
其中:
conn_count:
与FTP服务器建立连接的数目,应该比FTP服务器的限制数目大;
username:
登录FTP服务器的用户名;
password:
登录FTP服务器的用户密码;
hostname:
FTP服务器的主机名或IP地址。
--------------------------test_server.sh------------------------
#!/bin/bash
. /etc/rc.d/init.d/functions
test -f /etc/ftpaccess
if [ $? -ne 0 ] ; then
echo -e " \007FTP Server congif file--/etc/ftpaccess not found !"
echo " Please check the installion of the FTP Server !"
exit 1
else
arg_count=$#
fi
class_defined(){
if [ `grep -c ^class /etc/ftpaccess` -lt 1 ] ; then
echo -e "\007Class define not found!"
echo "Please run $0 mini or $0 mini real/aonoymous address first!"
exit 1
fi
}
start() {
if [ -f /etc/xinetd.d/wu-ftpd ] ; then
grep -v -E "disable|\}" /etc/xinetd.d/wu-ftpd >/etc/xinetd.d/wu-ftpd.tmp
echo -e "\tdisable\t\t\t= no\n}" >> /etc/xinetd.d/wu-ftpd.tmp
mv -f /etc/xinetd.d/wu-ftpd.tmp /etc/xinetd.d/wu-ftpd
/etc/rc.d/init.d/xinetd restart > /dev/null 2>&1
#Check Result
if [ `/usr/bin/nmap -p21-21 localhost |grep -c ftp` -eq 1 ] ; then
echo "Start FTP SERVER Succeed!"
else
echo "Start FTP SERVER Failed!"
fi
fi
}
stop() {
if [ -f /etc/xinetd.d/wu-ftpd ] ; then
grep -v -E "disable|\}" /etc/xinetd.d/wu-ftpd >/etc/xinetd.d/wu-ftpd.tmp
echo -e "\tdisable\t\t\t= yes\n}" >> /etc/xinetd.d/wu-ftpd.tmp
mv -f /etc/xinetd.d/wu-ftpd.tmp /etc/xinetd.d/wu-ftpd
/etc/rc.d/init.d/xinetd restart > /dev/null 2>&1
#Check Result
if [ `/usr/bin/nmap -p21-21 localhost |grep -c ftp` -eq 0 ] ; then
echo "Stop FTP SERVER Succeed!"
else
echo "Stop FTP SERVER Failed!"
fi
fi
}
status(){
if [ `/usr/bin/nmap -p21-21 localhost |grep -c ftp` -eq 1 ] ; then
echo "FTP SERVER is running!"
else
echo "FTP SERVER stoped!"
fi
}
userconf(){
if [ -d /home/ftp/ ] ; then
echo "The directory /home/ftp/ does exist"
else
mkdir /home/ftp/
fi
if [ `grep -c ^$username /etc/passwd` -ne 1 ] ; then
useradd -d /home/ftp/$username -s /dev/null $username
echo "User $username added"
grep -v ^$username /etc/shadow > /etc/shadow.tmp
echo "$username:`grep ^root /etc/shadow |cut -f 2-9 -d :`" >> /etc/shadow.tmp
mv -f /etc/shadow.tmp /etc/shadow
echo "User $username password is root's password"
fi
grep -v ^$username /etc/passwd > /etc/passwd.tmp
echo "`grep ^$username /etc/passwd |cut -f 1-5 -d :`:/home/ftp/./$username/:/dev/null" >> /etc/passwd.tmp
mv -f /etc/passwd.tmp /etc/passwd
echo "Config User $username shells succeed"
if [ `grep -c null /etc/shells` -ne 1 ] ; then
echo -e "/dev/null" >> /etc/shells
echo " System Shell /dev/null added"
fi
if [ -d /home/ftp/dev/ ] ; then
echo "The directory /home/ftp/dev/ does exist"
else
mkdir /home/ftp/dev
echo "Create directory /home/ftp/dev succeed"
fi
if [ -d /home/ftp/etc/ ] ; then
echo "The directory /home/ftp/etc/ does exist"
else
mkdir /home/ftp/etc
echo "Create directory /home/ftp/etc succeed"
fi
if [ -d /home/ftp/bin/ ] ; then
echo "The directory /home/ftp/bin/ does exist"
else
mkdir /home/ftp/bin
echo "Create directory /home/ftp/bin succeed"
fi
if [ -d /home/ftp/lib/ ] ; then
echo "The directory /home/ftp/lib/ does exist"
else
mkdir /home/ftp/lib
echo "Create directory /home/ftp/lib succeed"
fi
chmod 0511 /home/ftp/dev/ /home/ftp/etc/ /home/ftp/bin/ /home/ftp/lib/ -R
if [ -c /home/ftp/dev/null ] ; then
echo "The directory /home/ftp/dev/null does exist"
else
mknod /home/ftp/dev/null c 1 3
chmod 666 /home/ftp/dev/null
echo "The nod /home/ftp/dev/null added"
fi
if [ -f /home/ftp/etc/passwd ] ; then
:
else
echo "`grep ^root /etc/passwd`" > /home/ftp/etc/passwd
echo "`grep ^$username /etc/passwd`" >> /home/ftp/etc/passwd
echo "/home/ftp/etc/passwd config succeed"
fi
if [ -f /home/ftp/etc/group ] ; then
:
else
echo "`grep ^root /etc/group`" > /home/ftp/etc/group
echo "`grep ^$username /etc/group`" >> /home/ftp/etc/group
echo "/home/ftp/etc/group config succeed"
fi
}
mini(){
if [ $arg_count -eq 1 ] ; then
if [ -f /etc/ftpaccess.bak ] ; then
grep ^class /etc/ftpaccess.bak > /etc/ftpaccess
echo "Mini Config File ready,now,run ftpclient.sh from client!"
else
cp /etc/ftpaccess /etc/ftpaccess.bak
grep ^class /etc/ftpaccess.bak > /etc/ftpaccess
echo "Mini Config File ready,now,run ftpclient.sh from client!"
fi
elif [ $arg_count -eq 3 ] ; then
echo -e "class\t$arg_type\t$arg_type\t$arg_addr" > /etc/ftpaccess
echo "Only $arg_type user from $arg_addr be allowed to use the FTP Server"
else
echo -e $"\007Usage:\t$0 mini or $0 mini real/aonoymous address"
echo -e "\tUse \* or "*" or '*' to replace Any address"
fi
}
limit(){
class_defined
if [ $arg_count -ne 3 ] ; then
echo -e "\007Usage:\t\n$0 limit user_count times"
echo -e "\tuser_count --- MAX online users at the same time\n"
echo -e "\ttimes --- during the period of online users limited"
echo -e "\tMo --- Monday"
echo -e "\tTu --- Tuesday"
echo -e "\tWe --- Wednesday"
echo -e "\tTh --- Thursday"
echo -e "\tFr --- Friday"
echo -e "\tSa --- Saturday"
echo -e "\tSu --- Sunday"
echo -e "\tWk --- Weekend"
echo -e "\t0000-1800 --- from 00:00 to 18:00"
echo -e "\tMoTuWe --- Monday,Tuesday and Wednesday"
else
grep -v ^limit /etc/ftpaccess |grep -v ^$ > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
echo -e "limit\t$arg_class\t$arg_user_count\t$times\t/home/ftp/.too_many.$arg_class" >> /etc/ftpaccess
echo -e "\nMore than $arg_user_count ($arg_class class) users online." > /home/ftp/.too_many.$arg_class
echo -e "\nPlease try a later!" >> /home/ftp/.too_many.$arg_class
echo " Online $arg_class user limited to $arg_user_count at $times!"
fi
}
loginfails(){
class_defined
if [ `grep -c ^loginfails /etc/ftpaccess` -eq 1 ] ; then
grep -v ^loginfails /etc/ftpaccess > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
fi
if [ $arg_count -ne 2 ] ; then
echo -e "\007Usage:\t$0 loginfails failed_counts"
else
echo -e "loginfails\t$failed_count" >> /etc/ftpaccess
echo "loginfails count limited to $failed_count !"
fi
}
view(){
echo -e "\n* * * * * /etc/ftpaccess * * * * *\n "
cat /etc/ftpaccess
echo -e "\n* * * * * /etc/ftpusers * * * * *\n "
cat /etc/ftpusers
echo -e "\n* * * * * /etc/ftphosts * * * * *\n "
cat /etc/ftphosts
# echo -e "\n****/etc/ftpgroups****\n "
# cat /etc/ftpgroups
# echo -e "\n****/etc/ftpconversions****\n "
# cat /etc/ftpconversions
}
access(){
class_defined
if [ `grep -c ^guestgroup /etc/ftpaccess` -lt 1 ] ; then
echo -e "\007\nGuestgroup define not found! please run $0 guest username first !"
exit 1
fi
if [ `grep -c ^upload /etc/ftpaccess` -ne 0 ] ; then
grep -v ^upload /etc/ftpaccess > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
fi
if [ -d /home/ftp/upload ] ;then
echo "Directory /home/ftp/upload exist !"
else
mkdir /home/ftp/upload
chmod a+w /home/ftp/upload
echo "Directory /home/ftp/upload for user to upload files redeay !"
fi
echo -e "\nupload\t/home/ftp/*\t/\tno" >> /etc/ftpaccess
echo -e "upload\t/home/ftp/*\t/etc\tno" >> /etc/ftpaccess
echo -e "upload\t/home/ftp/*\t/dev\tno"\n >> /etc/ftpaccess
echo -e "\nupload\t/home/ftp\t/upload\tyes\troot\tftpadmin\t0600\tnodirs\n" >> /etc/ftpaccess
echo "You can upload files only to directory /upload !"
grep -v ^chmod /etc/ftpaccess |grep -v ^delete |grep -v ^rename |grep -v ^overwrite > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
echo -e "\nchmod\t\tno\tguest,anonymous" >> /etc/ftpaccess
echo -e "delete\t\tno\tanonymous" >> /etc/ftpaccess
echo -e "overwrite\tno\tanonymous" >> /etc/ftpaccess
echo -e "rename\t\tno\tanonymous" >> /etc/ftpaccess
echo -e "rename\t\tyes\treal\n" >> /etc/ftpaccess
grep -v ^noretrieve /etc/ftpaccess > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
echo -e "\nnoretrieve\t/home/ftp/upload" >> /etc/ftpaccess
# echo -e "noretrieve\t/home/ftp/dev" >> /etc/ftpaccess
# echo -e "noretrieve\t/home/ftp/lib" >> /etc/ftpaccess
# echo -e "noretrieve\t/home/ftp/bin\n" >> /etc/ftpaccess
echo "You couldn't download files from directory /home/ftp/upload !"
grep -v ^guest-root /etc/ftpaccess |grep -v ^restricted-gid |grep -v ^restricted-uid > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
echo -e "\nguest-root\t/home/ftp\tftpadmin" >> /etc/ftpaccess
echo -e "restricted-uid\tftpadmin" >>/etc/ftpaccess
echo -e "restricted-gid\tftpadmin\n" >>/etc/ftpaccess
}
message(){
class_defined
grep -v ^message /etc/ftpaccess |grep -v ^readme |grep -v ^greeting >/etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
echo -e "\nThis is MESSAGE TEST ,if you see the information ,congratulations !\n" >/home/ftp/.welcome.msg
echo -e "\nmessage\t/home/ftp/.welcome.msg\tLOGIN" >> /etc/ftpaccess
echo -e "\nThis is README TEST ,if you see the information ,congratulations !\n" > /home/ftp/README.txt
echo -e "readme\treadme\tREADME*\tlogin" >> /etc/ftpaccess
echo -e "readme\tREADME*\tcwd=*" >> /etc/ftpaccess
echo -e "greeting\tterse\n" >> /etc/ftpaccess
echo -e "Only "FTP server ready" echo when connected !"
}
security(){
class_defined
grep -v commands /etc/ftpaccess |grep -v transfers |grep -v security |grep -v ^passwd_check > /etc/ftpaccess.tmp
mv -f /etc/ftpaccess.tmp /etc/ftpaccess
echo -e "\nlog\tcommands\treal,guest" >> /etc/ftpaccess
echo -e "log\ttransfers\treal,guest\tinbound,outbound" >> /etc/ftpaccess
echo "Commands used by real users and guest users loged to /var/log/message !"
echo -e "passwd-check\trfc822\tenforce" >> /etc/ftpaccess
echo "If the password isn't the rfc822 email address,you will not login in !"
}
guest(){
class_defined
if [ $arg_count -ne 2 ] ; then
echo -e "\007\nUsage: $0 guest username !\n"
exit 1
fi
if [ `grep -c ^$username /etc/passwd` -lt 1 ] ; then
echo -e "\007The user $username does not exist.\nPlease run $0 userconf first !"
exit 1
fi
if [ `grep ^guestgroup /etc/ftpaccess |grep -c $username` -ge 1 ] ; then
echo -e "\007\nUser $username does exist in guestgroup !\nTry another user"
else
echo -e "\nguestgroup\t$username" >> /etc/ftpaccess
echo -e "User $username added to guestgroup !"
fi
}
denyuser(){
if [ $arg_count -ne 3 ] ; then
echo -e "\n\007Usage: $0 denyuser add/del username !\n"
exit 1
fi
if [ -f /etc/ftpusers ] ; then
echo -e "\nDeny-userlist file ready !"
else
echo "Deny-userlist file not found !"
touch /etc/ftpusers
chmod 0600 /etc/ftpusers
echo "Create it(/etc/ftpusers) succeed !"
fi
if [ `grep -c ^$username /etc/passwd` -lt 1 ] ; then
echo -e "\007\nThe user $username does not exist.\nPlease run $0 userconf first !"
exit 1
fi
case "$action" in
add)
if [ `grep -c ^$username /etc/ftpusers` -ge 1 ] ; then
echo -e "\007\nUser $username does exist in deny-userlist !\nTry another user"
else
echo "$username" >> /etc/ftpusers
echo -e "User $username added to deny-userlist !"
fi
;;
del)
grep -v ^$username /etc/ftpusers > /etc/ftpusers.tmp
mv -f /etc/ftpusers.tmp /etc/ftpusers
echo "User $username deleted from deny-userlist !"
;;
*)
echo -e "\007Usage: $0 denyuser "add/del" username"
;;
esac
}
denyhost(){
if [ $arg_count -ne 5 ] ; then
echo -e "\007\nUsage: $0 denyhost add/del allow/deny username hostname !\n"
exit 1
fi
if [ -f /etc/ftphosts ] ; then
echo -e "\nDeny-hostlist file ready !"
else
echo "Deny-hostlist file not found !"
touch /etc/ftphosts
chmod 0600 /etc/ftphosts
echo "Create it(/etc/ftphosts) succeed !"
fi
case "$action" in
add)
if [ `grep -w $hostname /etc/ftphosts | grep -w -c $username` -ge 1 ] ; then
echo -e "\007\nDeny-rule "$rule $username $hostname" does exist in deny-hostlist!\nTry another rule"
else
echo -e "$rule\t$username\t$hostname" >> /etc/ftphosts
echo -e "Deny-rule "$rule $username $hostname" added to deny-hostlist !"
fi
;;
del)
if [ `grep $hostname /etc/ftphosts |grep -c $username` -lt 1 ] ; then
echo -e "\007\nDeny-rule "$rule $username $hostname" does not exist in deny-hostlist!\nTry another rule"
else
grep -w -v $username /etc/ftphosts > /etc/ftphosts.tmp
grep -w $username /etc/ftphosts |grep -v $hostname$ >> /etc/ftphosts.tmp
mv /etc/ftphosts.tmp /etc/ftphosts
echo -e "\nDeny-reul "$rule $username $hostname" deleted from deny-hostlist !"
fi
;;
*)
echo -e "\007\nUsage: $0 denyhost add/del allow/deny username hostname !\n"
;;
esac
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
stop
start
;;
userconf)
if [ $arg_count -lt 2 ] ; then
echo -e $"\007Usage: $0 userconf username"
exit 1
fi
username=$2
userconf
;;
mini)
arg_type=$2
arg_addr=$3
mini
;;
limit)
arg_class=`grep ^class /etc/ftpaccess |tr -s "[ ]" |cut -f 2 -d " "|cut -f 2`
arg_user_count=$2
times=$3
limit
;;
loginfails)
failed_count=$2
loginfails
;;
view)
view
;;
access)
access
;;
message)
message
;;
guest)
username=$2
guest
;;
denyuser)
action=$2
username=$3
denyuser
;;
denyhost)
if [ $arg_count -ne 5 ] ; then
echo -e "\007\nUsage: $0 denyhost add/del allow/deny username hostname !\n"
exit 1
fi
action=$2
rule=$3
username=$4
hostname=$5
denyhost
;;
*)
echo -e $"\007Usage:\n\t$0 {start|stop|restart|status|userconf|mini|limit|loginfails\n\t\t\t |view|access|message|guest|denyuser|denyhost}"
exit 1
esac
-------------------------------test_client.sh--------------------------
#!/bin/sh
flags=1
conn_count=$1
username=$2
password=$3
hostname=$4
usage()
{
echo -e "\007Usage:"
echo "`basename $0` conn_count username password hostname"
echo
exit 1
}
if [ $# -lt 4 ]
then
usage
fi
if [ `/usr/bin/nmap -p21-21 localhost |grep -c ftp` -ne 1 ] ; then
echo -e "\007\nFTP SERVER stoped!"
fi
killall -9 nc 2>/dev/null
echo -e "\tF T P E C H O" > /tmp/ftpecho
while [ $flags -le $conn_count ]
do
echo -e "USER $username\nPASS $password\n" | nc $hostname 21 > /tmp/ftpecho &
sleep 1
if [ `grep -c "530-Please-try-a-later!" /tmp/ftpecho` -eq 1 ] ; then
echo -e "\007\n\t`expr $flags - 1` online users limit reached, Please try a later !\n"
break
fi
echo -e "\n\t$flags FTP Connection Completed!"
flags=`expr $flags + 1`
done
----------------------------autotelnet.sh-----------------------------
#!/usr/bin/expect -f
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd
set machine [lindex $argv 0]
set user [lindex $argv 1]
set password [lindex $argv 2]
#set send_human {.2 .4 1 .5 2}
#exec adduser $user
spawn telnet $machine
expect "login:"
#exec sleep 1
send "$user\r"
expect "Password:"
#exec sleep 1
send "$password\r"
#exec sleep 1
send "exit\r"
expect eof
