Simple script (linux, bash, samba3) for quick checking of lan subnet for:
1. SMS-agent properly work at all objects of subnet (query for sms report look at the end of post);
2. List of local administrators group;
3. List of shares.
NET="192.168.1.0/24"Query for sms report:
NET_SMS=`echo $NET | sed s/\.0\\\/.*//g`
DIR=/tmp/`echo $NET_SMS | sed s/192.168.//`
RES="$DIR/RESULT"
PASS='P@ssword'
export LANG=en_US.CP1251
rm -Rf $DIR
mkdir $DIR
wget --no-proxy --http-user="/ " --http-password=$PASS "http:// /SMS/Report.asp?ReportID= &variable=$NET_SMS.%25" -O - | \
lynx -stdin -dump -width=380 | grep Microsoft | sed s/Microsoft.*192.168./192.168./g | sed 's/\(192.168.[0-9\.]*\).*/\1/g' | sort | uniq >> $DIR/sms;
nmap -sP --max-retries 10 $NET -oG $DIR/nmap_ping.grep | tee -a $DIR/nmap_ping
cat $DIR/nmap_ping.grep | grep Host | awk '{print $2}' | nmap -sV -PN -p 23,22,21,445,139,80,8081,3389,53,389,3268,9100 -iL - -oG $DIR/nmap.grep | tee -a $DIR/nmap
echo "############################################################" > $RES
echo "# Computers not connectet to SMS #" >> $RES
echo "############################################################" >> $RES
echo >> $RES
cat $DIR/sms | awk -F "192" '{print "192"$2" ("}' | grep -v $DIR/nmap.grep -f - | grep Host >> $RES
echo >> $RES
echo "#############################################################" >> $RES
echo "# Local admins #" >> $RES
echo "#############################################################" >> $RES
echo >> $RES
for i in `cat $DIR/nmap.grep | grep 445/open | grep Host | awk '{print $2}'`; do
net rpc group MEMBERS Administrators -U%$PASS -W -S $i
EXITSTATUS="$?"
if [ "$EXITSTATUS" -eq "255" ]; then
echo "== $i ==" >> $RES;
echo "Can't logon to host">> $RES
echo >> $RES;
else
ADMINS=""
ADMINS=`net rpc group MEMBERS Администраторы -U%$PASS -W -S $i | egrep -v "Domain Admins|Adm"`
if [ -n "$ADMINS" ]; then
echo "== $i ==" >> $RES;
echo "$ADMINS" >> $RES;
echo >> $RES;
fi
ADMINS=""
ADMINS=`net rpc group MEMBERS Administrators -U%$PASS -W -S $i | egrep -v "Domain Admins|Adm"`
if [ -n "$ADMINS" ]; then
echo "== $i ==" >> $RES;
echo "$ADMINS" >> $RES;
echo >> $RES;
fi
fi
done
echo "#############################################################" >> $RES
echo "# Network shares #" >> $RES
echo "#############################################################" >> $RES
echo >> $RES
for i in `cat $DIR/nmap.grep | grep 445/open | grep Host | awk '{print $2}'`; do
net rpc share -U%$PASS -W -S $i
EXITSTATUS="$?"
if [ "$EXITSTATUS" -eq "255" ]; then
echo "== $i ==" >> $RES;
echo "Can't logon to host">> $RES
else
SHARES=""
SHARES=`net rpc share -U%$PASS -W -S $i | egrep -v "C\\\\$|D\\\\$|E\\\\$|ADMIN\\\\$|print\\\\$|NETLOGON|SYSVOL"`
if [ -n "$SHARES" ] ; then
echo "== $i ==" >> $RES;
echo "$SHARES" >> $RES;
echo >> $RES;
fi
fi
done
SELECT distinct SYS.Netbios_Name0, SYS.User_Name0, SYS.User_Domain0, SYS.Resource_Domain_OR_Workgr0, OPSYS.Caption0 as C054, OPSYS.Version0, MEM.TotalPhysicalMemory0, IPAddr.IP_Addresses0, WS.LastHWScan
FROM v_R_System SYS
LEFT JOIN v_RA_System_MACAddresses MAC on SYS.ResourceID = MAC.ResourceID
LEFT JOIN v_RA_System_IPAddresses IPAddr on SYS.ResourceID = IPAddr.ResourceID
LEFT JOIN v_GS_X86_PC_MEMORY MEM on SYS.ResourceID = MEM.ResourceID
LEFT JOIN v_GS_COMPUTER_SYSTEM CSYS on SYS.ResourceID = CSYS.ResourceID
LEFT JOIN v_GS_PROCESSOR Processor on Processor.ResourceID = SYS.ResourceID
LEFT JOIN v_GS_OPERATING_SYSTEM OPSYS on SYS.ResourceID=OPSYS.ResourceID
left JOIN v_GS_DISK Pdisk ON SYS.ResourceID = Pdisk.ResourceID
LEFT JOIN PC_BIOS_DATA Bios on SYS.ResourceID = Bios.MachineID
LEFT JOIN v_GS_WORKSTATION_STATUS WS on SYS.ResourceID = WS.ResourceID
WHERE IPAddr.IP_Addresses0 like @variable and WS.LastHWScan > DATEADD(week,-4,GETDATE())
ORDER BY SYS.Netbios_Name0, SYS.Resource_Domain_OR_Workgr0
No comments:
Post a Comment