30 lines
949 B
Bash
Executable File
30 lines
949 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Network Monitoring Script
|
|
# Monitors for suspicious activity
|
|
|
|
LOG_FILE="network_monitor_$(date +%Y%m%d_%H%M%S).log"
|
|
|
|
echo "Starting network monitoring..." | tee $LOG_FILE
|
|
|
|
while true; do
|
|
echo "[$(date)] Checking network..." | tee -a $LOG_FILE
|
|
|
|
# Check for new devices
|
|
NEW_DEVICES=$(arp -n | grep -v "incomplete" | wc -l)
|
|
echo "Active devices: $NEW_DEVICES" | tee -a $LOG_FILE
|
|
|
|
# Check for suspicious connections
|
|
SUSPICIOUS=$(netstat -tuln 2>/dev/null | grep -E ":(25|1433|3306|5432|27017|6379|8080|8443|4444|31337)" | wc -l)
|
|
if [ $SUSPICIOUS -gt 0 ]; then
|
|
echo "⚠️ Suspicious connections detected: $SUSPICIOUS" | tee -a $LOG_FILE
|
|
fi
|
|
|
|
# Check firewall status
|
|
if ! sudo iptables -L -n | grep "192.168.50.81" > /dev/null; then
|
|
echo "🚨 WARNING: Compromised device is no longer blocked!" | tee -a $LOG_FILE
|
|
fi
|
|
|
|
sleep 300 # Check every 5 minutes
|
|
done
|