#!/bin/bash
feishu_hook='https://open.feishu.cn/open-apis/bot/v2/hook/xxxx'
inet_ip=$(ip a| grep eth0 | grep inet |grep -v inet6|awk '{print $2}'|awk -F '/' '{print $1}')
eval "$(netstat -antpl | gawk -v target="$inet_ip" '
BEGIN {count = 0PROCINFO["sorted_in"] = "@val_num_desc"
}
$0 ~ target {split($5, arr, /:[0-9]+$/)ip = arr[1]cnt[ip]++total++if (!seen_state[ip][$6]++)states[ip] = (states[ip] ? states[ip] "," : "") $6split($7, p, "/")svc = p[2] ? p[2] : p[1]if (!seen_svc[ip][svc]++)services[ip] = (services[ip] ? services[ip] "," : "") svc
}
END {for (ip in cnt) {if (count >= 1) breakcount++gsub(/\047/, "\047\\\047\047", states[ip]) gsub(/\047/, "\047\\\047\047", services[ip])printf "declare -A ip_arr=(\n"printf " [\"ip_addr\"]=\"%s\"\n", ipprintf " [\"connection_count\"]=%d\n", cnt[ip]printf " [\"states\"]=\"%s\"\n", states[ip]printf " [\"services\"]=\"%s\"\n", services[ip]printf ")\n"}
}')"# 验证结果
if declare -p ip_arr &> /dev/null; thenecho "IP地址:${ip_arr["ip_addr"]}"echo "连接数:${ip_arr["connection_count"]}"echo "状态列表:${ip_arr["states"]}"echo "服务列表:${ip_arr["services"]}"
elseecho "未找到匹配的连接"
fijson_data=$(cat <<EOF
{"msg_type": "text","content": {"text": "********** TCP连接警告 **********\\n\\nIP地址:\\n${ip_arr['ip_addr']}\\n\\n连接数:\\n${ip_arr['connection_count']}\\n\\n服务状态:\\n${ip_arr['states']}\\n服务:\\n${ip_arr['services']}"}
}
EOF
)# if [ ${ip_arr["connection_count"]} -ge 500 ];then
# #echo "${ip_arr["connection_count"]},大于 500"
# curl -X POST -H "Content-Type: application/json" \
# -d '{"msg_type":"text","content":{"text":"Foreign_ip:'''${ip_arr["ip_addr"]}\\n'''连接数:'''${ip_arr["connection_count"]}\\n'''服务状态:'''${ip_arr["states"]}\\n'''服务:'''${ip_arr["services"]}\\n'''"}}' \
if [ ${ip_arr["connection_count"]} -ge 500 ];thencurl -X POST -H "Content-Type: application/json" -d "$json_data" "$feishu_hook"
elseecho "连接数小于500,不发送飞书通知"
fi
