bash_scan_docker_network_ip_port.sh
Β· 5.0 KiB Β· Bash
Raw
/home/tools/SH/docker_network_port_ip.sh
#!/usr/bin/env bash
COMPOSE_PATH="/home/docker/*/docker-compose.y*ml"
# ===== ANSI COLORS =====
ESC=$'\033'
RESET="${ESC}[0m"
BOLD="${ESC}[1m"
GRAY="${ESC}[90m"
RED="${ESC}[91m"
GREEN="${ESC}[92m"
YELLOW="${ESC}[93m"
BLUE="${ESC}[94m"
MAGENTA="${ESC}[95m"
CYAN="${ESC}[96m"
C_IP="$CYAN"
C_PORT_EXT="$RED"
C_PORT_INT="$BLUE"
NET_COLORS=("$BLUE" "$MAGENTA" "$CYAN" "$YELLOW")
declare -A NET_COLOR_MAP
net_index=0
get_net_color() {
local net="$1"
if [[ -z "${NET_COLOR_MAP[$net]}" ]]; then
NET_COLOR_MAP[$net]="${NET_COLORS[$net_index]}"
net_index=$(( (net_index + 1) % ${#NET_COLORS[@]} ))
fi
echo "${NET_COLOR_MAP[$net]}"
}
clear
printf "%b\n" "${BOLD}π³ Docker Network / IP / Port Audit${RESET}"
printf "%b\n" "${GRAY}ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ${RESET}"
# =============================================================================
# CONTAINERS ACTIFS (AVEC PORTS EXTERNES)
# =============================================================================
printf "%b\n" "${BOLD}π Containers actifs (triΓ©s rΓ©seau/IP)${RESET}"
printf "%-34s %-30s %-18s %-45s\n" "CONTAINER" "NETWORK" "IP" "PORTS EXTERNES"
printf "%-34s %-30s %-18s %-45s\n" "---------" "-------" "--" "--------------"
docker inspect $(docker ps -q) | jq -r '
.[] | .Name[1:] as $n | .NetworkSettings.Networks | to_entries[] |
"\(.key)|\(.value.IPAddress)|\($n)"' | sort -t"|" -k1,1 -k2,2r | while IFS="|" read -r net ip name; do
net_color=$(get_net_color "$net")
if [[ "$net" == "host" ]]; then
ip_host=$(ip -4 route get 1 | awk '{print $7; exit}')
ip="$ip_host (host)"
ip_color="$GREEN"
else
[[ "$ip" =~ ^10\. ]] && ip_color="$GREEN" || ip_color="$YELLOW"
fi
# SEULEMENT PORTS EXTERNES (0.0.0.0:XXXX->)
ports_raw=$(docker ps --filter "name=^/${name}$" --format "{{.Ports}}" | grep -o "0\.0\.0\.0:[0-9]\+->[0-9]\+/tcp\|0\.0\.0\.0:[0-9]\+->[0-9]\+/udp" | tr '\n' ', ' | sed 's/, $//')
ports_colored=$(printf '%s' "$ports_raw" | sed -E \
-e "s/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):/${C_IP}\1${RESET}:/g" \
-e "s/([0-9]+)->/${C_PORT_EXT}\1${RESET}->/g")
printf "%s%-34s%s %s%-30s%s %s%-18s%s %-45s\n" \
"" "π’ $name" "$RESET" \
"$net_color" "$net" "$RESET" \
"$ip_color" "$ip" "$RESET" \
"${ports_colored:-aucun}"
done
# =============================================================================
# AUDIT CONFLITS IP (FIXΓ)
# =============================================================================
printf "%b\n" "${BOLD}π AUDIT IP CONFLITS / CHEVAUCHEMENTS${RESET}"
printf "%-25s %-40s %-25s\n" "IP" "CONTAINERS" "RΓSEAUX"
printf "%-25s %-40s %-25s\n" "--" "----------" "-------"
declare -A ip_containers
declare -A ip_networks
docker inspect $(docker ps -q) | jq -r '
.[] | .Name[1:] as $n | .NetworkSettings.Networks | to_entries[] |
select(.value.IPAddress != null and .value.IPAddress != "") |
"\(.value.IPAddress)|\(.key)|\($n)"' | while IFS="|" read -r ip net name; do
[[ -n "$ip" && "$ip" != "N/A" ]] || continue
ip_containers["$ip"]+="$name "
ip_networks["$ip"]="$net"
done
conflits=0
for ip in "${!ip_containers[@]}"; do
# FIX: compte mots (containers) pas caractères
if [[ $(echo "${ip_containers[$ip]}" | wc -w) -gt 1 ]]; then
printf "${RED}%-25s${RESET} %-40s ${YELLOW}%-25s${RESET}\n" \
"$ip" "${ip_containers[$ip]}" "${ip_networks[$ip]}"
((conflits++))
fi
done
[[ $conflits -eq 0 ]] && printf "%b\n" "${GREEN}β
Aucune duplication IP${RESET}"
# =============================================================================
# COMPOSE vs LIVE (STATUS EN 1er)
# =============================================================================
echo
printf "%b\n" "${BOLD}π docker-compose β LIVE${RESET}"
printf "%-10s %-30s %-18s %-18s\n" "STATUS" "STACK" "IP COMPOSE" "IP LIVE"
printf "%-10s %-30s %-18s %-18s\n" "------" "-----" "----------" "-------"
for file in $COMPOSE_PATH; do
stack=$(basename "$(dirname "$file")")
ip_compose=$(grep -A5 "\[[:space:]]*networks:" "$file" 2>/dev/null | \
grep "ipv4_address:" | head -1 | \
sed 's/.*ipv4_address:[[:space:]]*//; s/[ "'\'']//g')
[[ -z "$ip_compose" ]] && ip_compose="β"
container=$(docker ps --format '{{.Names}}' | grep -i "^${stack}" | head -n1)
if [[ -n "$container" ]]; then
ip_live=$(docker inspect -f '{{range $net, $conf := .NetworkSettings.Networks}}{{if $conf.IPAddress}}{{$conf.IPAddress}}{{end}}{{end}}' "$container" | head -1)
[[ -z "$ip_live" ]] && ip_live="invalid IP"
else
ip_live="β"
fi
if [[ "$ip_compose" != "β" && "$ip_live" != "β" && "$ip_live" != "invalid IP" && "$ip_compose" != "$ip_live" ]]; then
status="${RED}β οΈ ALERTE${RESET}"
else
status="${GREEN}β
OK${RESET}"
fi
printf "%b %-30s %-18s %-18s\n" "$status" "$stack" "$ip_compose" "$ip_live"
done
echo
printf "%b\n" "${BOLD}β
Audit terminΓ©${RESET}"
| 1 | /home/tools/SH/docker_network_port_ip.sh |
| 2 | #!/usr/bin/env bash |
| 3 | |
| 4 | COMPOSE_PATH="/home/docker/*/docker-compose.y*ml" |
| 5 | |
| 6 | # ===== ANSI COLORS ===== |
| 7 | ESC=$'\033' |
| 8 | RESET="${ESC}[0m" |
| 9 | BOLD="${ESC}[1m" |
| 10 | GRAY="${ESC}[90m" |
| 11 | RED="${ESC}[91m" |
| 12 | GREEN="${ESC}[92m" |
| 13 | YELLOW="${ESC}[93m" |
| 14 | BLUE="${ESC}[94m" |
| 15 | MAGENTA="${ESC}[95m" |
| 16 | CYAN="${ESC}[96m" |
| 17 | |
| 18 | C_IP="$CYAN" |
| 19 | C_PORT_EXT="$RED" |
| 20 | C_PORT_INT="$BLUE" |
| 21 | |
| 22 | NET_COLORS=("$BLUE" "$MAGENTA" "$CYAN" "$YELLOW") |
| 23 | declare -A NET_COLOR_MAP |
| 24 | net_index=0 |
| 25 | |
| 26 | get_net_color() { |
| 27 | local net="$1" |
| 28 | if [[ -z "${NET_COLOR_MAP[$net]}" ]]; then |
| 29 | NET_COLOR_MAP[$net]="${NET_COLORS[$net_index]}" |
| 30 | net_index=$(( (net_index + 1) % ${#NET_COLORS[@]} )) |
| 31 | fi |
| 32 | echo "${NET_COLOR_MAP[$net]}" |
| 33 | } |
| 34 | |
| 35 | clear |
| 36 | printf "%b\n" "${BOLD}π³ Docker Network / IP / Port Audit${RESET}" |
| 37 | printf "%b\n" "${GRAY}ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ${RESET}" |
| 38 | |
| 39 | # ============================================================================= |
| 40 | # CONTAINERS ACTIFS (AVEC PORTS EXTERNES) |
| 41 | # ============================================================================= |
| 42 | printf "%b\n" "${BOLD}π Containers actifs (triΓ©s rΓ©seau/IP)${RESET}" |
| 43 | printf "%-34s %-30s %-18s %-45s\n" "CONTAINER" "NETWORK" "IP" "PORTS EXTERNES" |
| 44 | printf "%-34s %-30s %-18s %-45s\n" "---------" "-------" "--" "--------------" |
| 45 | |
| 46 | docker inspect $(docker ps -q) | jq -r ' |
| 47 | .[] | .Name[1:] as $n | .NetworkSettings.Networks | to_entries[] | |
| 48 | "\(.key)|\(.value.IPAddress)|\($n)"' | sort -t"|" -k1,1 -k2,2r | while IFS="|" read -r net ip name; do |
| 49 | |
| 50 | net_color=$(get_net_color "$net") |
| 51 | |
| 52 | if [[ "$net" == "host" ]]; then |
| 53 | ip_host=$(ip -4 route get 1 | awk '{print $7; exit}') |
| 54 | ip="$ip_host (host)" |
| 55 | ip_color="$GREEN" |
| 56 | else |
| 57 | [[ "$ip" =~ ^10\. ]] && ip_color="$GREEN" || ip_color="$YELLOW" |
| 58 | fi |
| 59 | |
| 60 | # SEULEMENT PORTS EXTERNES (0.0.0.0:XXXX->) |
| 61 | ports_raw=$(docker ps --filter "name=^/${name}$" --format "{{.Ports}}" | grep -o "0\.0\.0\.0:[0-9]\+->[0-9]\+/tcp\|0\.0\.0\.0:[0-9]\+->[0-9]\+/udp" | tr '\n' ', ' | sed 's/, $//') |
| 62 | ports_colored=$(printf '%s' "$ports_raw" | sed -E \ |
| 63 | -e "s/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):/${C_IP}\1${RESET}:/g" \ |
| 64 | -e "s/([0-9]+)->/${C_PORT_EXT}\1${RESET}->/g") |
| 65 | |
| 66 | printf "%s%-34s%s %s%-30s%s %s%-18s%s %-45s\n" \ |
| 67 | "" "π’ $name" "$RESET" \ |
| 68 | "$net_color" "$net" "$RESET" \ |
| 69 | "$ip_color" "$ip" "$RESET" \ |
| 70 | "${ports_colored:-aucun}" |
| 71 | done |
| 72 | |
| 73 | # ============================================================================= |
| 74 | # AUDIT CONFLITS IP (FIXΓ) |
| 75 | # ============================================================================= |
| 76 | printf "%b\n" "${BOLD}π AUDIT IP CONFLITS / CHEVAUCHEMENTS${RESET}" |
| 77 | printf "%-25s %-40s %-25s\n" "IP" "CONTAINERS" "RΓSEAUX" |
| 78 | printf "%-25s %-40s %-25s\n" "--" "----------" "-------" |
| 79 | |
| 80 | declare -A ip_containers |
| 81 | declare -A ip_networks |
| 82 | |
| 83 | docker inspect $(docker ps -q) | jq -r ' |
| 84 | .[] | .Name[1:] as $n | .NetworkSettings.Networks | to_entries[] | |
| 85 | select(.value.IPAddress != null and .value.IPAddress != "") | |
| 86 | "\(.value.IPAddress)|\(.key)|\($n)"' | while IFS="|" read -r ip net name; do |
| 87 | [[ -n "$ip" && "$ip" != "N/A" ]] || continue |
| 88 | ip_containers["$ip"]+="$name " |
| 89 | ip_networks["$ip"]="$net" |
| 90 | done |
| 91 | |
| 92 | conflits=0 |
| 93 | for ip in "${!ip_containers[@]}"; do |
| 94 | # FIX: compte mots (containers) pas caractères |
| 95 | if [[ $(echo "${ip_containers[$ip]}" | wc -w) -gt 1 ]]; then |
| 96 | printf "${RED}%-25s${RESET} %-40s ${YELLOW}%-25s${RESET}\n" \ |
| 97 | "$ip" "${ip_containers[$ip]}" "${ip_networks[$ip]}" |
| 98 | ((conflits++)) |
| 99 | fi |
| 100 | done |
| 101 | |
| 102 | [[ $conflits -eq 0 ]] && printf "%b\n" "${GREEN}β Aucune duplication IP${RESET}" |
| 103 | |
| 104 | # ============================================================================= |
| 105 | # COMPOSE vs LIVE (STATUS EN 1er) |
| 106 | # ============================================================================= |
| 107 | echo |
| 108 | printf "%b\n" "${BOLD}π docker-compose β LIVE${RESET}" |
| 109 | printf "%-10s %-30s %-18s %-18s\n" "STATUS" "STACK" "IP COMPOSE" "IP LIVE" |
| 110 | printf "%-10s %-30s %-18s %-18s\n" "------" "-----" "----------" "-------" |
| 111 | |
| 112 | for file in $COMPOSE_PATH; do |
| 113 | stack=$(basename "$(dirname "$file")") |
| 114 | ip_compose=$(grep -A5 "\[[:space:]]*networks:" "$file" 2>/dev/null | \ |
| 115 | grep "ipv4_address:" | head -1 | \ |
| 116 | sed 's/.*ipv4_address:[[:space:]]*//; s/[ "'\'']//g') |
| 117 | [[ -z "$ip_compose" ]] && ip_compose="β" |
| 118 | |
| 119 | container=$(docker ps --format '{{.Names}}' | grep -i "^${stack}" | head -n1) |
| 120 | |
| 121 | if [[ -n "$container" ]]; then |
| 122 | ip_live=$(docker inspect -f '{{range $net, $conf := .NetworkSettings.Networks}}{{if $conf.IPAddress}}{{$conf.IPAddress}}{{end}}{{end}}' "$container" | head -1) |
| 123 | [[ -z "$ip_live" ]] && ip_live="invalid IP" |
| 124 | else |
| 125 | ip_live="β" |
| 126 | fi |
| 127 | |
| 128 | if [[ "$ip_compose" != "β" && "$ip_live" != "β" && "$ip_live" != "invalid IP" && "$ip_compose" != "$ip_live" ]]; then |
| 129 | status="${RED}β οΈ ALERTE${RESET}" |
| 130 | else |
| 131 | status="${GREEN}β OK${RESET}" |
| 132 | fi |
| 133 | |
| 134 | printf "%b %-30s %-18s %-18s\n" "$status" "$stack" "$ip_compose" "$ip_live" |
| 135 | done |
| 136 | |
| 137 | echo |
| 138 | printf "%b\n" "${BOLD}β Audit terminΓ©${RESET}" |
| 139 |