如何从openssl命令写入grep的输出?
[英]How to write an output of a grep from an openssl command?
问题描述
Consider you have list of thousand IP addresses in a text file - one per line. 
假设您在文本文件中有上千个IP地址的列表-每行一个。 I want to be able to grab all possible anomalies from each IP address using openssl s_client command. 我希望能够使用openssl s_client命令从每个IP地址捕获所有可能的异常。 So far, anomalies are certificate expired, self signed certificate, and issuer CN to include emailAddress=root@localhost.localdomain. 到目前为止,异常是证书过期,自签名证书和颁发者CN ,其中包括emailAddress=root@localhost.localdomain。
Overall, I want to be able to obtain concise error message per IP address if there is any. 总体而言,我希望能够获得每个IP地址的简明错误消息(如果有的话)。 My current bash script looks like: 我当前的bash脚本如下所示:
for ip in `awk '{print $1}' < general_certs.txt`; do
# Print IP address currently checking
echo -e $ip;
if timeout 30 openssl s_client -connect $ip:443| grep -i 'error' ; then
# Write error information and IP address to a file
echo `openssl s_client -connect $ip:443| grep -i 'error'` $ip >> general_errors;
else
# Write noerror information and IP address to another file
echo "noerror" $ip >> general_noerror;
fi;
done
First issue I have with the code is that it is not optimized and that I am skeptical if it returns accurate results. 我对代码的第一个问题是代码没有经过优化,如果它返回准确的结果,我会怀疑。 The end goal with the above script is to identify all untrusted certificate containing IPs. 上面脚本的最终目标是识别所有包含IP的不受信任的证书。
Second issue I had with the above code that I could not echo $ip first because it would get truncated by the message itself. 我在上面的代码中遇到的第二个问题是我无法先回显$ ip,因为它会被消息本身截断。 So, I ended up writing out $ip after the error message. 因此,我最终在错误消息后写出$ ip。
It is not necessary to use openssl if there is a more genuine solution to my question. 如果对我的问题有更真实的解决方案,则不必使用openssl。
2 个解决方案
解决方案1
0 已采纳 2017-06-05 22:57:55
You can try to run them all in one shot by putting the processes in the background: 您可以尝试通过将进程置于后台来一次全部运行它们:
#!/bin/bash
max=100
counter=0
for ip in `awk '{print $1}' < general_certs.txt`; do
(( counter++ ))
(
results=$( timeout 30 openssl s_client -connect $ip:443 2> /dev/null )
if [ "$results" = "" ]; then
echo "$ip noresponse"
else
echo -n "$ip "
echo "$results" | grep -i 'error' || echo "noerror"
fi
) >> general_errors &
if [ $counter -eq $max ]; then
wait
counter=0
fi
done
wait
This was the input: 这是输入:
$ cat general_certs.txt
stackoverflow.com
redhat.com
google.com
8.8.8.8
vt.edu
bls.gov
8.8.4.4
This was the output: 这是输出:
$ cat general_errors
8.8.4.4 noerror
stackoverflow.com noerror
google.com noerror
vt.edu noerror
bls.gov noerror
redhat.com noerror
8.8.8.8 noresponse
If you have some that fail, I can test them. 如果您有一些失败,我可以对其进行测试。
解决方案2
0 2017-06-05 23:32:12
If you're trying to get which ip's have a untrusted certificate, you could try, even if it's not the best option, with curl . 如果您尝试获取哪个IP拥有不受信任的证书,则可以使用curl尝试,即使它不是最佳选择。
Something like: 就像是:
for ip in `awk '{print $1}' < general_certs.txt`; do
echo -e $ip
curl https://${ip}:443 &> /dev/null
if [ $? == 51 ]; then
echo "upsis, https://${ip}:443 has a untrusted certificate" >> general_err
else
echo "yai, https://${ip}:443 doesn't have a untrusted certificate" >> general_noerr
fi
done
Notice that here you're only checking for unstrusted certificates ( error 51 in curl ), but the command could send any other error and it would go to general_noerror . 请注意,这里您仅在检查不受信任的证书(curl中的错误51),但是该命令可能会发送其他任何错误,并且将发送至general_noerror 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.