一某饰、編寫(xiě)腳本selinux.sh喇澡,實(shí)現(xiàn)開(kāi)啟或禁用SELinux功能
#!/bin/bash
read -p "NOW selinux status `getenforce` Do you want to continue change the status [Y/N]:" option
if [ "$option" == "Y" ];then
if [ "$(getenforce)" == "Enforcing" ];then
setenforce 0
echo "selinux is closed"
elif [ "$(getenforce)" == "Disabled" ];then
setenforce 1
echo "selinux is started"
elif [ "$(getenforce)" == "Permissive" ];then
setenforce 1
echo "selinux is started"
fi
else
echo "byebye"
fi
二浦马、統(tǒng)計(jì)/etc/fstab文件中每個(gè)文件系統(tǒng)類(lèi)型出現(xiàn)的次數(shù)
grep -Ev "(^#|^$)" /etc/fstab |awk '{print $3}' |sort |uniq -c
或則
grep -Ev "(^#|^$)" /etc/fstab |awk '{a[$3]++} END{for(i in a) print i,a[i]}'
三、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有數(shù)字
echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw' |awk -F "" '
> {
> for(i=1;i<=NF;i++)
> {
> if ($i ~ /[[:digit:]]/)
> {
> str=$i
> str1=(str1 str)
> }
> }
> print str1
> }'
四谨娜、解決DOS攻擊生產(chǎn)案例:根據(jù)web日志或者或者網(wǎng)絡(luò)連接數(shù)磺陡,監(jiān)控當(dāng)某個(gè)IP 并發(fā)連接數(shù)或者短時(shí)內(nèi)PV達(dá)到100趴梢,即調(diào)用防火墻命令封掉對(duì)應(yīng)的IP,監(jiān)控頻 率每隔5分鐘垢油。防火墻命令為:iptables -A INPUT -s IP -j REJECT
#!/bin/bash
IPADDR=(`netstat -ant |grep 'ESTABLISHED' |awk '{print $5}' |awk -F ":" '{print $1}' |sort |uniq -c |awk '{print $2}'`)
for i in ${IPADDR[@]};do
PV=`netstat -ant |grep 'ESTABLISHED' |awk '{print $5}' |awk -F ":" '{print $1}' |sort |uniq -c |grep $i |awk '{print $1}'`
if [ $PV -gt 100 ];then
echo "WARNING:$i connection number $PV" > /tmp/pvwarning.log
mail -s "$HOSTNAME PVWARNING" xxx@qq.com < /tmp/pvwarning.log
iptables -A INPUT -s $i -j REJECT
fi
done
制定腳本執(zhí)行周期
crontab -e
* */5 * * * > /data/pv.sh
