2020-06-05 第十周作業(yè)

1柏蘑、編寫腳本selinux.sh幸冻，實現(xiàn)開啟或禁用SELinux功能

#*******************************************************************
read -p "是否關閉selinux:yes or no:" useread
if [ $useread == 'yes' ];then
 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 
 echo "請重啟設備方可生效"
 echo "現(xiàn)在的狀態(tài)為："
    getenforc
echo "如果狀態(tài)為enforcing，請重啟以關閉selinux"
elif [ $useread == 'no' ];then
 sed -i 's/SELINUX=disabled/SELINUX=enforcing/' /etc/selinux/config
echo "現(xiàn)在的狀態(tài)為："
   getenforce
echo "如果狀態(tài)為disabled咳焚，請重啟以啟動selinux"
else
   echo "請輸入yes或no"
fi

2洽损、統(tǒng)計/etc/fstab文件中每個文件系統(tǒng)類型出現(xiàn)的次數(shù)

[root@centos7 ~]#awk '/^UUID/||/^\/dev/{print $3}' /etc/fstab|sort |uniq -c
      1 swap
      3 xfs

3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有數(shù)字

[root@centos7 ~]#echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|awk 'gsub(/[^0-9]/,"",$0)'
05973

4革半、解決DOS攻擊生產(chǎn)案例:根據(jù)web日志或者或者網(wǎng)絡連接數(shù)碑定，監(jiān)控當某個IP 并發(fā)連接數(shù)或者短時內(nèi)PV達到100，即調(diào)用防火墻命令封掉對應的IP又官，監(jiān)控頻率每隔5分鐘延刘。防火墻命令為:iptables -A INPUT -s IP -j REJECT

[root@centos7 data]# systemctl status firewalld 查看防火墻狀態(tài)
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)  表示系統(tǒng)自帶的防火墻關閉
     Docs: man:firewalld(1)

[root@centos7 ~]# yum install iptables 下載iptables防火墻
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
base                                                                                                                | 3.6 kB  00:00:00     
epel                                                                                                                | 4.7 kB  00:00:00     
(1/3): epel/7/x86_64/group_gz                                                                                       |  95 kB  00:00:00     
(2/3): epel/7/x86_64/primary_db                                                                                     | 6.8 MB  00:00:06     
(3/3): epel/7/x86_64/updateinfo                                                                                     | 1.0 MB  00:00:10     
Package iptables-1.4.21-28.el7.x86_64 already installed and latest version
Nothing to do
[root@centos7 ~]# yum install iptables-services
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-28.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================
 Package                                 Arch                         Version                             Repository                  Size
===========================================================================================================================================
Installing:
 iptables-services                       x86_64                       1.4.21-28.el7                       base                        52 k

Transaction Summary
===========================================================================================================================================
Install  1 Package

Total download size: 52 k
Installed size: 26 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iptables-services-1.4.21-28.el7.x86_64                                                                                  1/1 
  Verifying  : iptables-services-1.4.21-28.el7.x86_64                                                                                  1/1 

Installed:
  iptables-services.x86_64 0:1.4.21-28.el7                                                                                                 

Complete!
[root@centos7 ~]# systemctl status iptables 查看開啟狀態(tài)
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead) 表示關閉
[root@centos7 ~]# systemctl start iptables  開啟防火墻
[root@centos7 ~]# systemctl status iptables 
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Thu 2020-06-18 18:04:29 CST; 5s ago 表示已開啟
  Process: 17964 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 17964 (code=exited, status=0/SUCCESS)

Jun 18 18:04:29 centos7.6 systemd[1]: Starting IPv4 firewall with iptables...
Jun 18 18:04:29 centos7.6 iptables.init[17964]: iptables: Applying firewall rules: [  OK  ]
Jun 18 18:04:29 centos7.6 systemd[1]: Started IPv4 firewall with iptables.

                                            
[root@centos7 ~]# iptables -L -n        #目前防火墻規(guī)則為默認
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@centos7 ~]# vim[root@erp2 ~]# ssh 172.16.100.43 先測下 測試ip為172.16.100.61
root@172.16.100.43's password:  可訪問
 ipdos.sh                                               #創(chuàng)建規(guī)則腳本
#!/bin/bash

awk '{ip[$1]++}END{for(i in ip){if(ip[i]>1000)  print i }}' access_log >>ip.txt 將次數(shù)大于1000的IP過濾出來并放入文本中
cat ip.txt |while read line 將ip從文本中讀入循環(huán)做變量
do
 iptables -A INPUT -s $line -j REJECT
 echo $line                                                                                                                                                     
done
[root@centos7 data]# chmod +x ipdos.sh 賦予執(zhí)行權限
[root@centos7 data]# crontab -e  設置定時任務
*/5  * * * * /bin/bash /data/ipdos.sh
crontab: installing new crontab

[root@centos7 data]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
REJECT     all  --  172.20.0.200         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  172.20.0.76          0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  172.20.0.222         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  172.20.0.227         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  172.20.116.179       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  172.20.65.65         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  172.20.112.14        0.0.0.0/0            reject-with icmp-port-unreachable

[root@erp2 ~]# ssh 172.16.100.43 已無法訪問
ssh: connect to host 172.16.100.43 port 22: Connection refused