十、Linux 自動化指令碼與函式
阿新 • • 發佈:2020-11-13
1.編寫指令碼selinux.sh,實現開啟或禁用SELinux功能。
[root@localhost ~]#bash SElinux.sh ###################################################### Current status: SELinux status: disabled ###################################################### Please input enable|disable|permissive|quit to set SElinux: enable setenforce: SELinux is disabled SElinux current status is Disabled SElinux config file is set SELINUX=enforcing [root@localhost ~]#bash SElinux.sh ###################################################### Current status: SELinux status: disabled ###################################################### Please input enable|disable|permissive|quit to set SElinux: disable setenforce: SELinux is disabled SElinux current status is Disabled,But Disabled's status need to reboot SElinux config file is set SELINUX=disabled [root@localhost ~]#bash SElinux.sh ###################################################### Current status: SELinux status: disabled ###################################################### Please input enable|disable|permissive|quit to set SElinux: permissive setenforce: SELinux is disabled SElinux current status is Disabled SElinux config file is set SELINUX=Permissive [root@localhost ~]#cat SElinux.sh #!/bin/bash #******************************************************************** #Author: Kevin.Wen #Revision: 1.0 #QQ: 2510905014 #Date: 2020-11-13 #FileName: SElinux.sh #******************************************************************** echo "######################################################" echo -e "Current status:\n`sestatus`" echo "######################################################" echo -e "\n" read -p "Please input enable|disable|permissive|quit to set SElinux: " Arg if [ $Arg == "enable" ];then setenforce 1 sed -ri.bak "s#^SELINUX=.*#SELINUX=enforcing#" /etc/selinux/config &>/dev/null echo "SElinux current status is `getenforce`" echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`" exit elif [ $Arg == "disable" ];then setenforce 0 sed -ri.bak "s#^SELINUX=.*#SELINUX=disabled#" /etc/selinux/config &>/dev/null echo "SElinux current status is `getenforce`,But Disabled's status need to reboot" echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`" exit elif [ $Arg == "permissive" ];then setenforce Permissive sed -ri.bak "s#^SELINUX=.*#SELINUX=Permissive#" /etc/selinux/config &>/dev/null echo "SElinux current status is `getenforce`" echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`" exit else [ $Arg == "quit" ] echo "The shell exit" exit fi
2.統計/etc/fstab檔案中每個檔案系統型別出現的次數。
[root@localhost /data]#awk -F'[[:space:]]+' '/^UUID/{print $3}' /etc/fstab |uniq -c 3 xfs 1 swap [root@localhost /data]#cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Aug 3 17:02:43 2020 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # UUID=71b66acd-688f-45df-8d45-1d3cf606820f / xfs defaults 0 0 UUID=1890737d-134e-49aa-a764-569a2bd251d8 /boot xfs defaults 0 0 UUID=82c012a2-3f30-4649-ac90-e9896c20f829 /data xfs defaults 0 0 UUID=87716ee2-fda6-41e2-9d46-4d42bd7bb257 swap swap defaults 0 0
3.提取出字串Yd$C@MO5MB%9&Bdh7dq+YVixp3vpw中的所有數字。
[root@localhost /data]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk '{gsub(/[^0-9]/,"");print $0}'
05973
4.解決DOS攻擊生產案例:根據web日誌或者網路連線數,監控當某個IP併發連線數或者短時間內PV達到100,即呼叫防火牆命令封掉對應的IP,監控頻率每隔5分鐘。防火牆命令為iptables -A INPUT -s IP -j REJECT。
[root@localhost ~]#bash -x checkdos.sh + /usr/sbin/ss -tn + awk '-F +|:' '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip)if(ip[i]>10) print i}' + read IP [root@localhost ~]#cat checkdos.sh #!/bin/bash #******************************************************************** #Author: Kevin.Wen #Revision: 1.0 #QQ: 2510905014 #Date: 2020-11-13 #FileName: checkdos.sh #******************************************************************** /usr/sbin/ss -tn | awk -F" +|:" '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip)if(ip[i]>10) print i}' > /data/ddosip.txt while read IP;do /usr/sbin/iptables -A INPUT -s $IP -j REJECT echo "The $IP reject" >> /data/checkddos.txt done < /data/ddosip.txt