Shell實用例項參考
阿新 • • 發佈:2022-05-02
目錄
- 1. 啟用 shell
- 2. htpasswd 密碼批量生成
- 3. firewall
1. 啟用 shell
1 解決重複執行問題
1 記錄PID以便可以停止Shell運維
#!/bin/bash ############################################## # $Author: netkiller $ # $Id: shell.xml 449 2012-08-10 10:38:08Z netkiller $ ############################################## NAME=info BASEDIR='/www' PROG=$BASEDIR/bin/$(basename $0) LOGFILE=/var/tmp/$NAME.log PIDFILE=/var/tmp/$NAME.pid ############################################## PHP=/usr/local/webserver/php/bin/php ############################################## #echo $$ #echo $BASHPID function start(){ if [ -f "$PIDFILE" ]; then echo $PIDFILE exit 2 fi for (( ; ; )) do cd $BASEDIR/crontab/ $PHP readfile.php > $LOGFILE $PHP chart_gold_silver_xml.php > /dev/null sleep 60 done & echo $! > $PIDFILE } function stop(){ [ -f $PIDFILE ] && kill `cat $PIDFILE` && rm -rf $PIDFILE } case "$1" in start) start ;; stop) stop ;; status) ps ax | grep chart.xml | grep -v grep | grep -v status ;; restart) stop start ;; *) echo $"Usage: $0 {start|stop|status|restart}" exit 2 esac exit $?
2. htpasswd 密碼批量生成
#!/bin/bash PASSFILE=nginx.password [ ! -f $PASSFILE ] && touch $PASSFILE while read username password do htpasswd -b -d $PASSFILE $username $password done << EOF neo FwJSYxD4WBzPr4CQvxI8HIbV0yDkQi chen 2hsD3OgkeM4GPPcNYUceqL8ccMzXjU bg7nyt XAq7Zcln8dGCTIIKt8GwwEwqmCN8d1 netkiller fcCIY3GaroTPCSW40XBrg0HNlmbLD7 neochen DPSiWJtqUIaI2bUUobuX2PjdyzDGgI EOF
3. firewall
分析access.log 檔案,將 top 30 的IP放入黑名單.
指令碼具有黑白名單功能
#!/bin/bash ACCCESS_LOG=/tmp/access.log TIMEPOINT='24/May/2012' BLACKLIST=/var/tmp/black WHITELIST=/var/tmp/white if [ ! -f ${BLACKLIST} ]; then touch ${BLACKLIST} fi if [ ! -f ${WHITELIST} ]; then touch ${WHITELIST} fi for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $1}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 30| awk '{print $2}') do if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then echo 'Allow IP:' $deny iptables -D INPUT -p tcp --dport 443 -s $deny -j DROP iptables -D INPUT -p tcp --dport 80 -s $deny -j DROP continue fi if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then echo 'Deny IP:' $deny echo $deny >> ${BLACKLIST} iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP iptables -I INPUT -p tcp --dport 80 -s $deny -j DROP fi done