1、编写脚本selinux.sh,实现开启或禁用SELinux功能
# 知识点:
# selinux
# 文件位置:/etc/selinux/config
# 实现SELinux主要就是将该文件中的SELINUX= 设置为:disable/enforcing
# 查看状态:sestatus
#!/bin/bash
#
############################################################
# @Author: Flamenca
# @Date: 2020-05-09 20:58:39
# @File Name: seslinux_switch.sh
# @Last Modified time: 2020-05-11 00:35:37
# @Description: 一键开关SELinux的脚本
# @mail: flamenca@qq.com
############################################################
. /etc/rc.d/init.d/functions
# 查看当前SELinux 的状态
#sest=`sestatus |awk -F" " '{print $NF}'`
sest=`awk -F"=" '/^SELINUX=/{print $NF}' /etc/selinux/config`
if [[ $sest == "disabled" ]]; then
#如果/etc/selinux/config 中SELINUX=disable,则提示是否开启
echo "SELinux is disabled "
read -p "Would you like to [O]pen or [Q]uit? :" var
if [[ $var == ["O""o""open"] ]]; then
sed -i 's/^SELINUX=disabled/SELINUX=enforcing/g' /etc/selinux/config
action "SELINUX is Open, please reboot your system" /bin/true
elif [[ $var == ["Q""q""quit"] ]]; then
break
else
echo "Error input!"
fi
elif [[ $sest == "enforcing" ]]; then
#statements
echo "SELinux is enforcing "
read -p "Would you like to [D]isable or [Q]uit? :" var
if [[ $var == ["D""d"] ]]; then
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
action "SELINUX is disabled, please reboot your system" /bin/true
elif [[ $var == ["Q""q""quit"] ]]; then
break
else
echo "Error input!"
fi
fi
2、统计/etc/fstab文件中每个文件系统类型出现的次数
cat /etc/fstab |grep "^[^#]" |xargs -n6 |cut -d " " -f3|uniq -c
3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字
[root@localhost data]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" |awk '{gsub(/[^0-9]/," ",$0);print $0}'
05 9 7 3
4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT
#!/bin/bash
#
############################################################
# @Author: Flamenca
# @Date: 2020-05-09 20:58:39
# @File Name: IP_100.sh
# @Last Modified time: 2020-05-17 00:53:14
# @Description: 找到连接数超过100的ip,执行防火墙封锁命令
# @mail: flamenca@qq.com
############################################################
# 找出当前主机的Foreign Address 并统计其出现的次数
# 将当前连接次数大于100的ip记录在asslog.log中
netstat -nltp | awk '{if (NR>2){print $5}}' | sort | uniq -c | awk '{if ($1>100){print $2}}' | cut -d ":" -f1 >> asslog.log
while read IP; do
iptables -A INPUT -s IP -j REJECT
done << asslog.log
rm ./asslog.log
# 将此脚本写入crontab计划任务
[root@centos-linux bak]# crontab -e
*/5 * * * 0-7 /bin/bash /root/bak/IP_100.sh