1、编写脚本selinux.sh,实现开启或禁用SELinux功能
#! /bin/bash
echo "please input start or stop"
read -p "please input start or stop :" parameter
case $parameter in
start|START)
sed -i "s/SELINUX=disabled/SELINUX=enforcing/g" /etc/selinux/config
setenforce 1
echo "start success"
;;
STOP|stop)
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
setenforce 0
echo "stop success"
;;
*)
echo "wrong input!!"
;;
esac
2、统计/etc/fstab文件中每个文件系统类型出现的次数
[root@localhost home]# awk -F' ' '!/^#.*/&&!/^$.*/{print $3}' /etc/fstab |sort -n | uniq -c
1 ext4
1 iso9660
1 swap
2 xfs
3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字
[root@localhost home]# echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw"|tr -dc "[^0-9]"
05973
4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT
#! /bin/bash
DDOSID=`netstat -ntu|awk '{print $5}'|awk -F ":" '{print $(NF-1)}'|sort |uniq -c|grep '[0..9]'|awk '{if($1>100)print $2}'`
for ip in $DDOSID;do
iptables -I INPUT -s $ip -j DROP
done
crontab -e
*/5 * * * * /bin/bash /home/DDOS.sh
以下摘自 https://blog.51cto.com/baishuchao/1943942 类似案例
#!/bin/bash
while true
do
awk '{print $1}' access.log|grep -v "^$"|sort|uniq -c > /tmp/tmp.log
exec </tmp/tmp.log
while read line
do
ip=`echo $link|awk'{print $2}'`
count=`echo $line|awk '{print $1}'`
if [ $count -gt 3 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]
then
iptables -I INPUT -s $ip -j DROP
echo "$line is dropped" >>/tmp/droplist.log
fi
done
sleep 5
done