Q1、编写脚本selinux.sh,实现开启或禁用SELinux功能
[root@CentOS7 scripts]# bash selinux_turn.sh off
selinux config off [ OK ]
Disabled
[root@CentOS7 scripts]# bash selinux_turn.sh oon
please input <on|off>
[root@CentOS7 scripts]# bash selinux_turn.sh on
selinux config on [ OK ]
Disabled
[root@CentOS7 scripts]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[ -f /etc/init.d/functions ] && . /etc/init.d/functions
[ $# -ne 1 ] && echo "Usage:bash $0 <off|on>" && exit 2
if [ "$1" = "on" ];then
sed -i 's#^SELINUX=.*#SELINUX=enforcing#g' /etc/selinux/config
[ $? -eq 0 ] && action "selinux config on " /bin/true
/sbin/getenforce 1
elif [ "$1" = "off" ];then
sed -i 's#^SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config
[ $? -eq 0 ] && action "selinux config off " /bin/true
/sbin/getenforce 0
else
echo " please input <on|off>"
exit 3
fi
selinux一般永久性关闭此功能 是需要重启服务器的,如果仅仅需要临时关闭的情况下,可以使用setenforce 0 这个达到效果
Q2、统计/etc/fstab文件中每个文件系统类型出现的次数
[root@CentOS7 scripts]# cat -A /etc/fstab|awk '!/^\$|#/{fstype[$3]++}END{print "文件类型统计";for(i in fstype){print i,fstype[i]}}'
文件类型统计
swap 1
xfs 3
Q3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字
[root@CentOS7 scripts]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|grep -o '[0-9]'
0
5
9
7
3
root@CentOS7 scripts]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|awk -F "" '{for(i=1;i<=NF;i++){if($i ~ /[0-9]/){print $i}}}'
0
5
9
7
3
Q4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT
ip=`cat /data/sc/access.log|awk '{cip[$1]++}END{for(i in cip){if(cip[i] >= 100){print i}}}'`
iplist=`echo $ip |tr -s " " ","`
iptables -A INPUT -s $iplist -j REJECT
[ ! -e /log/bak ] && mkdir -p /log/bak
cat /data/sc/access.log >> /data/sc/access.log.bak
[root@test ~]#crontab -l
*/5 * * * * bash /data/sc/ddos.sh &> /dev/null