记录一下写的shell命令
1.列出自己最常用的10个命令
[root@www script]# vim top10.sh
#!/bin/bash
#
#
printf "COMMAND\tCOUNT\n"
cat ~/.bash_history|awk '{list[$1]++;} \
END \
{for (i in list)\
{printf("%s\t\t%d\n",i,list[i])\
}\
}'|sort -nrk 2 |head
[root@www script]# ./top10.sh
COMMAND COUNT
vim 141
./match_palindrome.sh 76
sh 66
ll 64
sed 56
echo 55
ipvsadm 30
yum 29
cd 26
ip 23
前面表示命令 后面表示使用次数说明一下sort -nrk 2 对第二列进行倒序排列
2.列出占用最近某个时间段cpu占用最多的10个进程
[root@www script]# cat pcpu_usage.sh
sec=3600
unit_time=60
steps=$(( $sec / $unit_time ))
echo "Watching Cpu usage...."
for ((i=0;i<steps;i++))
do
ps -eo comm,pcpu|tail -n +2 >> /tmp/cpu_usage.$$
sleep $unit_time
done
echo
echo "CPU eaters:"
cat /tmp/cpu_usage.$$|\
awk '
{ process[$1]+=$2; }
END{
for (i in process)
{
printf("%-20s %s\n",i,process[i]);
}
}'|sort -nrk 2|head
rm /tmp/cpu_usage.$$
[root@www script]# ./pcpu_usage.sh
Watching Cpu usage....
CPU eaters:
sshd 0.1
watchdog/0 0
vmmemctl 0
usbhid_resumer 0
udevd 0
tail 0
sync_supers 0
scsi_eh_2 0
scsi_eh_1 0
scsi_eh_0 0
说明sec=3600测试的总时间,unit_time=60时间间隔
表示总共测试3600s也就是一小时,每次检测间隔60s也就是一分钟这个可以根据自己的情况去设置
3.入侵检测脚本
[root@www script]# cat login_detech.sh
#!/bin/bash
#
#
users=`grep -v "invalid" /var/log/secure|grep "Failed password"|awk '{print $(NF-5)}'|sort|uniq`
ip=`grep -v "invalid" /var/log/secure|egrep -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort|uniq`
count=0
for i in $users
do
countuser=`grep -v "invalid" /var/log/secure|grep "Failed password"|grep "$i"|wc -l`
for j in $ip
do
countfailed=`grep -v "invalid" /var/log/secure|grep "Failed password"|grep "$i"|grep "$j"|wc -l`
case $countfailed in
0)
continue
;;
*)
startlogin=`grep -v "invalid" /var/log/secure|grep "Failed password"|grep "$i"|head -1|awk '{for(i=1;i<4;i++)printf $i "" FS;print ""}'`
endlogin=`grep -v "invalid" /var/log/secure|grep "Failed password"|grep "$i"|tail -1|awk '{for(i=1;i<4;i++)printf $i "" FS;print ""}'`
echo "============================"
echo "User:$i"
echo "IP:$j"
echo "Login Failed:$countfailed"
echo "Start Login Failed:$startlogin"
echo "End Login Failed:$endlogin"
echo "============================"
echo
esac
done
done
[root@www script]# ./login_detech.sh
============================
User:oracle
IP:192.168.1.100
Login Failed:3
Start Login Failed:Jul 13 23:09:53
End Login Failed:Jul 13 23:13:49
============================
============================
User:oracle
IP:192.168.1.202
Login Failed:2
Start Login Failed:Jul 13 23:09:53
End Login Failed:Jul 13 23:13:49
============================
============================
User:root
IP:192.168.1.100
Login Failed:5
Start Login Failed:Jul 13 22:46:42
End Login Failed:Jul 13 22:46:57
============================
这里我默认的是试用/var/log/secure文件来进行检测的
4.用户管理工具
[root@www script]# cat user_admin.sh
#!/bin/bash
#
#
function usage()
{
echo Usage:
echo Add a new user
echo $0 -adduser username password
echo
echo Remove an existing user
echo $0 -deluser username
echo
echo Suspend a user account
echo $0 -disable username
echo
echo Enable a suspend user account
echo $0 -enable username
echo
echo Set expiry date for user account
echo $0 -expiry username
echo
echo Change password for user account
echo $0 -passwd username
echo
echo Create an existing user group
echo $0 -newgroup groupname
echo
echo Remove an existing user group
echo $0 -delgroup groupname
echo
echo Add a user to a group
echo $0 -addgroup username groupname
echo
echo Show details about a user
echo $0 --details username
echo
echo Show usage
echo $0 -usage
echo
exit
}
if [ $UID -ne 0 ];then
echo "Run $0 as root"
exit 2
fi
case $1 in
-adduser)
[ $# -ne 3 ] && usage
useradd $2 -p $3 -m
;;
-deluser)
[ $# -ne 2 ] && usage
deluser $2 -p --remove-all-files
;;
-shell)
[ $# -ne 3 ] && usage
chsh $2 -s $3
;;
-disable)
[ $# -ne 2 ] && usage
usermod -L $2
;;
-enable)
[ $# -ne 2 ] && usage
usermod -U $2
;;
-expiry)
[ $# -ne 3 ] && usage
chage $2 -E $3
;;
-passwd)
[ $# -ne 2 ] && usage
psswd $2
;;
-newgroup)
[ $# -ne 2 ] && usage
addgroup $2
;;
-delgroup)
[ $# -ne 2 ] && usage
delgroup $2
;;
-addgroup)
[ $# -ne 3 ] && usage
addgroup $2 $3
;;
-details)
[ $# -ne 2 ] && usage
finger $2
chage -l $2
;;
-usage)
usage
;;
*)
usage
;;
esac
查看oracle用户的信息
[root@www script]# ./user_admin.sh -details oracle
./user_admin.sh: line 90: finger: command not found
Last password change : Jul 13, 2014
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
查看使用说明
[root@www script]# ./user_admin.sh
Usage:
Add a new user
./user_admin.sh -adduser username password
Remove an existing user
./user_admin.sh -deluser username
Suspend a user account
./user_admin.sh -disable username
Enable a suspend user account
./user_admin.sh -enable username
Set expiry date for user account
./user_admin.sh -expiry username
Change password for user account
./user_admin.sh -passwd username
Create an existing user group
./user_admin.sh -newgroup groupname
Remove an existing user group
./user_admin.sh -delgroup groupname
Add a user to a group
./user_admin.sh -addgroup username groupname
Show details about a user
./user_admin.sh --details username
Show usage
./user_admin.sh -usage
转载于:https://my.oschina.net/eddylinux/blog/526080