#MLSBS git的dev分支
MLSBS is the abbreviation of "My linux's bash script"!
“MLSBS”是“My linux's bash script”的缩写
linux运维技术人员日常需要写一堆脚本来简化工作量。“MLSBS”的目的就是把我日常在linux下的工作通过脚本整合到一个项目中,需要的时候几个点击就可以完成任务了。(其实,写这脚本的最初原因是,我有一些搞开发朋友在某些IDC提供的虚拟服务上部署他们的应用,有时会叫我帮忙初始化环境,所以写了这个项目提供给他们使用)
由于我一个人时间有限,将以往的运维脚本整合的进度有点慢。
版本说明:
v0.1版本:为初始版本,只提供基本的日常运维软件的简单部署功能,目前还有很多脚本没有整合起来;
新增开发分支:新增bash脚本模板,将较优秀和常用的脚本模板化,根据需求生成cron任务。模板路径(bashTemplate)
v0.2版本:这个版本纯属为了凑热闹,和某些IT企业发布新品的这个2014年5月15日日子里发布而已,对比v0.1版本增加了Crontab任务的添加功能,目前增加两个任务脚本。同时也修复了mysql在10G以下硬盘安装后无法启动的BUG。
v0.21rc :新增一个脚本模板,可定时检查硬盘剩余空间,如果大于比例值将发送报警邮件,同时邮件会列出某周期产生的大于20M的文件;新增脚本加密功能,可根据需求选择gzexe或者shc来加密日常任务脚本以防密码外泄。优化代码减少总代码字节量。
目前脚本的目录如下:(经过在centos6.5 和ubuntu12.04下测试通过。)
源码同时上传到开源中国的git和github上的:https://github.com/mickeyzzc/MLSBS
iptables脚本增加了支持ip等特性,由于本人经验有限,如有更好建议请留言,谢谢。源码如下:
公共脚本的(INPUT_CHOOSE代码)
INPUT_CHOOSE(){
VarTmp=
select vars in $@ "exit"; do
case $vars in
$vars)
[ "$vars" == "exit" ] && VarTmp="" || VarTmp="$vars"
break;;
esac
echo "Input again"
done
}
iptables脚本
#!/bin/bash
shopt -s extglob
IPTABLES_VAR(){
Protocol=
MyChain=
MyInterface=
IpVersion="iptables ip6tables"
IptableStat=
SourceNet=
SPortRange=
DesNet=
DPortRange=
}
#iptables的基本设置和备份
IPTABLES_BASE_SET(){
INSTALL_BASE_PACKAGES iptables
[ ! -d $ScriptPath/backup ] && mkdir $ScriptPath/backup
for var in iptables ip6tables ; do
$var-save > $ScriptPath/backup/$var.up.rules.backup$(date +"%Y%m%d")
$var -F
$var -t nat -F
$var -X
$var -P INPUT DROP
$var -P OUTPUT ACCEPT
$var -P FORWARD ACCEPT
$var -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 10 -j ACCEPT
$var -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$var -A INPUT -i lo -j ACCEPT
$var -A OUTPUT -o lo -j ACCEPT
$var -A INPUT -p tcp --dport ssh -j ACCEPT
done
}
INTERFACE_CHOOSE(){
Interfaces=`ifconfig|awk '!/^ |^$|lo/ {print $1}'`
if [ -z "$Interfaces" ] ; then
echo "No effective ethernet , please setup the ethernet ."
exit 1
fi
select var in $Interfaces "lo"; do
case $var in
$var)
MyInterface="-i $var"
break;;
"lo")
MyInterface="-i lo"
break;;
esac
MyInterface=""
break
done
}
IPTABLES_CHAINS_CHOOSE(){
MyChains="INPUT OUTPUT FORWARD PREROUTING POSTROUTING"
INPUT_CHOOSE $MyChains
[ -n $VarTmp ] && MyChain=$VarTmp || IPTABLES_CHAINS_CHOOSE
}
IPTABLES_PROTOCOL_SET(){
Protocols="icmp tcp udp ah udplite sctp dccp"
INPUT_CHOOSE $Protocols
[ -n "$VarTmp" ] && Protocol="-p $VarTmp" || Protocol=""
}
#输入需要有效的端口号
IPTABLES_SET_PORT(){
InputPorts=""
InputPort=""
while true ;do
read -p "For every input port and then press enter to enter another, input 'r' or 'R' reset input, input 'a' of 'A' choose all port, input 'n' of 'N' exit : " InputPort
case $InputPort in
[1-9][0-9]*)
if [ $InputPort -ge 65535 ];then
echo "the port number is illegal, please input again."
else
tmp=$InputPorts
[ -z "$InputPorts" ] && InputPorts=$InputPort || InputPorts=$InputPort,$tmp
fi
;;
a|A)
InputPorts=""
break;;
n|N)
break;;
r|R)
InputPorts="";;
*)
echo "input is not number, please input again";;
esac
echo "your port number is $InputPorts"
done
#[ -z $InputPorts ] && echo "nothing to do" || IPTABLES_INPUT_SET $InputPorts
read -p "$InputPorts is setup in iptables" -t 5 ok
}
IPTABLES_SET_IP(){
InputIp=""
ext4ip="[0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]"
while true ;do
read -p "Please input a valid IP and then press enter, input err ip to reset input, input 'n' of 'N' exit : " InputIp
case $InputIp in
@($ext4ip).@($ext4ip).@($ext4ip).@($ext4ip))
IpVersion="iptables"
break;;
@($ext4ip).@($ext4ip).@($ext4ip).@($ext4ip)-@($ext4ip))
IpVersion="iptables"
break;;
@($ext4ip).@($ext4ip).@($ext4ip).@($ext4ip)/@([1-9]|[12][0-9]|3[0-2]))
IpVersion="iptables"
break;;
n|N)
InputIp=""
break;;
*)
echo "input is not valid ip, please input again";;
esac
done
}
IPTABLES_STATUS_SET(){
IpStatus="ACCEPT DROP"
INPUT_CHOOSE $IpStatus
[ -n $VarTmp ] && IptableStat="-j $VarTmp" || IPTABLES_STATUS_SET
}
#增加防火墙的规则
IPTABLES_INPUT_SET(){
IPTABLES_VAR
echo "#############################################"
echo "#which interface are you choose?"
echo "#############################################"
INTERFACE_CHOOSE
echo "#############################################"
echo "#which chains are you choose?"
echo "#############################################"
IPTABLES_CHAINS_CHOOSE
echo "#############################################"
echo "#which protocol are you choose?"
echo "#############################################"
IPTABLES_PROTOCOL_SET
echo "#############################################"
echo "#which source ip are you choose?"
echo "#############################################"
IPTABLES_SET_IP
[ -n "$InputIp" ] && SourceNet="-s $InputIp" || SourceNet=""
echo "#############################################"
echo "#which source port are you choose?"
echo "#############################################"
IPTABLES_SET_PORT
[ -n "$InputPorts" ] && SPortRange="--sport $InputPorts" || SPortRange=""
echo "#############################################"
echo "#which destination ip are you choose?"
echo "#############################################"
IPTABLES_SET_IP
[ -n "$InputIp" ] && DesNet="$InputIp" || DesNet=""
echo "#############################################"
echo "#which destination port are you choose?"
echo "#############################################"
IPTABLES_SET_PORT
[ -n "$InputPorts" ] && DPortRange="--dport $InputPorts" || DPortRange=""
echo "#############################################"
echo "#which status are you choose?"
echo "#############################################"
IPTABLES_STATUS_SET
for var in $IpVersion ; do
if [ "$(echo $SPortRange|grep ',')" -o "$(echo $DPortRange|grep ',')" ] ; then
ModuleName="-m multiport"
until [ "$Protocol" == "-p tcp" -o "$Protocol" == "-p udp" -o "$Protocol" == "-p udplite" -o "$Protocol" == "-p sctp" -o "$Protocol" == "-p dccp" ] ; do
echo "#############################################"
echo "#You must choose the protocol with '-p tcp, -p udp, -p udplite, -p sctp or -p dccp'!"
echo "#############################################"
IPTABLES_PROTOCOL_SET
done
else
ModuleName=""
fi
read -p "$var $1 $MyChain $Protocol $ModuleName $SourceNet $SPortRange $DesNet $DPortRange $IptableStat" -t 10 ok
$var $1 $MyChain $Protocol $ModuleName $SourceNet $SPortRange $DesNet $DPortRange $IptableStat
done
}
SELECT_IPTABLES_FUNCTION(){
clear;
echo "[Notice]How to set up iptables:"
select var in "Check iptables rules and status" "Setup iptables" "Add rules" "Del rules" "back";do
case $var in
"Check iptables rules and status")
iptables -L -n -v
ip6tables -L -n -v
PASS_ENTER_TO_EXIT;;
"Setup iptables")
IPTABLES_BASE_SET;;
"Add rules")
IPTABLES_INPUT_SET "-A";;
"Del rules")
IPTABLES_INPUT_SET "-D";;
"back")
SELECT_RUN_SCRIPT;;
esac
done
}