1、一键安装DNS主从服务器
#!/bin/bash
firwalld_stop(){
systemctl stop firewalld
setenforce 0
}
yum_install(){
yum install bind bind-chroot bind-utils -y
}
sed_change(){
sed -i '13s/127.0.0.1/any/' /etc/named.conf
sed -i '21s/localhost/any/' /etc/named.conf
}
edit_named_conf(){
cat >>/etc/named.conf<<eof
zone "af007.com" IN {
type master;
file "af007.com.zone";
allow-update { none; };
allow-transfer { 172.18.47.112; };
notify yes;
also-notify { 172.18.47.112; };
};
eof
}
edit_zone(){
cat >>/var/named/af007.com.zone<<eof
$TTL 86400
@ IN SOA af007.com. admin.af007.com. (
20200107 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS admin.af007.com.
admin IN A 172.18.47.110
www IN A 172.18.47.110
app IN A 172.18.47.110
ppp IN A 172.18.47.110
ftp IN CNAME www.af007.com
eof
}
server_restart(){
systemctl restart named
}
#############################主dns服务器
firwalld_stop
rpm -qa |grep bind
if [ $? -ne 0 ]; then
yum_install
fi
sed_change
cat /etc/named.conf|grep -w "af007"
if [ $? -ne 0 ]; then
edit_named_conf
fi
if [ ! -f /var/named/af007.com.zone ]; then
edit_zone
fi
server_restart
#############################从dns服务器
ssh root@172.18.47.112 "
yum install bind bind-chroot bind-utils -y
sed -i '13s/127.0.0.1/any/' /etc/named.conf
sed -i '21s/localhost/any/' /etc/named.conf
cat >>/etc/named.conf<<eof
zone \"af007.com\" IN {
type slave;
file \"slaves.af007.com.zone\";
masters { 172.18.47.110; };
};
eof
systemctl restart named
"
2、SSH免交互
防火墙关掉!
1、安装expect命令
yum -y install expect
2、编写脚本
vim ssh_upload.sh
#!/usr/bin/expect
spawn ssh 192.168.141.146
expect {
"yes/no" {send "yes\r"; exp_ continue}
"password*" {send "123456\r"}
}
expect "]#*"
send "ifconfig\r"
send "exit\r"
expect eof
3、使用EXPECT FTP 免交互上传文件
防火墙关掉!
1、安装expect命令
yum -y install expect
2、编写脚本
vim ftp_upload.sh
#!/usr/bin/expect
spawn ftp localhost #执行ftp命令
expect "Name*" #如果出现Name字符
send "ftp\n" #则输入ftp并回车
expect "ftp>*"
send "cd pub/other\n"
expect "ftp>*"
send "put /tmp/123.txt xo.txt\n"
expect {
"150 Ok to send data" { send_user "upload sucessfull!";send "quit\n" } #send_user 类型shell的echo命令
"553*" { send_user "upload error!";send "quit\n" }
}
expect eof #expect eof,与spawn对应,表示捕捉终端输出信息终止,类似if...endif
4、SHELL 一键部署 ZABBIX 4.0
#!/bin/bash
#关闭防火墙,关闭selinux
systemctl stop firewalld
setenforce 0
#配置yum源
rpm -ivh http://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
if [ -e /etc/yum.repos.d/zabbix.repo ];then
echo "已存在"
#安装zabbix组件
yum -y install zabbix-server-mysql zabbix-web-mysql zabbix-agent mariadb mariadb-server
else
echo "不存在"
exit
fi
systemctl start mariadb
netstat -lnpt |grep 3306
if [ $? -eq 0 ];then
echo "service is started"
else
echo "service not started"
fi
#数据库的操作
mysql_exec(){
#创建数据库
mysql -e "create database if not exists zabbix charset utf8;"
#授权
mysql -e "grant all on zabbix.* to zabbix@localhost identified by '123';"
#刷新权限
mysql -e "flush privileges;"
}
mysql_exec
count=`mysql -e "use zabbix; show tables;" |grep -v TABLES |grep -v Tables_in_zabbix |wc -l`
if [ $count -gt 0 ];then
echo "tables is exists"
else
#导入初始数据库
zcat /usr/share/doc/zabbix-server-mysql-4.0.14/create.sql.gz |mysql -uzabbix -p123 zabbix
fi
#修改配置文件
sed -i 's/# DBPassword=/DBPassword=123/' /etc/zabbix/zabbix_server.conf
#编辑php文件
sed -i 's/\;date.timezone =/date.timezone = Asia\/Shanghai/' /etc/php.ini
#启动服务
systemctl start httpd zabbix-agent zabbix-server
#验证端口是否存在
netstat -lnpt | egrep "httpd|zabbix|mysql"
5、SHELL 防DDOS
案例
- 通过封禁ip来解决ddos
- 获取连接数最多的前10个ip并临时写入文件dropip中
- 通过for循环来遍历dropip文件的ip
- 排除192.168开头和127.0开头的ip
- 然后遍历及排除完3题的ip后调用防火墙drop掉
- 并写日历文件到/var/log/ddos中
#!/bin/bash
netstat -an|grep ESTABLISHED|awk '{print $4}'|awk -F ':' '{print $1}'|sort |uniq |head -n10 |awk '{print $1,$2}' >> dropip
for ip in `cat dropip`
do
if [[ $ip =~ "192.168" ]] || [[ $ip =~ "127" ]]; then
echo "pass"
else
echo "$ip"
iptables -I INPUT -p tcp -s $ip -j DROP
fi
done
6、测试是否实现网站地址存活的判断
#!/bin/bash
web_check(){
http_code=`curl -I -o /dev/null -s -w %{http_code} http://$i`
if [ $http_code -eq 200 ];then
echo "${i}存活"
else
echo "${i}挂掉"
fi
}
read -p "请输入地址:" i
web_ check $i
curl -I -m 10 -o /dev/null -s -w %{http_code} www.baidu.com
-I 仅测试HTTP头
-m 10 最多查询10s
-o /dev/null 屏蔽原有输出信息
-s silent 模式,不输出任何东西
-w %{http_code} 控制额外输出
7、使用MD5值进行检测文件
md5sum /var/www/html/index.html > /root/md5sum.db
#!/bin/bash
file_ check(){
md5sum -c --quiet /root/md5sum.db &> /dev/null
if [ $? -eq 0 ];then
echo "没有改动"
else
echo "/var/ww/html/index.htm1己改动" | mail -s "文件检查" 610589051@qq.com
fi
}
file_check
8、SHELL 检测MYSQL 主从状态
在从上执行:
[root@master ~]# cat check_master_slave_status.sh
#!/bin/bash
check(){
list=($(mysql -uroot -p123456 -S /tmp/mysql.sock2 -e "show slave status\G;" 2>/dev/null |egrep "Running|Behind" |head -n3|awk -F ':' '{print $2}'))
#echo ${list[@]}
if [ ${list[0]} == "Yes" -a ${list[1]} == "Yes" -a ${list[2]} != "NULL" ]; then
echo '${list[0]}' "is ${list[0]}"
echo '${list[1]}' "is ${list[1]}"
echo '${list[2]}' "is ${list[2]}"
echo "mysql slave is ok!"
else
#echo ""
mail -s "mysql slave is not ok" hehe@163.com
fi
}
while :
do
check
sleep 3
done
yum -y install mailx 安装mail客户端
vim /etc/mail.rc
在末尾添加
set from=34xx@qq.com #<code class="hljs lasso has-numbering" style="position: unset;">对方收到邮件时显示的发件人</code>
set smtp=smtp.qq.com
set smtp-auth-user=34xx@qq.com #<code class="hljs lasso has-numbering" style="position: unset;">发邮件的用户名</code>
set smtp-auth-password=jponzubigyxxbiaj #这是授权码!不是密码!
set smtp-auth=login
mail -s “你的邮件主题” 1111@qq.com < /tmp/result.txt (邮件内容)
echo “hehe”|mail -s ‘主题’ 11@qq.com
9、SHELL EXPECT 免交互操作
shell expect
expect的核心是spawn、expect、send、set。
spawn调用要执行的命令
expect监听交互输出
send进行交互输入
set设置变量值
interact交互完后,将控制权交给控制台
expect eof,与spawn对应,表示捕捉终端输出信息终止,类似if…endif
#!/bin/bash
passwd="123456"
cat iplist |while read line
do
/usr/bin/expect <<EOF
set timeout 10
spawn ssh root@$line
expect {
"yes/no" { send "yes\r";exp_continue } #\r表示回车
"password:" {send "$passwd\r"}
}
expect "]#"
send "ifconfig\r"
send "exit\r"
expect eof
EOF
done
exit 0
10、SHELL 分库分表备份
[root@master ~]# cat mydump.sh
#!/bin/bash
mysqldump="mysql -uroot -p123456 -S /tmp/mysql.sock1"
for dbname in `$mysqldump -e "show databases" 2>/dev/null |egrep -v "Database|schema"`
do
echo $dbname
#分库备份
mysqldump -uroot -p123456 -S /tmp/mysql.sock1 --databases $dbname > /tmp/$dbname.sql
#分表备份
mysql -uroot -p123456 -S /tmp/mysql.sock1 -e "show tables from $dbname;" 2>/dev/null |sed '1d' >> /tmp/tables.txt
while read table
do
echo $table
mysqldump -uroot -p123456 -S /tmp/mysql.sock1 $dbname $table >/tmp/$dbname_$table.sql
done < /tmp/tables.txt
done