一、编写脚本selinux.sh,实现开启或禁用SELinux功能;
1、临时关闭;
目前 SELinux 支持三种模式,分别如下:
enforcing :强制模式,代表 SELinux 运作中,且已经正确的开始限制 domain/type 了;
permissive:宽容模式:代表 SELinux 运作中,不过仅会有警告讯息并不会实际限制domain/type 的存取。这种模式可以用来作为 SELinux 的 debug 之用;
disabled :关闭,SELinux 并没有实际运作
[root@localhost ~]# cat selinux_temp.sh
#!/bin/bash
echo 'current selinux status!'
getenforce
PS3="enable-selinux or disable-selinux?"
select menu in enable_selinux disable_selinux quit
do
if [ $menu == "enable_selinux" ] ; then
setenforce 1;
echo "selinux is up!"
break;
elif [ $menu == "disable_selinux" ] ; then
setenforce 0;
echo "selinux is down!"
break;
elif [ $menu == "quit" ] ; then
exit
fi
done
[root@localhost ~]# chmod +x selinux_temp.sh
测试:
1)编辑退出;
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# ./selinux_temp.sh
current selinux status!
Enforcing
1) enable_selinux
2) disable_selinux
3) quit
enable-selinux or disable-selinux?3
[root@localhost ~]# getenforce
Enforcing
2)关闭selinux;
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# ./selinux_temp.sh
current selinux status!
Enforcing
1) enable_selinux
2) disable_selinux
3) quit
enable-selinux or disable-selinux?2
selinux is down!
[root@localhost ~]# getenforce
Permissive
3)开启selinux;
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# ./selinux_temp.sh
current selinux status!
Permissive
1) enable_selinux
2) disable_selinux
3) quit
enable-selinux or disable-selinux?1
selinux is up!
[root@localhost ~]# getenforce
Enforcing
2、永久关闭(要重启才会生效);
[root@localhost ~]# cat selinux_perm.sh
#!/bin/bash
selinux_cnf="/etc/selinux/config"
case "$1" in
on)
sed -ir 's@^SELINUX=.*@SELINUX=enforcing@' $selinux_cnf
;;
off)
sed -ir 's@^SELINUX=.*@SELINUX=disabled@' $selinux_cnf
;;
*)
echo "Usage: $0 on|off"
;;
esac
[root@localhost ~]# chmod +x selinux_perm.sh
测试:
1)无关字符或空;
[root@localhost ~]# egrep '^SELINUX=' /etc/selinux/config
SELINUX=enforcing
[root@localhost ~]# ./selinux_perm.sh
Usage: ./selinux_perm.sh on|off
[root@localhost ~]# ./selinux_perm.sh dsfert
Usage: ./selinux_perm.sh on|off
2)关闭selinux;
[root@localhost ~]# egrep '^SELINUX=' /etc/selinux/config
SELINUX=enforcing
[root@localhost ~]# ./selinux_perm.sh off
[root@localhost ~]# egrep '^SELINUX=' /etc/selinux/config
SELINUX=disabled
3)开启selinux;
[root@localhost ~]# egrep '^SELINUX=' /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# ./selinux_perm.sh on
[root@localhost ~]# egrep '^SELINUX=' /etc/selinux/config
SELINUX=enforcing
二、统计/etc/fstab文件中每个文件系统类型出现的次数;
[root@localhost ~]# egrep -i '^uuid|^\/dev' /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
UUID=61bfe580-8947-41c1-91c0-0e3422e7d468 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=e598b458-c2ba-4bbe-a2b7-7791be1278fb /test ext4 acl 0 0
UUID=94464a8b-758d-474c-bf56-55b76c425b19 /users ext4 defaults 0 0
[root@localhost ~]# egrep -i '^uuid|^\/dev' /etc/fstab | awk '{print $3}'
xfs
xfs
swap
ext4
ext4
[root@localhost ~]# egrep -i '^uuid|^\/dev' /etc/fstab | awk '{print $3}' | uniq -c
2 xfs
1 swap
2 ext4
三、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字;
[root@localhost ~]# echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk '{gsub(/[^0-9]/,"",$0);print $0}'
05973
[root@localhost ~]# echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk '{gsub(/[^0-9]/,"");print $0}'
05973
### 将字符串打印出来,然后利用awk的自带函数gsub,对字符串进行处理,对匹配到的非数字部分替换为空,awk默认行为是打印$0,即最后只输出剩下的数字。
四、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT。
[root@localhost ~]# cat steal_ip.sh
#!/bin/bash
iplist=`netstat -ant |awk -F'[ :]+' '/ESTABLISHED/{print $6}' | sort | uniq -c | awk '{if($1>100) print $2}' `
for ip in $iplist;
do
iptables -A INPUT -s $ip REJECT
echo "$ip is dangerous ,was rejected!"
done
[root@localhost ~]#chmod +x steal_ip.sh
[root@localhost ~]# crontab -l
*/5 * * * * /usr/bin/bash /steal_ip.sh
---