1、编写脚本selinux.sh,实现开启或禁用SELinux功能
1.1 提示输入参数方式
[root@centos7 ~]#cat selinux.sh
#!/bin/bash
read -p "please set selinux in {start|stop} :" SE
SEC=`sed -rn 's@^SELINUX=(.*)@\1@'p /etc/selinux/config`
if [ $SE == 'start' ];then
if [ $SEC == 'enforcing' ];then
echo "selinux current status is enforcing"
elif [ $SEC == 'disabled' ];then
sed -ri 's@^SELINUX=(.*)@SELINUX=enforcing@' /etc/selinux/config && echo "selinux start succeed!Please reboot your system!"
fi
elif [ $SE == 'stop' ];then
if [ $SEC == 'disabled' ];then
echo "selinux current status is disabled"
elif [ $SEC == 'enforcing' ];then
sed -ri 's@^SELINUX=(.*)@SELINUX=disabled@' /etc/selinux/config && echo "selinux stop succeed!Please reboot your system!"
fi
fi
1.2 菜单选择方式
[root@centos7 ~]#cat selinux_menu.sh
#!/bin/bash
SEC=`sed -rn 's@^SELINUX=(.*)@\1@'p /etc/selinux/config`
PS3="please set selinux number: "
select menu in start stop quit; do
case $REPLY in
1)
if [ $SEC == 'enforcing' ];then
echo "selinux current status is enforcing"
elif [ $SEC == 'disabled' ];then
sed -ri 's@^SELINUX=(.*)@SELINUX=enforcing@' /etc/selinux/config && echo "selinux start succeed!Plesae rebootyour system!"
fi
;;
2)
if [ $SEC == 'disabled' ];then
echo "selinux current status is disabled"
elif [ $SEC == 'enforcing' ];then
sed -ri 's@^SELINUX=(.*)@SELINUX=disabled@' /etc/selinux/config && echo "selinux stop succeed!Please reboot your system!"
fi
;;
3)
break
;;
*)
echo "please input again"
esac
done
2、统计/etc/fstab文件中每个文件系统类型出现的次数
[root@centos7 ~]#cat /etc/fstab|awk '/^UUID/{fs[$3]++}END{for(i in fs)print i,fs[i]}'
swap 1
xfs 3
3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字
[root@centos7 ~]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk -F "" '{for(i=1;i<=NF;i++){if ($i ~ /[0-9]/){num=$i;nums=(nums num)}}print nums}'
05973
4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT
4.1 根据web日志方式
[root@centos7 ~]#cat checkip.sh
#!/bin/bash
cat /root/access_log | awk '{IP[$1]++}END{for(i in IP){print i,IP[i]}}' > /tmp/hosts.txt
while read ip number;do
if [ $number -gt 100 ] ;then
iptables -A INPUT -s $ip -j REJECT
echo "from $ip $number rejected" >> /tmp/reject.txt
fi
done < /tmp/hosts.txt
echo "有嫌疑访问IP已经加入防火墙策略并保存至 /tmp/reject.txt;请及时查看!"
[root@centos7 ~]#chmod +x checkip.sh
[root@centos7 ~]# crontab -e
*/5 * * * * /root/checkip.sh
4.2 网络连接数方式
[root@centos7 ~]#cat checkip_ss.sh
#!/bin/bash
/usr/sbin/ss -tan | awk -F"[[:space:]]+|:" '/^ESTAB/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' > /tmp/hosts.txt
while read ip number;do
if [ $number -gt 100 ] ;then
iptables -A INPUT -s $ip -j REJECT
echo "from $ip $number rejected" >> /tmp/reject.txt
fi
done < /tmp/hosts.txt
echo "有嫌疑访问IP已经加入防火墙策略并保存至 /tmp/reject.txt;请及时查看!"
[root@centos7 ~]#chmod +x checkip_ss.sh
[root@centos7 ~]# crontab -e
*/5 * * * * /root/checkip.sh
4.3 利用sleep控制执行频率
[root@centos7 ~]#cat checkip_ss_sleep.sh
#!/bin/bash
while true
do
/usr/sbin/ss -tan | awk -F"[[:space:]]+|:" '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' > /tmp/hosts.txt
while read ip number;do
if [ $number -gt 100 ] ;then
iptables -A INPUT -s $ip -j REJECT
echo "from $ip $number rejected" >> /tmp/reject.txt
fi
done < /tmp/hosts.txt
echo "有嫌疑访问IP已经加入防火墙策略并保存至 /tmp/reject.txt;请及时查看!"
sleep 300
done
[root@centos7 ~]#chmod +x checkip_ss_sleep.sh
[root@centos7 ~]#.\checkip_ss_sleep.sh