2020-04-04 第十周作业

1、编写脚本selinux.sh,实现开启或禁用SELinux功能

1.1 提示输入参数方式

[root@centos7 ~]#cat selinux.sh

#!/bin/bash

read -p "please set selinux in {start|stop} :" SE

SEC=`sed -rn 's@^SELINUX=(.*)@\1@'p /etc/selinux/config`

if [ $SE == 'start' ];then

    if [ $SEC == 'enforcing' ];then

        echo "selinux current status is enforcing"

    elif [ $SEC == 'disabled' ];then

        sed -ri 's@^SELINUX=(.*)@SELINUX=enforcing@' /etc/selinux/config && echo "selinux start succeed!Please reboot your system!"

    fi

elif [ $SE == 'stop' ];then

    if [ $SEC == 'disabled' ];then

        echo "selinux current status is disabled"

    elif [ $SEC == 'enforcing' ];then

        sed -ri 's@^SELINUX=(.*)@SELINUX=disabled@' /etc/selinux/config && echo "selinux stop succeed!Please reboot your system!"

    fi

fi

1.2 菜单选择方式

[root@centos7 ~]#cat selinux_menu.sh

#!/bin/bash

SEC=`sed -rn 's@^SELINUX=(.*)@\1@'p /etc/selinux/config`

PS3="please set selinux number: "

select menu in start stop quit; do

    case $REPLY in

        1)

        if [ $SEC == 'enforcing' ];then

            echo "selinux current status is enforcing"

        elif [ $SEC == 'disabled' ];then

            sed -ri 's@^SELINUX=(.*)@SELINUX=enforcing@' /etc/selinux/config && echo "selinux start succeed!Plesae rebootyour system!"

        fi

        ;;

        2)

        if [ $SEC == 'disabled' ];then

            echo "selinux current status is disabled"

        elif [ $SEC == 'enforcing' ];then

            sed -ri 's@^SELINUX=(.*)@SELINUX=disabled@' /etc/selinux/config && echo "selinux stop succeed!Please reboot your system!"

        fi

        ;;

        3)

        break

        ;;

        *)

        echo "please input again"

  esac

done


2、统计/etc/fstab文件中每个文件系统类型出现的次数

[root@centos7 ~]#cat /etc/fstab|awk '/^UUID/{fs[$3]++}END{for(i in fs)print i,fs[i]}'

swap 1

xfs 3

3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字

[root@centos7 ~]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk -F "" '{for(i=1;i<=NF;i++){if ($i ~ /[0-9]/){num=$i;nums=(nums num)}}print nums}'

05973

4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT

4.1 根据web日志方式

[root@centos7 ~]#cat checkip.sh

#!/bin/bash

cat /root/access_log | awk '{IP[$1]++}END{for(i in IP){print i,IP[i]}}' > /tmp/hosts.txt

while read ip number;do

    if [ $number -gt 100 ] ;then

        iptables -A INPUT -s $ip -j REJECT

        echo "from $ip  $number rejected" >> /tmp/reject.txt

    fi

done < /tmp/hosts.txt

echo "有嫌疑访问IP已经加入防火墙策略并保存至 /tmp/reject.txt;请及时查看!"

[root@centos7 ~]#chmod +x checkip.sh

[root@centos7 ~]# crontab -e

 */5 * * * * /root/checkip.sh 

4.2 网络连接数方式

[root@centos7 ~]#cat checkip_ss.sh

#!/bin/bash

/usr/sbin/ss -tan | awk -F"[[:space:]]+|:" '/^ESTAB/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' > /tmp/hosts.txt

while read ip number;do

    if [ $number -gt 100 ] ;then

            iptables -A INPUT -s $ip -j REJECT

            echo "from $ip  $number rejected" >> /tmp/reject.txt

    fi

done < /tmp/hosts.txt

echo "有嫌疑访问IP已经加入防火墙策略并保存至 /tmp/reject.txt;请及时查看!"

[root@centos7 ~]#chmod +x checkip_ss.sh

[root@centos7 ~]# crontab -e  

*/5 * * * * /root/checkip.sh 

4.3 利用sleep控制执行频率

[root@centos7 ~]#cat checkip_ss_sleep.sh

#!/bin/bash

while true

do

    /usr/sbin/ss -tan | awk -F"[[:space:]]+|:" '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' > /tmp/hosts.txt

    while read ip number;do

            if [ $number -gt 100 ] ;then

                    iptables -A INPUT -s $ip -j REJECT

                    echo "from $ip  $number rejected" >> /tmp/reject.txt

            fi

    done < /tmp/hosts.txt

    echo "有嫌疑访问IP已经加入防火墙策略并保存至 /tmp/reject.txt;请及时查看!"

    sleep 300

done

[root@centos7 ~]#chmod +x checkip_ss_sleep.sh

[root@centos7 ~]#.\checkip_ss_sleep.sh

©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容