1、编写脚本selinux.sh,实现开启或禁用SELinux功能
#!/bin/bash
status=`getenforce`
if [ "#status" == "disble" ];then
echo "disable,"
sed -ri 's/^(SELINUX=).*$/\1enforcing/' /etc/selinux/config
else
echo "not disable"
sed -ri 's/^(SELINUX=).*$/\1disbaled/' /etc/selinux/config
fi
2、统计/etc/fstab文件中每个文件系统类型出现的次数
awk ' /^[^#]/ {print $3}' /etc/fstab | sort |uniq -c
3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字
echo "Yd$C@M05MB%9Bdh7dq+YVixp3vpw" | grep -o [0-9]
4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT
#!/bin/bash
while true
do
netstat -an|grep ESTABLISHED|awk -F '[: ]+' '{print $6}'|sort|uniq -c|sort|while read line
do
ip=`echo $line|awk '{print $2}'`
count=`echo $line|awk '{print $1}'`
if [ "$count -ge 100 ] && [ `iptables -L -n|grep "$ip"|wc -l` lt 1 ];then
iptables -I INPUT -s "$ip" -j DROP
echo $ip is DROP >> drop_list.log
# fi
done
sleep 60
done
`
