awk综合应用

1、编写脚本selinux.sh，实现开启或禁用SELinux功能

# 知识点：
	# selinux
	# 文件位置：/etc/selinux/config
	# 实现SELinux主要就是将该文件中的SELINUX= 设置为：disable/enforcing
	# 查看状态：sestatus
	
	
#!/bin/bash 
#
############################################################

# @Author:	Flamenca
# @Date:	2020-05-09 20:58:39
# @File Name:	seslinux_switch.sh
# @Last Modified time:	2020-05-11 00:35:37
# @Description:	一键开关SELinux的脚本
# @mail:	[email protected]

############################################################

. /etc/rc.d/init.d/functions

# 查看当前SELinux 的状态
#sest=`sestatus |awk -F" " '{print $NF}'`
sest=`awk -F"=" '/^SELINUX=/{print $NF}' /etc/selinux/config`

if [[ $sest == "disabled" ]]; then
	#如果/etc/selinux/config 中SELINUX=disable,则提示是否开启
	echo "SELinux is disabled "	
	read -p "Would you like to [O]pen or [Q]uit? :" var
	if [[ $var == ["O""o""open"] ]]; then
		sed -i 's/^SELINUX=disabled/SELINUX=enforcing/g' /etc/selinux/config 
		action "SELINUX is Open, please reboot your system"	/bin/true
	elif [[ $var == ["Q""q""quit"] ]]; then
		break
	else
		echo "Error input!"
		
	fi
elif [[ $sest == "enforcing" ]]; then
	#statements
	echo "SELinux is enforcing "
	read -p "Would you like to [D]isable or [Q]uit? :" var
	if [[ $var == ["D""d"] ]]; then
		sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 
		action "SELINUX is disabled, please reboot your system"	/bin/true
	elif [[ $var == ["Q""q""quit"] ]]; then
		break
	else
		echo "Error input!"
		
	fi	
fi

	

2、统计/etc/fstab文件中每个文件系统类型出现的次数

cat /etc/fstab |grep "^[^#]" |xargs -n6 |cut -d " " -f3|uniq -c

3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字

[root@localhost data]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" |awk '{gsub(/[^0-9]/," ",$0);print $0}'
    05   9    7        3 

4、解决DOS攻击生产案例:根据web日志或者或者网络连接数，监控当某个IP 并发连接数或者短时内PV达到100，即调用防火墙命令封掉对应的IP，监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT

#!/bin/bash 
#
############################################################

# @Author:	Flamenca
# @Date:	2020-05-09 20:58:39
# @File Name:	IP_100.sh
# @Last Modified time: 2020-05-17 00:53:14
# @Description:	找到连接数超过100的ip，执行防火墙封锁命令
# @mail:	[email protected]

############################################################

# 找出当前主机的Foreign Address 并统计其出现的次数

# 将当前连接次数大于100的ip记录在asslog.log中
netstat -nltp | awk '{if (NR>2){print $5}}' | sort | uniq -c | awk '{if ($1>100){print $2}}' | cut -d ":" -f1 >> asslog.log

while read IP; do
	iptables -A INPUT -s IP -j REJECT

done << asslog.log


rm ./asslog.log



# 将此脚本写入crontab计划任务
[root@centos-linux bak]# crontab -e
*/5 * * * 0-7 /bin/bash /root/bak/IP_100.sh