1、编写脚本selinux.sh ,实现开启或禁用selinux 功能
[19:41:44 root@centos7 scripts]#cat selinux.sh
#!/bin/bash
#--------------------------
# Filename: *.sh
# Revision:1.1
# Date: 2020-08-01
# Author:lcg
# E-mail:[email protected]
# Website:https://blog.51cto.com/8683332
# Description:this is a shell script
# Copyright:2020 li
# License:GPL
#--------------------------
#
date="`date +%F-%T`"
COLOR="\e[1;32m"
COLOREND="\e[0m"
#set -ue
if [ $# -eq 1 ] ;then
selinuxdir=/etc/selinux/config
case "$1" in
on)
sed -ir 's/^SELINUX=.*/SELINUX=enforcing/' $selinuxdir
echo "The SELinux is running,you should be care doing everythings ! And you should reboot the system to make selinux enabled!"
;;
off)
sed -ir 's/^SELINUX=.*/SELINUX=disabled/' $selinuxdir
echo " The SELinux is closed Success; And you should reboot the system to make selinux disabled!"
;;
*)
echo "Usage:`basename $0` on|off"
exit 1
;;
esac
else
echo "$0 Usage is : $0 on/off"
fi
2、统计/etc/fstab 文件中每个文件系统类型出现的次数
[17:31:30 root@centos7 ~]#cat /etc/fstab |grep -Ev '^[ ]+|[#]+' | awk '{if (NR>1)print $3}' |sort | uniq -c
1 ext4
2 xfs
[19:45:28 root@centos7 scripts]#cat /etc/fstab | awk '!/^ +|#/{if (NR>1)print $3}' |sort |uniq -c
1 ext4
2 xfs
3、提取字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw 中的所有数字
[16:48:36 root@centos7 ~]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk '{gsub(/[^0-9]/,"",$0);print $0}'
05973
[17:21:49 root@centos7 ~]#echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|awk 'gsub(/[^0-9]/,"",$0)'
05973
[17:12:48 root@centos7 ~]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | sed -nr 's/^.*([0]+[0-9)+]).*([0-9]+).*([0-9]+).*([0-9]+).*$/\1\2\3\4/p'
注意不通用
05973
4、解决Dos ***生产案例: 根据web日志或者网络连接数,监控当某个IP并发连接数或者短时内PV 达到100,即调用防火墙命令封掉对应的IP,监控频率:每隔5分钟,防火墙命令为:iptables -A input -s IP -j REJECT
[20:36:27 root@centos7 scripts]#cat Ddos.sh
#!/bin/bash
#--------------------------
#Filename:*.sh
#Revision:1.1
#Date:2020-08-01
#Author:lcg
#E-mail:[email protected]
#Website:https://blog.51cto.com/8683332
#Description:thisisashellscript
#Copyright:2020li
#License:GPL
#--------------------------
#
#date="`date+%F-%T`"
#COLOR="\e[1;32m"
#COLOREND="\e[0m"
#set-ue
log=access.log
[ -f $log ] || touch $log
function add_iptables(){
while read line
do
ip=`echo $line|awk '{print $2}'`
count=`echo $line|wc -l`
if [ $count -gt 100 ] && [`iptables -L -n|grep "$ip"|wc -l` -lt 1 ]
then
iptables -I INPUT -s $ip -jDROP
echo "$line isdropped" >>/tmp/droplist.log
fi
done<$log
}
function main(){
while true
do
netstat -an|grep EST|awk '{print $(NF-1)}'|awk -F '[:]' '{print $1}'|sort|uniq -c >$log
add_iptables
sleep 180
done
}
main
[20:36:32 root@centos7 scripts]#cat /tmp/droplist.log
7 127.0.0.1 is dropped
34 169.254.86.82 is dropped
18 172.16.100.125 is dropped
204 172.16.100.76 is dropped
14 172.16.23.100 is dropped
112 172.16.233.133 is dropped
68 172.16.250.227 is dropped
12 192.168.1.100 is dropped
22 192.168.1.106 is dropped
68 192.168.1.107 is dropped
24 192.168.1.109 is dropped
83 192.168.1.110 is dropped
27 192.168.1.112 is dropped
583 192.168.1.113 is dropped
12 192.168.1.114 is dropped
1220 192.168.1.117 is dropped
110 192.168.1.118 is dropped
13 192.168.1.121 is dropped
1134 192.168.1.31 is dropped
5、vim 删除空格小技巧
删除空格行:
非编辑状态下输入:g/^$/d
删除行首空格:
非编辑状态下输入:%s/^\s*//g
删除行尾空格:
非编辑状态下输入:%s/\s*$//g
VIM删除空白行
在命令状态下输入:
:g/^\s*$/d
:g 代表在全文档范围内
^代表行的开始
\s*代表空白字符
&代表行的结束
d代表删除
格式:用//将3段代码隔开