十、Linux 自动化脚本与函数

1.编写脚本selinux.sh,实现开启或禁用SELinux功能。

[root@localhost ~]#bash SElinux.sh 
######################################################
Current status:
SELinux status:                 disabled
######################################################


Please input enable|disable|permissive|quit to set SElinux: enable 
setenforce: SELinux is disabled
SElinux current status is Disabled
SElinux config file is set SELINUX=enforcing
[root@localhost ~]#bash SElinux.sh 
######################################################
Current status:
SELinux status:                 disabled
######################################################


Please input enable|disable|permissive|quit to set SElinux: disable
setenforce: SELinux is disabled
SElinux current status is Disabled,But Disabled's status need to reboot
SElinux config file is set SELINUX=disabled
[root@localhost ~]#bash SElinux.sh 
######################################################
Current status:
SELinux status:                 disabled
######################################################


Please input enable|disable|permissive|quit to set SElinux: permissive
setenforce: SELinux is disabled
SElinux current status is Disabled
SElinux config file is set SELINUX=Permissive
[root@localhost ~]#cat SElinux.sh 
#!/bin/bash
#********************************************************************
#Author: Kevin.Wen
#Revision: 1.0
#QQ: 2510905014
#Date: 2020-11-13
#FileName: SElinux.sh
#********************************************************************
echo "######################################################"
echo -e "Current status:\n`sestatus`"
echo "######################################################"
echo -e "\n"
read -p "Please input enable|disable|permissive|quit to set SElinux: " Arg
if [ $Arg == "enable" ];then
	setenforce 1
	sed -ri.bak "s#^SELINUX=.*#SELINUX=enforcing#" /etc/selinux/config &>/dev/null
	echo "SElinux current status is `getenforce`"
	echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`"
	exit
elif [ $Arg == "disable" ];then
	setenforce 0
	sed -ri.bak "s#^SELINUX=.*#SELINUX=disabled#" /etc/selinux/config &>/dev/null
	echo "SElinux current status is `getenforce`,But Disabled's status need to reboot"
	echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`"
	exit
elif [ $Arg == "permissive" ];then
	setenforce Permissive
	sed -ri.bak "s#^SELINUX=.*#SELINUX=Permissive#" /etc/selinux/config &>/dev/null
	echo "SElinux current status is `getenforce`"
	echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`"
	exit
else [ $Arg == "quit" ]
	echo "The shell exit"
	exit
fi

2.统计/etc/fstab文件中每个文件系统类型出现的次数。

[root@localhost /data]#awk -F'[[:space:]]+' '/^UUID/{print $3}' /etc/fstab |uniq -c
      3 xfs
      1 swap
[root@localhost /data]#cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Mon Aug  3 17:02:43 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=71b66acd-688f-45df-8d45-1d3cf606820f /                       xfs     defaults        0 0
UUID=1890737d-134e-49aa-a764-569a2bd251d8 /boot                   xfs     defaults        0 0
UUID=82c012a2-3f30-4649-ac90-e9896c20f829 /data                   xfs     defaults        0 0
UUID=87716ee2-fda6-41e2-9d46-4d42bd7bb257 swap                    swap    defaults        0 0

3.提取出字符串Yd$C@MO5MB%9&Bdh7dq+YVixp3vpw中的所有数字。

[root@localhost /data]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk  '{gsub(/[^0-9]/,"");print $0}'
05973

4.解决DOS攻击生产案例:根据web日志或者网络连接数,监控当某个IP并发连接数或者短时间内PV达到100,即调用防火墙命令封掉对应的IP,监控频率每隔5分钟。防火墙命令为iptables -A INPUT -s IP -j REJECT。

[root@localhost ~]#bash -x checkdos.sh 
+ /usr/sbin/ss -tn
+ awk '-F +|:' '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip)if(ip[i]>10) print i}'
+ read IP
[root@localhost ~]#cat checkdos.sh 
#!/bin/bash
#********************************************************************
#Author: Kevin.Wen
#Revision: 1.0
#QQ: 2510905014
#Date: 2020-11-13
#FileName: checkdos.sh
#********************************************************************
/usr/sbin/ss -tn | awk -F" +|:" '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip)if(ip[i]>10) print i}' > /data/ddosip.txt
while read IP;do
	/usr/sbin/iptables -A INPUT -s $IP -j REJECT
	echo "The $IP reject" >> /data/checkddos.txt
done < /data/ddosip.txt
上一篇:CentOS 关闭防火墙和selinux


下一篇:linux系统优化(关闭SElinux、防火墙)