小练习

[ scripts]$cat selinux.sh 
#!/bin/bash
#
STATE=`grep ‘SELINUX\>‘ /etc/selinux/config | grep -v ‘^#‘ | cut -d= -f2`
case $1 in
start)
    [ "$STATE" = "enforcing" ] || sed -i ‘/SELINUX/@‘ /etc/selinux/config
    echo "SELinux is enforcing..." 
    ;;
stop)
    [ "$STATE" = "disabled" ] || sed -i ‘/SELINUX/@‘ /etc/selinux/config
    echo "SELinux is disabled..." 
    ;;
status)
    echo "SELinux is ${STATE}..."
    ;;
*)
    echo "Usage:`basename $0` <start|stop|status>"
    ;;
esac

统计/etc/fstab文件中每个文件系统类型出现的次数

[ scripts]$awk ‘/^UUID/{count[$3]++}END{for(i in count){print i,count[i]}}‘ /etc/fstab
swap 1
xfs 3

提取出字符串%9&Bdh7dq+YVixp3vpw中的所有数字

[ scripts]$echo "%9&Bdh7dq+YVixp3vpw" | tr -dc ‘[[:digit:]]‘
05973[ scripts]$

[ scripts]$echo "%9&Bdh7dq+YVixp3vpw" | tr -dc ‘[[:digit:]]‘ |xargs
05973

解决DOS***生产案例:根据web日志或者或者网络连接数，监控当某个IP 并发连接数或者短时内PV达到100，即调用防火墙命令封掉对应的IP，监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT

[ scripts]$cat dos.sh
#!/bin/bash
#
awk ‘{count[$1]++}END{for(i in count){if(count[i]>=100){print i,count[i]}}}‘ /data/scripts/access_log | while read IP COUNT; do
    echo "${IP}访问了${COUNT}次数..."
    /usr/sbin/iptables -A INPUT -s ${IP} -j REJECT
    echo "${IP}被加入到了防火墙..." 
    sed -i "/${IP}/d" /data/scripts/access_log
done 

[ scripts]$crontab -l
*/5 * * * * /bin/bash /data/scripts/dos.sh