shell企業面試題
1、批量創建帶有隨機小寫字符文件程序
使用for循環在/pizza目錄下創建10個html文件,其中每個文件包含10個隨機小寫字母加固定字母_pizza
1、思路分析:
核心是:創建10個隨機小寫字母
第一種:$RANDOM
[root@web-01 /server/scripts]# echo $RANDOM 9839 范圍0-32767 ,第一個容易被破解,使用的時候最好再加個字符串
第二種:openssl rand -base64 10
[root@web-01 /server/scripts]# openssl rand -base64 10(最后面是長度) yz+FH2zUNMlVnw== [root@web-01 /server/scripts]# openssl rand -base64 100 wkfkVmliczOgoLl0z/m5S/7InZ8+4AzdHmR6t6hhE80oghRY46598L+no+HtDcHD HyvQYnBWi6nQ0GbsjafyWZps7y6JpMEA6JOwQ+HlIOICXT7YLCcI9mQa6FUE+vHR OcxHog==
第三種:date
[root@web-01 /server/scripts]# date +%N%s() 3057895901553937109
第四種:head /dev/urandom |cksum
[root@web-01 /server/scripts]# head /dev/urandom |cksum 1831677657 1682
第五種:uuidgen
[root@web-01 /server/scripts]# uuidgen 218780c9-ee6f-41dc-9058-a9a3a717cde1
第六種:cat /proc/sys/kernel/random/uuid
[root@web-01 /server/scripts]# cat /proc/sys/kernel/random/uuid 542f71d9-b240-4891-b61d-632083ecf6be
第七種:expect的mkpasswd
[root@web-01 /server/scripts]# mkpasswd(yum install expect -y) k3WlhJ|e7 [root@web-01 /server/scripts]# mkpasswd -l 20 -d 1 -c 2 (-l長度、-d數字、-c小寫字母、-C大寫字母、-s特殊字符) nebiv;bnZi6vjluvczgP
本次使用$RANDOM,前面加字符串,md5加密 ,將數字替換為字母,截取第2-第11個,共10位
[root@web-01 ~]# echo "PIZZA$RANDOM" |md5sum|tr "0-9" "a-z"|cut -c 2-11 befdbcdaee
2、for循環創建
path=/pizza [ -d $path ] || mkdir $path for n in {1..10} do random=`echo "PIZZA$RANDOM" |md5sum|tr "0-9" "a-z"|cut -c 2-11` touch $path/${random}_pizza.html done
2、批量改名
將題1中的pizza都改成linux(最好用for循環實現,並且擴展名html全部改成大寫)
思路分析:
1、先改一個
2、for循環
name=linux path=/pizza/ cd $path for file in `ls *.html` do mv $file `echo ${file/pizza.html/linux.HTML}` done
3、方法二--用一條命令
[root@web-01 /pizza]# ls *.HTML |awk -F 'linux.HTML' '{print "mv",$0,$1"pizza.html"}' |bash
4、方法三--專業的rename
[root@web-01 /pizza]# rename "pizza.html" "linux.HTML" *.html
3、批量創建特殊需求要求用戶案例
批量創建10個系統賬號 pizza01-pizza10 並設置密碼(密碼是隨機數,要求字符和數字等混合)
思路分析:
1、創建10個賬號
第一種:echo pizza{01..10}
第二種:seq -w 10
2、隨機密碼,題1已經講了很多,這次用openssl rand -base64 100
3、創建用戶的命令
第一種:
useradd pizza01
echo 密碼 | passwd --stdin
第二種:chpasswd命令
格式要符合下面的形式
pizza01:passwd
pizza02:passwd
4、for循環
for n in {01..10} do passwd=`openssl rand -base64 10` useradd pizza$n echo $passwd |passwd --stdin pizza$n echo -e "pizza$n\t$passwb" >> /pizza/user.list done
或者
for n in {01..10} do passwd=`openssl rand -base64 10` useradd pizza$n echo "pizza$n:$passwd" >> /pizza/pass.log done chpasswd < /pizza/pass.log
5、優化,搞的專業一點
for n in {1..10} do pass=`openssl rand -base64 10` if `grep "pizza$n" /etc/passwd &>/dev/null` # 判斷是不是存在 then useradd pizza$n &&\ # &&\設置強邏輯關系 echo $pass|passwd --stdin pizza$n &&\ echo -e "pizza$n\t$pass" >> /pizza/user.log else echo "pizza$n is exist." fi done
優化:
for n in {1..10} do pass=`openssl rand -base64 10` if [ `grep -w "pizza$n" /etc/passwd|wc -l` -eq 0 ] then useradd pizza$n &&\ echo $pass|passwd --stdin pizza$n &&\ echo -e "pizza$n\t$pass" >> /pizza/user.log echo "adduser successful" else echo "pizza$n is exist." fi done
優化:
. /etc/init.d/functions for n in {1..10} do pass=`openssl rand -base64 10` if [ `grep -w "pizza$n" /etc/passwd|wc -l` -eq 0 ] then useradd pizza$n &&\ echo $pass|passwd --stdin pizza$n &>/dev/null &&\ echo -e "pizza$n\t$pass" >> /pizza/user.log action "adduser successful" /bin/true else action "pizza$n is exist." /bin/false fi done
優化:
. /etc/init.d/functions if [ $UID -ne 0 ] then echo "必須用root執行本腳本" exit 1 fi for n in {1..10} do pass=`openssl rand -base64 10` if [ `grep -w "pizza$n" /etc/passwd|wc -l` -eq 0 ] then useradd pizza$n &&\ echo $pass|passwd --stdin pizza$n &>/dev/null &&\ echo -e "pizza$n\t$pass" >> /pizza/user.log action "adduser successful" /bin/true else action "pizza$n is exist." /bin/false fi done
6、不用for循環的實現
http://user.qzone.qq.com/49000448/blog/1422183723
4、掃描網絡內存活主機
寫一個Shell腳本,判斷10.0.0.0/24網絡里面,當前在線的IP有哪些
思路分析
1、判斷主機存活
ping c 2 i 1 w 3 10.0.0.7 nmap -sP 10.0.0.0/24
2、搞起來
第一種:ping
for n in {1..254} do # 將整個執行用大括號括起來 加 &,進行批量ping,原理就是放到后台執行 { if `ping -c 1 -w 3 10.0.0.$n &>/dev/null` then echo "10.0.0.$n is up" else echo "10.0.0.$n is down" fi } & done
# 沒有進行過濾,所以輸出很多,可以優化一下
第二種:使用nmap命令行就可以
[root@web-01 /server/scripts]# nmap -sP 10.0.0.0/24 |awk '/Nmap scan report for/{print $NF}'
5、MySQL分庫備份
實現對MySQL數據庫進行分庫備份,用腳本實現
為什么要進行分庫備份呢,因為,如果在以后需要備份一個小庫,就會很麻煩
常規方法:
mysqldump -B userinfo click test | gzip >bak.sql.gz
分庫備份:
mysqldump -B userinfo | gzip >bak.sql.gz mysqldump -B click | gzip >bak.sql.gz mysqldump -B test | gzip >bak.sql.gz
執行命令獲取庫名
mysql -uroot -ppizza123 -e "show databases" | grep -v _schema | sed 1d
把密碼放到配置文件中
cat /etc/my.cnf [client] user = root passwd = pizza123
做完這一步就不用在腳本中添加-u和-p參數
備份腳本
path=/backup mysql="mysql -uroot -ppizza123" mysqldump="mysqldump -uroot -ppizza123" [ -d $path ] || mkdir $path for dbname in `$mysql -e "show databases;" 2>/dev/null|grep -v _schema | sed 1d` do # 這個命令還有很多參數沒有寫 $mysqldump -B $dbname |gzip >/backup/${dbname}_$(date +%F).sql.gz done
6、MySQL分庫、分表備份
常規備份
mysqldump pizza test test1 | gzip > bak.sql.gz pizza是庫名、test和test1是表名
分庫、分表備份
mysqldump -B pizza | gzip >bak.sql.gz mysqldump pizza test1 mysqldump pizza test2 mysqldump pizza test3
腳本編碼
path=/backup mysql="mysql -uroot -ppizza123" mysqldump="mysqldump -uroot -ppizza123" [ -d $path ] || mkdir $path for tname in `$mysql -e "show tables from $dbname;" 2>/dev/null|sed 1d` do if [ "$dbname" = "mysql" ] then # 這個命令還有很多參數沒有寫 $mysqldump --skip-lock-tables $dbname $tname |gzip >$path/${dbname}-$tname_$(date +%F).sql.gz 2>/dev/null else $mysqldump $dbname $tname |gzip >$path/${dbname}-$tname_$(date +%F).sql.gz 2>/dev/null fi done done
7、SSH服務批量分發與管理服務
確保主機能用root登陸
vim /etc/ssh/sshd_config 字段 PermitRootLogin 為 yes
建立密鑰對
ssh-keygen
發送公鑰到其他服務器
ssh-copy-id -i id_rsa.pub 10.0.0.8
可能會很慢,調整其他機器的配置,讓操作快一些
useDNS no
GSSAPIAuthentication no
重啟服務,繼續
ssh-copy-id -i id_rsa.pub 10.0.0.8 ssh-copy-id -i id_rsa.pub 10.0.0.9
寫一個鏈接主機並可以執行命令的腳本
vim ssh_.sh
if [ $# -ne 1 ] then echo "usage:$0 cmd" exit 1 fi for n in 8 9 do echo "-----10.0.0.$n------" ssh 10.0.0.$n $1 done
執行腳本
bash ssh_.sh "free -m"
編寫分發腳本
. /etc/init.d/functions if [ $# -ne 2] then echo "usage:$0 localdir remotedir" exit 1 fi for n in 8 9 do scp -rp $1 10.0.0.$n:$2 &>/dev/null if [ $? -eq 0 ] then action "10.0.0.$n sucessful" /bin/true else actin "10.0.0.$n fail" /bin/false fi done
8、破解RANDOM隨機數案例
已知下面這些字符串是通過RANDOM隨機變量 md5sum 后,再截取一部分連續字符串的結果,親個破解這些字符串對用的使用md5sum 處理前的RANDOM對應的數字
21023299
00205d1c
a3da1677
1f6d12dd
890684b
解答:
1、分析
RANDOM的隨機范圍是0-32767 。
顯現需要把范圍內的數字都加密,輸出到md5.log中
2、比較
grep “890684b” md5.log | wc -l
3、編碼實現
array=( 21023299 00205d1c a3da1677 1f6d12dd 890684b ) md5(){ for n in {0..32767} do echo -e "$n\t`echo $n|md5sum`" >> /pizza/md5.log done } crack_num(){ for num in ${array[*]} do find=`grep $num /pizza/md5.log` if [ `echo $find|wc -l` -eq 1 ] then echo $find fi done } main(){ md5 crack_num } main
第二種方法:egrep實現
[root@web-01 /server/scripts]# array=( > 21023299 > 00205d1c > a3da1677 > 1f6d12dd > 890684b > ) [root@web-01 /server/scripts]# cmd=`echo ${array[*]}|tr " " "|"` [root@web-01 /server/scripts]# egrep "$cmd" /pizza/md5.log
修改第一版
array=( 21023299 00205d1c a3da1677 1f6d12dd 890684b ) md5(){ for n in {0..32767} do echo -e "$n\t`echo $n|md5sum`" > /pizza/md5.log & done } crack_num(){ cmd=`echo ${array[*]}|tr " " "|"` egrep "$cmd" /pizza/md5.log } main(){ md5 crack_num } main
利用time命令對比兩個版本的時間
time sh 8_random_crack.sh
9、檢查多個網站地址是否正常
要求
1、使用shell數組方法,檢測策略精良模擬用戶訪問
2、每10秒種做一次所有的檢測,無法訪問的輸出報警
3、待檢測網址如下
https://www.cnblogs.com/yxiaodao/
https://www.baidu.com/
檢測工具:
url
curl
wget
腳本編碼
. /etc/init.d/functions url=( https://www.cnblogs.com/yxiaodao/ https://www.baidu.com/ ) check_url(){ wget -t 2 -T 5 -o /dev/null -q $1 if [ $? -eq 0 ] then action "$1 is ok" /bin/true else action "$1 is lost" /bin/false fi } DealUrl(){ for url in ${url[*]} do check_url $url done } main(){ while true do DealUrl sleep 10 done } main
修改題目,不用數組,將網址放在文件中,做如下修改
DealUrl(){ while read line do check_url $line done < ./pizza/url.log }
有一個問題,在我們操作完后,會產生大量的網頁文件,因為我們的命令將網頁下載了
需要在命令中添加參數 -- spider
10、利用Shell編程分析Web日志解決Dos攻擊生產案例
DOS Deny of Service
DDOS 分布式dos攻擊
請根據web日志或者網絡連接數,監控當某個IP並發連接數或者短時間內PV達到100(根據實際情況設定),即調用防火牆命令封掉對應的IP。
防火牆命令:iptables -l INPUT -s IP地址 -j DROP
分析:
1、web日志或者網絡連接數
日志文件,netstat -an | grep -i est,排序去重
2、判斷PV 或者連接數大於100 ,取出IP ,封IP
IP 在日志的第一列,取到IP---->排序---->統計數量----> 按數量從大到小排序
[root@web-01 /server/scripts]# awk '{print $1}' access_2010-12-8.log |sort|uniq -c|sort -rn 35 59.33.26.105 23 123.122.65.226 8 124.115.4.18
也能通過awk的數組來完成
[root@web-01 /server/scripts]# awk '{S[$1]++}END{for(key in S) print S[key],key}' access_2010-12-8.log |sort -rn 35 59.33.26.105 23 123.122.65.226 8 124.115.4.18
編碼腳本
9 awk '{S[$1]++}END{for(key in S) print S[key],key}' access_2010-12-8.log |sort -rn > /pizza/ip.log 10 while read line 11 do 12 ip=`echo $line|awk '{print $2}'` 13 count=`echo $line|awk '{print $1}'` 14 if [ $count -gt 30 -a `grep $ip /pizza/drop.log|wc -l` -lt 1 ] 15 then 16 iptables -I INPUT -s $ip -j DROP &&\ 17 echo "$ip" >>/pizza/drop.log 18 else 19 echo "$ip" >>/pizza/accept.log 20 fi 21 done</pizza/ip.log
本次采用了讀取drop.log日志的方法,也可以采用查看 iptables -nL的方法
10、利用Shell編程分析Linux服務器網絡鏈接數解決DOS攻擊生產案例實踐
還是上一個題,上面的題監控的是web日志,本次是監控網絡鏈接數實現
命令:ESTABLISHED 正在建立的鏈接狀態
[root@web-01 /server/scripts]# netstat -an |grep -i ESTABLISHED Active Internet connections (servers and established) tcp 0 0 172.17.214.84:47778 107.175.240.135:2222 ESTABLISHED tcp 0 0 172.17.214.84:34820 100.100.30.25:80 ESTABLISHED tcp 0 52 172.17.214.84:22 163.125.30.51:37793 ESTABLISHED Active UNIX domain sockets (servers and established)
獲取外部地址,統計,排序(為方便,將命令的輸出到了日志)
[root@web-01 ~]# awk '/ESTAB/{print $0}' netstat.log|awk -F "[ :]+" '{print $(NF-3)}'|sort|uniq -c|sort -rn
高級寫法,通過awk數組
[root@web-01 ~]# awk -F "[ :]+" '/ESTAB/{S[$(NF-3)]++}END{for(k in S) print S[k],k}' netstat.log | sort -rn |head
不用日志,用netstat -an
[root@web-01 ~]# netstat -an|awk -F "[ :]+" '/ESTAB/{S[$(NF-2)]++}END{for(k in S) print S[k],k}' | head 1 163.125.30.51 1 100.100.30.25 1 107.175.240.135
因數據差異,具體命令中參數還要自己調
腳本編寫,只需修改前一個腳本的第一行獲取ip的命令即可
netstat -an|awk -F "[ :]+" '/ESTAB/{S[$(NF-2)]++}END{for(k in S) print S[k],k}'|head >/pizza/ip.log while read line do ip=`echo $line|awk '{print $2}'` count=`echo $line|awk '{print $1}'` if [ $count -gt 30 -a `grep $ip /pizza/drop.log|wc -l` -lt 1 ] then iptables -I INPUT -s $ip -j DROP &&\ echo "$ip" >>/pizza/drop.log else echo "$ip" >>/pizza/accept.log fi done</pizza/ip.log
在實際工作中,可以設置定時任務,每3分鍾執行一次,每天晚上0點取消
11、開發MySQL服務啟動停止腳本
要求:用函數,case語句,if語句等實現 /etc/init.d/mysqld {start | stop | restart} 命令
分析:
1、啟動
mysqld_safe --user=mysql &
2、停止
mysqladmin -uroot -ppasswd shutdown
killall,pkill(參考之前寫的rsync 第九章-case結構條件句)
3、腳本編碼
看一下mysql的pid的文件位置
# 定義鎖文件 lockfile=/var/lock/subsys/mysqld # 定義變量,指定mysqld的的pid,是需要自己mysql的conf中去創建 mysql_pid_file_path=/application/mysql/data/`uname -n.pid` . /etc/init.d/functions start(){ mysql_safe --user=mysql &>/dev/null & retval=$? if [ $retval -eq 0 ] then action "mysql startup ok" /bin/true touch $lockfile return $retval else action "mysql startup fail" /bin/false return $retval fi } stop(){ if test -s "$mysql_pid_file_path" then mysql_pid=`cat $mysql_pid_file_path` if (kill -0 $mysql_pid &>/dev/null) then # 為了在重復停止操作的時候,不提示,將其扔到黑洞 kill $mysql_pi retval=$? if [ $? -eq 0 ] then action "mysql stop ok" /bin/true rm -f $lockfile return $retval else action "mysql stop fail" /bin/false return $retval fi else echo "mysqld_process is not exit." return 2 fi else echo "$mysqld_pid_file_path is not exist,or mysqld does not startup" fi } restart(){ killall mysql && sleep 1 && mysql --deamon retval=$? if [ $? -eq 0 ] then action "mysql restart ok" /bin/true return $retval else action "mysql restart fail" /bin/false return $retval fi } case "$1" in start) start # 我了向外傳值 retval=$? ;; stop) stop retval=$? ;; restart) stop sleep 2 start retval=$? ;; *) echo "usage:$0 {start|stop|restart}" exit 1 esac exit $retval
出現問題,啟動了,但是沒有pid文件
解決:
1、先使用系統的命令開啟。
2、通過查看ps -ef |grep mysql 查看 啟動參數
添加啟動參數 --pid-file=$mysql_pid_file_path
問題:進不去mysql
添加參數--datedir=/application/mysql/data
問題:啟動的過程很快,執行腳本后,啟動成功,但是沒有發現進程和pid,無法進入
1、查看mysql日志
cat /application/mysql/data/web01.err
2、發現使用腳本中的命令,手動也起不來
3、使用系統執行后的啟動命令
/bin/sh /application/masql/bin/mysqld_safe --datedir=/application/mysql/data --pid-file=$mysql_pid_file_path
腳本一定要現在命令行測試成功,再寫入腳本中
最后一個任務
拷貝到/etc/init.d中 ,變成chkconfig 可已使用的腳本
12、按單詞去重排序
In the world of hackers, the kind of answers you get to your technical questions depends as much on the way you ask the questions as on the difficulty of developing the answer. This guide will teach you how to ask questions in a way more likely to get you a satisfactory answer. Now that use of open source has become widespread, you can often get as good answers from other, more experienced users as from hackers. This is a Good Thing; users tend to be just a little bit more tolerant of the kind of failures newbies often have. Still, treating experienced users like hackers in the ways we recommend here will generally be the most effective way to get useful answers out of them, too. The first thing to understand is that hackers actually like hard problems and good, thought-provoking questions about them. If we didn't, we wouldn't be here. If you give us an interesting question to chew on we'll be grateful to you; good questions are a stimulus and a gift. Good questions help us develop our understanding, and often reveal problems we might not have noticed or thought about otherwise. Among hackers, “Good question!” is a strong and sincere compliment. Despite this, hackers have a reputation for meeting simple questions with what looks like hostility or arrogance. It sometimes looks like we're reflexively rude to newbies and the ignorant. But this isn't really true. What we are, unapologetically, is hostile to people who seem to be unwilling to think or to do their own homework before asking questions. People like that are time sinks — they take without giving back, and they waste time we could have spent on another question more interesting and another person more worthy of an answer. We call people like this “losers” (and for historical reasons we sometimes spell it “lusers”). We realize that there are many people who just want to use the software we write, and who have no interest in learning technical details. For most people, a computer is merely a tool, a means to an end; they have more important things to do and lives to live. We acknowledge that, and don't expect everyone to take an interest in the technical matters that fascinate us. Nevertheless, our style of answering questions is tuned for people who do take such an interest and are willing to be active participants in problem-solving. That's not going to change. Nor should it; if it did, we would become less effective at the things we do best. We're (largely) volunteers. We take time out of busy lives to answer questions, and at times we're overwhelmed with them. So we filter ruthlessly. In particular, we throw away questions from people who appear to be losers in order to spend our question-answering time more efficiently, on winners. If you find this attitude obnoxious, condescending, or arrogant, check your assumptions. We're not asking you to genuflect to us — in fact, most of us would love nothing more than to deal with you as an equal and welcome you into our culture, if you put in the effort required to make that possible. But it's simply not efficient for us to try to help people who are not willing to help themselves. It's OK to be ignorant; it's not OK to play stupid. So, while it isn't necessary to already be technically competent to get attention from us, it is necessary to demonstrate the kind of attitude that leads to competence — alert, thoughtful, observant, willing to be an active partner in developing a solution. If you can't live with this sort of discrimination, we suggest you pay somebody for a commercial support contract instead of asking hackers to personally donate help to you. If you decide to come to us for help, you don't want to be one of the losers. You don't want to seem like one, either. The best way to get a rapid and responsive answer is to ask it like a person with smarts, confidence, and clues who just happens to need help on one particular problem.
按單詞出現的頻率降序排序
1、把空格和符號都轉換成空格--排序--統計--排序
2、命令
[root@web-01 /server/scripts]# cat english.txt |tr "“”! ,.)( " "\n" |sort|uniq -c |sort -rn
方法二:
[root@web-01 /server/scripts]# cat english.txt |tr "“”! ,.)( " "\n" |awk '{S[$1]++}END{for(k in S) print S[k],k}'|sort -rn
方法三:
cat english.txt |xargs -n1
12、按字母去重排序
按字母出現的頻率降序排序
1、使用 grep -o ‘.’ 匹配任意 之后,會挨個輸出 或者 grep -o "[^ ]"
grep -o "[^ ,.()]" english.txt |awk '{S[$1]++}END{for(k in S) print S[k],k}'|sort -rn
2、awk可以用空做分隔符
sed 's#[ ,\.\]##g' english.txt|awk -F "" '{for(i=0;i<NF;i++)S[$i]++}END{for(k in S) print S[k],k}' |sort -rn
暫時沒有設計出過濾換換行符
13、按單詞去重排序高級方案
基於上面的awk統計單詞
awk -F "[ ,.]" '{for(i=1;i<NF;i++)S[$i]++}END{for(k in S) print S[k],k}' english.txt |sort -rn
教學例題講解
合格的運維人員必會的腳本列表
1)系統及各類服務的監控腳本,例如:文件、內存、磁盤、端口,URL監控報警等。
2)監控網站目錄下文件是否被篡改,以及站點目錄批量被篡改后如何批量恢復的腳本。
3)各類服務Rsync、Nginx、MySQL等的啟動及停止專業腳本(使用chkconfig管理)。
4)MySQL主從復制監控報警以及自動處理不復制故障的腳本。
5)一鍵配置MySQL多實例、一鍵配置MySQL主從部署腳本。
6)監控HTTP/MySQL/Rsync/NFS/Memcached等服務是否異常的生產腳本。
7)一鍵軟件安裝及優化的腳本,比如LANMP、Linux一鍵優化,一鍵數據庫安裝、優化等。
8)MySQL多實例啟動腳本,分庫、分表自動備份腳本。
9)根據網絡連接數以及根據Web日志PV封IP的腳本。
10)監控網站的PV以及流量,並且對流量信息進行統計的腳本。
11)檢查Web服務器多個URL地址是否異常的腳本,要可以批量處理且通用。
12)系統的基礎優化一鍵優化的腳本。
13)TCP連接狀態及IP統計報警腳本。
14)批量創建用戶並設置隨機8位密碼的腳本