1、編寫腳本selinux.sh,實現開啟或禁用SELinux功能
[root@ansible_centos7 ~]# cat selinux.sh
#!/bin/bash
#
#************************************************************************
#Author: qiuhom
#QQ: 467697313
#mail: qiuhom467697313@qq.com
#Date: 2019-12-11
#FileName: selinux.sh
#URL: https://www.cnblogs.com/qiuhom-1874/
#Description:
#Copyright (C): 2019 All rights reserved
#************************************************************************
[ -f /etc/init.d/functions ] && . /etc/init.d/functions
[ $UID -ne 0 ] && echo "this script must root run it" && exit 1
[ $# -ne 1 ] && echo "Usage:bash $0 <off|on>" && exit 2
if [ "$1" = "on" ];then
sed -i 's@^SELINUX=.*@SELINUX=enforcing@g' /etc/selinux/config
[ $? -eq 0 ] && action "selinux config on " /bin/true
/sbin/setenforce 1
elif [ "$1" = "off" ];then
sed -i 's@^SELINUX=.*@SELINUX=disabled@g' /etc/selinux/config
[ $? -eq 0 ] && action "selinux config off " /bin/true
/sbin/setenforce 0
else
echo "argv error , please input <on|off>"
exit 3
fi
[root@ansible_centos7 ~]#
驗證
[root@ansible_centos7 ~]# sh selinux.sh Usage:bash selinux.sh <off|on> [root@ansible_centos7 ~]# sh selinux.sh aa argv error , please input <on|off> [root@ansible_centos7 ~]# getenforce Permissive [root@ansible_centos7 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@ansible_centos7 ~]# sh selinux.sh on selinux config on [ OK ] [root@ansible_centos7 ~]# getenforce Enforcing [root@ansible_centos7 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@ansible_centos7 ~]# sh selinux.sh off selinux config off [ OK ] [root@ansible_centos7 ~]# getenforce Permissive [root@ansible_centos7 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@ansible_centos7 ~]#
說明:要想永久關閉selinux需要重啟服務器,因為selinux是基於內核的一個模塊,只有重啟才能重新讀取配置文件,臨時關閉可以用setenforce 0來臨時關閉,其實這種方法准確的說不是關閉selinux,是將selinux的狀態切換成permissive狀態,也就是說這種狀態selinux只警告,並不實質上的管控linux上的資源。
2、統計/etc/fstab文件中每個文件系統類型出現的次數
[qiuhom@test ~]$ cat -A /etc/fstab|awk '!/^\$|#/{fstype[$3]++}END{print "fstype count";for(i in fstype){print i,fstype[i]}}'
fstype count
devpts 1
swap 1
sysfs 1
proc 1
tmpfs 1
iso9660 2
ext4 2
[qiuhom@test ~]$
說明:以上命令核心思想就是利用awk數組來記錄文件系統出現的次數,每出現相同的文件系統類型就將其計數加1,最后把統計的結果循環打印出來
3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有數字
方法一:利用grep過濾
[root@ansible_centos7 ~]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|grep -o '[0-9]' 0 5 9 7 3 [root@ansible_centos7 ~]#
方法二:利用awk過濾
[root@ansible_centos7 ~]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|awk -F "" '{for(i=1;i<=NF;i++){if($i ~ /[0-9]/){print $i}}}'
0
5
9
7
3
[root@ansible_centos7 ~]#
說明:以上命令核心思想是循環字符串中的每一個字符,然后判斷每個字符是否是數字,如果是數字就打印出來。其中-F是指定字段分割符,-F "" 表示字段分割符為空,即每一個字符都為一個字段
4、解決DOS攻擊生產案例:根據web日志或者或者網絡連接數,監控當某個IP 並發連接數或者短時內PV達到100,即調用防火牆命令封掉對應的IP,監控頻 率每隔5分鍾。防火牆命令為:iptables -A INPUT -s IP -j REJECT
第一步:寫腳本過濾web訪問日志,將訪問日志中的ip統計出來,然后判斷是否段時間連接達到100
[root@test ~]#cat dos.sh
#!/bin/bash
#
#************************************************************************
#Author: qiuhom
#QQ: 467697313
#mail: qiuhom467697313@qq.com
#Date: 2019-12-12
#FileName: dos.sh
#URL: https://www.cnblogs.com/qiuhom-1874/
#Description:
#Copyright (C): 2019 All rights reserved
#************************************************************************
ip=`cat /var/log/nginx/access.log|awk '{
cip[$1]++
}
END{
for(i in cip)
{
if(cip[i] >= 100){
print i
}
}
}'`
iplist=`echo $ip |tr -s " " ","`
iptables -A INPUT -s $iplist -j REJECT
[ ! -e /log/bak ] && mkdir -p /log/bak
cat /var/log/nginx/access.log >> /log/bak/nginx_access.log.bak
> /var/log/nginx/access.log
[root@test ~]#
說明:以上腳本的意思是去nginx的訪問日志中統計客戶端ip出現的次數,如果客戶端的ip出現次數大於等於100 ,就將此ip記錄到ip這個變量里,然后將變量ip用tr命令將空格替換成逗號,然后傳給一個叫iplist的變量,然后把滿足要求的ip統一添加到防火牆規則里進行禁用ip的訪問。
第二步:制定計划任務每5分鍾執行一次我們上面寫的腳本
[root@test ~]#crontab -l */5 * * * * bash /root/dos.sh &> /dev/null