linux作业10

1、编写脚本selinux.sh，实现开启或禁用SELinux功能

[root@localhost data]# cat selinux.sh 
#!/bin/bash
#
#********************************************************************
#Author:        wang
#QQ:            913520405
#Date:          2020-02-24
#FileName：      selinux.sh
#URL:           https://www.jianshu.com/u/28ec0e3dbc64
#Description：       The test script
#Copyright (C):     2020 All rights reserved
#********************************************************************
conf="/etc/selinux/config"

case "$1" in
    on)
        sed -ir 's@^SELINUX=.*@SELINUX=enforcing@' $conf
        ;;
    off)
        sed -ir 's@^SELINUX=.*@SELINUX=disabled@' $conf
        ;;
    *)
        echo "Usage: $0 on|off"
        ;;
esac

2、统计/etc/fstab文件中每个文件系统类型出现的次数

[root@localhost data]# grep -iE '^uuid=' /etc/fstab | awk '{print $3}' | uniq -c
      3 xfs
      1 swap
[root@localhost data]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Wed Dec 18 21:09:21 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=a44aa5cc-a3af-43d4-9c7d-c403035d4ea9 /                       xfs     defaults        0 0
UUID=2998e3c4-91ec-4f14-b19e-52e1640f2780 /boot                   xfs     defaults        0 0
UUID=ad28f936-2450-4a37-8660-e97ca35380a1 /data                   xfs     defaults        0 0
UUID=eba4d637-f817-4e13-918d-f9f812022472 swap                    swap    defaults        0 0
[root@localhost data]# grep -iE '^uuid=' /etc/fstab | awk '{print $3}' | uniq -c
      3 xfs
      1 swap

3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字

[root@localhost data]# string="Yd$C@M05MB%9&Bdh7dq+YVixp3vpw"
[root@localhost data]# echo $string | awk 'gsub(/[^0-9]/,"",$0)'
05973
[root@localhost data]# 

### 将字符串赋给变量string，利用awk的自带函数gsub，对字符串进行处理，对匹配到的非数字部分替换为空，awk默认行为是打印$0，即最后只输出剩下的数字。

4、解决DOS攻击生产案例:根据web日志或者或者网络连接数，监控当某个IP 并发连接数或者短时内PV达到100，即调用防火墙命令封掉对应的IP，监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT

[root@localhost data]# cat ddos_monitor.sh 
#!/bin/bash
#
#********************************************************************
#Author:        wang
#QQ:            913520405
#Date:          2020-02-24
#FileName：      ddos_monitor.sh
#URL:           https://www.jianshu.com/u/28ec0e3dbc64
#Description：       The test script
#Copyright (C):     2020 All rights reserved
#********************************************************************
    iplist=`ss -nat  | grep ":80"| awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c|\
    awk '{if($1>100) print $2}' `
    for ip in $iplist;
    do
        iptables -A INPUT -s $ip REJECT
        echo "$ip is dangerous ,was rejected!"
    done
[root@localhost data]# crontab -l
*/5 * * * *  sh /data/ddos_monitor.sh