第十周作业

1、编写脚本selinux.sh，实现开启或禁用SELinux功能

#!/bin/bash

if [ $1 == "on" ];then
    sed -i '7s/.*/SELINUX=enforcing/g' /etc/selinux/config
    [ $? -eq 0 ] && /sbin/setenforce 1 > /dev/null 2>&1
    echo "SELinux is enforcing."
elif [ $1 == "off" ];then
    sed -i '7s/.*/SELINUX=disabled/g' /etc/selinux/config
    [ $? -eq 0 ] && /sbin/setenforce 0 > /dev/null 2>&1
    echo "SELinux is disabled."
else
    echo "argv error, please input "
    exit 1
fi

2、统计/etc/fstab文件中每个文件系统类型出现的次数

cat /etc/fstab | awk '/^UUID*/{filetype[$3]++} END {
for (i in filetype)
    {print i,filetype[i]}
}'

3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字

echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw' | awk 'gsub(/[^0-9]/,"",$0)'

4、解决DOS攻击生产案例:根据web日志或者或者网络连接数，监控当某个IP 并发连接数或者短时内PV达到100，即调用防火墙命令封掉对应的IP，监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT

#!/bin/bash

[ -n "$1" ] || { echo "Usage:`basename $0` file.log";exit 1; }

file=$1

while true ; do
  awk '{print $1}' $1|grep -v "^$"|sort|uniq -c  > /tmp/tmp.log
  exec < /tmp/tmp.log
  while read line ; do
    ip=`echo $line|awk '{print $2}'`
    count=`echo $line|awk '{print $1}'`
    if [ $count -gt 100 ] && [ `iptables -vnL|grep "$ip"|wc -l` -lt 1 ];then
        iptables -A INPUT -s $IP -j REJECT
        echo "$ip is rejected" > /tmp/droplist_$(date +%F).log
    fi
  done
  sleep 300
done