1、編寫腳本selinux.sh，實(shí)現(xiàn)開啟或禁用SELinux功能

read -p "please input character set selinux for {start|stop} :" SE

SEC=$(sed -rn 's@^SELINUX=(.*)@\1@'p /etc/selinux/config)

if [ $SE == 'start' ];then

? ? ? ? if [ $SEC == 'enforcing' ];then

? ? ? ? ? ? ? ? echo "selinux current status is enforcing"

? ? ? ? elif [ $SEC == 'disabled' ];then

? ? ? ? ? ? ? ? sed -ri 's@^SELINUX=(.*)@SELINUX=enforcing@' /etc/selinux/config && echo "selinux start succeed"

? ? ? ? fi

elif [ $SE == 'stop' ];then

? ? ? ? if [ $SEC == 'disabled' ];then

? ? ? ? ? ? ? ? echo "selinux current status is disabled"

? ? ? ? elif [ $SEC == 'enforcing' ];then

? ? ? ? ? ? ? ? sed -ri 's@^SELINUX=(.*)@SELINUX=disabled@' /etc/selinux/config && echo "selinux stop succeed"

? ? ? ? fi

fi

2、統(tǒng)計(jì)/etc/fstab文件中每個(gè)文件系統(tǒng)類型出現(xiàn)的次數(shù)

grep "^UUID" fstab |awk -F" " '{print $3}' | uniq -c

3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有數(shù)字

echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk -F "" '

{

? for(i=1;i<=NF;i++)

? {

? ? if ($i ~ /[0-9]/)

? ? {

? ? ? str=$i

? ? ? str1=(str1 str)

? ? }

? }

? print str1

}'

4、解決DOS攻擊生產(chǎn)案例:根據(jù)web日志或者或者網(wǎng)絡(luò)連接數(shù)，監(jiān)控當(dāng)某個(gè)IP?并發(fā)連接數(shù)或者短時(shí)內(nèi)PV達(dá)到100，即調(diào)用防火墻命令封掉對(duì)應(yīng)的IP，監(jiān)控頻?率每隔5分鐘。防火墻命令為:iptables?-A?INPUT?-s?IP?-j?REJECT

web，也可以分析日志，把單IP PV數(shù)高的封掉。按天定義PV=1000即封掉

#!/bin/bash

while true

do

??awk'{print $1}'access.log|grep -v "^$"|sort|uniq -c?>?/tmp/tmp.log

?exec </tmp/tmp.log

??while read line

??do

????ip=`echo $link | awk '{print?$2}'`

????count=`echo $line |awk'{print?$1}'`

??????if[?$count?-gt?5?]?&&?[?`iptables?-L?-n | grep "$ip"|wc-l`?-lt?1?]

??????then

????????iptables?-I?INPUT?-s?$ip?-j?REJECT

????????echo"$line?is?dropped" >>/tmp/droplist.log

??????fi

??done

??sleep5

done