1、编写脚本selinux.sh,实现开启或禁用SELinux功能
#!/bin/bash
if grep SELINUX=disabled /etc/selinux/config &>/dev/null;then
echo "selinux is stop"
elif grep SELINUX=enforcing /etc/selinux/config &>/dev/null;then
echo "selinux is start"
fi
read -p "please input (start or stop):" ST
case $ST in
start)
sed -i s
echo selinux is start
;;
stop)
sed -i s
echo selinux is stop
;;
*)
echo "please input (start or stop)"
;;
esac
2、统计/etc/fstab文件中每个文件系统类型出现的次数
[root@CentOS7 ~]
3 xfs
1 swap
3、提取出字符串Yd$C@M05MB%9&Bdh7dq+YVixp3vpw中的所有数字
[root@CentOS7 ~]
05 9 7 3
4、解决DOS攻击生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -s IP -j REJECT
#!/bin/bash
SLEEPTIME=300
while true ;do
ss -nt |awk -F ' +|:' '!/^S/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' >ss.log
while read ip num;do
if [ $num -ge 1 ];then
iptables -A INPUT -s $ip -j REJECT
fi
done <ss.log
sleep $SLEEPTIME
done