Project actual combat
Script programming steps
Script programming steps
1. Demand analysis
2. Command test
3. Script programming
4. Test tuning
Step analysis
需求分析
According to the needs of system management, analyze the functions to be realized by the script, the level of function realization, the realized commands and statements, etc.
命令测试
Test the commands to be used one by one to determine the options to be used, the variables to be set, etc.
脚本编程
Write the tested command into the script file, and save the result of the command execution through various statements, judge or issue an alarm, etc.
调试优化
Test the script and optimize
it according to the results. It is recommended to debug while programming to reduce the occurrence of errors
project
MAC record and port scanning script
Enterprise environment description
With the continuous development of business, a company uses more and more Linux servers. In the process of system management and maintenance, it is often necessary to write some practical small scripts to assist the operation and maintenance work, through work efficiency
Requirement:
Write a script named system.sh, record the MAC address of each host in the LAN, and save it in the /etc/ethers file; if this file already exists, it should be transferred and backed up; one record per line, the first column is IP address, the second column is the corresponding MAC address
Check which hosts have the anonymous FTP service enabled. The scanned object is all IP addresses in the /etc/ethers file, and the scanned port is 21
Command type:
analysis: record the MAC address of each host in the local area network; check which hosts have enabled anonymous FTP service
ping -c 3 -i 0.2 -w 1 ip: send MAC address resolution request
arp -n: record MAC
awk: print ip
Use the wget download method to test the FTP service with the MAC address
Project Flow:
[root@server1 ~]# ping -c 3 -i 0.2 -W 3 20.0.0.11 > a.txt
[root@server1 ~]# cat a.txt
[root@server1 ~]# arping -c 3 -I ens33 -w 3 20.0.0.11 > a.txt
[root@server1 ~]# cat a.txt
[root@server1 ~]# arping -c 1 -I ens33 -w 3 20.0.0.11 > a.txt
[root@server1 ~]# cat a.txt
-c: number of connections
-i: time interval
-I: use network card
-w: timeout
[root@server1 ~]# awk '{print $4,$5}' a.txt > b.txt
[root@server1 ~]# cat b.txt
Two hosts install ftp, check the 21 port status
[root@server1 ~]# yum -y install vsftpd
[root@server1 ~]# systemctl start vsftpd
[root@server1 ~]# netstat -anpt | grep 21
[root@server2 ~]# yum -y install vsftpd
[root@server2 ~]# systemctl start vsftpd
[root@server2 ~]# netstat -napt | grep 21
[root@server2 ~]# nmap -p 21 20.0.0.10 查看对应主机21端口是否开启
[root@server2 ~]# nmap -p 21 20.0.0.10 &> /dev/null
[root@server2 ~]# wget ftp://20.0.0.10 匿名下载,下载文件名为index.html
Choose a new one for shell script testing
1. Record online users and test whether they open port 21
[root@client1 ~]# vi system.sh
[root@client1 ~]# chmod +x system.sh
[root@client1 ~]# ./system.sh
[root@client1 ~]# sort -u /etc/ethers
sort -u:等同于uniq,表示相同的数据仅显示一行
#!/bin/bash
# 记录在线用户并测试其是否开放21号端口
net="20.0.0." 定义变量地址段
file=/etc/ethers 义变量记录文件位置
[ -f /etc/ethers ] && cp -f $file $file.bak 文件存在判断,存在备份
add=1 循环测试的起始变量
while [ $add -le 20 ] 循环条件
do 20.0.0. 1
ping -c 3 -i 0.2 -w 1 ${
net}${
add} &> /dev/null
if [ $? -eq 0 ] 追加
then arp -n | grep ${
net}${
add} | awk '{print $1,$3}' >> $file
fi 以数字形式显示
let add++
done
2. Carry out ftp online test
[root@client1 ~]# vi system.sh
[root@client1 ~]# chmod +x system.sh
[root@client1 ~]# ./system.sh
#!/bin/bash
# 记录在线用户并测试其是否开放21号端口
net="20.0.0."
file=/etc/ethers
[ -f /etc/ethers ] && cp -f $file $file.bak
add=1
while [ $add -le 20 ]
do
ping -c 3 -i 0.2 -w 1 ${
net}${
add} &> /dev/null
if [ $? -eq 0 ]
then arp -n | grep ${
net}${
add} | awk '{print $1,$3}' >> $file
fi
let add++
done
sort -u $file >> /root/file1.txt
target=$(awk '{print $1}' /root/file1.txt)
for ip in $target
do
wget ftp://$ip &> /dev/null 匿名下载
if [ $? -eq 0 ] 如果下载成功
then echo "$ip 主机ftp开启"
rm -rf index.html 删除下载的文件。因为每次测试下载的都是它
fi
done
System monitoring project
surroundings
With the continuous development of its business, a company uses more and more Linux servers. The administrator wants to write a simple performance monitoring script, put it on each server, and send an alert email when the monitoring indicators are abnormal
Requirements
Write a Shell monitoring script named sysmon.sh. The
monitoring content includes CPU usage, memory usage, and disk occupancy of the root partition. The
percentage only needs to be accurate to the single place, such as 7%, 12%, 23%, etc.
Any of the following situations Time alarm: Disk occupancy rate exceeds 90%, CPU usage rate exceeds 80%, memory usage rate exceeds 90%, and alarm emails are sent to the designated mailbox through the mail command
Step
Analysis: Monitoring content includes CPU usage, content usage, and disk occupancy of the root partition
df command
awk command
mpstat command (sysstat software package needs to be installed)
free command
1. Disk occupancy rate
[root@client1 ~]# df -Th | grep '/$'
[root@client1 ~]# df -Th | grep '/$' | awk '{print $6}'
[root@client1 ~]# df -Th | grep '/$' | awk '{print $6}' | awk -F% '{print $1}'
[root@client1 ~]# disk=$(df -Th | grep '/$' | awk '{print $6}' | awk -F% '{print $1}')
2. CPU usage
[root@client1 ~]# mpstat
[root@client1 ~]# mpstat | tail -1 | awk '{print $12}'
[root@client1 ~]# mpstat | tail -1 | awk '{print $12}' | awk -F. '{
print $1}
[root@client1 ~]# expr 100 - $(mpstat | tail -1 | awk '{print $12}' | awk -F. '{print $1}')
[root@client1 ~]# CPU=$(expr 100 - $(mpstat | tail -1 | awk '{print $12}' | awk -F. '{print $1}'))
3. Memory usage
[root@client1 ~]# free -m
[root@client1 ~]# free -m | grep "Mem:" | awk '{print $7}'
[root@client1 ~]# free -m | grep "Mem:" | awk '{print $2}'
[root@client1 ~]# expr $(free -m | grep "Mem:" | awk '{print $7}') / $(free -m | grep "Mem:" | awk '{print $2}')
[root@client1 ~]# expr $(free -m | grep "Mem:" | awk '{print $7}') \* 100 / $(free -m | grep "Mem:" | awk '{print $2}')
mem=$(expr $(free -m | grep "Mem:" | awk '{print $7}') \* 100 / $(free -m | grep "Mem:" | awk '{print $2}'))
4. Configuration file
[root@client1 ~]# rpm -qa mailx
mailx-12.5-16.el7.x86_64
[root@client1 ~]# vi /etc/mail.rc
[root@client1 ~]# echo "122333" | mail -s "test" ***********@qq.com
set from=***********@qq.com 发送邮箱地址
set smtp=smtp.qq.com 邮箱使用的smtp服务器的域名
set smtp-auth-user=1609325444@qq.com smtp邮件发送时登录的账号
set smtp-auth-password=........ 授权码
set smtp-auth=login smtp的状态,登录状态
5. Edit the configuration alarm script
[root@client1 ~]# vim sysmon.sh
[root@client1 ~]# chmod +x sysmon.sh
[root@client1 ~]# ./sysmon.sh
#!/bin/bash
# 磁盘占有率超过90%,CPU使用率超过80%,内存使用率超过90%告警发送邮件
disk=$(df -Th | grep '/$' | awk '{print $6}' | awk -F% '{print $1}')
CPU=$(expr 100 - $(mpstat | tail -1 | awk '{print $12}' | awk -F. '{print $1}'))
mem=$(expr $(free -m | grep "Mem:" | awk '{print $7}') \* 100 / $(free -m | grep "Mem:" | awk '{print $2}'))
A=/root/alert.txt
B=*************@qq.com
if [ $disk -ge 90 ]
then echo "磁盘占有率超过90%" >> $A
fi
if [ $CPU -ge 80 ]
then echo "CPU使用率超过80%" >> $A
fi
if [ $mem -ge 90 ]
then echo "内存使用率超过90%" >> $A
fi
if [ -f $A ]
then
cat $A | mail -s "alert report" $B
rm -rf $A
fi
One-click deployment of dns and apache services
Description of Requirement
The apche server is required to bind the domain name and the client can access it.
Ideas and command types
First configure the script file, because DNS service configuration requires more file settings. You can prepare the corresponding file first, so that it can be called during configuration.
File 1: 1912zf.txt (forward and reverse configuration file)
zone "aa.com" IN {
type master;
file "aa.com.zone";
allow-transfer {
192.168.6.12; };
also-notify {
192.168.6.12; };
};
zone "6.168.192.in-addr.arpa" IN {
type master;
file "aa.com.local";
allow-transfer {
192.168.6.12; };
};
File 2: http.txt (web configuration)
<html><title>web1</title><body><h1>good!!!</h1></body></html>
File 3: local.txt (reverse analysis file configuration)
$TTL 1D
@ IN SOA aa.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS aa.com.
A 192.168.6.11
11 IN PTR www.aa.com.
12 IN PTR ftp.aa.com.
File 4: zone.txt (forward analysis file configuration)
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.6.11
www IN A 192.168.6.11
ftp IN A 192.168.6.12
mail IN CNAME www
File 5: Service script configuration
[root@server2 ~]# vi dns.sh
#!/bin/bash
# dns缓存服务器
A=/var/named
B=/etc/named.conf
C=/etc/named.rfc1912.zones
D=/var/named/aa.com.zone
E=/var/named/aa.com.local
apache服务配置
yum -y install httpd
[ -e /var/www/html/index.html ] || touch /var/www/html/index.html
F=/var/www/html/index.html
chmod 755 $F
cat /root/http.txt > $F
yum -y install bind* 修改主配置文件
sed -i -e 's/listen-on port 53 { 127.0.0.1; };/listen-on port 53 { 192.168.6.11; };/g' $B
sed -i -e '/allow-query/s/{.*}/{ any; }/g' $B
cat /root/1912zf.txt >> $C 区域配置
cp -p $A/named.localhost $A/aa.com.zone 区域文件
cp -p $A/named.loopback $A/aa.com.local
cat /root/local.txt > $E 调用配置文件
cat /root/zone.txt > $D
sed -i '1anameserver 192.168.6.11' /etc/resolv.conf 添加ip地址指向
sed -i '1{H;d};2G' /etc/resolv.conf
systemctl restart named.service 服务启动
systemctl restart httpd
systemctl start named
nslookup www.aa.com 解析地址