1, scripting selinux.sh, implement SELinux enables or disables the function
[root@ansible_centos7 ~]# cat selinux.sh #!/bin/bash # #************************************************************************ #Author: qiuhom #QQ: 467697313 #mail: [email protected] #Date: 2019-12-11 #FileName: selinux.sh #URL: https://www.cnblogs.com/qiuhom-1874/ #Description: #Copyright (C): 2019 All rights reserved #************************************************************************ [ -f /etc/init.d/functions ] && . /etc/init.d/functions [ $UID -ne 0 ] && echo "this script must root run it" && exit 1 [ $# -ne 1 ] && echo "Usage:bash $0 <off|on>" && exit 2 if [ "$1" = "on" ];then sed -i 's@^SELINUX=.*@SELINUX=enforcing@g' /etc/selinux/config [ $? -eq 0 ] && action "selinux config on " /bin/true /sbin/setenforce 1 elif [ "$1" = "off" ];then sed -i 's@^SELINUX=.*@SELINUX=disabled@g' /etc/selinux/config [ $? -eq 0 ] && action "selinux config off " /bin/true /sbin/setenforce 0 else echo "argv error , please input <on|off>" exit 3 fi [root@ansible_centos7 ~]#
verification
[root@ansible_centos7 ~]# sh selinux.sh Usage:bash selinux.sh <off|on> [root@ansible_centos7 ~]# sh selinux.sh aa argv error , please input <on|off> [root@ansible_centos7 ~]# getenforce Permissive [root@ansible_centos7 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@ansible_centos7 ~]# sh selinux.sh on selinux config on [ OK ] [root@ansible_centos7 ~]# getenforce Enforcing [root@ansible_centos7 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@ansible_centos7 ~]# sh selinux.sh off selinux config off [ OK ] [root@ansible_centos7 ~]# getenforce Permissive [root@ansible_centos7 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@ansible_centos7 ~]#
Note: To permanently closed selinux need to restart the server, because selinux is based on a kernel module, only to reboot to re-read the configuration file, the temporary closure can setenforce 0 comes close, in fact, this method is not accurate to say that selinux closed, selinux is switched into a state permissive state, that this condition only provides a warning selinux not substantially resource control on linux.
2, the number of statistical / etc / fstab file for each file system type appears
[qiuhom@test ~]$ cat -A /etc/fstab|awk '!/^\$|#/{fstype[$3]++}END{print "fstype count";for(i in fstype){print i,fstype[i]}}'
fstype count
devpts 1
swap 1
sysfs 1
proc 1
tmpfs 1
iso9660 2
ext4 2
[qiuhom@test ~]$
Note: The above command core idea is to use awk array to record the number of times the file system appears every appearance the same file system type will be its count by one, and finally print out the results of the statistical cycle
3, all the extracted numeric string Yd $ C @ M05MB% 9 & Bdh7dq + YVixp3vpw in
Method 1: Use grep filter
[root@ansible_centos7 ~]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|grep -o '[0-9]' 0 5 9 7 3 [root@ansible_centos7 ~]#
Method 2: Using Filter awk
[root@ansible_centos7 ~]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|awk -F "" '{for(i=1;i<=NF;i++){if($i ~ /[0-9]/){print $i}}}'
0
5
9
7
3
[root@ansible_centos7 ~]#
Note: The above command core idea is to cycle each character in the string, and then determine whether each character is a number, if it is a digital print. Wherein the designated field separator is -F, -F "" represents a blank field separator, i.e. each character is a field
4, to solve the DOS attack Production Case: The network or web log, or connections, to monitor when an IP concurrent connections or short time PV 100, i.e., a command to call the firewall blocks a corresponding IP, the monitoring frequency of every 5 minutes. Firewall command: iptables -A INPUT -s IP -j REJECT
The first step: to write scripts filter web access log, the statistics ip access log out, and then determine whether the period of time up to 100 connections
[root@test ~]#cat dos.sh #!/bin/bash # #************************************************************************ #Author: qiuhom #QQ: 467697313 #mail: [email protected] #Date: 2019-12-12 #FileName: dos.sh #URL: https://www.cnblogs.com/qiuhom-1874/ #Description: #Copyright (C): 2019 All rights reserved #************************************************************************ ip=`cat /var/log/nginx/access.log|awk '{ cip[$1]++ } END{ for(i in cip) { if(cip[i] == 3){ print i } } }'` iplist=`echo $ip |tr -s " " ","` iptables -A INPUT -s $iplist -j REJECT [ ! -e /log/bak ] && mkdir -p /log/bak cat /var/log/nginx/access.log >> /log/bak/nginx_access.log.bak > /var/log/nginx/access.log [root@test ~]#
Note: The above script means that the number of access log to nginx's statistics client ip arise, if the number of client ip appear greater than or equal to 100, it ip record this to ip this variable, then the variable ip with tr command spaces replaced by a comma, and then passed to a variable called iplist, and then meet the requirements of unified ip added to the firewall rules in the ip access disabled.
Step Two: Develop a script written above us plan tasks performed every 5 minutes
[root@test ~]#crontab -l */5 * * * * bash /root/dos.sh &> /dev/null