First, write a script selinux.sh, implement SELinux enables or disables the function
[root@centos7 ~]#vim selinux.sh #!/bin/bash confdir=/etc/selinux/config case "$1" in on) sed -ir 's/^SELINUX=.*/SELINUX=enforcing/' $confdir echo "Open The SELinux Success!" ;; off) sed -ir 's/^SELINUX=.*/SELINUX=disable/' $confdir echo "Close The SELinux Success;But you should reboot to make selinux enabled!" ;; *) echo "Usage:`basename $0` on|off" exit 1 ;; esac [root@centos7 ~]# bash selinux.sh on Open The SELinux Success! [root@centos7 ~]# grep "SELINUX=" /etc/selinux/config # SELINUX= can take one of these three values: SELINUX=enforcing [root@centos7 ~]# bash selinux.sh off Close The SELinux Success;But you should reboot to make selinux enabled! [root@centos7 ~]# grep "SELINUX=" /etc/selinux/config # SELINUX= can take one of these three values: SELINUX=disable
Second, the number of statistical / etc / fstab file for each file system type appears
#the first method [root@centos7 ~]# awk '/^[^#]/{print $3}' /etc/fstab |sort |uniq -c 1 swap 3 xfs # The second method awk array of applications [root@centos7 ~]# awk '/^[^#]/{num[$3]++}END{for(i in num) {print i,num[$i]}}' /etc/fstab swap xfs
Third, all the extracted numeric string Yd $ C @ M05MB% 9 & Bdh7dq + YVixp3vpw in
[root@centos7 ~]# echo 'Yd$C@M05MB%9&Bdh7dq+YVixp3vpw'|awk 'gsub(/[^0-9]/,"",$0)' 05973
Fourth, to solve production DOS attack case: According to the web log or network connections or, when a monitor or IP number of concurrent connections reaches 100 PV within a short time, that is, call firewall command sealing of the corresponding IP, frequency of monitoring every 5 minutes. Firewall command: iptables -A INPUT -s IP -j REJECT
#!/bin/bash [ -N " $. 1 " ] {|| echo " the Usage:` 0` file.log the basename $ " ; Exit . 1 ;} # determines whether there is transmission parameters file=$1 the while to true ; do awk ' {}. 1 Print $ ' $ . 1 | grep -v " ^ $ " | Sort | the uniq -C> / tmp / tmp.LOG # count and extracted IP IP exec < /tmp/tmp.log #while读入文件 while read line ; do ip=`echo $line|awk '{print $2}'` count=`echo $line|awk '{print $1}'` if [ $count -gt 100 ] && [ `iptables -vnL|grep "$ip"|wc -l` -lt 1 ];then iptables -A INPUT -s $IP -j REJECT echo "$ip is rejected" > /tmp/droplist_$(date +%F).log fi done sleep 300 #每分种监控一次 done