01
Dos攻击防范(自动屏蔽攻击 IP)
#!/bin/bashDATE=$(date +%d/%b/%Y:%H:%M)LOG_FILE=/usr/local/nginx/logs/demo2.access.logABNORMAL_IP=$(tail -n5000 $LOG_FILE |grep $DATE |awk'{a[$1]++}END{for(i in a)if(a[i]>10)print i}')forIP in $ABNORMAL_IP;doif[ $(iptables -vnL |grep -c"$IP") -eq0]; theniptables -I INPUT -s $IP -j DROPecho"$(date +'%F_%T') $IP">> /tmp/drop_ip.logfidone
02
Linux 系统发送告警脚本
setfrom=baojingtongzhi@163.com smtp=smtp.163.comsetsmtp-auth-user=baojingtongzhi@163.com smtp-auth-password=123456setsmtp-auth=login
03
MySQL 数据库备份单循环
#!/bin/bashDATE=$(date +%F_%H-%M-%S)HOST=localhostUSER=backupPASS=123.comBACKUP_DIR=/data/db_backupDB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e"show databases;"2>/dev/null |egrep -v"Database|information_schema|mysql|performance_schema|sys")forDB in $DB_LIST;doBACKUP_NAME=$BACKUP_DIR/${DB}_${DATE}.sqlif! mysqldump -h$HOST -u$USER -p$PASS -B $DB > $BACKUP_NAME2>/dev/null; thenecho"$BACKUP_NAME 备份失败!"fidone
04
MySQL 数据库备份多循环
#!/bin/bashDATE=$(date +%F_%H-%M-%S)HOST=localhostUSER=backupPASS=123.comBACKUP_DIR=/data/db_backupDB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e"show databases;"2>/dev/null |egrep -v"Database|information_schema|mysql|performance_schema|sys")forDB in $DB_LIST;doBACKUP_DB_DIR=$BACKUP_DIR/${DB}_${DATE}[ ! -d $BACKUP_DB_DIR ] && mkdir -p $BACKUP_DB_DIR &>/dev/nullTABLE_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e"use $DB;show tables;"2>/dev/null)forTABLE in $TABLE_LIST;doBACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.sqlif! mysqldump -h$HOST -u$USER -p$PASS $DB $TABLE > $BACKUP_NAME2>/dev/null; thenecho"$BACKUP_NAME 备份失败!"fidonedone
05
Nginx 访问访问日志按天切割
#!/bin/bashLOG_DIR=/usr/local/nginx/logsYESTERDAY_TIME=$(date -d"yesterday"+%F)LOG_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m")LOG_FILE_LIST="default.access.log"forLOG_FILE in $LOG_FILE_LIST;do[ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIRmv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME}donekill -USR1 $(cat /var/run/nginx.pid)
06
Nginx 访问日志分析脚本
#!/bin/bash# 日志格式: $remote_addr - $remote_user [$time_local]"$request"$status $body_bytes_sent"$http_referer""$http_user_agent""$http_x_forwarded_for"LOG_FILE=$1echo"统计访问最多的10个IP"awk'{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}'$LOG_FILE |sort -k2 -nr |head-10echo"----------------------"echo"统计时间段访问最多的IP"awk'$4>="[01/Dec/2018:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}'$LOG_FILE |sort -k2 -nr|head-10echo"----------------------"echo"统计访问最多的10个页面"awk'{a[$7]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}'$LOG_FILE |sort -k2 -nrecho"----------------------"echo"统计访问页面状态码数量"awk'{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}'
07
查看网卡实时流量脚本
#!/bin/bashNIC=$1echo -e" In ------ Out"whiletrue;doOLD_IN=$(awk'$0~"'$NIC'"{print $2}' /proc/net/dev)OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)sleep 1NEW_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev)NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s")OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s")echo "$IN $OUT"sleep 1done
08
服务器系统配置初始化脚本
#/bin/bash# 设置时区并同步时间ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtimeif! crontab -l |grep ntpdate &>/dev/null ; then(echo"* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontabfi# 禁用selinuxsed -i'/SELINUX/{s/permissive/disabled/}'/etc/selinux/config# 关闭防火墙ifegrep"7.[0-9]"/etc/redhat-release &>/dev/null; thensystemctl stop firewalldsystemctl disable firewalldelif egrep"6.[0-9]"/etc/redhat-release &>/dev/null; thenservice iptables stopchkconfig iptables offfi# 历史命令显示操作时间if! grep HISTTIMEFORMAT /etc/bashrc; thenecho'export HISTTIMEFORMAT="%F %T `whoami` "'>> /etc/bashrcfi# SSH超时时间if! grep"TMOUT=600"/etc/profile &>/dev/null; thenecho"export TMOUT=600">> /etc/profilefi# 禁止root远程登录sed -i's/#PermitRootLogin yes/PermitRootLogin no/'/etc/ssh/sshd_config# 禁止定时任务向发送邮件sed -i's/^MAILTO=root/MAILTO=""/'/etc/crontab# 设置最大打开文件数if! grep"* soft nofile 65535"/etc/security/limits.conf &>/dev/null; thencat >> /etc/security/limits.conf << EOF* soft nofile65535* hard nofile65535EOFfi# 系统内核优化cat >> /etc/sysctl.conf << EOFnet.ipv4.tcp_syncookies =1net.ipv4.tcp_max_tw_buckets =20480net.ipv4.tcp_max_syn_backlog =20480net.core.netdev_max_backlog =262144net.ipv4.tcp_fin_timeout =20EOF# 减少SWAP使用echo"0"> /proc/sys/vm/swappiness# 安装系统性能分析工具及其他yum install gcc make autoconf vim sysstat net-tools iostatif
09
监控 100 台服务器磁盘利用率脚本
#!/bin/bashHOST_INFO=host.infoforIP in $(awk'/^[^#]/{print $1}'$HOST_INFO);doUSER=$(awk -v ip=$IP'ip==$1{print $2}'$HOST_INFO)PORT=$(awk -v ip=$IP'ip==$1{print $3}'$HOST_INFO)TMP_FILE=/tmp/disk.tmpssh -p $PORT $USER@$IP'df -h'> $TMP_FILEUSE_RATE_LIST=$(awk'BEGIN{OFS="="}/^/dev/{print $NF,int($5)}'$TMP_FILE)forUSE_RATE in $USE_RATE_LIST;doPART_NAME=${USE_RATE%=*}USE_RATE=${USE_RATE#*=}if[ $USE_RATE -ge80]; thenecho"Warning: $PART_NAME Partition usage $USE_RATE%!"fidonedone
文章转载:我的小碗汤。长风实验室发布、转载的文章中所涉及的技术、思路和工具,仅供以网络安全为目的的学习交流使用,不得用作它途。部分文章来源于网络,如有侵权请联系删除。
END
推荐
阅读
原文始发于微信公众号(长风实验室):9个运维最常用的脚本整理(经典版本)
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论