9 个日常实用 Shell 脚本,请收藏~

共 5108字,需浏览 11分钟

 ·

2022-02-21 17:44

1、Dos 攻击防范(自动屏蔽攻击 IP)

#!/bin/bashDATE=$(date +%d/%b/%Y:%H:%M)LOG_FILE=/usr/local/nginx/logs/demo2.access.logABNORMAL_IP=$(tail -n5000 $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>10)print i}')for IP in $ABNORMAL_IP; do    if [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; then        iptables -I INPUT -s $IP -j DROP        echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log    fidone

2、Linux 系统发送告警脚本

# yum install mailx# vi /etc/mail.rcset from=baojingtongzhi@163.com smtp=smtp.163.comset smtp-auth-user=baojingtongzhi@163.com smtp-auth-password=123456set smtp-auth=login

3、MySQL 数据库备份单循环

#!/bin/bashDATE=$(date +%F_%H-%M-%S)HOST=localhostUSER=backupPASS=123.comBACKUP_DIR=/data/db_backupDB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;" 2>/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys")
for DB in $DB_LIST; do BACKUP_NAME=$BACKUP_DIR/${DB}_${DATE}.sql if ! mysqldump -h$HOST -u$USER -p$PASS -B $DB > $BACKUP_NAME 2>/dev/null; then echo "$BACKUP_NAME 备份失败!" fidone

4、MySQL 数据库备份多循环

#!/bin/bashDATE=$(date +%F_%H-%M-%S)HOST=localhostUSER=backupPASS=123.comBACKUP_DIR=/data/db_backupDB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;" 2>/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys")
for DB in $DB_LIST; do BACKUP_DB_DIR=$BACKUP_DIR/${DB}_${DATE} [ ! -d $BACKUP_DB_DIR ] && mkdir -p $BACKUP_DB_DIR &>/dev/null TABLE_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "use $DB;show tables;" 2>/dev/null) for TABLE in $TABLE_LIST; do BACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.sql if ! mysqldump -h$HOST -u$USER -p$PASS $DB $TABLE > $BACKUP_NAME 2>/dev/null; then echo "$BACKUP_NAME 备份失败!" fi donedone

5、Nginx 访问访问日志按天切割

#!/bin/bashLOG_DIR=/usr/local/nginx/logsYESTERDAY_TIME=$(date -d "yesterday" +%F)LOG_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m")LOG_FILE_LIST="default.access.log"
for LOG_FILE in $LOG_FILE_LIST; do [ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR mv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME}done
kill -USR1 $(cat /var/run/nginx.pid)

6、Nginx 访问日志分析脚本

#!/bin/bash# 日志格式: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"LOG_FILE=$1echo "统计访问最多的10个IP"awk '{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr |head -10echo "----------------------"
echo "统计时间段访问最多的IP"awk '$4>="[01/Dec/2018:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr|head -10echo "----------------------"
echo "统计访问最多的10个页面"awk '{a[$7]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}' $LOG_FILE |sort -k2 -nrecho "----------------------"
echo "统计访问页面状态码数量"awk '{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}'

7、查看网卡实时流量脚本

#!/bin/bashNIC=$1echo -e " In ------ Out"while true; do    OLD_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev)    OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)    sleep 1    NEW_IN=$(awk  '$0~"'$NIC'"{print $2}' /proc/net/dev)    NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)    IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s")    OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s")    echo "$IN $OUT"    sleep 1done

8、服务器系统配置初始化脚本

#/bin/bash# 设置时区并同步时间ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtimeif ! crontab -l |grep ntpdate &>/dev/null ; then    (echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontabfi
# 禁用selinuxsed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config
# 关闭防火墙if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then systemctl stop firewalld systemctl disable firewalldelif egrep "6.[0-9]" /etc/redhat-release &>/dev/null; then service iptables stop chkconfig iptables offfi
# 历史命令显示操作时间if ! grep HISTTIMEFORMAT /etc/bashrc; then echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrcfi
# SSH超时时间if ! grep "TMOUT=600" /etc/profile &>/dev/null; then echo "export TMOUT=600" >> /etc/profilefi
# 禁止root远程登录sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# 禁止定时任务向发送邮件sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab
# 设置最大打开文件数if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then cat >> /etc/security/limits.conf << EOF * soft nofile 65535 * hard nofile 65535EOFfi
# 系统内核优化cat >> /etc/sysctl.conf << EOFnet.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_tw_buckets = 20480net.ipv4.tcp_max_syn_backlog = 20480net.core.netdev_max_backlog = 262144net.ipv4.tcp_fin_timeout = 20EOF
# 减少SWAP使用echo "0" > /proc/sys/vm/swappiness
# 安装系统性能分析工具及其他yum install gcc make autoconf vim sysstat net-tools iostat if

9、监控 100 台服务器磁盘利用率脚本

#!/bin/bashHOST_INFO=host.infofor IP in $(awk '/^[^#]/{print $1}' $HOST_INFO); do    USER=$(awk -v ip=$IP 'ip==$1{print $2}' $HOST_INFO)    PORT=$(awk -v ip=$IP 'ip==$1{print $3}' $HOST_INFO)    TMP_FILE=/tmp/disk.tmp    ssh -p $PORT $USER@$IP 'df -h' > $TMP_FILE    USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^\/dev/{print $NF,int($5)}' $TMP_FILE)    for USE_RATE in $USE_RATE_LIST; do        PART_NAME=${USE_RATE%=*}        USE_RATE=${USE_RATE#*=}        if [ $USE_RATE -ge 80 ]; then            echo "Warning: $PART_NAME Partition usage $USE_RATE%!"        fi    donedone

来源:科技曼

如侵权请私聊公众号删文


1、9.5分的的神器,超实用的,刚需!
2、黑客是如何完美排查入侵者?
3、请尽快卸载这两款恶意浏览器插件!已有近 50 万用户安装
4、Wireshark的抓包和分析,看这篇就够了!
5、黑客利用木马远程控制目标手机(切勿尝试)



更多精彩等待你的发现
点分享
点点赞
点在看

浏览 27
点赞
评论
收藏
分享

手机扫一扫分享

分享
举报
评论
图片
表情
推荐
点赞
评论
收藏
分享

手机扫一扫分享

分享
举报