1.编写脚本selinux.sh,实现开启或禁用SELinux功能。
[root@localhost ~]#bash SElinux.sh
######################################################
Current status:
SELinux status: disabled
######################################################
Please input enable|disable|permissive|quit to set SElinux: enable
setenforce: SELinux is disabled
SElinux current status is Disabled
SElinux config file is set SELINUX=enforcing
[root@localhost ~]#bash SElinux.sh
######################################################
Current status:
SELinux status: disabled
######################################################
Please input enable|disable|permissive|quit to set SElinux: disable
setenforce: SELinux is disabled
SElinux current status is Disabled,But Disabled's status need to reboot
SElinux config file is set SELINUX=disabled
[root@localhost ~]#bash SElinux.sh
######################################################
Current status:
SELinux status: disabled
######################################################
Please input enable|disable|permissive|quit to set SElinux: permissive
setenforce: SELinux is disabled
SElinux current status is Disabled
SElinux config file is set SELINUX=Permissive
[root@localhost ~]#cat SElinux.sh
#!/bin/bash
#********************************************************************
#Author: Kevin.Wen
#Revision: 1.0
#QQ: 2510905014
#Date: 2020-11-13
#FileName: SElinux.sh
#********************************************************************
echo "######################################################"
echo -e "Current status:\n`sestatus`"
echo "######################################################"
echo -e "\n"
read -p "Please input enable|disable|permissive|quit to set SElinux: " Arg
if [ $Arg == "enable" ];then
setenforce 1
sed -ri.bak "s#^SELINUX=.*#SELINUX=enforcing#" /etc/selinux/config &>/dev/null
echo "SElinux current status is `getenforce`"
echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`"
exit
elif [ $Arg == "disable" ];then
setenforce 0
sed -ri.bak "s#^SELINUX=.*#SELINUX=disabled#" /etc/selinux/config &>/dev/null
echo "SElinux current status is `getenforce`,But Disabled's status need to reboot"
echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`"
exit
elif [ $Arg == "permissive" ];then
setenforce Permissive
sed -ri.bak "s#^SELINUX=.*#SELINUX=Permissive#" /etc/selinux/config &>/dev/null
echo "SElinux current status is `getenforce`"
echo "SElinux config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`"
exit
else [ $Arg == "quit" ]
echo "The shell exit"
exit
fi
2.统计/etc/fstab文件中每个文件系统类型出现的次数。
[root@localhost /data]#awk -F'[[:space:]]+' '/^UUID/{print $3}' /etc/fstab |uniq -c
3 xfs
1 swap
[root@localhost /data]#cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Aug 3 17:02:43 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=71b66acd-688f-45df-8d45-1d3cf606820f / xfs defaults 0 0
UUID=1890737d-134e-49aa-a764-569a2bd251d8 /boot xfs defaults 0 0
UUID=82c012a2-3f30-4649-ac90-e9896c20f829 /data xfs defaults 0 0
UUID=87716ee2-fda6-41e2-9d46-4d42bd7bb257 swap swap defaults 0 0
3.提取出字符串Yd$C@MO5MB%9&Bdh7dq+YVixp3vpw中的所有数字。
[root@localhost /data]#echo "Yd$C@M05MB%9&Bdh7dq+YVixp3vpw" | awk '{gsub(/[^0-9]/,"");print $0}'
05973
[root@localhost ~]#bash -x checkdos.sh
+ /usr/sbin/ss -tn
+ awk '-F +|:' '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip)if(ip[i]>10) print i}'
+ read IP
[root@localhost ~]#cat checkdos.sh
#!/bin/bash
#********************************************************************
#Author: Kevin.Wen
#Revision: 1.0
#QQ: 2510905014
#Date: 2020-11-13
#FileName: checkdos.sh
#********************************************************************
/usr/sbin/ss -tn | awk -F" +|:" '/ESTAB/{ip[$(NF-2)]++}END{for(i in ip)if(ip[i]>10) print i}' > /data/ddosip.txt
while read IP;do
/usr/sbin/iptables -A INPUT -s $IP -j REJECT
echo "The $IP reject" >> /data/checkddos.txt
done < /data/ddosip.txt
