1、Dos 攻击防范(自动屏蔽攻击 IP)
#!/bin/bash
DATE=
(
d
a
t
e
+
L
O
G
F
I
L
E
=
/
u
s
r
/
l
o
c
a
l
/
n
g
i
n
x
/
l
o
g
s
/
d
e
m
o
2.
a
c
c
e
s
s
.
l
o
g
A
B
N
O
R
M
A
L
I
P
=
(date +%d/%b/%Y:%H:%M) LOG_FILE=/usr/local/nginx/logs/demo2.access.log ABNORMAL_IP=
(date+LOGFILE=/usr/local/nginx/logs/demo2.access.logABNORMALIP=(tail -n5000 $LOG_FILE |grep $DATE |awk ‘{a[$1]++}END{for(i in a)if(a[i]>10)print i}’)
for IP in $ABNORMAL_IP; do
if [
(
i
p
t
a
b
l
e
s
−
v
n
L
∣
g
r
e
p
−
c
"
(iptables -vnL |grep -c "
(iptables−vnL∣grep−c"IP") -eq 0 ]; then
iptables -I INPUT -s
I
P
−
j
D
R
O
P
e
c
h
o
"
IP -j DROP echo "
IP−jDROPecho"(date +’%F_%T’) $IP" >> /tmp/drop_ip.log
fi
done
2、Linux 系统发送告警脚本
yum install mailx
vi /etc/mail.rc
set from=baojingtongzhi@163.com smtp=smtp.163.com
set smtp-auth-user=baojingtongzhi@163.com smtp-auth-password=123456
set smtp-auth=login
3、MySQL 数据库备份单循环
#!/bin/bash
DATE=
(
d
a
t
e
+
H
O
S
T
=
l
o
c
a
l
h
o
s
t
U
S
E
R
=
b
a
c
k
u
p
P
A
S
S
=
123.
c
o
m
B
A
C
K
U
P
D
I
R
=
/
d
a
t
a
/
d
b
b
a
c
k
u
p
D
B
L
I
S
T
=
(date +%F_%H-%M-%S) HOST=localhost USER=backup PASS=123.com BACKUP_DIR=/data/db_backup DB_LIST=
(date+HOST=localhostUSER=backupPASS=123.comBACKUPDIR=/data/dbbackupDBLIST=(mysql -h
H
O
S
T
−
u
HOST -u
HOST−uUSER -p$PASS -s -e “show databases;” 2>/dev/null |egrep -v “Database|information_schema|mysql|performance_schema|sys”)
for DB in
D
B
L
I
S
T
;
d
o
B
A
C
K
U
P
N
A
M
E
=
DB_LIST; do BACKUP_NAME=
DBLIST;doBACKUPNAME=BACKUP_DIR/KaTeX parse error: Expected group after '_' at position 5: {DB}_̲{DATE}.sql
if ! mysqldump -h
H
O
S
T
−
u
HOST -u
HOST−uUSER -p$PASS -B $DB >
B
A
C
K
U
P
N
A
M
E
2
>
/
d
e
v
/
n
u
l
l
;
t
h
e
n
e
c
h
o
"
BACKUP_NAME 2>/dev/null; then echo "
BACKUPNAME2>/dev/null;thenecho"BACKUP_NAME 备份失败!"
fi
done
4、MySQL 数据库备份多循环
#!/bin/bash
DATE=
(
d
a
t
e
+
H
O
S
T
=
l
o
c
a
l
h
o
s
t
U
S
E
R
=
b
a
c
k
u
p
P
A
S
S
=
123.
c
o
m
B
A
C
K
U
P
D
I
R
=
/
d
a
t
a
/
d
b
b
a
c
k
u
p
D
B
L
I
S
T
=
(date +%F_%H-%M-%S) HOST=localhost USER=backup PASS=123.com BACKUP_DIR=/data/db_backup DB_LIST=
(date+HOST=localhostUSER=backupPASS=123.comBACKUPDIR=/data/dbbackupDBLIST=(mysql -h
H
O
S
T
−
u
HOST -u
HOST−uUSER -p$PASS -s -e “show databases;” 2>/dev/null |egrep -v “Database|information_schema|mysql|performance_schema|sys”)
for DB in
D
B
L
I
S
T
;
d
o
B
A
C
K
U
P
D
B
D
I
R
=
DB_LIST; do BACKUP_DB_DIR=
DBLIST;doBACKUPDBDIR=BACKUP_DIR/KaTeX parse error: Expected group after '_' at position 5: {DB}_̲{DATE}
[ ! -d $BACKUP_DB_DIR ] && mkdir -p KaTeX parse error: Expected 'EOF', got '&' at position 15: BACKUP_DB_DIR &̲>/dev/null …(mysql -h
H
O
S
T
−
u
HOST -u
HOST−uUSER -p$PASS -s -e “use $DB;show tables;” 2>/dev/null)
for TABLE in
T
A
B
L
E
L
I
S
T
;
d
o
B
A
C
K
U
P
N
A
M
E
=
TABLE_LIST; do BACKUP_NAME=
TABLELIST;doBACKUPNAME=BACKUP_DB_DIR/
T
A
B
L
E
.
s
q
l
i
f
!
m
y
s
q
l
d
u
m
p
−
h
{TABLE}.sql if ! mysqldump -h
TABLE.sqlif!mysqldump−hHOST -u
U
S
E
R
−
p
USER -p
USER−pPASS $DB $TABLE >
B
A
C
K
U
P
N
A
M
E
2
>
/
d
e
v
/
n
u
l
l
;
t
h
e
n
e
c
h
o
"
BACKUP_NAME 2>/dev/null; then echo "
BACKUPNAME2>/dev/null;thenecho"BACKUP_NAME 备份失败!"
fi
done
done
5、Nginx 访问访问日志按天切割
#!/bin/bash
LOG_DIR=/usr/local/nginx/logs
YESTERDAY_TIME=
(
d
a
t
e
−
d
"
y
e
s
t
e
r
d
a
y
"
+
L
O
G
M
O
N
T
H
D
I
R
=
(date -d "yesterday" +%F) LOG_MONTH_DIR=
(date−d"yesterday"+LOGMONTHDIR=LOG_DIR/$(date +"%Y-%m")
LOG_FILE_LIST=“default.access.log”
for LOG_FILE in $LOG_FILE_LIST; do
[ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR
mv
L
O
G
D
I
R
/
LOG_DIR/
LOGDIR/LOG_FILE
L
O
G
M
O
N
T
H
D
I
R
/
LOG_MONTH_DIR/
LOGMONTHDIR/{LOG_FILE}_${YESTERDAY_TIME}
done
kill -USR1 $(cat /var/run/nginx.pid)
6、Nginx 访问日志分析脚本
#!/bin/bash
日志格式: $remote_addr - r e m o t e u s e r [ remote_user [ remoteuser[time_local] “$request” $status b o d y b y t e s s e n t " body_bytes_sent " bodybytessent"http_referer" “ h t t p u s e r a g e n t " " http_user_agent" " httpuseragent""http_x_forwarded_for”
LOG_FILE=$1
echo “统计访问最多的10个IP”
awk ‘{a[$1]++}END{print “UV:”,length(a);for(v in a)print v,a[v]}’ $LOG_FILE |sort -k2 -nr |head -10
echo “----------------------”
echo “统计时间段访问最多的IP”
awk ‘$4>="[01/Dec/2018:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}’ $LOG_FILE |sort -k2 -nr|head -10
echo “----------------------”
echo “统计访问最多的10个页面”
awk ‘{a[$7]++}END{print “PV:”,length(a);for(v in a){if(a[v]>10)print v,a[v]}}’ $LOG_FILE |sort -k2 -nr
echo “----------------------”
echo “统计访问页面状态码数量”
awk ‘{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}’
7、查看网卡实时流量脚本
#!/bin/bash
NIC=
1
e
c
h
o
−
e
"
I
n
−
−
−
−
−
−
O
u
t
"
w
h
i
l
e
t
r
u
e
;
d
o
O
L
D
I
N
=
1 echo -e " In ------ Out" while true; do OLD_IN=
1echo−e"In−−−−−−Out"whiletrue;doOLDIN=(awk ‘
0
"
′
0~"'
0 "′NIC’"{print KaTeX parse error: Expected 'EOF', got '}' at position 2: 2}̲' /proc/net/dev…(awk ‘
0
"
′
0~"'
0 "′NIC’"{print KaTeX parse error: Expected 'EOF', got '}' at position 3: 10}̲' /proc/net/dev…(awk ‘
0
"
′
0~"'
0 "′NIC’"{print KaTeX parse error: Expected 'EOF', got '}' at position 2: 2}̲' /proc/net/dev…(awk ‘
0
"
′
0~"'
0 "′NIC’"{print KaTeX parse error: Expected 'EOF', got '}' at position 3: 10}̲' /proc/net/dev…(printf “%.1f%s” "
(
(
(
(((
(((NEW_IN-
O
L
D
I
N
)
/
1024
)
)
"
"
K
B
/
s
"
)
O
U
T
=
OLD_IN)/1024))" "KB/s") OUT=
OLDIN)/1024))""KB/s")OUT=(printf “%.1f%s” “
(
(
(
(((
(((NEW_OUT-
O
L
D
O
U
T
)
/
1024
)
)
"
"
K
B
/
s
"
)
e
c
h
o
"
OLD_OUT)/1024))" "KB/s") echo "
OLDOUT)/1024))""KB/s")echo"IN $OUT”
sleep 1
done
8、服务器系统配置初始化脚本
#/bin/bash
设置时区并同步时间
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
if ! crontab -l |grep ntpdate &>/dev/null ; then
(echo “* 1 * * * ntpdate time.windows.com >/dev/null 2>&1”;crontab -l) |crontab
fi
禁用selinux
sed -i ‘/SELINUX/{s/permissive/disabled/}’ /etc/selinux/config
关闭防火墙
if egrep “7.[0-9]” /etc/redhat-release &>/dev/null; then
systemctl stop firewalld
systemctl disable firewalld
elif egrep “6.[0-9]” /etc/redhat-release &>/dev/null; then
service iptables stop
chkconfig iptables off
fi
历史命令显示操作时间
if ! grep HISTTIMEFORMAT /etc/bashrc; then
echo ‘export HISTTIMEFORMAT="%F %T whoami
"’ >> /etc/bashrc
fi
SSH超时时间
if ! grep “TMOUT=600” /etc/profile &>/dev/null; then
echo “export TMOUT=600” >> /etc/profile
fi
禁止root远程登录
sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/’ /etc/ssh/sshd_config
禁止定时任务向发送邮件
sed -i ‘s/^MAILTO=root/MAILTO=""/’ /etc/crontab
设置最大打开文件数
if ! grep “* soft nofile 65535” /etc/security/limits.conf &>/dev/null; then
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
fi
系统内核优化
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 20480
net.ipv4.tcp_max_syn_backlog = 20480
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_fin_timeout = 20
EOF
减少SWAP使用
echo “0” > /proc/sys/vm/swappiness
安装系统性能分析工具及其他
yum install gcc make autoconf vim sysstat net-tools iostat if
9、监控 100 台服务器磁盘利用率脚本
#!/bin/bash
HOST_INFO=host.info
for IP in $(awk ‘/[#]/{print $1}’
H
O
S
T
I
N
F
O
)
;
d
o
U
S
E
R
=
HOST_INFO); do USER=
HOSTINFO);doUSER=(awk -v ip=$IP ‘ip==$1{print $2}’
H
O
S
T
I
N
F
O
)
P
O
R
T
=
HOST_INFO) PORT=
HOSTINFO)PORT=(awk -v ip=$IP ‘ip==$1{print $3}’ $HOST_INFO)
TMP_FILE=/tmp/disk.tmp
ssh -p $PORT
U
S
E
R
@
USER@
USER@IP ‘df -h’ >
T
M
P
F
I
L
E
U
S
E
R
A
T
E
L
I
S
T
=
TMP_FILE USE_RATE_LIST=
TMPFILEUSERATELIST=(awk ‘BEGIN{OFS="="}/^/dev/{print $NF,int($5)}’ $TMP_FILE)
for USE_RATE in
U
S
E
R
A
T
E
L
I
S
T
;
d
o
P
A
R
T
N
A
M
E
=
USE_RATE_LIST; do PART_NAME=
USERATELIST;doPARTNAME={USE_RATE%=}
USE_RATE=${USE_RATE#=}
if [ $USE_RATE -ge 80 ]; then
echo “Warning: $PART_NAME Partition usage $USE_RATE%!”
fi
done
done