1、Dos攻击防御(自动屏蔽攻击IP)#!/bin/bashDATE=$(date+%d/%b/%Y:%H:%M)LOG_FILE=/usr/local/nginx/logs/demo2.access.logABNORMAL_IP=$(tail-n5000$LOG_FILE|grep$DATE|awk'{a[$1]++}END{for(iina)if(a[i]>10)printi}')获取IP在$ABNORMAL_IP中;做if[$(iptables-vnL|grep-c"$IP")-eq0];然后iptables-IINPUT-s$IP-jDROPecho"$(date+'%F_%T')$IP">>/tmp/drop_ip.logfidone2.Linux系统发送告警脚本#yuminstallmailx#vi/etc/mail.rcsetfrom=baojingtongzhi@163.comsmtp=smtp.163.comsetsmtp-auth-user=baojingtongzhi@163.comsmtp-auth-password=123456setsmtp-auth=login3.MySQL数据库备份单循环#!/bin/bashDATE=$(date+%F_%H-%M-%S)HOST=localhostUSER=backupPASS=123.comBACKUP_DIR=/data/db_backupDB_LIST=$(mysql-h$HOST-u$USER-p$PASS-s-e"showdatabases;"2>/dev/null|egrep-v"Database|information_schema|mysql|performance_schema|sys")forDBin$DB_LIST;执行BACKUP_NAME=$BACKUP_DIR/${DB}_${DATE}.sql如果!mysqldump-h$HOST-u$USER-p$PASS-B$DB>$BACKUP_NAME2>/dev/null;然后echo“$BACKUP_NAME备份丢失!”fidone4.MySQL数据库备份多循环#!/bin/bashDATE=$(date+%F_%H-%M-%S)HOST=localhostUSER=backupPASS=123.comBACKUP_DIR=/data/db_backupDB_LIST=$(mysql-h$HOST-u$USER-p$PASS-s-e"显示数据库;"2>/dev/null|egrep-v"Database|information_schema|mysql|performance_schema|sys")forDBin$DB_LIST;做BACKUP_DB_DIR=$BACKUP_DIR/${DB}_${DATE}[!-d$BACKUP_DB_DIR]&&mkdir-p$BACKUP_DB_DIR&>/dev/nullTABLE_LIST=$(mysql-h$HOST-u$USER-p$PASS-s-e“使用$DB;显示表;”2>/dev/null)对于$TABLE_LIST中的TABLE;做BACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.sql如果!mysqldump-h$HOST-u$USER-p$PASS$DB$TABLE>$BACKUP_NAME2>/dev/null;然后回显“$BACKUP_NAME备份失败!”fidonedone5.Nginx访问访问日志按天切割#!/bin/bashLOG_DIR=/usr/local/nginx/logsYESTERDAY_TIME=$(date-d"yesterday"+%F)LOG_MONTH_DIR=$LOG_DIR/$(date+"%Y-%m")LOG_FILE_LIST="default.access.log"forLOG_FILEin$LOG_FILE_LIST;做[!-d$LOG_MONTH_DIR]&&mkdir-p$LOG_MONTH_DIRmv$LOG_DIR/$LOG_FILE$LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME}donekill-USR1$(cat/var/run/nginx.pid)6.Nginx访问日志分析script#!/bin/bash#日志格式:$remote_addr-$remote_user[$time_local]"$request"$status$body_bytes_sent"$http_referer""$http_user_agent""$http_x_forwarded_for"LOG_FILE=$1echo"统计访问最多的10个IP"awk'{a[$1]++}END{print"UV:",length(a);for(vina)printv,a[v]}'$LOG_FILE|sort-k2-nr|head-10echo"--------------------"echo"统计时间段访问次数最多的IP"awk'$4>="[01/Dec/2018:13:20:25"&&$4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(vina)printv,a[v]}'$LOG_FILE|sort-k2-nr|head-10echo"--------------------"echo"统计访问量最大的10个页面"awk'{a[$7]++}END{print"PV:",length(a);for(vina){if(a[v]>10)printv,a[v]}}'$LOG_FILE|sort-k2-nrecho"----------------------"echo"统计访问页面状态码个数"awk'{a[$7""$9]++}END{for(vina){if(a[v]>5)打印v,a[v]}}'7.查看网卡实时流量脚本#!/bin/bashNIC=$1echo-e"In------Out"whiletrue;做OLD_IN=$(awk'$0~"'$NIC'"{print$2}'/proc/net/dev)OLD_OUT=$(awk'$0~"'$NIC'"{print$10}'/proc/net/dev)sleep1NEW_IN=$(awk'$0~"'$NIC'"{print$2}'/proc/net/dev)NEW_OUT=$(awk'$0~"'$NIC'"{print$10}'/proc/net/dev)IN=$(printf"%.1f%s""$((($NEW_IN-$OLD_IN)/1024))""KB/s")OUT=$(printf"%.1f%s""$((($NEW_OUT-$OLD_OUT)/1024))""KB/s")echo"$IN$OUT"sleep1done8.服务器系统配置初始化脚本#/bin/bash#设置时间区域和同步时间ln-s/usr/share/zoneinfo/Asia/Shanghai/etc/localtimeif!crontab-l|grepntpdate&>/dev/null;then(echo"*1***ntpdatetime.windows.com>/dev/null2>&1";crontab-l)|crontabfi#Disableselinuxsed-i'/SELINUX/{s/permissive/disabled/}'/etc/selinux/config#关闭防火墙ifegrep"7.[0-9]"/etc/redhat-release&>/dev/null;然后systemctl停止firewalldsystemctl禁用firewalldelifegrep"6.[0-9]"/etc/redhat-release&>/dev/null;thenserviceiptablesstopchkconfigiptablesofffi#Historycommandshowsoperationtimeif!grepHISTTIMEFORMAT/etc/bashrc;然后echo'exportHISTTIMEFORMAT="%F%T`whoami`"'>>/etc/bashrcfi#SSH超时如果!grep"TMOUT=600"/etc/profile&>/dev/null;thenecho"exportTMOUT=600">>/etc/profilefi#禁止root远程登录sed-i's/#PermitRootLoginyes/PermitRootLoginno/'/etc/ssh/sshd_config#禁止定时任务发送邮件sed-i's/^MAILTO=root/MAILTO=""/'/etc/crontab#设置最大打开文件数if!grep"*softnofile65535"/etc/security/limits.conf&>/dev/null;然后cat>>/etc/security/limits.conf<
