Develop shell scripts to address DOS secure Linux server production cases

Introduction Enterprise Shell interview question: Master please detour!

Enterprise Practical Problems 6 : developing shell scripts to solve DOS secure Linux server production cases

according toWeblog or the number of network connections, monitor when aIPnumber of concurrent connections or short -termPVreach -, that is, call the firewall command to seal off the correspondingIP, monitoring frequency every3minutes. The firewall commands are:iptables-i input-s 10.0.0.10-j DROP.

Answer:

(a) first come Web log:

Development Thinking Analysis:

1, the analysis of the IP address, and then go to the weight of the various IP access times, can be placed in the file.

[[email protected] scripts]# awk ' {print $} ' access_2010-12-8.log|sort|uniq-c|sort-rn|head 35 59.33.26.105 23 1 23.122.65.226 8 124.115.4.18[[email protected] scripts]# awk ' {s[$1]++}end{for (k in S) print s[k],k} ' access_2010-12- 8.log|sort-rn|head35 59.33.26.10523 123.122.65.2268 124.115.4.18

2,IP access to the number of , sealed off

If condition sentence required

3, read 1 of the de-re-result file, available while,

4

[[email protected] scripts]# cat exam05.sh#!/bin/bash##################################### ########################## file name: exam05.sh# version: v1.0# author:  oldboy# organization: www.oldboyedu.com############################################################# #while  truedo    awk  ' {s[$1]++}end{for (k in s)  print s[k],k} '  access_2010-12-8.log|sort -rn|head >/tmp/ip.log    while read  line    do        ip= ' echo  $line |awk   ' {print $2} '         count= ' echo  $line |awk  ' { print $1} '         if [  $count  -ge 36 -a   ' grep -w  ' $ip " /tmp/drop_$ (date +%f). Ip|wc -l '  -lt 1 ]      &nbsP;  then            iptables -i  INPUT -s  $ip  -j DROP &&             echo -e  "$ip \t  ' date +%f '"  >>/tmp/drop_$ (date +%f) .ip        fi    done</tmp/ip.log     sleep 5done

(b) In the case of a blog:

Pull Netstat.log test from production environment

[[email protected] scripts]# awk-f "[:]+" '/est.*$/{print $ (NF-3)} ' Netstat.log |awk ' {s[$1]++}end{for (k in S) print S[k] , k} ' |sort-rn|head4 118.242.18.1773 123.6.8.2233 114.250.252.1272 123.244.104.422 121.204.108.1601 59.53.166.1651 58.45.107.1891 42.95.73.1521 42.196.246.1801 36.46.160.100

If you can netstat-an|awk-f "[:]+" '/est.*$/{print $ (NF-3)} ' analysis in the work

Final Answer:

[[email protected] scripts]# cat exam05.sh#!/bin/bash##################################### ########################## file name: exam05.sh# version: v1.0# author:  oldboy# organization: www.oldboyedu.com############################################################# #while  truedo    awk -F  "[ :]+"   '/est.*$/{print $ (NF-3)} '  netstat.log |awk  ' {s[$1]++}end{for (k in s) print s[k],k} ' |sort -rn|head  >/tmp/ip.log    while read line    do         ip= ' echo  $line |awk  ' {print $2} '          count= ' echo  $line |awk  ' {print $1} '          if [  $count  -ge 36 -a  ' grep -w  $ip '  /tmp/drop_$ (date  +%f). Ip|wc -l ' -lt 1 ]        then             iptables -I INPUT -s  $ip  -j DROP  &&            echo -e  "$IP \ t   ' date +%f '  >>/tmp/drop_$ (date +%f) .ip         fi    done</tmp/ip.log    sleep 5done

The content comes from the book " Learning Linux operations with older boys: Shell Programming" , the most classic shell learning book in the country.

Basic weak can also follow the video learning http://edu.51cto.com/topic/546.html

More cases See http://blog.51cto.com/oldboy/1632876

Develop shell scripts to address DOS secure Linux server production cases