Introduction Enterprise Shell interview question: Master please detour!
Enterprise Practical Problems 6 : developing shell scripts to solve DOS secure Linux server production cases
according toWeblog or the number of network connections, monitor when aIPnumber of concurrent connections or short -termPVreach -, that is, call the firewall command to seal off the correspondingIP, monitoring frequency every3minutes. The firewall commands are:iptables-i input-s 10.0.0.10-j DROP.
Answer:
(a) first come Web log:
Development Thinking Analysis:
1, the analysis of the IP address, and then go to the weight of the various IP access times, can be placed in the file.
[[email protected] scripts]# awk ' {print $} ' access_2010-12-8.log|sort|uniq-c|sort-rn|head 35 59.33.26.105 23 1 23.122.65.226 8 124.115.4.18[[email protected] scripts]# awk ' {s[$1]++}end{for (k in S) print s[k],k} ' access_2010-12- 8.log|sort-rn|head35 59.33.26.10523 123.122.65.2268 124.115.4.18
2,IP access to the number of , sealed off
If condition sentence required
3, read 1 of the de-re-result file, available while,
4
[[email protected] scripts]# cat exam05.sh#!/bin/bash##################################### ########################## file name: exam05.sh# version: v1.0# author: oldboy# organization: www.oldboyedu.com############################################################# #while truedo awk ' {s[$1]++}end{for (k in s) print s[k],k} ' access_2010-12-8.log|sort -rn|head >/tmp/ip.log while read line do ip= ' echo $line |awk ' {print $2} ' count= ' echo $line |awk ' { print $1} ' if [ $count -ge 36 -a ' grep -w ' $ip " /tmp/drop_$ (date +%f). Ip|wc -l ' -lt 1 ] &nbsP; then iptables -i INPUT -s $ip -j DROP && echo -e "$ip \t ' date +%f '" >>/tmp/drop_$ (date +%f) .ip fi done</tmp/ip.log sleep 5done
(b) In the case of a blog:
Pull Netstat.log test from production environment
[[email protected] scripts]# awk-f "[:]+" '/est.*$/{print $ (NF-3)} ' Netstat.log |awk ' {s[$1]++}end{for (k in S) print S[k] , k} ' |sort-rn|head4 118.242.18.1773 123.6.8.2233 114.250.252.1272 123.244.104.422 121.204.108.1601 59.53.166.1651 58.45.107.1891 42.95.73.1521 42.196.246.1801 36.46.160.100
If you can netstat-an|awk-f "[:]+" '/est.*$/{print $ (NF-3)} ' analysis in the work
Final Answer:
[[email protected] scripts]# cat exam05.sh#!/bin/bash##################################### ########################## file name: exam05.sh# version: v1.0# author: oldboy# organization: www.oldboyedu.com############################################################# #while truedo awk -F "[ :]+" '/est.*$/{print $ (NF-3)} ' netstat.log |awk ' {s[$1]++}end{for (k in s) print s[k],k} ' |sort -rn|head >/tmp/ip.log while read line do ip= ' echo $line |awk ' {print $2} ' count= ' echo $line |awk ' {print $1} ' if [ $count -ge 36 -a ' grep -w $ip ' /tmp/drop_$ (date +%f). Ip|wc -l ' -lt 1 ] then iptables -I INPUT -s $ip -j DROP && echo -e "$IP \ t ' date +%f ' >>/tmp/drop_$ (date +%f) .ip fi done</tmp/ip.log sleep 5done
The content comes from the book " Learning Linux operations with older boys: Shell Programming" , the most classic shell learning book in the country.
Basic weak can also follow the video learning http://edu.51cto.com/topic/546.html
More cases See http://blog.51cto.com/oldboy/1632876
Develop shell scripts to address DOS secure Linux server production cases