标签:dom ip地址 ssh scan 引号 index secure dir atd
案例1 awk 的匹配过滤功能
[root@oldboy02 ~]# awk ‘BEGIN{h[110]="lee";h[114]="xo";print h[110],h[114]}‘
lee xo
[root@oldboy02 oldboy]# vim url.txt
[root@oldboy02 oldboy]# awk -F "[/.]+" ‘{print $2}‘ url.txt (/+表示连续的斜线) ([/.]表示取出的是www.内容)
www
www
post
mp3
post
www
www
[root@oldboy02 oldboy]# awk -F "[/.]+" ‘{h[$2]=h[$2]+1}END {print h["www"],h["post"],h["mp3"]}‘ url.txt (统计第二例每个字符串出现的次数)
4 2 1
[root@oldboy02 oldboy]# awk -F "[/.]+" ‘{h[$2]=h[$2]+1}END {for(pol in h) print pol}‘ url.txt (显示变量里面的名称)
pol 表示变量 h 表示变量的名称
www
mp3
post
[root@oldboy02 oldboy]# awk -F "[/.]+" ‘{h[$2]=h[$2]+1}END {for(pol in h) print pol,h[pol]}‘ url.txt (统计出现的次数)
www 4
mp3 1
post 2
企业案例2
统计secure.log中 每个破解你密码的ip的出现次数
[root@oldboyedu-sh01-lnb files]# awk ‘/Failed password/{h[$(NF-3)]++}END{for(pol in h) print pol,h[pol]}‘ secure-20161219 |sort -rnk2|head
统计access.log 中 每个ip地址出现的次数
[root@oldboyedu-sh01-lnb files]# awk ‘{h[$1]++}END{for(pol in h) print pol,h[pol]}‘ access.log |sort -rnk2 |head
Failed 是用户登陆失败,连续多次的登陆失败,就是在暴力破解密码。
/Failed/ 关键词查找
$ (NF-3) 表示倒数第四列
fa[$(NF-3)]++ 使用数组,对不同的ip分类累加
for(pol in fa) for循环 使用pol 变量,逐个的取出fa[$(NF-3)] 数组中的内容。
print pol,fa[pol] 显示数组的内容,以及pol的次数,即统计.
案例2 判断命令行传参个数是否等于2
[root@oldboy02 scripts]# vim /server/scripts/arg.sh
#!/bin/bash
#
#
[ $# -eq 2 ] && echo "arg:" $#
[root@oldboy02 scripts]# sh /server/scripts/arg.sh
[root@oldboy02 scripts]# sh /server/scripts/arg.sh a b
arg: 2
[root@oldboy02 scripts]# sh /server/scripts/arg.sh a b c d
案例3判断/oldboy目录是否存在不存在则创建
[ -d /oldboy ] || mkdir -p /oldboy
如果/root/oldboy.txt 存在则提示文件已存在
[root@oldboy02 ~]# [ -f /root/oldboy.txt ] && echo file esists file esists
file esists file esists
案例4 优化Linux的启动项,只保留crond;sshd;network;sysstat,其它的都关闭
[root@oldboy02 scripts]# chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" (取出这5个开机要启动的服务名称)
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
第二步:
root@oldboy02 scripts]# chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v ( 排除这5个服务后,把别的其它的开机服务都显示出来)
[root@oldboy02 scripts]# chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v
abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
第三步:
[root@oldboy02 scripts]# chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v|awk ‘{print $1}‘ 取出开机启动的第一列服务名称
abrt-ccpp
abrtd
acpid
atd
auditd
blk-availability
cpuspeed
haldaemon
ip6tables
iptables
第四步
把 chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v|awk ‘{print $1}‘ 放到for循环里面
[root@oldboy02 scripts]# for i in $(chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v|awk ‘{print $1}‘ )
> do
> echo chkconfig $i off
> done
chkconfig abrt-ccpp off
chkconfig abrtd off
chkconfig acpid off
chkconfig atd off
chkconfig auditd off
chkconfig blk-availability off
chkconfig cpuspeed off
chkconfig haldaemon off
chkconfig ip6tables off
chkconfig iptables off
chkconfig irqbalance off
chkconfig kdump off
chkconfig lvm2-monitor off
chkconfig mdmonitor off
chkconfig messagebus off
chkconfig netconsole off
chkconfig netfs off
chkconfig nfs-rdma off
chkconfig ntpd off
chkconfig ntpdate off
chkconfig postfix off
chkconfig psacct off
chkconfig quota_nld off
chkconfig rdisc off
chkconfig rdma off
chkconfig restorecond off
chkconfig rngd off
chkconfig saslauthd off
chkconfig smartd off
chkconfig svnserve off
chkconfig udev-post off
[root@oldboy02 scripts]# vim bb.sh
#!/bin/bash
for i in $(chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v|awk ‘{print $1}‘)
do
chkconfig $i off
done
[root@oldboy02 scripts]# sh bb.sh
[root@oldboy02 scripts]# chkconfig|grep 3:on
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
[root@oldboy02 scripts]# sh -x bb.sh (-x 表示脚本的执行过程) +号表示脚本里面执行的命令 -号表示显示在屏幕上面
+ chkconfig cpuspeed off
+ for i in ‘$(chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v|awk ‘\‘‘{print $1}‘\‘‘)‘
+ chkconfig haldaemon off
+ for i in ‘$(chkconfig |egrep "crond|sshd|rsyslog|network|sysstat" -v|awk ‘\‘‘{print $1}‘\‘‘)‘
思路就是往for循环的格式里面套
for i in $() <in后面可以写成 $()或者``反引号都行>
do
echo chkconfig $i off (执行关闭服务的名称的动作)
done
企业案例5 批量创建linux用户并设置随机密码
linux生成随机密码有很多方法,这里介绍两种,一种是内部系统变量($RANDOM),另一种是使用openssl。
内部系统变量($RANDOM)直接echo就可以获取到一组随机数:
获取8位随机数:
#echo $RANDOM|md5sum |cut -c 1-8 (-c:仅显示行中指定范围的字符)
393c839b
使用openssl命令获取随机数:
# openssl rand -base64 8
qpIpWLYS6Yk=
获取8位随机数:
# openssl rand -base64 8|cut -c 1-8
GPHYu+MU
批量创建10个系统用户,并且设置随机数密码脚本为:
# cat useradd.sh
#!/bin/bash
for i in `seq -w 10`
do
pass=`echo $RANDOM|md5sum |cut -c 1-8` #使用随机数做密码的时候,一定要定义变量,否则生成的密码和最后记录的密码不统一
useradd user$i && echo $pass |passwd --stdin user$i
echo -e "user:user$i \t pass:$pass" >>/tmp/user.log
done
[root@oldboy02 ~]# cat /etc/passwd
user1:x:1000:1000::/home/user1:/bin/bash
user2:x:1001:1000::/home/user2:/bin/bash
user3:x:1002:1000::/home/user3:/bin/bash
user4:x:1003:1000::/home/user4:/bin/bash
[root@oldboy02 ~]# cat /etc/shadow
user1:$6$KETlofyM$xc64WO81G9c/8m9G4haAYsHd1jz5gALrcv.aBbJnMoaAf6NHac4PPBBiXxHtT.jBfz81dYb/C6GHfGg2XsMfl1:17857:0:99999:7:::
user2:$6$vAreFUg1$d7ndikXTXjHKKl/W1pJ7lnfmXxgH2nF/.MCsrrv5vGF8zNObsGOZtb4FC6wm9x/I9kywQ2GaiKvO16O1E8Wah.:17857:0:99999:7:::
user3:$6$rLPVSz3q$wD8SbTZP62zM0nTRZDkB09WtzizqEPR.jch3EJwCivI1LmnlIRTf.Pu0Z5zXo6rz2jiBaVtPANDe9FabkJ03/1:17857:0:99999:7:::
user4:$6$0IHJRla2$kXnAV.bkVBA7D3k
案例5 网络异常是的拍错命令
64 bytes from 220.181.111.37: icmp_seq=1 ttl=128 time=7.87 ms
64 bytes from 220.181.111.37: icmp_seq=2 ttl=128 time=8.51 ms
64 bytes from 220.181.111.37: icmp_seq=3 ttl=128 time=8.50 ms
3 packets transmitted, 3 received, 0% packet loss, time 2015ms (ping 了三次没有丢包)
rtt min/avg/max/mdev = 7.874/8.297/8.516/0.317 ms
[root@oldboy02 ~]# ping -c 4 -i 3 223.5.5.5 (-c 表示4次数 -i 表示每隔3秒 -q 表示只显示结果不显示过程的参数)
PING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.
64 bytes from 223.5.5.5: icmp_seq=2 ttl=128 time=65.1 ms
64 bytes from 223.5.5.5: icmp_seq=3 ttl=128 time=77.3 ms
64 bytes from 223.5.5.5: icmp_seq=4 ttl=128 time=82.5 ms
--- 223.5.5.5 ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 12014ms
rtt min/avg/max/mdev = 65.183/75.022/82.522/7.269 ms
[root@oldboy02 ~]# ping -c 4 -i 2 -q 223.5.5.5
PING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.
--- 223.5.5.5 ping statistics ---
4 packets transmitted, 2 received, 50% packet loss, time 8015ms
rtt min/avg/max/mdev = 74.905/79.363/83.822/4.467 ms
[root@oldboy02 ~]# ping -c 1000 223.5.5.5
PING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.
64 bytes from 223.5.5.5: icmp_seq=1 ttl=128 time=130 ms
64 bytes from 223.5.5.5: icmp_seq=3 ttl=128 time=75.5 ms
64 bytes from 223.5.5.5: icmp_seq=4 ttl=128 time=83.9 ms
^C
--- 223.5.5.5 ping statistics ---
5 packets transmitted, 3 received, 40% packet loss, time 4322ms
rtt min/avg/max/mdev = 75.566/96.641/130.447/24.147 ms
[root@oldboy02 ~]# ping -c 1000 223.5.5.5 -f (-c 指1000个包 -f 表示快速得到结果)
PING 223.5.5.5 (223.5.5.5) 56(84) bytes of data.
..
--- 223.5.5.5 ping statistics ---
10 packets transmitted, 8 received, 20% packet loss, time 266ms
rtt min/avg/max/mdev = 58.122/66.048/74.597/4.992 ms, pipe 7, ipg/ewma 29.657/68.129 ms
[root@oldboy02 ~]# nmap 10.0.0.200 -p 22 -p 指端口号
Nmap scan report for oldboy02 (10.0.0.200)
Host is up (0.000052s latency).
PORT STATE SERVICE
22/tcp open ssh( 表示状态是开启的)
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
[root@oldboy02 ~]# nmap 10.0.0.200 -p 10-40 (10-40 表示10到40之间开启的端口)
[root@oldboy02 ~]# nmap 223.5.5.5 -p 10-40
Host is up (0.00047s latency).
Nmap done: 1 IP address (1 host up) scanned in 1.57 seconds
以上信息表示没有开启这个数值之间的端口
企业案例
标签:dom ip地址 ssh scan 引号 index secure dir atd
原文地址:https://www.cnblogs.com/yangjuncheng0826/p/10015391.html