1、检查主机存活
#!/bin/bash
IP_RANGE="192.168.64."
IP=$(seq 1 254)
for i in $IP
do
(ping -c2 -w1 -i0.5 ${IP_RANGE}${i} >/dev/null 2>&1
if [ $? -eq 0 ]
then
echo "Host ${IP_RANGE}${i} is online" >> ./online.txt
fi)&
donefor i in `seq 255` ;do ping -c 1 192.168.64.$i >/dev/null 2>&1 && [[ $? = 0 ]]&&echo "ip:64.$i is up"||echo "ip:64.$i is down";done
nmap -sn 192.168.64.0/24|awk ‘/192/ {print $NF}‘针对物理机:命令行
a="192.168.64.170 192.168.64.92 192.168.64.93 192.168.64.99 192.168.64.100 192.168.64.101 192.168.64.124 192.168.64.125 192.168.64.142 192.168.64.163 192.168.64.171 192.168.64.201 192.168.64.206 192.168.64.230 192.168.64.231 192.168.64.232 192.168.64.122 192.168.64.158 192.168.64.159 192.168.64.160 192.168.64.168 192.168.64.169 192.168.64.97 192.168.64.112 192.168.64.113 192.168.64.180" for i in $a ;do ping -c 1 $i >/dev/null 2>&1 && [[ $? = 0 ]]&&echo "ip:$i is up"||echo "ip:$i is down";done
2 、笨方法改密码
2.1命令行
echo ‘passwd1‘|passwd --stdin root;echo ‘passwd2‘|passwd --stdin user;echo ‘passwd3‘|passwd --stdin usersudo
3、监控网络连接数
根据web日志或者或者网络连接数,监控当某个IP并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频率每隔3分钟。防火墙命令为:iptables-AINPUT -s 10.0.1.10 -j DROP。
netstat -an|grep EST|awk -F ‘[: ]+‘ ‘{print $6}‘|sort|uniq -c
#!/bin/bash
log=/tmp/tmp.log
[ -f $log ] || touch $log
function add_iptables(){
whileread line
do
ip=`echo $line|awk ‘{print $2}‘`
count=`echo $line|awk ‘{print $1}‘`
if [ $count -gt 100 ] && [`iptables -L -n|grep "$ip"|wc -l` -lt 1 ]
then
iptables -I INPUT -s $ip -jDROP
echo "$line isdropped" >>/tmp/droplist.log
fi
done<$log
}
function main(){
whiletrue
do
#awk ‘{print $1}‘ access.log|grep-v "^$"|sort|uniq -c >$log
netstat -an|grep EST|awk -F ‘[:]+‘ ‘{print $6}‘|sort|uniq -c >$log
add_iptables
sleep 180
done
}
main
本文出自 “jasperhsu” 博客,请务必保留此出处http://jasperhsu.blog.51cto.com/8953767/1679583
原文地址:http://jasperhsu.blog.51cto.com/8953767/1679583
