目录
1.批量创建用户并设置密码脚本
2.查看网卡实时流量脚本
3.nginx访问日志脚本
4.dos防范攻击(自动屏蔽攻击脚本)
5.监控多台服务器磁盘利用率脚本
6.监控MySQL主从同步异常脚本
7.批量检查网站异常脚本
8.查看服务器资源利用率脚本
9.查找占用CPU内存过高脚本
1.批量创建用户并设置密码脚本
#批量创建100个用户 user01 ~ user100
user=user
#创建存储用户和密码的文件
touch user.txt
txt=user.txt
#循环遍历1到100
for i in {1..100}
do
random=$[$RANDOM%100]
if [ $i -lt 10 ];then
name="${user}0$i"
useradd $name
echo $random | passwd --stdin $name &> /dev/null
echo -e "$name $random \t" >> $txt
echo "$name 创建成功"
else
name="$user$i"
useradd $name
echo $random | passwd --stdin $name &> /dev/null
echo -e "$name $random \t" >> $txt
echo "$name 创建成功"
fi
done
2.查看网卡实时流量脚本
[root@ansible ~]# vim sd.sh
#!/bin/basha
RSY=$(cat /proc/net/dev | grep ens33 | sed 's/:/ /g' | awk '{print $10}' |awk '{print $1/1048576 "MB/s"}')
echo $RSY
[root@ansible ~]# watch -n 1 sh sd.sh 加上watch -n 1 来判断网卡实时流量
3.nginx访问日志脚本
cat /var/log/nginx/access.log |awk '{print $1,$4,$5,$6,$7,$8,$9, $10,$12,$13.$14,$15,$16,$17,$18,$19,$10}'|sort |uniq -c |sort -nr
[root@client1 ~]# cat /var/log/nginx/access.log |awk '{print $1, $4,$5,$6, $7 ,$8, $9, $10,$12,$13.$14,$15,$16,$17,$18,$19,$10}'|sort |uniq -c |sort -nr3 192.168.1.119 [17/Jul/2023:09:52:02 +0800] "GET / HTTP/1.1" 304 0 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 02 192.168.1.119 [17/Jul/2023:09:52:03 +0800] "GET / HTTP/1.1" 304 0 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 01 192.168.1.119 [17/Jul/2023:09:52:04 +0800] "GET / HTTP/1.1" 304 0 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 01 192.168.1.119 [17/Jul/2023:09:52:01 +0800] "GET / HTTP/1.1" 304 0 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 01 192.168.1.119 [17/Jul/2023:09:52:00 +0800] "GET / HTTP/1.1" 304 0 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 01 192.168.1.119 [17/Jul/2023:09:51:57 +0800] "GET /img/header-background.png HTTP/1.1" 200 82896 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 828961 192.168.1.119 [17/Jul/2023:09:51:57 +0800] "GET /favicon.ico HTTP/1.1" 404 3650 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 36501 192.168.1.119 [17/Jul/2023:09:51:56 +0800] "GET /img/html-background.png HTTP/1.1" 200 1801 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 18011 192.168.1.119 [17/Jul/2023:09:51:56 +0800] "GET /img/centos-logo.png HTTP/1.1" 200 3030 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 30301 192.168.1.119 [17/Jul/2023:09:51:56 +0800] "GET / HTTP/1.1" 200 4833 "Mozilla/5.0 (WindowsNT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 4833
192.168.1.119:客户端的IP地址。- [17/Jul/2023:09:52:02 +0800]:请求发生的日期和时间,以及时区偏移量。
"GET / HTTP/1.1":HTTP请求的方法、请求的路径和HTTP协议的版本。200:HTTP响应的状态码,这里是200,表示请求成功。4833:HTTP响应的内容长度。"-":表示没有提供引用页面的信息。"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.82":客户端使用的浏览器的用户代理标识。- 该日志条目表示在2023年7月17日09:52:02,来自IP地址为192.168.1.119的客户端发送了一个成功的GET请求,并返回了4833个字节的内容。客户端使用的浏览器是基于Chrome 114.0.0.0版本的Edge浏览器。
4.dos防范攻击(自动屏蔽攻击脚本)
[root@bogon ~]# vim dd.sh
RT=$(cat /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | awk '{print $1}')
FG=$( cat /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | awk '{print $2}')
if [ "$RT" -gt 250 ] 限定次数250 超过就屏蔽
then
echo "正在防御"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='$FG' drop"
systemctl restart firewalld
else
echo "无事发生"
fi
[root@bogon ~]# watch -n 1 sh dd.sh
如果超过限定次数
会自动防范显示 管理员检查IP情况
不过要退出 watch 才会使IP屏蔽
5.监控多台服务器磁盘利用率脚本
要借助Ansible自动化运维工具
[root@bogon ~]# watch sh dd.sh
[root@bogon ~]# vim dd.sh
#!/bin/bash
DF=$(ansible 192.168.1.* -m command -a "df -hT")
aa=$(echo "$DF" | grep "/$" | awk '{print $5}' | awk '{print $1}')
GG=$(ansible 192.168.1.* -m command -a "df -hT" )
gg=$(echo "$GG" | awk '{print $1, $5, $6}')
echo "全面分析: $gg"
echo "磁盘空间已使用: $aa"
if [ "$aa" = "50" ]; then
echo "磁盘已经沾满不能存储数据!!!"
fi
[root@ansible ~]# sh dd.sh 全面分析: 192.168.1.111 rc=0 >> 文件系统 可用 已用% devtmpfs 475M 0% tmpfs 487M 0% tmpfs 473M 3% tmpfs 487M 0% /dev/mapper/centos-root 16G 11% /dev/sda1 847M 17% tmpfs 98M 0% 192.168.1.108 rc=0 >> 文件系统 可用 已用% devtmpfs 898M 0% tmpfs 910M 0% tmpfs 893M 2% tmpfs 910M 0% /dev/mapper/centos-root 16G 11% /dev/sda1 834M 18% tmpfs 182M 0% 磁盘空间已使用: 16G 16G
6.监控MySQL主从同步异常脚本
RT=$( cat /var/log/mariadb/mariadb.log |grep -n '[ERROR]' |wc -l)
GG=$( cat /var/log/mariadb/mariadb.log |grep -n '[ERROR]')
if [ "$RT" -gt 0 ]; then
echo "主状态丢失: $GG"
else
echo "主无事发生"
fi
RT=$( cat /var/log/mariadb/mariadb.log |grep -n 'up' |wc -l)GG=$( cat /var/log/mariadb/mariadb.log |grep -n 'up')
if [ "$RT" -gt 0 ]; then
echo "从状态丢失: $GG"
else
echo "从无事发生"
fi
宕掉主 [root@ansible ~]# systemctl stop mariadb
[root@bogon ~]# watch sh dd.sh
主状态丢失: 5:230717 10:48:00 InnoDB: Using Linux native AIO
26:230717 10:48:02 [Note] Plugin 'FEEDBACK' is disabled.
28:230717 10:48:02 [Note] Event Scheduler: Loaded 0 events
32:230717 10:53:31 [Note] 'CHANGE MASTER TO executed'. Previous state master_host='', master_port='3306', master_log_file='', master_log_pos='4'. New state master_host='192.168.1.118', master_port='3306', master_log_file='mysql-binlog.000003', master_log_pos='475'.
34:230717 10:53:46 [Note] Slave I/O thread: connected to master 'myslave@192.168.1.118:3306',replication started in log 'mysql-binlog.000003' at position 475
36:230717 10:55:51 [Note] Slave I/O thread: Failed reading log event, reconnecting to retry, log 'mysql-binlog.000003' at position 475
37:230717 10:55:51 [ERROR] Slave I/O: error reconnecting to master 'myslave@192.168.1.118:3306' - retry-time: 60 retries: 86400 message: Can't connect to MySQL server on '192.168.1.118' (111), Error_code: 2003
40:230717 11:00:39 [Note] Slave I/O thread: Failed reading log event, reconnecting to retry, log 'mysql-binlog.000004' at position 245
41:230717 11:00:39 [ERROR] Slave I/O: error reconnecting to master 'myslave@192.168.1.118:3306' - retry-time: 60 retries: 86400 message: Can't connect to MySQL server on '192.168.1.118' (111), Error_code: 2003
从无事发生
7.批量检查网站异常脚本
#!/bin/bash
WZ="www.baidu.com www.ctnrs.com www.der-matech.net.cn www.der-matech.com.cn www.der-matech.cn www.der-matech.top www.der-matech.org"
for URL in $WZ; do
CS=0
for ((i=1;i<=3;i++)); do
WZ=$(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" $URL)
if [ $WZ -eq 200 ]; then
echo "$URL OK"
break
else
echo "$URL retry $CS"
let CS++
fi
done
if [ $CS -eq 3 ]; then
echo "Warning: $URL Access failure!"
echo "网站$URL坏掉,请及时处理"
echo "网站高危$URL"
fi
done
[root@client1 ~]# sh 1.txt www.baidu.com retry 0 www.baidu.com OK www.ctnrs.com retry 0 www.ctnrs.com retry 1 www.ctnrs.com retry 2 Warning: www.ctnrs.com Access failure! 网站www.ctnrs.com坏掉,请及时处理 网站高危www.ctnrs.com www.der-matech.net.cn retry 0 www.der-matech.net.cn retry 1 www.der-matech.net.cn retry 2 Warning: www.der-matech.net.cn Access failure! 网站www.der-matech.net.cn坏掉,请及时处理 网站高危www.der-matech.net.cn www.der-matech.com.cn OK
8.查看服务器资源利用率脚本
[root@bogon ~]# vim dd.sh
#!/bin/bash
DF=$(df -hT)
aa=$(echo "$DF" | grep "/$" | awk '{print $5}' | awk '{print $1}')
echo "磁盘空间已使用: $aa"
DD=$(free -h |sed -n '2p' |awk '{print $2}')
echo "内存-总大小: $DD"
FF=$(free -h |sed -n '2p' |awk '{print $4}')
echo "可以空闲内存: $FF"
KK=$(free -h |sed -n '2p' |awk '{print $7}')
echo "磁盘缓存: $KK"
GG=$( vmstat |awk '{if(NR==3) print $13+$14}')
echo "CPU-使用率: $GG"
LL=$(vmstat |awk '{if(NR==3) print $16}')
echo "等待磁盘IO响应使用率: $LL"
[root@clint2 ~]# sh 1.txt
磁盘空间已使用: 16G
内存-总大小: 1.8G
可以空闲内存: 223M
磁盘缓存: 1.2G
CPU-使用率: 0
等待磁盘IO响应使用率: 0
9.查找占用CPU内存过高脚本
[root@bogon ~]# vim dd.sh
#!/bin/bash
cat /proc/stat |egrep -n '(cpu)' |sort -nr
[root@clint2 ~]# sh 1.txt
2:cpu0 4877 10 5482 1964823 73 0 183 0 0 0
1:cpu 4877 10 5482 1964823 73 0 183 0 0 0或者
# yum -y install sysstat
sar -u 1 5
[root@clint2 ~]# sar -u 1 5
Linux 3.10.0-1160.el7.x86_64 (clint2) 2023年07月17日 _x86_64_ (1 CPU)11时12分11秒 CPU %user %nice %system %iowait %steal %idle
11时12分12秒 all 0.00 0.00 0.00 0.00 0.00 100.00
11时12分13秒 all 0.00 0.00 0.00 0.00 0.00 100.00
11时12分14秒 all 0.00 0.00 1.00 0.00 0.00 99.00
11时12分15秒 all 0.00 0.00 0.00 0.00 0.00 100.00
11时12分16秒 all 0.00 0.00 0.00 0.00 0.00 100.00
平均时间: all 0.00 0.00 0.20 0.00 0.00 99.80
