本文已参与「新人创作礼」活动, 一起开启掘金创作之路。
第五章 文本处理工具和正则表达式
1.给账户生成一个多少位的随机口令
[root@centos8 ~]# cat /dev/urandom | tr -dc '[:alnum:]' | head -c10 #取出随机的前12个字符
qAYu20uu6f[root@centos8 ~]# cat /dev/urandom | tr -dc '[:alnum:]' | head -c10 | tee pass.txt | passwd --stdin neteagle #给账户生成一个多位口令的随机密码
Changing password for user neteagle.
passwd: all authentication tokens updated successfully.
[root@centos8 ~]# cat pass.txt
7H8Nn7RK0S[root@centos8 ~]#
[root@centos8 ~]$su - neteagle
Password:
[neteagle@centos8 ~]$
2.计算1+2+3+...+99+100的总和
[root@centos8 ~]# seq 100|paste -d + -s|bc
5050
3.统计日志访问量最多的请求
[root@centos8 ~]# cut -d" " -f1 access_log |sort |uniq -c|sort -nr |head -3
4870 172.20.116.228
3429 172.20.116.208
2834 172.20.0.222
[root@10-9-24-182 ~]# lastb |tr -s ' ' |cut -d ' ' -f3 |sort |uniq -c |sort -nr |head -3
34096 113.141.66.163
24460 222.186.10.188
16449 119.118.20.161
4.并发连接最多的远程主机IP
[root@centos8 ~]# ss -nt |tail -n +2 |tr -s ' ' : |cut -d: -f6 |sort |uniq -c |sort -nr |head -2
7 10.0.0.1
2 10.0.0.7
5.取两个文件的相同和不同的行
[root@centos8 ~]# cat > test1.txt <<EOF
a
b
1
c
EOF
[root@centos8 ~]# cat test1.txt
a
b
1
c
[root@centos8 ~]# cat > test2.txt <<EOF
b
e
f
c
1
2
EOF
[root@centos8 ~]# cat test2.txt
b
e
f
c
1
2
#取文件的共同行
[root@centos8 ~]# cat test1.txt test2.txt | sort |uniq -d
1
b
c
[root@centos8 ~]# grep -f test1.txt test2.txt
b
c
1
#取文件的不同行
[root@centos8 ~]# cat test1.txt test2.txt | sort |uniq -u
2
a
e
f
6.算出所有人的年龄总和
[root@centos8 ~]# cat > nianling.txt
xiaoming=20
xiaohong=18
xiaoqiang=22
^C
[root@centos8 ~]# cut -d"=" -f2 nianling.txt|tr '\n' + | grep -Eo ".*[0-9]"|bc
60
[root@centos8 ~]# grep -Eo "[0-9]+" nianling.txt | tr '\n' + | grep -Eo ".*[0-9]"|bc
60
7.找到10/Mar/2016:15:11:50到10/Mar/2016:16:25:38的日志
[root@centos8 /data]#sed -n '/10/Mar/2016:15:11:50/,/10/Mar/2016:16:25:38/p' access.log
192.168.1.113 - - [10/Mar/2016:15:11:50 +0000] "GET / HTTP/1.1" 200 6209 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:15:11:50 +0000] "GET /favicon.ico HTTP/1.1" 404 168 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
192.168.1.113 - - [10/Mar/2016:16:24:46 +0000] "GET /favicon.ico HTTP/1.1" 404 570 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET / HTTP/1.1" 200 3319 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /css/style.css HTTP/1.1" 200 1236 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /00.jpg HTTP/1.1" 200 59360 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /1.jpg HTTP/1.1" 200 146862 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /2.jpg HTTP/1.1" 200 657124 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "HEAD /xy.mp3 HTTP/1.1" 200 0 "-" "contype" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /003.jpg HTTP/1.1" 200 362860 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /3.jpg HTTP/1.1" 200 1102358 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:57 +0000] "GET /22.jpg HTTP/1.1" 200 420895 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:58 +0000] "GET /js/jquery-1.7.2.min.js HTTP/1.1" 200 94840 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:58 +0000] "GET /js/jquery.let_it_snow.js HTTP/1.1" 200 6659 "http://192.168.1.168:8080/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:24:59 +0000] "GET /favicon.ico HTTP/1.1" 404 168 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
192.168.1.113 - - [10/Mar/2016:16:25:00 +0000] "GET /xy.mp3 HTTP/1.1" 200 2606054 "http://192.168.1.168:8080/" "NSPlayer/12.00.10011.16384 WMFSDK/12.00.10011.16384" "-"
192.168.1.113 - - [10/Mar/2016:16:25:28 +0000] "GET /favicon.ico HTTP/1.1" 404 570 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" "-"
192.168.1.113 - - [10/Mar/2016:16:25:30 +0000] "GET / HTTP/1.1" 200 6209 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
192.168.1.113 - - [10/Mar/2016:16:25:30 +0000] "GET /favicon.ico HTTP/1.1" 404 168 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
192.168.1.113 - - [10/Mar/2016:16:25:38 +0000] "GET / HTTP/1.1" 200 3319 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0)" "-"
8.取出网站访问量最大的前3个IP
root@ubuntu2004:~# awk '{print $1}' access_log |sort|uniq -c|sort -nr|head -3
4870 172.20.116.228
3429 172.20.116.208
2834 172.20.0.222
9.取出分区利用率
root@ubuntu2004:~# df |awk -F"[[:space:]]+|%" '/^/dev/sd/{print $1,$5}'
/dev/sda2 5
/dev/sda3 12
/dev/sda4 1
10.取ifconfig输出结果中的IP地址
root@ubuntu2004:~# ifconfig eth0 | awk '/netmask/{print $2}'
10.0.0.200
11.文件host_list.log如下格式,请取出“.magedu.com”前面的主机名部分并写入到回到该文件中
root@ubuntu2004:~# cat >host_list.log <<EOF
> 1 www.raymonds.cc
> 2 blog.raymonds.cc
> 3 study.raymonds.cc
> 4 linux.raymonds.cc
> 5 python.raymonds.cc
> EOF
root@ubuntu2004:~# awk -F'[ .]' '{print $2}' host_list.log >> host_list.log
root@ubuntu2004:~# cat host_list.log
1 www.raymonds.cc
2 blog.raymonds.cc
3 study.raymonds.cc
4 linux.raymonds.cc
5 python.raymonds.cc
www
blog
study
linux
python
12.取连接数最多的前3个IP
root@ubuntu2004:~# awk -F" +|:" '{print $(NF-2)}' ss2.log |sort|uniq -c|sort -nr|head -3
12 223.88.255.148
11 119.250.197.118
10 183.202.63.36
13.将连接数超过3个以上的IP放入黑名单拒绝访问
[root@centos8 /data/script]#vim deny_dos.sh
#!/bin/bash
#
#*************************************************************
#Author: zhanghui
#QQ: 19661891
#Date: 2020-08-26
#FileName: deny_dos.sh
#URL: raymond.blog.csdn.net
#Description: The test script
#Copyright (C): 2020 All rights reserved
#***********************************************************
while true;do
ss -nt | grep "^ESTAB" | awk -F"[[:space:]]+|:" '{print $(NF-2)}' | sort |uniq -c | while read count ip ; do
if [ $count -gt 3 ];then
iptables -A INPUT -s $IP -j REJECT
fi
done
sleep 10
done
:wq
14.找到日志中访问前10的IP
[root@centos8 ~]#awk '{print $1}' access.log |sort|uniq -c|sort -nr|head
1220 192.168.1.117
1134 192.168.1.31
583 192.168.1.113
204 172.16.100.76
112 172.16.233.133
110 192.168.1.118
83 192.168.1.110
68 192.168.1.107
68 172.16.250.227
34 192.168.1.44
15.显示主机连接状态出现次数
root@ubuntu2004:~# awk 'NR>=2{state[$1]++}END{for(i in state){print i,state[i]}}' ss2.log
ESTAB 118
FIN-WAIT-1 1
LAST-ACK 11
root@ubuntu2004:~# awk 'NR>=2{print $1}' ss2.log |sort|uniq -c
118 ESTAB
1 FIN-WAIT-1
11 LAST-ACK
16.找出访问前3的IP
root@ubuntu2004:~# awk '{ip[$1]++}END{for(i in ip){print ip[i],i}}' access_log |sort -nr |head -3
4870 172.20.116.228
3429 172.20.116.208
2834 172.20.0.22
root@ubuntu2004:~# awk -F'[ :]+' '/ESTAB/{ip[$6]++}END{for(i in ip){print ip[i],i}}' ss2.log |sort -nr |head -3
12 223.88.255.148
10 183.202.63.36
9 117.152.155.119
root@ubuntu2004:~# awk '/ESTAB/{split($5,ip,":");count[ip[1]]++}END{for(i in count){print count[i],i}}' ss2.log |sort -nr|head -3
12 223.88.255.148
10 183.202.63.36
9 117.152.155.119
17.将以下文件以inode为标记,对inode相同的counts进行累加,并且统计出同意inode中,beginnumber的最小值和endnumber的最大值
inode|beginnumber|endnumber|counts|
106|3363120000|3363129999|10000|
106|3368560000|3368579999|20000|
310|3337000000|3337000100|101|
310|3342950000|3342959999|10000|
310|3362120960|3362120961|2|
311|3313460102|3313469999|9898|
311|3313470000|3313499999|30000|
311|3362120962|3362120963|2|
输出的结果格式为:
310|3337000000|3362120961|10103|
311|3313460102|3362120963|39900|
106|3363120000|3368579999|30000|
[root@centos8 ~]# awk -F'|' -v OFS='|' '/^[0-9]/{inode[$1]++; if(!bn[$1]){bn[$1]=$2}else if(bn[$1]>$2){bn[$1]=$2}; if(en[$1]<$3)en[$1]=$3;cnt[$1]+=$(NF-1)} END{for(i in inode)print i,bn[i],en[i],cnt[i]}' inode.log
106|3363120000|3368579999|30000
310|3337000000|3362120961|10103
311|3313460102|3362120963|39900
