-
Linux操作文档——常用脚本
1、服务器系统配置初始化
1、设置时区并同步时间
2、禁用selinx
3、清空防火墙默认策略
4、历史命令显示操作时间
5、禁止root远程登录
6、禁止定时任务发送邮件
7、设置最大打开文件数
8、减少Swap使用
9、系统内核参数优化
10、安装系统性能分析工具及其他工具
#!/bin/bash # 设置时区并同步时间 timedatectl set-timezone Asia/Shanghai if ! crontab -l | grep ntpdate &</dev/null ; then (echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) | crontab fi # 禁用selinux sed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config # 关闭防火墙 if egrep "7.[0-9]" /etc/redhat-release &>/dev/null;then systemctl stop firewalld systemctl disable firewalld elif egrep "6.[0-9]" /etc/redhat-release &>/dev/null;then service iptables stop chkconfig iptables off fi # 历史命令显示操作时间 if ! grep HISTTIMEFORMAT /etc/bashrc; then echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >>/etc/bashrc fi # SSH超时时间 if ! grep "TMOUT=600" /etc/profile &>/dev/null; then echo "export TMOUT=600" >> /etc/profile fi # 关闭ssh解析,禁止root远程登录 #sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config # 禁止定时任务发送邮件 sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab # 设置最大打开文件数 if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then cat >> /etc/security/limits.conf <<EOF * soft nofile 65535 * hard nofile 65535 EOF fi # 系统内核优化 cat >> /etc/sysctl.conf <<EOF net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_tw_buckets = 20480 net.ipv4.tcp_max_syc_backlog = 20480 net.core.netdev_max_backlog = 262144 net.ipv4.tcp_fin_timeout = 20 EOF # 减少SWAP使用 echo "0" > /proc/sys/vm/swappiness # 安装阿里yum源 yum -y install wget wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum repolist && yum makecache fast # 安装系统性能分析工具及其他 yum -y install gcc make autoconf vim net-tools ntpdate sysstat iftop iotop lrzsz glances htop- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
2、批量创建用户并设置密码
#!/bin/bash USER_LIST=$@ USER_FILE=./user.info for USER in $USER_LIST; do if ! id $USER &> /dev/null; then PASS=$(echo $RANDOM | md5sum | cut -c 1-8) useradd $USER echo $PASS | passwd --stdin $USER &>/dev/null echo "$USER $PASS" >>$USER_FILE echo "$USER 用户创建成功" else echo "$USER 用户已经存在" fi done sh user.sh zhangsan lisi wangwu- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
3、一键查看服务器利用率
1、CPU
2、内存利用率不高
3、硬盘利用率不高
4、TCP连接状态
#!/bin/bash function cpu() { util=$(vmstat | awk '{if(NR==3)print $13+$14}') iowait=$(vmstat | awk '{if(NR==3)print $16}') echo "CPU - 使用率: ${util}%,等待磁盘IO响应使用率: ${iowait}%" } function memory() { total=$(free -m | awk '{if(NR==2)printf "%.1f",$2/1024}') used=$(free -m | awk '{if(NR==2)printf "%.1f",($2-$NF)/1024}') available=$(free -m | awk '{if(NR==2)printf "%.1f",$NF/1024}') echo "内存 - 总大小:${total}G,已使用:${used}G,剩余:${available}G" } disk() { fs=$(df -h | awk '/^\/dev/{print $1}') for p in $fs; do mounted=$(df -hT | awk -v p=$p '$1==p{print $NF}') size=$(df -hT | awk -v p=$p '$1==p{print $3}') used=$(df -hT | awk -v p=$p '$1==p{print $4}') user_percent=$(df -hT | awk -v p=$p '$1==p{print $6}') echo "硬盘 - 挂载点:$mounted,总大小:$size,已使用:$used,使用率:$user_percent" done } tcp_status() { summary=$(netstat -anpt | awk '{a[$6]++}END{for(i in a)printf i":"a[i]" "}') echo "TCP连接状态 - $summary" } cpu memory disk tcp_status- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
4、找出占用CPU/内存过高的进程
#!/bin/bash echo "---------- cpu top 10 ----------" ps -eo pid,pcpu,pmem,args --sort=-pcpu | head -n 10 echo "---------- memory top 10 ----------" ps -eo pid,pcpu,pmem,args --sort=-pmem | head -n 10- 1
- 2
- 3
- 4
- 5
5、查看网卡实时流量
#!/bin/bash NIC=$1 echo -e " In ------ Out" while true; do OLD_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev) OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev) sleep 1 NEW_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev) NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev) IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s") OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s") echo "$IN $OUT" sleep 1 done- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
6、监控100台服务器磁盘利用率
[root@localhost ~]# vim host.info 192.168.1.10 root 22 192.168.1.20 root 22 192.168.1.30 root 22 #!/bin/bash HOST_INFO=host.info for IP in $(awk '/^[^#]/{print $1}' $HOST_INFO); do USER=$(awk -v ip=$IP 'ip==$1{print $2}' $HOST_INFO) PORT=$(awk -v ip=$IP 'ip==$1{print $3}' $HOST_INFO) TMP_FILE=/tmp/disk.tmp ssh -p $PORT $USER@$IP 'df -h' > $TMP_FILE USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^\/dev/{print $NF,int($5)}' $TMP_FILE) for USE_RATE in $USE_RATE_LIST; do PART_NAME=${USE_RATE%=*} USE_RATE=${USE_RATE#*=} if [ $USE_RATE -ge 80 ]; then echo -e " $IP \n 警告: $PART_NAME 磁盘利用率达到 $USE_RATE%!" else echo "$IP的 $PART_NAME 目录磁盘利用率正常" fi done done- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
7、批量检查网站是否异常
#!/bin/bash URL_LIST="www.baidu.com www.hao123.com" for URL in $URL_LIST; do FAIL_COUNT=0 for ((i=1;i<=3;i++)); do HTTP_CODE=$(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" $URL) if [ $HTTP_CODE -eq 200 ]; then echo "$URL OK" break else echo "$URL retry $FAIL_COUNT" let FAIL_COUNT++ fi done if [ $FAIL_COUNT -eq 3 ]; then echo "警告: $URL $HTTP_CODE 访问失败!" fi done- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
8、监控MySQL主从同步状态是否异常
#!/bin/bash HOST=localhost USER=root PASSWD=123456 skiperrors=(1158 1159 1008 1007 1062) IO_SQL-STATUS=$(mysql -h$HOST -u$USER -p$PASSWD -e 'show slave status\G' 2>/dev/null | awk '/Slave_.*_Running:/{print $1$2}') for i in $IO_SQL_STATUS; do THREAD_STATUS_NAME=${i%:*} THREAD_STATUS=${i#*:} if ["$THREAD_STATUS" !="Yes" ]; then echo "错误:MySQL主从复制 $THREAD_STATUS_NAME 状态是 $THREAD_STATUS! "| mail -s "Master-Slave staus" xxx@163.com fi done crontab -e */1 * * * * /backup.sh /dev/null 2 >&1 &- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
9、MySQL数据库备份
mysqldump工具
#!/bin/bash #功能说明:本功能用于备份mysql数据库 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/mysql/bin export PATH #数据库用户名 dbuser='dbuser' #数据库密码 dbpasswd='dbpasswd' #数据库名,可以定义多个数据库,中间以空格隔开,如:test test1 test2 dbname='dbname' #备份时间 backtime=`date +%Y%m%d%H%M%S` #日志备份路径 logpath='/opt/mysqlbackup/log' #数据备份路径 datapath='/opt/mysqlbackup' #日志记录头部 echo ‘”备份时间为${backtime},备份数据库表 ${dbname} 开始” >> ${logpath}/mysqllog.log #正式备份数据库 for table in $dbname; do source=`mysqldump -u${dbuser} -p${dbpasswd} --single-transaction ${table}> ${datapath}/${backtime}.sql` 2>> ${logpath}/mysqllog.log; #备份成功以下操作 if [ "$?" == 0 ];then cd $datapath #为节约硬盘空间,将数据库压缩 tar jcf ${table}${backtime}.tar.bz2 ${backtime}.sql > /dev/null #删除原始文件,只留压缩后文件 rm -f ${datapath}/${backtime}.sql echo “数据库表 ${dbname} 备份成功!!” >> ${logpath}/mysqllog.log else #备份失败则进行以下操作 echo “数据库表 ${dbname} 备份失败!!” >> ${logpath}/mysqllog.log fi done- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
xtrabackup工具
备份用户:backupuser 用户权限:reload,lock tables,replication client,create tablespace,process,super #!/bin/bash BEGINTIME=`date +"%Y-%m-%d %H:%M:%S"` format_time=`date +"%Y-%m-%d_%H:%M:%S"` week=`date +%Y-%m-%d` backupbin=/usr/bin backdir=/database/detect/backup/ redun=/database/detect/redundency/ file_cnf=/etc/my_detect.cnf user_name=backupuser password="backup@che123" socket="/tmp/mysql_detect.sock" out_log=$backdir/xtrabackup_log_$format_time time_cost=$backdir/xtrabackup_time.txt if [ ! -d "/database/detect/redundency" ]; then mkdir -p /database/detect/redundency fi if [ -d "$backdir/incr5" ];then tar -czvf ${redun}\/redundency_${week}.tar.gz $backdir >/dev/null 2>&1 rm -rf $backdir/* mkdir -p $backdir chown -R mysql.mysql $backdir # del backup DEL_UNTIL_DATE=`date --date='7 day ago' +%Y-%m-%d` sleep 30 /bin/rm -f /${redun}/*${DEL_UNTIL_DATE}.tar.gz >/dev/null 2>&1 fi #full if [ ! -d "$backdir/full" ];then echo "#####start full backup at $BEGINTIME to directory full" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket $backdir/full 1> $out_log 2>&1 break; elif [ ! -d "$backdir/incr0" ];then echo "#####start 0 incremental backup at $BEGINTIME to directory incr0" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket --incremental --incremental-basedir=$backdir/full $backdir/incr0 1> $out_log 2>&1 break; elif [ ! -d "$backdir/incr1" ];then echo "#####start 1 incremental backup at $BEGINTIME to directory incr1" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket --incremental --incremental-basedir=$backdir/incr0 $backdir/incr1 1> $out_log 2>&1 break; elif [ ! -d "$backdir/incr2" ];then echo "#####start 2 incremental backup at $BEGINTIME to directory incr2" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket --incremental --incremental-basedir=$backdir/incr1 $backdir/incr2 1> $out_log 2>&1 break; elif [ ! -d "$backdir/incr3" ];then echo "#####start 3 incremental backup at $BEGINTIME to directory incr3" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket --incremental --incremental-basedir=$backdir/incr2 $backdir/incr3 1> $out_log 2>&1 break; elif [ ! -d "$backdir/incr4" ];then echo "#####start 4 incremental backup at $BEGINTIME to directory incr4" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket --incremental --incremental-basedir=$backdir/incr3 $backdir/incr4 1> $out_log 2>&1 break; elif [ ! -d "$backdir/incr5" ];then echo "#####start 5 incremental backup at $BEGINTIME to directory incr5" >>$time_cost $backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket --incremental --incremental-basedir=$backdir/incr4 $backdir/incr5 1> $out_log 2>&1 break; fi ENDTIME=`date +"%Y-%m-%d %H:%M:%S"` begin_data=`date -d "$BEGINTIME" +%s` end_data=`date -d "$ENDTIME" +%s` spendtime=`expr $end_data - $begin_data` echo "it takes $spendtime sec for packing the data directory" >>$time_cost crontab -e 12 3 * * * sh /usr/local/xtrabackup.sh- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
10、判断网络里当前在线用户的IP
#!/bin/bash subnet=192.168.1.0/24 netaddr=`echo $subnet|cut -d. -f1-3` for i in {1..254};do { ping -c 1 -t 1 $netaddr.$i > /dev/null if [ $? == 0 ];then echo $netaddr.$i fi } & done wait- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
11、解决DOS攻击生产
#!/bin/bash ips_file=/tmp/pv_ge_100 n=1 netstat -an| \ awk '/tcp|udp/{print $4}'| \ awk -F: '{print $1}'| \ awk '{s[$1]++} END {for (i in s) if (s[i]>'"$n"') print i}' | \ grep -Ev '127.0.0.1|0.0.0.0' \ > $ips_file cat $ips_file | while read LINE;do iptables -A INPUT -s $LINE -j drop done- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
12、一键安装MySQL
#!/bin/bash mkdir -p /server/soft rpm -e --nodeps mariadb-libs yum -y upgrade yum -y install openssl openssl-devel m4 gcc gcc-c++ ncurses ncurses-devel bison libgcrypt perl make cd /server/soft/ if [ -f /server/soft/mysql-boost* ];then echo "mysql已下载" else wget https://downloads.mysql.com/archives/get/p/23/file/mysql-boost-5.7.31.tar.gz fi if [ -f /server/soft/bison* ];then echo "bison已下载" else wget http://ftp.gnu.org/gnu/bison/bison-3.7.2.tar.gz fi if [ -f /server/soft/ncurses* ];then echo "ncurses已下载" else wget ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.2.tar.gz fi if [ -f /server/soft/cmake* ];then echo "cmake已下载" else wget https://github.com/Kitware/CMake/releases/download/v3.18.5/cmake-3.18.5.tar.gz fi #如果网速不够自信的,请将上面两行注释。 echo "安装cmake" cd /server/soft && tar zxf cmake-3.18.5.tar.gz && cd cmake-3.18.5/ && ./bootstrap && gmake && gmake install echo "安装 ncurses" cd /server/soft && tar zxf bison-3.7.2.tar.gz && cd bison-3.7.2/ && ./configure && make && make install echo "安装 bison" cd /server/soft && tar zxf ncurses-6.2.tar.gz && cd ncurses-6.2/ && ./configure && make && make install echo "创建 mysql 用户和用户组及目录" groupadd -r mysql && useradd -r -g mysql -s /bin/false -M mysql mkdir /usr/local/mysql mkdir /usr/local/mysql/data echo "安装 mysql" cd /server/soft && tar zxf mysql-boost-5.7.31.tar.gz && cd /server/soft/mysql-5.7.31 cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/date -DSYSCONFDIR=/etc -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DEXTRA_CHARSETS=all -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITH_SYSTEMD=1 -DWITH_BOOST=boost make -j $(grep processor /proc/cpuinfo | wc -l) && make install echo "编译完成,数据库初始化" chown -R mysql.mysql /usr/local/mysql cat >>/etc/profile<<EOF export PATH=$PATH:/usr/local/mysql/bin EOF source /etc/profile mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data cat >/etc/my.cnf<<"EOF" [mysqld] user=mysql basedir=/usr/local/mysql datadir=/usr/local/mysql/data socket=/tmp/mysql.sock server_id=1 port=3306 [mysql] socket=/tmp/mysql.sock EOF cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/ sed -i '/^PID/,/pid$/s#/var/run/mysqld/mysqld.pid#/usr/local/mysql/data/mysqld.pid#g' /usr/lib/systemd/system/mysqld.service systemctl daemon-reload systemctl start mysqld systemctl restart mysqld netstat -anpt | grep 3306 cat << EOF **************************************** * Mysql has been installed successfully. * **************************************** EOF- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
13、防火墙脚本(iptables)
#!/bin/bash IPT=`which iptables` $IPT -F $IPT -X $IPT -P INPUT DROP $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT $IPT -N syn-flood ##本地回环 内网允许任何 $IPT -A INPUT -i lo -j ACCEPT $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -m state --state NEW -s 10.0.0.0/8 -j ACCEPT # ssh 端口开放 任何IP $IPT -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT # 根据需求填写相应的端口 $IPT -A INPUT -p tcp -m multiport --dports 80,8087,89 -j ACCEPT # zabbix监控地址 $IPT -A INPUT -p tcp -s zabbix.ip -m state --state NEW -m tcp --dport 10050 -j ACCEPT # ICMP 规则控制 $IPT -A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT $IPT -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT # DOS防护 $IPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood $IPT -A INPUT -j REJECT --reject-with icmp-host-prohibited $IPT -A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN $IPT -A syn-flood -j REJECT --reject-with icmp-port-unreachable- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
-
相关阅读:
python:PyWebIO 模仿 mdict 查英汉词典
是时候开始构建适用于 Android Automotive OS 的应用了
为什么用户在注册时需要使用邮箱或手机号作为注册名?
设计模式:访问者模式(C++实现)
ZZ038 物联网应用与服务赛题第J套
gitlab上传文件
g++ 重要编译参数
C语言只推荐这1本宝藏书,你读过吗?
大数据在智慧城市建设中的应用
小学生python编程--红包雨
- 原文地址:https://blog.csdn.net/g950904/article/details/110129278
