Linux实用性脚本 [bash]

- 1. 列出排名前 5 的CPU/内存占用进程
- 2. iptables 自动屏蔽访问网站频繁的IP
- 3. 自动发布 Java 项目（Tomcat）
- 4. Nginx 访问日志分析脚本
- 5. 查看网卡实时流量脚本
- 6. 批量检测网站是否异常并邮件通知
- 7. 目录入侵检测与告警
- 8. 一键查看服务器利用率 *
- 9. 以 root 身份运行整个 shell 脚本
- 10. 将视频转换为gif动图

1. 列出排名前 5 的CPU/内存占用进程

[root@k8s-master-02 ~]# ps aux |sort -rk 3,3|head -n 6
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root       6453  4.2  3.0 831700 56268 ?        Ssl  00:10   0:00 /usr/local/bin/kube-apiserver --allow-privileged=true --anonymous-auth=false --api-audiences=api,istio-ca --authorization-mode=Node,RBAC --bind-address=192.168.17.201 --client-ca-file=/etc/kubernetes/ssl/ca.pem --endpoint-reconciler-type=lease --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --etcd-servers=https://192.168.17.210:2379
root        703  1.8  3.5 1117016 65832 ?       Ssl  Apr03   2:22 /usr/local/bin/kubelet --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///run/containerd/containerd.sock --hostname-override=master-02 --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --root-dir=/var/lib/kubelet --v=2
root        680  1.2  2.0 767720 38464 ?        Ssl  Apr03   1:36 /usr/local/bin/kube-scheduler --authentication-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --authorization-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --bind-address=0.0.0.0 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-elect=true --v=2
root        495  1.1  0.5  47812  9880 ?        Ss   Apr03   1:31 /usr/lib/systemd/systemd-journald
root        967  1.0  1.7 766512 33064 ?        Ssl  Apr03   1:19 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/kube-proxy-config.yaml

sort:
-r 倒序
-k M,N 按照M区域排序，区域范围到N，这里只有M区域的值相同，才会用到N
-t " "，可缺省，默认以空白分割

[root@k8s-master-02 ~]# ps aux |sort -rk 4,6|head -n 6
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root        703  1.8  3.5 1117016 65832 ?       Ssl  Apr03   2:26 /usr/local/bin/kubelet --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///run/containerd/containerd.sock --hostname-override=master-02 --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --root-dir=/var/lib/kubelet --v=2
root       6606  4.6  2.8 831700 52168 ?        Ssl  00:14   0:00 /usr/local/bin/kube-apiserver --allow-privileged=true --anonymous-auth=false --api-audiences=api,istio-ca --authorization-mode=Node,RBAC --bind-address=192.168.17.201 --client-ca-file=/etc/kubernetes/ssl/ca.pem --endpoint-reconciler-type=lease --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --etcd-servers=https://192.168.17.210:2379,https://192.168.17.211:2379,https://192.168.17.212:2379 --kubelet-certificate-authority=/etc/kubernetes/ssl/ca.pem --kubelet-client-certificate=/etc/kubernetes/ssl/kubernetes.pem --kubelet-client-key=/etc/kubernetes/ssl/kubernetes-key.pem --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc --service-account-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-key-file=/etc/kubernetes/ssl/ca.pem --service-cluster-ip-range=10.100.0.0/16 --service-node-port-range=40000-65000 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem --requestheader-allowed-names= --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy.pem --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-key.pem --enable-aggregator-routing=true --v=2
root        981  0.4  2.3 1109900 43556 ?       Ssl  Apr03   0:34 /usr/local/bin/containerd-bin/containerd
root        680  1.2  2.0 767720 38712 ?        Ssl  Apr03   1:39 /usr/local/bin/kube-scheduler --authentication-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --authorization-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --bind-address=0.0.0.0 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-elect=true --v=2
root        967  1.0  1.7 766512 33284 ?        Ssl  Apr03   1:21 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/kube-proxy-config.yaml
[root@k8s-master-02 ~]# ps aux |sort -rk 4,4|head -n 6
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root        703  1.8  3.5 1117016 65832 ?       Ssl  Apr03   2:26 /usr/local/bin/kubelet --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///run/containerd/containerd.sock --hostname-override=master-02 --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --root-dir=/var/lib/kubelet --v=2
root       6606  3.8  2.8 831700 52168 ?        Ssl  00:14   0:00 /usr/local/bin/kube-apiserver --allow-privileged=true --anonymous-auth=false --api-audiences=api,istio-ca --authorization-mode=Node,RBAC --bind-address=192.168.17.201 --client-ca-file=/etc/kubernetes/ssl/ca.pem --endpoint-reconciler-type=lease --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --etcd-servers=https://192.168.17.210:2379,https://192.168.17.211:2379,https://192.168.17.212:2379 --kubelet-certificate-authority=/etc/kubernetes/ssl/ca.pem --kubelet-client-certificate=/etc/kubernetes/ssl/kubernetes.pem --kubelet-client-key=/etc/kubernetes/ssl/kubernetes-key.pem --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc --service-account-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-key-file=/etc/kubernetes/ssl/ca.pem --service-cluster-ip-range=10.100.0.0/16 --service-node-port-range=40000-65000 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem --requestheader-allowed-names= --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy.pem --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-key.pem --enable-aggregator-routing=true --v=2
root        981  0.4  2.3 1109900 43556 ?       Ssl  Apr03   0:34 /usr/local/bin/containerd-bin/containerd
root        680  1.2  2.0 767720 38712 ?        Ssl  Apr03   1:39 /usr/local/bin/kube-scheduler --authentication-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --authorization-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --bind-address=0.0.0.0 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-elect=true --v=2
root        967  1.0  1.7 766512 33284 ?        Ssl  Apr03   1:21 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/kube-proxy-config.yaml

2. iptables 自动屏蔽访问网站频繁的IP

根据访问日志（以 nginx 的 logs 中记录访问的 access.log 日志文件为例，检测短期访问大于100的IP，并使用iptables命令进行屏蔽，同时将禁用的IP放到/tmp/deny_ip.log文件中）

#!/bin/bash
DATE=$(date +%d/%b/%Y:%H:%M)
LOG_FILE=/usr/local/nginx/logs/demo2.access.log
ABNORMAL_IP=$(tail -n 5000 $LOG_FILE |grep $DATE |awk '{a[$1]++} END {for(i in a) if(a[i]>100) print i}')
for IP in $ABNORMAL_IP; doif [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; theniptables -I INPUT -s $IP -j DROPecho "$(date +'%F_%T') $IP" >> /tmp/deny_ip.logfi
done

3. 自动发布 Java 项目（Tomcat）

#!/bin/bash
DATE=$(date +%F_%T)TOMCAT_NAME=$1
TOMCAT_DIR=/usr/local/$TOMCAT_NAME
ROOT=$TOMCAT_DIR/webapps/ROOTBACKUP_DIR=/data/backup
WORK_DIR=/tmp
PROJECT_NAME=tomcat-java-demo# 拉取代码
cd $WORK_DIR
if [ ! -d $PROJECT_NAME ]; thengit clone https://github.com/xxxx/tomcat-java-democd $PROJECT_NAME
elsecd $PROJECT_NAMEgit pull
fi# 构建
mvn clean package -Dmaven.test.skip=true
if [ $? -ne 0 ]; thenecho "maven build failure!"exit 1
fi# 部署
TOMCAT_PID=$(ps -ef |grep "$TOMCAT_NAME" |egrep -v "grep|$$" |awk 'NR==1{print $2}')
[ -n "$TOMCAT_PID" ] && kill -9 $TOMCAT_PID
[ -d $ROOT ] && mv $ROOT $BACKUP_DIR/${TOMCAT_NAME}_ROOT$DATE
unzip $WORK_DIR/$PROJECT_NAME/target/*.war -d $ROOT
$TOMCAT_DIR/bin/startup.sh

4. Nginx 访问日志分析脚本

#!/bin/bash
# 日志格式: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"
LOG_FILE=$1
echo "统计访问最多的10个IP"
awk '{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr |head -10
echo "----------------------"echo "统计时间段访问最多的IP"
awk '$4>="[01/Dec/2018:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr|head -10
echo "----------------------"echo "统计访问最多的10个页面"
awk '{a[$7]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}' $LOG_FILE |sort -k2 -nr
echo "----------------------"echo "统计访问页面状态码数量"
awk '{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}'

5. 查看网卡实时流量脚本

#!/bin/bash
NIC=$1
echo -e " In ------ Out"
while true; doOLD_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev)OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)sleep 1NEW_IN=$(awk  '$0~"'$NIC'"{print $2}' /proc/net/dev)NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev)IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s")OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s")echo "$IN $OUT"sleep 1
done

6. 批量检测网站是否异常并邮件通知

#!/bin/bash  
URL_LIST="www.baidu.com www.ctnrs.com www.der-matech.net.cn www.der-matech.com.cn www.der-matech.cn www.der-matech.top www.der-matech.org"
for URL in $URL_LIST; doFAIL_COUNT=0for ((i=1;i<=3;i++)); doHTTP_CODE=$(curl -o /dev/null --connect-timeout 3 -s -w "%{http_code}" $URL)if [ $HTTP_CODE -eq 200 ]; thenecho "$URL OK"breakelseecho "$URL retry $FAIL_COUNT"let FAIL_COUNT++fidoneif [ $FAIL_COUNT -eq 3 ]; thenecho "Warning: $URL Access failure!"echo "网站$URL坏掉，请及时处理" | mail -s "$URL网站高危" xxxxx@163.comfi
done

7. 目录入侵检测与告警

#!/bin/bashMON_DIR=/opt
inotifywait -mqr --format %f -e create $MON_DIR |\
while read files; do#同步文件rsync -avz /opt /tmp/opt#检测文件是否被修改echo "$(date +'%F %T') create $files by `ls -l $MON_DIR/$files |awk {'print $3'}`" > modify.log
done

8. 一键查看服务器利用率 *

#!/bin/bash
function cpu(){util=$(vmstat | awk '{if(NR==3)print $13+$14}')iowait=$(vmstat | awk '{if(NR==3)print $16}')echo "CPU -使用率：${util}% ,等待磁盘IO相应使用率：${iowait}:${iowait}%"}
function memory (){total=`free -m |awk '{if(NR==2)printf "%.1f",$2/1024}'`used=`free -m |awk '{if(NR==2) printf "%.1f",($2-$NF)/1024}'`available=`free -m |awk '{if(NR==2) printf "%.1f",$NF/1024}'`echo "内存 - 总大小: ${total}G , 使用: ${used}G , 剩余: ${available}G"
}
disk(){fs=$(df -h |awk '/^\/dev/{print $1}')for p in $fs; domounted=$(df -h |awk '$1=="'$p'"{print $NF}')size=$(df -h |awk '$1=="'$p'"{print $2}')used=$(df -h |awk '$1=="'$p'"{print $3}')used_percent=$(df -h |awk '$1=="'$p'"{print $5}')echo "硬盘 - 挂载点: $mounted , 总大小: $size , 使用: $used , 使用率: $used_percent"done}
function tcp_status() {summary=$(ss -antp |awk '{status[$1]++}END{for(i in status) printf i":"status[i]" "}')echo "TCP连接状态 - $summary"
}
cpu
memory
disk
tcp_status

9. 以 root 身份运行整个 shell 脚本

将 sudo 放在 shell 脚本的首中，会以 root 身份运行整个程序。对设计用于例如的脚本很有用自动化系统升级或包管理器包装器——不再需要用 sudo 预先准备一切

#!/usr/bin/sudo /bin/bash

10. 将视频转换为gif动图

需要系统安装 ffmpeg , ubuntu 中可以通过 sudo apt install ffmpeg 安装。

ffmpeg -ss 00:00:03 -t 3 -i test.mov -s 640x360 -r  15  dongtu.gif

-ss 00:00:03 表示从第 00 分钟 03 秒开始制作 GIF，如果你想从第 9 秒开始，则输入 -ss 00:00:09，或者 -ss 9，支持小数点，所以也可以输入 -ss 00:00:11.3，或者 -ss 34.6 之类的，如果不加该命令，则从 0 秒开始制作；
-t 3 表示把持续 3 秒的视频转换为 GIF，你可以把它改为其他数字，例如 1.5，7 等等，时间越长，GIF 体积越大，如果不加该命令，则把整个视频转为 GIF；
-i 表示 invert 的意思，转换；
test.mov 就是你要转换的视频，名称最好不要有中文，不要留空格，支持多种视频格式；
-s 640x360 是 GIF 的分辨率，视频分辨率可能是 1080p，但你制作的 GIF 可以转为 720p 等，允许自定义，分辨率越高体积越大，如果不加该命令，则保持分辨率不变；
-r “15” 表示帧率，网上下载的视频帧率通常为 24，设为 15 效果挺好了，帧率越高体积越大，如果不加该命令，则保持帧率不变；
dongtu.gif：就是你要输出的文件，你也可以把它命名为 hello.gif 等等