1.3.8 综合实践
学习目标
这一节,我们从 网络实践、文件实践、小结 三个方面来学习
网络实践
简介
所谓的网络实践,主要是借助于awk的数组功能,进行站点的信息统计操作。
准备网络环境
安装软件
yum install nignx -y重启nginx
[root@localhost ~]# systemctl restart nginx.service重置网站首页
[root@localhost /etc/nginx]# echo 'hello nginx' > /usr/share/nginx/html/index.html
[root@localhost /etc/nginx]# curl localhost
hello nginx
[root@localhost /etc/nginx]# curl localhost/nihao -I -s | head -1
HTTP/1.1 404 Not Found模拟外网访问
[root@localhost ~]# curl http://10.0.0.12/ -s -I -H "X-Forwarded-For: 2.2.2.2" | head -1
HTTP/1.1 200 OK
[root@localhost ~]# tail -n1 /var/log/nginx/access.log
10.0.0.12 - - [19/Jun/2022:18:04:20 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" "2.2.2.2"
准备ip地址文件
[root@localhost ~]# cat ip.txt
112.64.233.130
114.101.40.170
123.15.24.200
125.46.0.62
223.243.252.155
122.228.19.92
218.2.226.42
124.205.143.213
218.60.8.99
125.123.120.130
123.139.56.238
218.60.8.83
222.240.184.126
222.90.110.194
1.196.160.46
222.217.125.153
163.125.156.249
27.50.142.132
61.145.182.27
222.249.238.138
218.64.69.79
103.10.86.203
14.155.112.17
27.191.234.69
60.211.218.78
124.237.83.14
59.44.247.194
114.249.119.45
125.123.65.177
14.115.106.222
准备站点访问测试脚本
[root@localhost /etc/nginx]# cat curl_web_site.sh
#!/bin/bash
# 功能:模拟外网访问网站
while true
docat ip.txt | while read ipdoNUM=$(echo $ip | cut -d"." -f 4)for i in $(seq $NUM)docurl http://10.0.0.12/ -s -I -H "X-Forwarded-For: $ip" >> /dev/nullcurl http://10.0.0.12/$NUM/ -s >> /dev/nulldonesleep 1done
done
脚本测试效果
[root@localhost ~]# /bin/bash curl_web_site.sh
...
实践1-基本信息统计
查看当前系统的链接状态数量
[root@localhost ~]# ss -ant
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
ESTAB 0 0 10.0.0.12:22 10.0.0.1:60856
ESTAB 0 0 10.0.0.12:22 10.0.0.1:60857
ESTAB 0 64 10.0.0.12:22 10.0.0.1:64059
ESTAB 0 0 10.0.0.12:22 10.0.0.1:64061
LISTEN 0 32 [::]:21 [::]:*
LISTEN 0 128 [::]:22 [::]:*
统计当前主机的连接状态信息
[root@localhost ~]# ss -tan|awk '!/State/{state[$1]++}END{for(i in state){print i,state[i]}}'
LISTEN 5
ESTAB 4
TIME-WAIT 3960
发现异常ip地址,进行杜绝恶意ip地址访问
[root@localhost ~]# ss -nt | awk -F'[ :]+' '!/State/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' | while read line; do ip=$(echo $line | awk '{if($2>1)print $1}');[ -z "$ip" ] || echo "iptables -A INPUT -s $ip -j REJECT"; done
iptables -A INPUT -s 10.0.0.1 -j REJECT
注意:这里为了演示成功,故意将恶意ip的频率降低了如果不小心真的添加了防火墙策略,则执行下面的命令实现功能恢复iptables -vnL INPUTiptables -D INPUT 1
实践2-web访问信息统计
获取客户端ip地址信息
[root@localhost ~]# awk -F '"' 'NR==403 {print $(NF-1)}' /var/log/nginx/access.log
114.101.40.170
统计访问网站的地址信息
[root@localhost ~]# awk -F '"' '{ip[$(NF-1)]++}END{for(i in ip){print i,ip[i]}}' /var/log/nginx/access.log
60.211.218.78 624
222.217.125.153 1377
124.205.143.213 1917
14.115.106.222 1776
14.155.112.17 153
...
统计站点的访问页面信息
[root@localhost ~]# awk '{a[$7]++}END{for(v in a)print v,a[v]|"sort -k1 -nr|head -n10"}' /var/log/nginx/access.log
/nihao 3
/img/html-background.png 1
/img/header-background.png 1
/img/centos-logo.png 1
/favicon.ico 1
/99/ 396
/92/ 368
/83/ 332
/79/ 316
/78/ 312
实践3-脚本信息统计
查看脚本内容
[root@localhost ~]# cat net.sh
#!/bin/bash
# 功能: 脚本统计主机网络信息# TCP连接数量
TCP_Total=$(ss -s | awk '$1=="TCP"{print $2}')
# UDP连接数量
UDP_Total=$(ss -s | awk '$1=="UDP"{print $2}')
# Listen监听状态的TCP端口数量
Listen_Total=$(ss -antlpH | awk 'BEGIN{count=0} {count++} END{print count}')
# ESTABLlSHED状态的TCP连接数量
Estab_Total=$(ss -antpH | awk 'BEGIN{count=0}/^ESTAB/{count++}END{print count}')
# TIME-WAIT状态的TCP连接数量
TIME_WAIT_Total=$(ss -antpH | awk 'BEGIN{count=0}/^TIME-WAIT/{count++}END{print count}')#显示主机连接相关信息
echo "TCP连接总数:$TCP_Total"
echo "UDP连接总数:$UDP_Total"
echo "LISTEN状态的TCP端口数量:$Listen_Toatl"
echo "ESTAB状态的TCP连接数量:$Estab_Toatl"
echo "TIME-WAIT状态的TCP连接数量:$TIME_WAIT_Total"
文件实践
简介
所谓的文件实践,主要是借助于awk的数组功能,实现文件的合并格式化等工作.
查看日志的样式
默认日志格式10.0.0.12 - - [19/Jun/2022:18:13:51 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" "114.101.40.170"期望统计信息
--------------------------------------------
| ip地址 |访问次数|访问url|访问次数|
--------------------------------------------
| 60.211.218.78| 1248| /| 1248|
| 222.217.125.153| 2448| /| 2448|
准备工作
获取ip地址
[root@localhost ~]# awk -F '("| )' 'NR==404 {print $(NF-1)}' /var/log/nginx/access.log
114.101.40.170获取访问页面
[root@localhost ~]# awk -F '("| )' 'NR==404 {print $(NF-13)}' /var/log/nginx/access.log
/170/
输出统计信息
[root@localhost ~]# awk -F '("| )' 'BEGIN{printf "--------------------------------------------\n|%-14s|%-4s|%-4s|%-4s|\n--------------------------------------------\n"," ip地址","访问次数","访问url","访问次数"}{a[$(NF-1)][$(NF-13)]++}END{# 遍历数组,统计每个ip的访问总数for(ip in a){for(uri in a[ip]){b[ip] += a[ip][uri]}}# 再次遍历for(ip in a){for(uri in a[ip]){printf "|%16s|%8d|%7s|%8d|\n", ip, b[ip], uri, a[ip][uri]}}printf "--------------------------------------------\n"}
' /var/log/nginx/access.log--------------------------------------------
| ip地址 |访问次数|访问url|访问次数|
--------------------------------------------
| 60.211.218.78| 1248| /| 1248|
| 222.217.125.153| 2448| /| 2448|
| 124.205.143.213| 3408| /| 3408|
| 14.115.106.222| 3330| /| 3330|
| 14.155.112.17| 272| /| 272|
--------------------------------------------
小结