文章内容
一、nginx日志按天切割
01 02 03 04 05 06 07 08 09 10 11 12 | #!/bin/bashLOG_DIR=/usr/local/nginx/logsYESTERDAY_TIME=$(date -d "yesterday" +%F)LOG_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m")LOG_FILE_LIST="default.access.log"for LOG_FILE in $LOG_FILE_LIST; do [ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR mv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME}donekill -USR1 $(cat /var/run/nginx.pid) |
二、nginx acc日志分析
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 | #!/bin/bash# 日志格式: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"LOG_FILE=$1echo "统计访问最多的10个IP"awk '{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr |head -10echo "----------------------"echo "统计时间段访问最多的IP"awk '$4>="[01/Dec/2018:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}' $LOG_FILE |sort -k2 -nr|head -10echo "----------------------"echo "统计访问最多的10个页面"awk '{a[$7]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}' $LOG_FILE |sort -k2 -nrecho "----------------------"echo "统计访问页面状态码数量"awk '{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}' |
三、服务器初始化
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | #/bin/bash# 设置时区并同步时间ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtimeif ! crontab -l |grep ntpdate &>/dev/null ; then (echo "* 1 * * * ntpdate time.windows.com >/dev/null 2>&1";crontab -l) |crontabfi# 禁用selinuxsed -i '/SELINUX/{s/permissive/disabled/}' /etc/selinux/config# 关闭防火墙if egrep "7.[0-9]" /etc/redhat-release &>/dev/null; then systemctl stop firewalld systemctl disable firewalldelif egrep "6.[0-9]" /etc/redhat-release &>/dev/null; then service iptables stop chkconfig iptables offfi# 历史命令显示操作时间if ! grep HISTTIMEFORMAT /etc/bashrc; then echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/bashrcfi# SSH超时时间if ! grep "TMOUT=600" /etc/profile &>/dev/null; then echo "export TMOUT=600" >> /etc/profilefi# 禁止root远程登录sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config# 禁止定时任务向发送邮件sed -i 's/^MAILTO=root/MAILTO=""/' /etc/crontab# 设置最大打开文件数if ! grep "* soft nofile 65535" /etc/security/limits.conf &>/dev/null; then cat >> /etc/security/limits.conf << EOF * soft nofile 65535 * hard nofile 65535EOFfi# 系统内核优化cat >> /etc/sysctl.conf << EOFnet.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_tw_buckets = 20480net.ipv4.tcp_max_syn_backlog = 20480net.core.netdev_max_backlog = 262144net.ipv4.tcp_fin_timeout = 20EOF# 减少SWAP使用echo "0" > /proc/sys/vm/swappiness# 安装系统性能分析工具及其他yum install gcc make autoconf vim sysstat net-tools iostat if |
四、查看网卡实时流量
01 02 03 04 05 06 07 08 09 10 11 12 13 14 | #!/bin/bashNIC=$1echo -e " In ------ Out"while true; do OLD_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev) OLD_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev) sleep 1 NEW_IN=$(awk '$0~"'$NIC'"{print $2}' /proc/net/dev) NEW_OUT=$(awk '$0~"'$NIC'"{print $10}' /proc/net/dev) IN=$(printf "%.1f%s" "$((($NEW_IN-$OLD_IN)/1024))" "KB/s") OUT=$(printf "%.1f%s" "$((($NEW_OUT-$OLD_OUT)/1024))" "KB/s") echo "$IN $OUT" sleep 1done |
五、mysql备份
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 | #!/bin/bashDATE=$(date +%F_%H-%M-%S)HOST=localhostUSER=backupPASS=passwdBACKUP_DIR=/data/db_backupDB_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "show databases;" 2>/dev/null |egrep -v "Database|information_schema|mysql|performance_schema|sys")for DB in $DB_LIST; do BACKUP_DB_DIR=$BACKUP_DIR/${DB}_${DATE} [ ! -d $BACKUP_DB_DIR ] && mkdir -p $BACKUP_DB_DIR &>/dev/null TABLE_LIST=$(mysql -h$HOST -u$USER -p$PASS -s -e "use $DB;show tables;" 2>/dev/null) for TABLE in $TABLE_LIST; do BACKUP_NAME=$BACKUP_DB_DIR/${TABLE}.sql if ! mysqldump -h$HOST -u$USER -p$PASS $DB $TABLE > $BACKUP_NAME 2>/dev/null; then echo "$BACKUP_NAME 备份失败!" fi donedone |
六、监控服务器磁盘利用率
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 | #!/bin/bashHOST_INFO=host.info #主机列表,实现采集多台主机信息,需要能够ssh到目标主机for IP in $(awk '/^[^#]/{print $1}' $HOST_INFO); do USER=$(awk -v ip=$IP 'ip==$1{print $2}' $HOST_INFO) PORT=$(awk -v ip=$IP 'ip==$1{print $3}' $HOST_INFO) TMP_FILE=/tmp/disk.tmp ssh -p $PORT $USER@$IP 'df -h' > $TMP_FILE USE_RATE_LIST=$(awk 'BEGIN{OFS="="}/^/dev/{print $NF,int($5)}' $TMP_FILE) for USE_RATE in $USE_RATE_LIST; do PART_NAME=${USE_RATE%=*} USE_RATE=${USE_RATE#*=} if [ $USE_RATE -ge 80 ]; then echo "Warning: $PART_NAME Partition usage $USE_RATE%!" fi donedone |
七、封禁大量恶意访问的IP
01 02 03 04 05 06 07 08 09 10 | #!/bin/bashDATE=$(date +%d/%b/%Y:%H:%M)LOG_FILE=/usr/local/nginx/logs/access.logABNORMAL_IP=$(tail -n10000 $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>10)print i}')for IP in $ABNORMAL_IP; do if [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; then iptables -I INPUT -s $IP -j DROP echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log fidone |
八、统计进程数,找出并kill僵尸进程
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 | #!/bin/ bashALL_PROCESS=$(1s /proc/ l egrep "[O-9]+')running_count=0stoped_count=0s1eeping_count=0zombie_count=Ofor pid in ${ALL_PROCESS[*]}dotest -f /proc/$pid/status && state=$(egrep "state"/proc/$pid/status / awk'{print $2}')case ""$state" inR)running_count=$ ((running_count+1));T)stoped_count=$((stoped_count+1));;s)sleeping_count=$((sleeping_count+1));z)zombie_count=$( (zombie_count+1))echo "$pid" >>zombie.txtki17 -9 "$pid";;esacdoneecho -e "total:$((running_count+stoped_count+sleeping_count+zombie_count))nrunning:$running_countnstoped: $stoped_countnsleeping: $sleeping_countnzombie:$zombie_count" |