Linux服务器管理Shell命令
2012-06-09 13:36:26 来源:WEB开发网核心提示:# cat access.log |awk ‘{sum+=$10} END {print sum/1024/1024/1024}’11.统计404的连接# awk ‘($9 ~/404/)’ access.log | awk ‘{print $9,$7}&rs
# cat access.log |awk ‘{sum+=$10} END {print sum/1024/1024/1024}’
11.统计404的连接
# awk ‘($9 ~/404/)’ access.log | awk ‘{print $9,$7}’ | sort
12. 统计http status.
# cat access.log |awk ‘{counts[$(9)]+=1}; END {for(code in counts) print code, counts[code]}'
# cat access.log |awk '{print $9}'|sort|uniq -c|sort -rn
13.查找挂马内容进行批量清除
# find /webbase/ -type f -exec grep 'www.800816.com.cn' -l {} \;
# sed -i "s/body{.*www.800816.com.cn.*}//g" `grep www.800816.com.cn -rl ./`
14.批量转换GBK为UTF-8文件编码
# find default -type d -exec mkdir -p utf/{} \;
# find default -type f -exec iconv -f GBK -t UTF-8 {} -o utf/{} \;
15.find查找文件的时候怎么避开多个文件目录
# find /usr/sam \(-path /usr/sam/dir1 -o -path /usr/sam/file1 \) -prune -o -name "*.txt" -print
16.查看tcp的并发请求数及其TCP连接状态:
# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
# netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
# netstat -n | awk '/^tcp/ {++state[$NF]}; END {for(key in state) print key,"\t",state[key]}'
# netstat -n | awk '/^tcp/ {++arr[$NF]};END {for(k in arr) print k,"\t",arr[k]}'
# netstat -n |awk '/^tcp/ {print $NF}'|sort|uniq -c|sort -rn
# netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
17.查找请求数前20的IP(常用于查找攻来源)
# netstat -anlp|grep 80|grep tcp|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -n20
# netstat -ant |awk '/:80/{split($5,ip,":");++A[ip[1]]}END{for(i in A) print A[i],i}' |sort -rn|head -n10
18.查看有多少个活动的php-cgi进程
# netstat -anp | grep php-cgi | grep ^tcp | wc -l
19.查找较多time_wait连接
# netstat -n|grep TIME_WAIT|awk '{print $5}'|sort|uniq -c|sort -rn|head -n20
20.找查较多的SYN连接
# netstat -an | grep SYN | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | more
21.根据端口列进程
# netstat -ntlp | grep 80 | awk '{print $7}' | cut -d/ -f1
22.抓包用来防止80端口被人攻击时可以分析数据
# tcpdump -c 10000 -i eth0 -n dst port 80 > /root/pkts
23.用tcpdump嗅探80端口的访问看看谁最高
# tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr |head -20
24.查看是哪些蜘蛛在抓取内容。
# /usr/sbin/tcpdump -i eth0 -l -s 0 -w - dst port 80 | strings | grep -i user-agent | grep -i -E 'bot|crawler|slurp|spider'
25.按域统计流量
# zcat squid_access.log.tar.gz| awk '{print $10,$7}' |awk 'BEGIN{FS="[ /]"}{trfc[$4]+=$1}END{for(domain in trfc){printf "%s\t%d\n",domain,trfc[domain]}}'
11.统计404的连接
# awk ‘($9 ~/404/)’ access.log | awk ‘{print $9,$7}’ | sort
12. 统计http status.
# cat access.log |awk ‘{counts[$(9)]+=1}; END {for(code in counts) print code, counts[code]}'
# cat access.log |awk '{print $9}'|sort|uniq -c|sort -rn
13.查找挂马内容进行批量清除
# find /webbase/ -type f -exec grep 'www.800816.com.cn' -l {} \;
# sed -i "s/body{.*www.800816.com.cn.*}//g" `grep www.800816.com.cn -rl ./`
14.批量转换GBK为UTF-8文件编码
# find default -type d -exec mkdir -p utf/{} \;
# find default -type f -exec iconv -f GBK -t UTF-8 {} -o utf/{} \;
15.find查找文件的时候怎么避开多个文件目录
# find /usr/sam \(-path /usr/sam/dir1 -o -path /usr/sam/file1 \) -prune -o -name "*.txt" -print
16.查看tcp的并发请求数及其TCP连接状态:
# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
# netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
# netstat -n | awk '/^tcp/ {++state[$NF]}; END {for(key in state) print key,"\t",state[key]}'
# netstat -n | awk '/^tcp/ {++arr[$NF]};END {for(k in arr) print k,"\t",arr[k]}'
# netstat -n |awk '/^tcp/ {print $NF}'|sort|uniq -c|sort -rn
# netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
17.查找请求数前20的IP(常用于查找攻来源)
# netstat -anlp|grep 80|grep tcp|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -n20
# netstat -ant |awk '/:80/{split($5,ip,":");++A[ip[1]]}END{for(i in A) print A[i],i}' |sort -rn|head -n10
18.查看有多少个活动的php-cgi进程
# netstat -anp | grep php-cgi | grep ^tcp | wc -l
19.查找较多time_wait连接
# netstat -n|grep TIME_WAIT|awk '{print $5}'|sort|uniq -c|sort -rn|head -n20
20.找查较多的SYN连接
# netstat -an | grep SYN | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | more
21.根据端口列进程
# netstat -ntlp | grep 80 | awk '{print $7}' | cut -d/ -f1
22.抓包用来防止80端口被人攻击时可以分析数据
# tcpdump -c 10000 -i eth0 -n dst port 80 > /root/pkts
23.用tcpdump嗅探80端口的访问看看谁最高
# tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr |head -20
24.查看是哪些蜘蛛在抓取内容。
# /usr/sbin/tcpdump -i eth0 -l -s 0 -w - dst port 80 | strings | grep -i user-agent | grep -i -E 'bot|crawler|slurp|spider'
25.按域统计流量
# zcat squid_access.log.tar.gz| awk '{print $10,$7}' |awk 'BEGIN{FS="[ /]"}{trfc[$4]+=$1}END{for(domain in trfc){printf "%s\t%d\n",domain,trfc[domain]}}'
更多精彩
赞助商链接