1.3.8 綜合實踐
學習目標
這一節,我們從 網絡實踐、文件實踐、小結 三個方面來學習
網絡實踐
簡介
所謂的網絡實踐,主要是借助于awk的數組功能,進行站點的信息統計操作。
準備網絡環境
安裝軟件
yum install nignx -y重啟nginx
[root@localhost ~]# systemctl restart nginx.service重置網站首頁
[root@localhost /etc/nginx]# echo 'hello nginx' > /usr/share/nginx/html/index.html
[root@localhost /etc/nginx]# curl localhost
hello nginx
[root@localhost /etc/nginx]# curl localhost/nihao -I -s | head -1
HTTP/1.1 404 Not Found模擬外網訪問
[root@localhost ~]# curl http://10.0.0.12/ -s -I -H "X-Forwarded-For: 2.2.2.2" | head -1
HTTP/1.1 200 OK
[root@localhost ~]# tail -n1 /var/log/nginx/access.log
10.0.0.12 - - [19/Jun/2022:18:04:20 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" "2.2.2.2"準備ip地址文件
[root@localhost ~]# cat ip.txt
112.64.233.130
114.101.40.170
123.15.24.200
125.46.0.62
223.243.252.155
122.228.19.92
218.2.226.42
124.205.143.213
218.60.8.99
125.123.120.130
123.139.56.238
218.60.8.83
222.240.184.126
222.90.110.194
1.196.160.46
222.217.125.153
163.125.156.249
27.50.142.132
61.145.182.27
222.249.238.138
218.64.69.79
103.10.86.203
14.155.112.17
27.191.234.69
60.211.218.78
124.237.83.14
59.44.247.194
114.249.119.45
125.123.65.177
14.115.106.222
準備站點訪問測試腳本
[root@localhost /etc/nginx]# cat curl_web_site.sh
#!/bin/bash
# 功能:模擬外網訪問網站
while true
docat ip.txt | while read ipdoNUM=$(echo $ip | cut -d"." -f 4)for i in $(seq $NUM)docurl http://10.0.0.12/ -s -I -H "X-Forwarded-For: $ip" >> /dev/nullcurl http://10.0.0.12/$NUM/ -s >> /dev/nulldonesleep 1done
done
腳本測試效果
[root@localhost ~]# /bin/bash curl_web_site.sh
...
實踐1-基本信息統計
查看當前系統的鏈接狀態數量
[root@localhost ~]# ss -ant
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
ESTAB 0 0 10.0.0.12:22 10.0.0.1:60856
ESTAB 0 0 10.0.0.12:22 10.0.0.1:60857
ESTAB 0 64 10.0.0.12:22 10.0.0.1:64059
ESTAB 0 0 10.0.0.12:22 10.0.0.1:64061
LISTEN 0 32 [::]:21 [::]:*
LISTEN 0 128 [::]:22 [::]:*
統計當前主機的連接狀態信息
[root@localhost ~]# ss -tan|awk '!/State/{state[$1]++}END{for(i in state){print i,state[i]}}'
LISTEN 5
ESTAB 4
TIME-WAIT 3960
發現異常ip地址,進行杜絕惡意ip地址訪問
[root@localhost ~]# ss -nt | awk -F'[ :]+' '!/State/{ip[$(NF-2)]++}END{for(i in ip){print i,ip[i]}}' | while read line; do ip=$(echo $line | awk '{if($2>1)print $1}');[ -z "$ip" ] || echo "iptables -A INPUT -s $ip -j REJECT"; done
iptables -A INPUT -s 10.0.0.1 -j REJECT
注意:這里為了演示成功,故意將惡意ip的頻率降低了如果不小心真的添加了防火墻策略,則執行下面的命令實現功能恢復iptables -vnL INPUTiptables -D INPUT 1
實踐2-web訪問信息統計
獲取客戶端ip地址信息
[root@localhost ~]# awk -F '"' 'NR==403 {print $(NF-1)}' /var/log/nginx/access.log
114.101.40.170
統計訪問網站的地址信息
[root@localhost ~]# awk -F '"' '{ip[$(NF-1)]++}END{for(i in ip){print i,ip[i]}}' /var/log/nginx/access.log
60.211.218.78 624
222.217.125.153 1377
124.205.143.213 1917
14.115.106.222 1776
14.155.112.17 153
...
統計站點的訪問頁面信息
[root@localhost ~]# awk '{a[$7]++}END{for(v in a)print v,a[v]|"sort -k1 -nr|head -n10"}' /var/log/nginx/access.log
/nihao 3
/img/html-background.png 1
/img/header-background.png 1
/img/centos-logo.png 1
/favicon.ico 1
/99/ 396
/92/ 368
/83/ 332
/79/ 316
/78/ 312
實踐3-腳本信息統計
查看腳本內容
[root@localhost ~]# cat net.sh
#!/bin/bash
# 功能: 腳本統計主機網絡信息# TCP連接數量
TCP_Total=$(ss -s | awk '$1=="TCP"{print $2}')
# UDP連接數量
UDP_Total=$(ss -s | awk '$1=="UDP"{print $2}')
# Listen監聽狀態的TCP端口數量
Listen_Total=$(ss -antlpH | awk 'BEGIN{count=0} {count++} END{print count}')
# ESTABLlSHED狀態的TCP連接數量
Estab_Total=$(ss -antpH | awk 'BEGIN{count=0}/^ESTAB/{count++}END{print count}')
# TIME-WAIT狀態的TCP連接數量
TIME_WAIT_Total=$(ss -antpH | awk 'BEGIN{count=0}/^TIME-WAIT/{count++}END{print count}')#顯示主機連接相關信息
echo "TCP連接總數:$TCP_Total"
echo "UDP連接總數:$UDP_Total"
echo "LISTEN狀態的TCP端口數量:$Listen_Toatl"
echo "ESTAB狀態的TCP連接數量:$Estab_Toatl"
echo "TIME-WAIT狀態的TCP連接數量:$TIME_WAIT_Total"
文件實踐
簡介
所謂的文件實踐,主要是借助于awk的數組功能,實現文件的合并格式化等工作.
查看日志的樣式
默認日志格式10.0.0.12 - - [19/Jun/2022:18:13:51 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" "114.101.40.170"期望統計信息
--------------------------------------------
| ip地址 |訪問次數|訪問url|訪問次數|
--------------------------------------------
| 60.211.218.78| 1248| /| 1248|
| 222.217.125.153| 2448| /| 2448|
準備工作
獲取ip地址
[root@localhost ~]# awk -F '("| )' 'NR==404 {print $(NF-1)}' /var/log/nginx/access.log
114.101.40.170獲取訪問頁面
[root@localhost ~]# awk -F '("| )' 'NR==404 {print $(NF-13)}' /var/log/nginx/access.log
/170/
輸出統計信息
[root@localhost ~]# awk -F '("| )' 'BEGIN{printf "--------------------------------------------\n|%-14s|%-4s|%-4s|%-4s|\n--------------------------------------------\n"," ip地址","訪問次數","訪問url","訪問次數"}{a[$(NF-1)][$(NF-13)]++}END{# 遍歷數組,統計每個ip的訪問總數for(ip in a){for(uri in a[ip]){b[ip] += a[ip][uri]}}# 再次遍歷for(ip in a){for(uri in a[ip]){printf "|%16s|%8d|%7s|%8d|\n", ip, b[ip], uri, a[ip][uri]}}printf "--------------------------------------------\n"}
' /var/log/nginx/access.log--------------------------------------------
| ip地址 |訪問次數|訪問url|訪問次數|
--------------------------------------------
| 60.211.218.78| 1248| /| 1248|
| 222.217.125.153| 2448| /| 2448|
| 124.205.143.213| 3408| /| 3408|
| 14.115.106.222| 3330| /| 3330|
| 14.155.112.17| 272| /| 272|
--------------------------------------------
小結
![[LLM-Agents]淺析Agent工具使用框架:MM-ReAct](http://pic.xiahunao.cn/[LLM-Agents]淺析Agent工具使用框架:MM-ReAct)
)