互联网就像大象和滞销商品甩卖的结合体:它永远不会忘记,而且总是垃圾。 --Nemo |
Linux 系统拥有相当多的工具,可以访问、操作和排除网络连接的故障。 我们可以将其中一些工具整合到脚本中 -- 这些脚本可以扩展我们对网络的了解,以及有助于网络管理的实用脚本。
示例 30-1. 打印服务器环境
#!/bin/bash
# test-cgi.sh
# by Michael Zick
# Used with permission
# May have to change the location for your site.
# (At the ISP's servers, Bash may not be in the usual place.)
# Other places: /usr/bin or /usr/local/bin
# Might even try it without any path in sha-bang.
# Disable filename globbing.
set -f
# Header tells browser what to expect.
echo Content-type: text/plain
echo
echo CGI/1.0 test script report:
echo
echo environment settings:
set
echo
echo whereis bash?
whereis bash
echo
echo who are we?
echo ${BASH_VERSINFO[*]}
echo
echo argc is $#. argv is "$*".
echo
# CGI/1.0 expected environment variables.
echo SERVER_SOFTWARE = $SERVER_SOFTWARE
echo SERVER_NAME = $SERVER_NAME
echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE
echo SERVER_PROTOCOL = $SERVER_PROTOCOL
echo SERVER_PORT = $SERVER_PORT
echo REQUEST_METHOD = $REQUEST_METHOD
echo HTTP_ACCEPT = "$HTTP_ACCEPT"
echo PATH_INFO = "$PATH_INFO"
echo PATH_TRANSLATED = "$PATH_TRANSLATED"
echo SCRIPT_NAME = "$SCRIPT_NAME"
echo QUERY_STRING = "$QUERY_STRING"
echo REMOTE_HOST = $REMOTE_HOST
echo REMOTE_ADDR = $REMOTE_ADDR
echo REMOTE_USER = $REMOTE_USER
echo AUTH_TYPE = $AUTH_TYPE
echo CONTENT_TYPE = $CONTENT_TYPE
echo CONTENT_LENGTH = $CONTENT_LENGTH
exit 0
# Here document to give short instructions.
:<<-'_test_CGI_'
1) Drop this in your http://domain.name/cgi-bin directory.
2) Then, open http://domain.name/cgi-bin/test-cgi.sh.
_test_CGI_ |
出于安全目的,识别计算机正在访问的 IP 地址可能很有用。
示例 30-2. IP 地址
#!/bin/bash
# ip-addresses.sh
# List the IP addresses your computer is connected to.
# Inspired by Greg Bledsoe's ddos.sh script,
# Linux Journal, 09 March 2011.
# URL:
# https://linuxjournal.cn/content/back-dead-simple-bash-complex-ddos
# Greg licensed his script under the GPL2,
#+ and as a derivative, this script is likewise GPL2.
connection_type=TCP # Also try UDP.
field=2 # Which field of the output we're interested in.
no_match=LISTEN # Filter out records containing this. Why?
lsof_args=-ni # -i lists Internet-associated files.
# -n preserves numerical IP addresses.
# What happens without the -n option? Try it.
router="[0-9][0-9][0-9][0-9][0-9]->"
# Delete the router info.
lsof "$lsof_args" | grep $connection_type | grep -v "$no_match" |
awk '{print $9}' | cut -d : -f $field | sort | uniq |
sed s/"^$router"//
# Bledsoe's script assigns the output of a filtered IP list,
# (similar to lines 19-22, above) to a variable.
# He checks for multiple connections to a single IP address,
# then uses:
#
# iptables -I INPUT -s $ip -p tcp -j REJECT --reject-with tcp-reset
#
# ... within a 60-second delay loop to bounce packets from DDOS attacks.
# Exercise:
# --------
# Use the 'iptables' command to extend this script
#+ to reject connection attempts from well-known spammer IP domains. |
更多网络编程示例
另请参阅系统和管理命令章节中的网络命令以及外部过滤器、程序和命令章节中的通信命令。