版权声明
转载请与作者联系,转载时请务必标明文章原始出处和作者信息及本声明。
|
|
|
微信扫描二维码进入 Netkiller 微信订阅号 QQ群:128659835 请注明“读者” |
.
分析access.log 文件,将 top 30 的IP放入黑名单.
脚本具有黑白名单功能
#!/bin/bash ACCCESS_LOG=/tmp/access.log TIMEPOINT='24/May/2012' BLACKLIST=/var/tmp/black WHITELIST=/var/tmp/white if [ ! -f ${BLACKLIST} ]; then touch ${BLACKLIST} fi if [ ! -f ${WHITELIST} ]; then touch ${WHITELIST} fi for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $1}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 30| awk '{print $2}') do if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then echo 'Allow IP:' $deny iptables -D INPUT -p tcp --dport 443 -s $deny -j DROP iptables -D INPUT -p tcp --dport 80 -s $deny -j DROP continue fi if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then echo 'Deny IP:' $deny echo $deny >> ${BLACKLIST} iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP iptables -I INPUT -p tcp --dport 80 -s $deny -j DROP fi done