My Server Monitor: 监控服务器LAN联通性、WAN联通性,CPU、内存空闲率,自动添加攻击者IP到防火墙黑名单。
Imports System.Data.SqlClient
Imports System.Net
Imports System.Diagnostics
Structure cState
Dim cpu As Single
Dim mem As Single
Dim lanAcc As String
Dim wanAcc As String
Dim utime As Date
End Structure
Structure Attacker
Dim IP As String
Dim AttackCounts As Integer
End Structure
Module Module1
Dim svrState(1) As cState, AttackerColl() As Attacker, ReadTime As Date = Now, ipHashTable As New Hashtable
Dim pfmCPU As New PerformanceCounter("Processor", "% Processor Time", "_Total", True)
Dim pfmMem As New PerformanceCounter("Memory", "Available Kbytes")
Dim aPing As New System.Net.NetworkInformation.Ping, timeSL As Integer = 30
Sub Main()
Console.Title = "Server Monitor - Running"
Console.WindowWidth = 90
Console.BufferWidth = 90
Console.ForegroundColor = ConsoleColor.Green
InitEventLog()
Dim conn As New SqlConnection("Data Source=localhost;Initial Catalog=**DB;Integrated Security=True")
Dim cmdsel As New SqlCommand
conn.Open()
cmdsel.Connection = conn
pfmCPU.NextValue()
Threading.Thread.Sleep(1000)
GetNewState()
For i As Integer = 0 To 1 Step 0
If Now.Second Mod timeSL = 0 Then
Threading.Thread.Sleep(1000)
GetEvents(ReadTime)
With svrState(1)
.cpu = svrState(0).cpu
.mem = svrState(0).mem
.lanAcc = svrState(0).lanAcc
.utime = svrState(0).utime
End With
With svrState(0)
GetNewState()
Console.Write(Format(Now, "yyyy-MM-dd HH:mm:ss>\[CPU IDLE]") & vbTab & .cpu & "%" & vbTab & vbTab &
"[MEM FREE] " & .mem & "MB" &
vbCrLf & Space(20) & "[LAN State]" & vbTab & .lanAcc & vbTab & vbTab &
"[WAN State] " & .wanAcc & vbCrLf & vbCrLf)
Console.Title = "Server Monitor - Running(" & Format(Now, "yyyy-MM-dd HH:mm:ss") & ")"
cmdsel.CommandText = "insert into ServerStatus values('" & Format(Now, "yyyy-MM-dd HH:mm:ss") &
"','" & .cpu & "','" & .mem & "','" & .lanAcc & "','" & .wanAcc & "')"
cmdsel.ExecuteNonQuery()
If .lanAcc = svrState(1).lanAcc And .lanAcc.ToLower <> "success" Then timeSL = 30 Else timeSL = 60
End With
End If
Next
End Sub
Sub GetNewState()
With svrState(0)
.cpu = Format(100 - pfmCPU.NextValue, ".##")
.mem = Format(pfmMem.NextValue / 1024, ".##")
Try
.lanAcc = aPing.Send("172.29.2.254").Status.ToString
Catch ex As Exception
.lanAcc = "Failed"
End Try
Try
.wanAcc = aPing.Send("www.baidu.com").Status.ToString
Catch ex As Exception
.wanAcc = "Failed"
End Try
.utime = Now
End With
End Sub
Sub InitEventLog()
'Build Blacklist
Console.WriteLine("<Init Blacklist>")
ReDim AttackerColl(0)
With AttackerColl(0)
.IP = "HOLDER"
.AttackCounts = 0
End With
GetEvents(Now.Date.AddDays(-1))
Console.WriteLine("</Init Blacklist>" & vbCrLf)
End Sub
Sub GetEvents(ByVal fromWhen As Date)
Dim ComputerLogs() As Diagnostics.EventLog = EventLog.GetEventLogs
For Each aLog As Diagnostics.EventLog In ComputerLogs
If aLog.Log = "Security" Then
Dim cnt As Integer = aLog.Entries.Count, idx As Integer = UBound(AttackerColl)
For Each itm As EventLogEntry In aLog.Entries
If itm.InstanceId = 4625 And itm.TimeGenerated > fromWhen Then
Dim ipadd As String = itm.ReplacementStrings(19)
If ipadd <> "-" Then
If Not ipHashTable.ContainsKey(ipadd) Then
idx += 1
ipHashTable.Add(ipadd, idx)
ReDim Preserve AttackerColl(idx)
With AttackerColl(idx)
.AttackCounts = 1
.IP = ipadd
End With
Else
With AttackerColl(ipHashTable(ipadd))
.AttackCounts += 1
If .AttackCounts > 6 Then AddBlackList(ipadd)
End With
End If
Console.WriteLine("<" & Format(itm.TimeGenerated, "yyyy-MM-dd HH:mm:ss") &
">Attacker '" & itm.ReplacementStrings(5) & "' from " & ipadd &
" for " & AttackerColl(ipHashTable(ipadd)).AttackCounts & " time(s)")
End If
End If
Next
ReadTime = Now
Exit For
End If
Next
End Sub
Sub AddBlackList(ByVal iplist As String)
Dim plcObj As NetFwTypeLib.INetFwPolicy2 = CreateObject("HNetCfg.FwPolicy2"), rule As NetFwTypeLib.INetFwRule
Dim CurrentProfiles As Integer = plcObj.CurrentProfileTypes()
For Each rule In plcObj.Rules
If rule.Profiles And CurrentProfiles Then
If rule.Name = "DENY_LOGIN_ATTEMPT" Then
If InStr(rule.RemoteAddresses, iplist) = 0 Then
rule.RemoteAddresses &= "," & iplist
Console.WriteLine("Address " & iplist & " blocked")
End If
Exit For
End If
End If
Next
End Sub
End Module