- 封锁IP威胁等级为1的情况下
import os import re import time def read(): files = open('/var/log/suricata/fast.log') #控制指针 file=('/var/log/suricata/fast.log') #阅读 count=files.seek(0,2) #指针直接到最后 agex = r"Priority:\s\d" #获取等级正则 pcre = r"(?<=\s)\d+.\d+.\d+.\d+" #获取IP正则 my = ('127.0.0.1','192.168.18.141') #白名单IP # print(count) while True: with open(file, mode='r', encoding='utf8') as f: # print(f.read()) if count != 0: # print(count) f.seek(count,0) #移动指针到count位置 book = f.readline().strip() # print(book) level=re.findall(agex,book) for leve in level: if '1' in leve: #等级为1 read=re.findall(pcre,book) # print(read) for r in read: if r not in my: # print(r) fire_walld(r) def fire_walld(i): print(i) cmd = f"firewall-cmd --add-rich-rule='rule family=ipv4 source address={i} reject' --timeout=30" res = os.popen(cmd).read() if 'success' in res: print(f'已经将{i}封禁30s') read() else: print('失败') exit() if __name__ == "__main__": read()
04-21
386
![](https://csdnimg.cn/release/blogv2/dist/pc/img/readCountWhite.png)
01-25
1472
![](https://csdnimg.cn/release/blogv2/dist/pc/img/readCountWhite.png)
12-21
6401
![](https://csdnimg.cn/release/blogv2/dist/pc/img/readCountWhite.png)
04-13
2797
![](https://csdnimg.cn/release/blogv2/dist/pc/img/readCountWhite.png)