一、分析日志IP把可疑ip加入防火墙脚本
crontab -e 添加定时检查
检测
----------------------------
#!/bin/bash
#2017-11-22
#xxx
GREP_STR=`date +%Y:%H:%M -d '-1 minute'`;
GREP_URL1=/carorder/index/send_sms.html
GREP_URL2=/index/login/getMobileVerify
LOG_NAME=www.xxxxxx.access.log
WORK_DIR=/usr/local/openresty/nginx/logs
DATE=$(date +%Y-%m-%d\ %H:%M -d '-1 minute')
cd ${WORK_DIR}
grep ${GREP_STR} ${LOG_NAME} |egrep "${GREP_URL1}|${GREP_URL2}" | awk '{ print $1}' | sort | uniq -c | awk '{if ($1 > 2 ) print $1,$2}' | while read line
do
count=`echo $line | awk '{print $1}'`
ip=`echo $line | awk '{print $2}'`
flag=`firewall-cmd --list-rich-rules | grep $ip | wc -l`
if [ $flag -gt 0 ];then
echo -e "攻击ip:${ip}\t攻击次数:${count}\t时间:${DATE}\t已拦截"
continue;
fi
if [ $count -gt 30 ];then
firewall-cmd --add-rich-rule="rule family='ipv4' source address='$ip' reject"
# firewall-cmd --add-rich-rule="rule family='ipv4' source address='$ip' reject" --permanent
echo -e "攻击ip:${ip}\t攻击次数:${count}\t时间:${DATE}\t永久拦截 "
elif [ $count -gt 10 ];then
firewall-cmd --add-rich-rule="rule family='ipv4' source address='$ip' reject" --timeout=86400
echo -e "攻击ip:${ip}\t攻击次数:${count}\t时间:${DATE}\t拦截一天 "
else
firewall-cmd --add-rich-rule="rule family='ipv4' source address='$ip' reject" --timeout=7200
echo -e "攻击ip:${ip}\t攻击次数:${count}\t时间:${DATE}\t拦截一小时"
fi
# firewall-cmd --add-rich-rule="rule family='ipv4' source address='$ip' reject" --timeout=3600 >/dev/null
# echo -e "攻击ip:${ip}\t攻击次数:${count}\t时间:${GREP_STR}"
done
----------------------
添加
#!/bin/sh
while inotifywait -e modify /usr/local/openresty/nginx/logs/mobileverify.access.log; do
for i in `tail -n 3 /usr/local/openresty/nginx/logs/mobileverify.access.log | awk '{ips[$1]+=1} END{for(ip in ips) print ip}' | sort -nr`
do
echo "rule family='ipv4' source address='$i' reject"
firewall-cmd --add-rich-rule="rule family='ipv4' source address='$i' reject"
echo "end";
done
done
二、python上传日志到oss
#!/bin/bash
#auth:zyh
#date:2020-11-09
#上传昨天日志到oss
cd /data/tiger/master
nohup /usr/bin/python ./put_logs.py >nohup.out 2>&1 &
#/usr/bin/python ./put_logs.py >/dev/null
#删除昨天的日志
#dir_logs="/data/xxx/xxxx/runtime/logs_org"
#y_day="`date -d \"1 day ago\" +%Y-%m-%d`"
#delfile=$dir_logs/PHP_org_$y_day".log"
#echo $delfile
#rm -f $delfile
[root@kcwc4 conf.d]# cat /xxx/xxx/xxxx/put_logs.py
#! /usr/bin/env python
# ! -*- coding:utf8 -*-
""" aliyujn oss2 python sdk 上传静态资源!!"""
from __future__ import print_function
import shutil
import oss2
import os, sys
import datetime
# 首先初始化AccessKeyId、AccessKeySecret、Endpoint等信息。
# 通过环境变量获取,或者把诸如“<你的AccessKeyId>”替换成真实的AccessKeyId等。
#
# 以杭州区域为例,Endpoint可以是:
# http://oss-cn-xxx.aliyuncs.com
# https://oss-cn-xxxx.aliyuncs.com
# 分别以HTTP、HTTPS协议访问。
access_key_id = os.getenv('OSS_TEST_ACCESS_KEY_ID', 'xxxx')
access_key_secret = os.getenv('OSS_TEST_ACCESS_KEY_SECRET', 'xxx')
bucket_name = os.getenv('OSS_TEST_BUCKET', 'kcwc')
endpoint = os.getenv('OSS_TEST_ENDPOINT', 'oss-cn-xxxxxx-internal.aliyuncs.com')
# 确认上面的参数都填写正确了
for param in (access_key_id, access_key_secret, bucket_name, endpoint):
assert '<' not in param, '请设置参数:' + param
# 创建Bucket对象,所有Object相关的接口都可以通过Bucket对象来进行
bucket = oss2.Bucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name)
#进度条功能
def percentage(consumed_bytes, total_bytes):
if total_bytes:
rate = int(100 * (float(consumed_bytes) / float(total_bytes)))
print('\r{0}% '.format(rate), end='')
sys.stdout.flush()
# 上传一段字符串。Object名是motto.txt,内容是一段名言。
#bucket.put_object('f-car-pc/fonts/motto.txt', 'Never give up. - Jack Ma')
#bucket.put_object_from_file('f-car-pc/fonts/111/motto.txt', '/tmp/index7.html',progress_callback=percentage)
#定义根目录
local_dir = "/data/xxxxx/xxx/runtime/logs_org"
remote_dir = "orglogs"
#本地文件列表
local_files = []
# 文件归类,获取要上传的图片的本地res的所有文件的绝对路径
def getLocalFiles(local_dir):
if os.path.exists(local_dir):
for res in os.listdir(local_dir):
file_dir = local_dir + os.sep + res
if os.path.isfile(file_dir):
local_files.append(file_dir)
if os.path.isdir(file_dir):
getLocalFiles(file_dir)
#上传函数
def putFileToBucket(local_files):
now = datetime.datetime.now()
date2 = now + datetime.timedelta(days = -1)
temp_date2 = (date2.strftime("%Y-%m-%d"))
file2 = local_dir + "/PHP_org_"+str(temp_date2)+".log"
#print (file)
tempbasename=os.path.basename(file2)
remote_file_path = remote_dir + "/k4/"+tempbasename
#bucket.put_object_from_file(remote_file_path, file2)
if os.path.exists(file2):
bucket.put_object_from_file(remote_file_path, file2)
os.unlink(file2)
print (file2)
#for local_file_path in local_files:
#tempbasename=os.path.basename(local_file_path);
#remote_file_path = remote_dir + "/k2/"+tempbasename #local_file_path[(local_file_path.find('dist') + 4):]
#bucket.put_object_from_file(remote_file_path, local_file_path)
#now = datetime.datetime.now()
#date2 = now + datetime.timedelta(days = -1)
#print (date2.year)
# 删除昨天的文件
#delfile = local_dir + "/PHP_org_"+str(date2.year)+"-"+str(date2.month)+"-"+str(date2.day)+".log"
#print (delfile)
#if os.path.exists(delfile):
# os.unlink(delfile)
if __name__ == "__main__":
#生成文件列表
getLocalFiles(local_dir)
#上传文件
putFileToBucket(local_files)