#!/bin/bash
# ==========拉黑ip==========
# iptables -I INPUT -s 192.168.100.1 -j DROP
# ==========拉黑端口==========
# iptables -A INPUT -p tcp --dport 3306 -j DROP
# ==========全部清除==========
# iptables -F
# ==========指定行数清除==========
# iptables -nL --line
# iptables -D INPUT 1 #清除第一行
#
# 允许127访问3306
# iptables -A INPUT -s 127.0.0.1 -p tcp --dport 3306 -j ACCEPT
# 禁止其他ip访问3306
# iptables -A INPUT -p tcp --dport 3306 -j DROP
mysql_port='15731'
mysql_logfile='/var/log/mysqld.log'
if [[ ! -f ${mysql_logfile} ]];
then
exit 1
fi
attacked_ip=`/usr/bin/tail -100 ${mysql_logfile} | /usr/bin/grep -i "Access denied" | /usr/bin/grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}" | /usr/bin/awk '{array[$1]++}END{for(i in array) if(array[i]>5)print i}'`
# attacked_url=`/usr/bin/tail -100 ${mysql_logfile} | /usr/bin/grep -i "Access denied" | /usr/bin/grep -Ev "([0-9]{1,3}\.){3}[0-9]{1,3}|localhost" | /usr/bin/awk -F"[@']+" '{print $(NF-1)}' | /usr/bin/awk '{array[$1]++}END{for(i in array) print i}'`
if [[ -z ${attacked_ip} && -z ${attacked_url} ]];
then
exit 0
fi
for ip_addrs in `echo ${attacked_ip}`
do
/usr/sbin/iptables -nL | /usr/bin/grep -w $ip_addrs &>/dev/null
if [[ $? -ne 0 ]]; then
/usr/sbin/iptables -A INPUT -s ${ip_addrs} -p tcp --dport ${mysql_port} -j DROP &>/dev/null &
fi
done
# for url_addrs in `echo ${attacked_url}`
# do
# iptables -nL | /usr/bin/grep $url_addrs &>/dev/null
# if [[ $? -ne 0 ]]; then
# iptables -A INPUT -s ${url_addrs} -p tcp --dport ${mysql_port} -j DROP &>/dev/null &
# fi
# done
Linux防mysql端口被暴力破解的shell脚本
最新推荐文章于 2024-04-10 23:18:26 发布