模拟解决DOS攻击的shell脚本

方法1：

  #!/bin/sh

  While true

    do

     awk ‘{print $1}’.access.log|grep –v “^$”|sort|uniq –c >/tmp/access.log

     #netstat –an|grep EST|awk –F ‘[ :]+’ ‘{print $6}’|sort|uniq –c >/tmp/access.log 判断网络连接数

     exec </tmp/access.log

     while read line

     do

      ip=`echo $line|awk ‘{print $2}’`

      count=`echo $line|awk ‘{print $1}’

                 if [$count –gt 100 ] && [ `iptables –L -n|grep “$ip”|wc –l` -lt 1 ]

                 then

                  iptables –A INPUT –s  $ip -j DROP

                 echo “$line is dropped” >>/tmp/droplist.log

                 fi

      done

      sleep 180

    done

 

方法2：

#!/bin/sh

if [ $# -ne 1 ];then

  echo "USAGE:$0 ARG"

  exit

fi

ipt(){

awk '{print $1}' $1 |sort|uniq -c|sort -rn -k1 >/tmp/access.log

exec </tmp/access.log

while read line

do

  ip=`echo $line|awk '{print $2}'`

  count=`echo $line|awk '{print $1}'`

  if [ "$count" -gt 100 -a `iptables -L -n|grep "$ip"|wc -l` -lt 1 ];then

        iptables -I INPUT -s "$ip" -j DROP

        echo "$ip" >>/tmp/ip_$(date +%F).log

  fi

done

}

del(){

  touch /tmp/ip_$(date +%F -d '-1day').log

  exec </tmp/ip_$(date +%F -d '-1day').log

  while read line

  do

   if [ `iptables -L -n|grep "$line"|wc -l` -le 1 ];then

    iptables -D INPUT -s $line -j DROP

  fi

  done

}

main(){

while true

do

  ipt $1

  sleep 5

  del

done

}

main $*

 

转载于:https://www.cnblogs.com/liuhui-xzz/p/9484329.html