#!/bin/bash
if [ ! -f /var/tmp/denyip ]; then
touch /var/tmp/denyip
fi
for deny in $(cat /var/log/rinetd.log | awk '{print $2}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 200 | awk '{print $2}')
do
grep -q $deny /var/tmp/denyip
if [ $? -eq 1 ] ; then
echo $deny >> /var/tmp/denyip
iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP
fi
done
第二版脚本
#!/bin/bash
DPORT=443
TOP=30
ACCCESS_LOG=/var/log/rinetd.log
#TIMEPOINT='24/May/2012'
TIMEPOINT=$(date '+%d/%b/%Y:%H')
BLACKLIST=/var/tmp/black
WHITELIST=/var/tmp/white
if [ ! -f ${BLACKLIST} ]; then
touch ${BLACKLIST}
fi
if [ ! -f ${WHITELIST} ]; then
touch ${WHITELIST}
fi
for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $2}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n $TOP | awk '{print $2}')
do
if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then
echo 'Allow IP:' $deny
iptables -D INPUT -p tcp --dport $DPORT -s $deny -j DROP
continue
fi
if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then
echo 'Deny IP:' $deny
echo $deny >> ${BLACKLIST}
iptables -I INPUT -p tcp --dport $DPORT -s $deny -j DROP
fi
done
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
