防Ddos***shell

DATE=`date +"%Y%m%d_%H%M%S"`
ddos_path=/tmp/ddos
email=xxxxx@qq.com
#生成ddos目录
[ -d $ddos_path ] || mkdir -p $ddos_path
[ -d $ddos_path/log ] || mkdir $ddos_path/log
[ -d $ddos_path/dat ] || mkdir $ddos_path/dat
#移动上一次创建的文件
mv $ddos_path/*.log $ddos_path/log/ 2>/dev/null
mv $ddos_path/*.dat $ddos_path/dat/ 2>/dev/null
#获取并生成服务器ip地址列表
function_get_ddosip()
{
 echo "[execute get_ddosip]">$ddos_path/$DATE.log
 echo "export $ddos_path/ip.txt files">>$ddos_path/$DATE.log
 echo "[execte]:netstat -an|grep 80|grep 'EST'|awk '{print $5}'|cut -d: -f 1|sort|uniq">>$ddos_path/$DATE.log
 netstat -an|grep 80|grep 'EST'|awk '{print $5}'|cut -d: -f 1|sort|uniq -c>$ddos_path/ip.txt
 if [ -e ${ddos_path}/ip.txt ];then
         echo "${ddos_path}/ip.txt create success!">>$ddos_path/$DATE.log
         sleep 1
    else
         echo "${ddos_path}/ip.txt create incorrect!">>$ddos_path/$DATE.log
         exit 0
         fi
}
function_get_ddosip
#判断系统是否遭受DDOS***
ip_status=`/bin/cat $ddos_path/ip.txt |wc -l`
if [ ${ip_status} -eq 0 ];then
      echo "no ddos attack!">>$ddos_path/$DATE.log
      echo "do not excute change_ipdata">>$ddos_path/$DATE.log
      exit 0;
fi
#重新生成ip地址列表文件
function_change_ipdata()
{
 echo "[execute change_ipdata]">>$ddos_path/$DATE.log
 echo "change from $ddos_path/ip.txt TO $ddos_path/$DATE.dat">>$ddos_path/$DATE.log
 echo "[execte]:bin/cat $ddos_path/ip.txt">>$ddos_path/$DATE.log
 /bin/cat $ddos_path/ip.txt | awk '{if( $1 >= 100 ) {print $1,$2}}'>$ddos_path/ip.tmp
 /bin/cat $ddos_path/ip.tmp| awk '{ now=strftime( "%y%m%d %T", systime() ); print now "   |   "$1"    |    "$2 }'>$ddos_path/$DATE.dat
if [ -e ${ddos_path}/$DATE.dat ];then
        echo "${ddos_path}/$DATE.dat change success!">>$ddos_path/$DATE.log
        sleep 1
    else
        echo "${ddos_path}/$DATE.dat change incorrect!">>$ddos_path/$DATE.log
        exit 0
       fi
}
#sendmail邮件发送
function_mail_send()
{
 #sed -i '1 i\Warning! The server has a DDOS attack' $ddos_path/$DATE.dat
 mail -s "DDos Wroning" $email <$ddos_path/$DATE.dat
}
#muu邮件发送
function_mutt_send()
{
 /usr/local/mutt/bin/mutt -s "DDOS REPORT" -c $email <$ddos_path/$DATE.dat
}
function_change_ipdata
#过滤DDOS***源地址
function_iptables_rule()
{
 echo "[execute iptables_rule]">>$ddos_path/$DATE.log
 echo "get $ddos_path/$DATE.dat files data">>$ddos_path/$DATE.log
 for i in `/bin/cat $ddos_path/$DATE.dat|awk '{print $6}'`
   do
       echo iptables -A INPUT -p tcp -s ${i} -j DROP >>$ddos_path/$DATE.log
      /sbin/iptables -A INPUT -p tcp -s ${i} -j DROP
      sleep 1
#执行邮件发送
# function_mail_send
      function_mutt_send
  done
}
function_iptables_rule

转载于:https://blog.51cto.com/linuxinfo/1226134