1. #!/bin/bash  

  3. ACCCESS_LOG=/tmp/access.log  

  4. TIMEPOINT='24/May/2012'

  5. BLACKLIST=/var/tmp/black  

  6. WHITELIST=/var/tmp/white  

  7. if [ ! -f ${BLACKLIST} ]; then  

  8.    touch ${BLACKLIST}  

  9. fi  

  11. if [ ! -f ${WHITELIST} ]; then  

  12.    touch ${WHITELIST}  

  13. fi  

  15. for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $1}' | awk -F'.''{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 30| awk '{print $2}')  

  16. do

  18. if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then  

  19. echo'Allow IP:'$deny

  20.    iptables -D INPUT -p tcp --dport 443 -s $deny -j DROP  

  21.    iptables -D INPUT -p tcp --dport 80 -s $deny -j DROP  

  22. continue

  23.    fi  

  25. if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then  

  27. echo'Deny IP:'$deny

  28. echo$deny >> ${BLACKLIST}  

  29.        iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP  

  30.        iptables -I INPUT -p tcp --dport 80 -s $deny -j DROP  

  31.    fi  

  32. done