java 防止ip 暴力攻击_写了一个简单的防止IP攻击的脚本

写了一个简单的防止IP攻击的脚本

由于工作需要我就自己写了一个简单的防止IP攻击的脚本,可以防止linux虚拟主机一些小方面的IP攻击

系统是基于RHEL的centos,包括3,4,5三个版本,当然自己也初学shell,中间肯定用了很多笨的办法,效果也不一定怎么样,请大家给点意见

注意:这个脚本是根据apache服务器的server-status和系统的dmesg分析结果进行防范的,所以非apache用户和没有开启server-status的朋友没法使用

可以在服务器的crontab里设定每一分钟运行一次脚本,

复制下面的脚本到autoblock.sh,

root用户下# chmod u+x autoblock.sh

#!/bin/bash

# author hao32

# basic setting

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# find  server-status  name

ss_name="/usr/local/autoblock"

if [ -e $ss_name/ss_name ];then

ss_n=`cat $ss_name/ss_name`

else

mkdir /usr/local/autoblock >/dev/null 2>&1

cat `locate httpd.conf|grep -E "httpd/conf/httpd.conf$|apache_ssl/conf/httpd.conf$"`\

|grep "n /server-status"|cut -d/ -f2|cut -d\> -f1 > $ss_name/ss_name

ss_n=`cat $ss_name/ss_name`

fi

# block setting

#设定排除的IP地址

ip_exclude="192.168.1.*|60.195.249.*|222.76.212.*|218.241.156.*|58.215.87.*|218.107.216.110"

ip_amou=25

ss_url="http://127.0.0.1/$ss_n?notable"

ss_tmp="/tmp/server-status"

poss_ip="/tmp/poss_ip"

real_ip="/tmp/real_ip"

# block start...

if [ -e "$poss_ip" ];then

echo "" > $poss_ip

fi

if [ -e "$real_ip" ];then

echo "" > $real_ip

fi

# analysedemsg

dmesg |grep "short"|awk '{if($4!="From"){print $4} else {print $5}}'|awk -F: '{print $1}'|sort|uniq>$poss_ip

wget -q -O "$ss_tmp" "$ss_url"

grep "" $ss_tmp|grep -vE $ip_exclude|awk '{print $1}'|sed 's///g'|sort|uniq -c\

|awk '{if($1>'$ip_amou') print $2}'>>$poss_ip

#iptables -nvL|grep "DROP  "|awk '{print $8}'|sort|uniq|sed 's/0\/24/*/g'>$rule_ip

rule_ip=`iptables -nvL|grep "DROP  "|awk '{print $8}'|sort|uniq|sed 's/0\/24/*/g'|xargs|sed 's/\ /|/g'`

if [ -z $rule_ip ];then

for i in `cat $poss_ip`

do

/sbin/iptables -I INPUT -p all -s $i -j DROP

done

else

cat $poss_ip|grep -vE "$rule_ip" > $real_ip

for i in `cat $real_ip`

do

/sbin/iptables -I INPUT -p all -s $i -j DROP

done

fi