將訪問web伺服器最多的IP地址,放入到iptables中
版權聲明
轉載請與作者聯繫,轉載時請務必標明文章原始出處和作者信息及本聲明。
|
|
|
微信掃瞄二維碼進入 Netkiller 微信訂閲號 QQ群:128659835 請註明“讀者” |
摘要
.
1. firewall
分析access.log 檔案,將 top 30 的IP放入黑名單.
腳本具有黑白名單功能
#!/bin/bash
ACCCESS_LOG=/tmp/access.log
TIMEPOINT='24/May/2012'
BLACKLIST=/var/tmp/black
WHITELIST=/var/tmp/white
if [ ! -f ${BLACKLIST} ]; then
touch ${BLACKLIST}
fi
if [ ! -f ${WHITELIST} ]; then
touch ${WHITELIST}
fi
for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $1}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 30| awk '{print $2}')
do
if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then
echo 'Allow IP:' $deny
iptables -D INPUT -p tcp --dport 443 -s $deny -j DROP
iptables -D INPUT -p tcp --dport 80 -s $deny -j DROP
continue
fi
if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then
echo 'Deny IP:' $deny
echo $deny >> ${BLACKLIST}
iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP
iptables -I INPUT -p tcp --dport 80 -s $deny -j DROP
fi
done