Home | Mirror | Search

將訪問web伺服器最多的IP地址,放入到iptables中

Mr. Neo Chen (netkiller), 陳景峰(BG7NYT)


中國廣東省深圳市龍華新區民之街道溪山美地
518109
+86 13113668890
+86 755 29812080

版權 © 2011, 2012 http://netkiller.github.com

摘要

.

我的系列文檔

Netkiller Architect 手札 Netkiller Developer 手札 Netkiller Testing 手札 Netkiller Cryptography 手札 Netkiller Version 手札
Netkiller Linux 手札 Netkiller Debian 手札 Netkiller CentOS 手札 Netkiller FreeBSD 手札 Netkiller Security 手札
Netkiller Web 手札 Netkiller Monitoring 手札 Netkiller Storage 手札 Netkiller Mail 手札 Netkiller Shell 手札
Netkiller Database 手札 Netkiller PostgreSQL 手札 Netkiller MySQL 手札 Netkiller NoSQL 手札 Netkiller LDAP 手札
Netkiller Installation 手札 Netkiller Cisco IOS 手札 Netkiller Intranet 手札 Netkiller Multimedia 手札 Netkiller Docbook 手札
Netkiller Management 手札     

目錄

1. firewall

1. firewall

分析access.log 檔案,將 top 30 的IP放入黑名單.

腳本具有黑白名單功能

		
#!/bin/bash

ACCCESS_LOG=/tmp/access.log
TIMEPOINT='24/May/2012'
BLACKLIST=/var/tmp/black
WHITELIST=/var/tmp/white
if [ ! -f ${BLACKLIST} ]; then
    touch ${BLACKLIST}
fi

if [ ! -f ${WHITELIST} ]; then
    touch ${WHITELIST}
fi

for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $1}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 30| awk '{print $2}')
do

    if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then
        echo 'Allow IP:' $deny
	iptables -D INPUT -p tcp --dport 443 -s $deny -j DROP
	iptables -D INPUT -p tcp --dport 80 -s $deny -j DROP
	continue
    fi

    if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then

	echo 'Deny IP:' $deny
        echo $deny >> ${BLACKLIST}
        iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP
        iptables -I INPUT -p tcp --dport 80 -s $deny -j DROP
    fi
done
comments powered by Disqus