Home | Mirror | Search |
#!/bin/bash if [ ! -f /var/tmp/denyip ]; then touch /var/tmp/denyip fi for deny in $(cat /var/log/rinetd.log | awk '{print $2}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n 200 | awk '{print $2}') do grep -q $deny /var/tmp/denyip if [ $? -eq 1 ] ; then echo $deny >> /var/tmp/denyip iptables -I INPUT -p tcp --dport 443 -s $deny -j DROP fi done
第二版腳本
#!/bin/bash DPORT=443 TOP=30 ACCCESS_LOG=/var/log/rinetd.log #TIMEPOINT='24/May/2012' TIMEPOINT=$(date '+%d/%b/%Y:%H') BLACKLIST=/var/tmp/black WHITELIST=/var/tmp/white if [ ! -f ${BLACKLIST} ]; then touch ${BLACKLIST} fi if [ ! -f ${WHITELIST} ]; then touch ${WHITELIST} fi for deny in $(grep ${TIMEPOINT} ${ACCCESS_LOG} | awk '{print $2}' | awk -F'.' '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -r -n | head -n $TOP | awk '{print $2}') do if [ $(grep -c $deny ${WHITELIST}) -ne 0 ]; then echo 'Allow IP:' $deny iptables -D INPUT -p tcp --dport $DPORT -s $deny -j DROP continue fi if [ $(grep -c $deny ${BLACKLIST}) -eq 0 ] ; then echo 'Deny IP:' $deny echo $deny >> ${BLACKLIST} iptables -I INPUT -p tcp --dport $DPORT -s $deny -j DROP fi done