LinuxÒÁµéÔ°ÂÛ̳'s Archiver

hao32 ·¢±íÓÚ 2007-12-20 14:12

дÁËÒ»¸ö¼òµ¥µÄ·ÀÖ¹IP¹¥»÷µÄ½Å±¾

дÁËÒ»¸ö¼òµ¥µÄ·ÀÖ¹IP¹¥»÷µÄ½Å±¾
ÓÉÓÚ¹¤×÷ÐèÒªÎÒ¾Í×Ô¼ºÐ´ÁËÒ»¸ö¼òµ¥µÄ·ÀÖ¹IP¹¥»÷µÄ½Å±¾,¿ÉÒÔ·ÀÖ¹linuxÐéÄâÖ÷»úһЩС·½ÃæµÄIP¹¥»÷

ϵͳÊÇ»ùÓÚRHELµÄcentos,°üÀ¨3,4,5Èý¸ö°æ±¾,µ±È»×Ô¼ºÒ²³õѧshell,Öмä¿Ï¶¨ÓÃÁ˺ܶ౿µÄ°ì·¨,Ч¹ûÒ²²»Ò»¶¨ÔõôÑù,Çë´ó¼Ò¸øµãÒâ¼û

×¢Òâ:Õâ¸ö½Å±¾ÊǸù¾Ýapache·þÎñÆ÷µÄserver-statusºÍϵͳµÄdmesg·ÖÎö½á¹û½øÐзÀ·¶µÄ,ËùÒÔ·ÇapacheÓû§ºÍûÓпªÆôserver-statusµÄÅóÓÑû·¨Ê¹ÓÃ

¿ÉÒÔÔÚ·þÎñÆ÷µÄcrontabÀïÉ趨ÿһ·ÖÖÓÔËÐÐÒ»´Î½Å±¾,  
¸´ÖÆÏÂÃæµÄ½Å±¾µ½autoblock.sh,
rootÓû§ÏÂ# chmod u+x autoblock.sh

[quote]#!/bin/bash
# author hao32

# [url=http://www.linuxsense.org]basic setting[/url]
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# find server-status name
ss_name="/usr/local/autoblock"

if [ -e $ss_name/ss_name ];then
ss_n=`cat $ss_name/ss_name`
else
mkdir /usr/local/autoblock >/dev/null 2>&1
cat `locate httpd.conf|grep -E "httpd/conf/httpd.conf$|apache_ssl/conf/httpd.conf$"`\
|grep "n /server-status"|cut -d/ -f2|cut -d\> -f1 > $ss_name/ss_name
ss_n=`cat $ss_name/ss_name`
fi

# block setting
# [url=http://www.linuxsense.org]É趨ÅųýµÄIPµØÖ·[/url]
ip_exclude="192.168.1.*|60.195.249.*|222.76.212.*|218.241.156.*|58.215.87.*|218.107.216.110"
ip_amou=25
ss_url="http://127.0.0.1/$ss_n?notable"

ss_tmp="/tmp/server-status"
poss_ip="/tmp/poss_ip"
real_ip="/tmp/real_ip"

# block start...
if [ -e "$poss_ip" ];then
echo "" > $poss_ip
fi
if [ -e "$real_ip" ];then
echo "" > $real_ip
fi

# [url=http://www.linuxsense.org]analyse demsg[/url]
dmesg |grep "short"|awk '{if($4!="From"){print $4} else {print $5}}'|awk -F: '{print $1}'|sort|uniq>>$poss_ip

wget -q -O "$ss_tmp" "$ss_url"

grep "<i>" $ss_tmp|grep -vE $ip_exclude|awk '{print $1}'|sed 's/<i>//g'|sort|uniq -c\
|awk '{if($1>'$ip_amou') print $2}'>>$poss_ip

#iptables -nvL|grep "DROP  "|awk '{print $8}'|sort|uniq|sed 's/0\/24/*/g'>$rule_ip
rule_ip=`iptables -nvL|grep "DROP  "|awk '{print $8}'|sort|uniq|sed 's/0\/24/*/g'|xargs|sed 's/\ /|/g'`
if [ -z $rule_ip ];then
for i in `cat $poss_ip`
do
/sbin/iptables -I INPUT -p all -s $i -j DROP
done
else
cat $poss_ip|grep -vE "$rule_ip" > $real_ip
for i in `cat $real_ip`
do
/sbin/iptables -I INPUT -p all -s $i -j DROP
done

fi[/quote]
»¶Ó­×ªÔر¾ÎÄ£¬Çë×¢Ã÷À´×Ô£º[url=http://www.linuxsense.org]http://www.linuxsense.org[/url]

li-jiahuan ·¢±íÓÚ 2007-12-24 09:39

Äܲ»ÄÜ˵Ã÷Ò»ÏÂÔ­Àí:D

Ò³: [1]

Powered by Discuz! Archiver 6.1.0  © 2001-2007 Comsenz Inc.