一、 编写iptables自动屏蔽脚本deny_ip.sh
注:排除 “59.151.xxx|123.127.xxx|google|yahoo|baidu|msnbot|FeedSky|sogou”等白名单,以免误杀
-
#!/bin/bash
-
#Author :changyz@bitauto.com
-
tail /data/squid_log/squid1/access.log -n 100000 | awk '{print $3}' |grep -i -Ev "59.151.xxx|123.127.xxx|google|yahoo|baidu|msnbot|FeedSky|sogou" |awk '{print $1}' |sort|uniq -c|sort -nr|head -20|awk '$1 >300' > /tmp/black.txt
-
for i in `awk '{print $2}' /tmp/black.txt`
-
do
-
COUNT=`grep $i /tmp/black.txt | awk '{print \$1}'`
-
DEFINE="500"
-
sed -i 's/-\///g' /tmp/black.txt
-
ZERO="0"
-
if [ $COUNT -gt $DEFINE ];
-
then
-
grep $i /tmp/white.txt > /dev/null
-
if [ $? -gt $ZERO ];
-
then
-
grep $i /etc/sysconfig/iptables > /dev/null
-
if [ $? -gt $ZERO ];
-
then
-
iptables -I myinput -p tcp -s $i -j DROP
-
service iptables save
-
fi
-
fi
-
fi
-
done
二、 加入计划任务
*/5 * * * * /usr/bin/deny_ip.sh
阅读(1014) | 评论(0) | 转发(0) |