############################################## #version="20100718" #author="phpsir" #author_email="phpsir@phpsir.com" #QQ 733905 ############################################## maxnum=100 runmin_max=120 #runmin_max is run iptables -F timeout banip_data_file="/root/banip_data.txt" ipopenfile="/root/openip.txt" ipfile="/tmp/80link.txt" nsfile="/tmp/netstat80.txt" myip=`/sbin/ifconfig eth0 | grep inet | awk '{print $2}' | sed 's/addr://' | grep .` if [ ! -f $ipopenfile ] then echo "init $ipopenfile" touch $ipopenfile fi if [ -f $banip_data_file ] then source $banip_data_file echo "last runtime=$runtime" else echo "init $banip_data_file" echo 'runtime='`date "+%s"` > $banip_data_file source $banip_data_file runmin_max=-1 fi echo "start shell" `date "+%Y-%m-%d %H:%M:%S"` runmin=$((`date "+%s"`-$runtime)) if [ $runmin -gt $runmin_max ] then echo $runmin "is bigger than " $runmin_max echo "clear ips" /sbin/iptables -F echo 'runtime='`date "+%s"` > $banip_data_file else echo $runmin "is lowwer than " $runmin_max fi netstat -an | grep "$myip:80" > $nsfile echo "Total Links = " `cat $nsfile | wc -l ` echo "Total Links ESTABLISHED = " `cat $nsfile | grep ESTABLISHED | wc -l ` echo "Total Links SYNC = " `cat $nsfile | grep SYN | wc -l ` cat $nsfile | sed "s/::ffff://g" | awk '{print $5}' | awk -F: '{print $1}' | sort|uniq -c|sort -rn | head -n 10 > $ipfile cat $ipfile | while read oneline do ip=`echo $oneline | cut -d " " -f 2` num=`echo $oneline | cut -d " " -f 1` str="$ip has linked $num " banme="yes" for allowip in `cat $ipopenfile` do echo $ip | grep $allowip > /dev/null if [ $? -eq 0 ] then banme="no" echo $allowip "banme = " $banme /sbin/iptables -D INPUT -p tcp -s $ip -d $myip --dport 80 -j REJECT > /dev/null 2>&1 continue fi done if [ $banme = "yes" ] then if [ $num -gt "$maxnum" ] then /sbin/iptables -L -n | grep "$ip" >/dev/null status=`echo $?` if [ $status -eq 1 ] then echo "deny $ip ,because $str " /sbin/iptables -A INPUT -p tcp -s $ip -d $myip --dport 80 -j REJECT echo "BAN " $ip " OK " #/sbin/iptables -L -n | grep "$ip" else echo > /dev/null #echo "$str alread reject" fi else echo > /dev/null #echo "$str $ip ok ,less $maxnum " fi fi done echo "stop shell" `date "+%Y-%m-%d %H:%M:%S"`
运维经验 Linux 自动屏蔽超标访问IP的 bash 脚本
回复