具體的指令碼內容如下:
| 代碼如下 |
複製代碼 |
$ vim /home/rainbow/sbin/block_attack_ips.sh #!/bin/bash logfile=/webserver/blog/logs/rainbow_access.log function check_root(){
if [ $EUID -ne 0 ]; then
echo "This script must be run as root"
exit 1
fi
} function block_ips(){
blacklist=$@
if [ ! -z "${blacklist}" ]; then
for ip in ${blacklist}
do
if ! $(/sbin/iptables-save | grep -wq ${ip}); then
echo /sbin/iptables -I INPUT -s ${ip}/32 -p tcp -m tcp --dport 80 -j DROP
/sbin/iptables -I INPUT -s ${ip}/32 -p tcp -m tcp --dport 80 -j DROP
fi
done
fi
} function check_login(){
tailnum=10000
page=wp-login.php
retry=5
command="grep -w POST ${logfile} |tail -n ${tailnum} |grep -w ${page} |awk '{print $1}' |sort |uniq -c |awk '($1 > ${retry}){print $2}'"
blacklist=$(eval ${command})
block_ips ${blacklist}
} function check_others(){
tailnum=10000
retry=400
command="tail -n ${tailnum} ${logfile} |awk '{print $1}' |sort |uniq -c |awk '($1 > ${retry}){print $2}'"
blacklist=$(eval ${command})
block_ips ${blacklist}
} check_root
check_login
check_others $ chmod +x /home/rainbow/sbin/block_attack_ips.sh |
配置crontab計劃任務,每5分鐘檢查一次,並每天定時重啟iptables服務清除舊的記錄:
$ sudo crontab -e
| 代碼如下 |
複製代碼 |
*/5 * * * * /home/rainbow/sbin/block_attack_ips.sh
00 01 * * * /etc/init.d/iptables restart |
