shell腳本-實戰防dos攻擊

根據web日誌或者或者網絡鏈接數，監控當某個IP併發鏈接數或者短時內PV達到100，即調用防火牆命令封掉對應的IP，監控頻率每隔3分鐘。防火牆命令爲：iptables -I INPUT -s 10.0.1.10 -j DROP。這個腳本是基於IPTABLES的週末將firewalld的防火牆腳本寫好分享給你們

#!/bin/sh

#

[ -f /etc/init.d/functions ] && . /etc/init.d/functions

IP_file="/server/scripts/ddos.txt"

IP_filter_command="iptables -I INPUT -j DROP -s"

IP_recover_command="iptables -D INPUT -j DROP -s"

function IP_check(){

grep "EST" ${IP_file}|awk -F "[ |:]+" '{print $6}'|sort |uniq -c|sort -rn -k1 > /server/scripts/ip.txt

}

function IP_filter(){

exec < /server/scripts/ip.txt

while read line

do

IP_count=`echo $line|awk '{print $1}'`

IP=`echo $line|awk '{print $2}'`

IP_fil=`iptables -L -n|grep "${IP}"|wc -l`

if [ ${IP_count} -gt 25 -a ${IP_fil} -eq 0 ];then

${IP_filter_command} ${IP}

echo "${IP}" >> /server/scripts/ip_filtered.txt

action "Filter ${IP}" /bin/true

fi

done

}

function IP_recover(){

exec < /server/scripts/ip.txt

while read line

do

IP_count=`echo $line|awk '{print $1}'`

IP=`echo $line|awk '{print $2}'`

IP_fil=`iptables -L -n|grep "${IP}"|wc -l`

if [ ${IP_count} -le 25 -a ${IP_fil} -eq 1 ];then

${IP_recover_command} ${IP}

echo "${IP}" >> /server/scripts/ip_filtered.txt

action "Recover ${IP}" /bin/true

fi

done

}

function main(){

case "$1" in

filter)

IP_check

echo "$(date +%F-%H:%M:%S) filtered by $(whoami)" >> /server/scripts/ip_filtered.txt

IP_filter

;;

recover)

IP_check

echo "$(date +%F-%H:%M:%S) recovered by $(whoami)" >> /server/scripts/ip_filtered.txt

IP_recover

;;

*)

echo "USAGE:$0 {filter|recover}"

exit 1

esac

}

做者簡介： 
陳志珂（頭條號：強扭的瓜很差吃）目前就任於中國最大的安卓應用軟件公司，任高級工程師，如今公司任php開發工程師，python開發工程師，高級運維工程師，公衆號「鉛筆學園」運維內容合做做者之一。
鉛筆學園：IT資源分享|知識分享，作初級程序員的指明燈