腳本： block_ftp_attack

#!/usr/bin/python

#This script can deny anythings to all of ports

import os.re

tm=os.popen('date').read()

deny_port = '21'

log_path = '/var/log/messages'

ip_count = '1'

aut_message = tm[4:10]+ '.*pure-ftp.*failed.*'

list_path = '/shell/ip_list.txt'

class port:

def re_ip(self):

r_file = open(log_path, 'r').read()

s_rule = re.compile(aut_message, re.I)

n_rule = s_rule.findall(r_file)

self.f_ip = re.findall('\d+\.\d+\.\d+', ''.join(n_rule))

def loop_list(self):

for ip in set(self.f_ip):

if not os.path.isfile(list_path):

os.mknod(list_path)

self.i_list = open(list_path, 'rw+')

if re.search(ip, self.ip_list.read()) is None:

if self.f_ip.count(ip) >= int(ip_count):

self.ip_list.seek(0)

else:

self.ip_list.seek(0)

def iptables(self):

for ip in self.ip_list.readlines():

iptables_list  = os.popen('iptables --list').read()

if re.search(ip.strip('\n'),iptables_list) is None:

if re.search('RH-Firewall-1-INPUT', iptables_list, re.I) is None:

os.system("iptables -I INPUT 2 -m state --state NEW -s %s -m tcp - tcp --dport %s -j DROP"(ip.strip('\n'), deny_port))

else:

os.system("iptables -I RH-Firewall-1-INPUT 2 -m state --state NEW -s %s -m tcp - tcp --dport %s -j DROP"(ip.strip('\n'), deny_port))

D = port()

D.re_ip()

D.loop_list()

D.iptables()