本文共 6034 字,大约阅读时间需要 20 分钟。
#!/bin/bash
#---------------------------------------------------------------------------------------
#Scrip name: killip, base on ip_conntrack, write by wwy. #---------------------------------------------------------------------------------------cpu=sar -u 1 1 | awk '{print $7}' | tail -1%
while [ “pidof sleep” ];do
lsmod | grep ip_conntrack” ]; then modprobe ip_conntrack fi ####################################
##---------------------- functions -----------------------------## ####################################function make_clr {
while read clr33;do cat /tmp/tmp111.txt | grep $clr33 >> /tmp/tmp33-3-clr.txt done < /tmp/tmp33-3.txt while read clr22;do cat /tmp/tmp111.txt | grep $clr22 >> /tmp/tmp33-2-clr.txt done < /tmp/tmp33-2.txt while read clr11;do cat /tmp/tmp111.txt | grep $clr11 >> /tmp/tmp33-1-clr.txt done < /tmp/tmp33-1.txt } function clr_conns { S_IP=$1 D_IP=$2 S_PORT=$3 D_PORT=$4 hping2 $D_IP -R -s $S_PORT -p $D_PORT -a $S_IP -k -c 1 >/dev/null 2>/dev/null & } function kill() { SLEEP_TIME=$1 CLR_LIST=$2 BLACK_LIST=$3 while read blackip;do iptables -I FORWARD 2 -i eth0 -s $blackip/32 -j DROP done < $BLACK_LIST sleep $SLEEP_TIME #-----------------------------------# while read clr3;do clr_conns $clr3 done < $CLR_LIST #-----------------------------------# sleep 1 while read reblackip;do iptables -D FORWARD -i eth0 -s $reblackip/32 -j DROP done < $BLACK_LIST}
##################################### ##--------------- To make a “black list” ----------------------## #####################################echo > /tmp/tmp11.txt
echo > /tmp/tmp111.txt echo > /tmp/ip_conntrack.tmp echo > /tmp/tmp33-3-clr.txt echo > /tmp/tmp33-2-clr.txt echo > /tmp/tmp33-1-clr.txt echo > /tmp/tmp22-3.txt echo > /tmp/tmp22-2.txt echo > /tmp/tmp22-1.txt echo > /tmp/tmp33-3.txt echo > /tmp/tmp33-2.txt echo > /tmp/tmp33-1.txt if [ ! -e /var/www/html/wwy/index.html ];then mkdir /var/www/html/wwy/ mkdir /var/www/html/wwy/all mkdir /var/www/html/wwy/drop 5B touch /var/www/html/wwy/index.html fi #----------------------------------------------------------------------------# echo -e “cp /proc/net/ip_conntrack /tmp/ip_conntrack.tmp …\c” cp /proc/net/ip_conntrack /tmp/ip_conntrack.tmp echo -e “done!\n” sleep 1 #----------------------------------------------------------------------------# wc=cat /tmp/ip_conntrack.tmp|grep ESTABLISHED|awk -F= '{print $2,$3,$4,$5}'|grep ^172. |sort|awk '{print $1,$3,$5,$7}'|tee /tmp/tmp111.txt|awk '{print $1}'|uniq -c|tee /tmp/tmp11.txt|wc -l date=date '+%m/%d %H:%M' cpu2=sar -u 1 1 | awk '{print $7}' | tail -1% date2=date '+%H' #----------------------------------------------------------------------------# sleep 1 #----------------------------------------------------------------------------# #if [ “KaTeX parse error: Expected 'EOF', got '&' at position 16: wc" -gt 2500 ] &̲& [ "date2” -gt 10 ] if [ “$wc” -ge 0 ] then #------------------------------ awk ‘{$1}{if ($1>30 && $1<50) print $2}’ /tmp/tmp11.txt > /tmp/tmp22-1.txt awk ‘{$1}{if ($1>=50 && $1<100) print $2}’ /tmp/tmp11.txt > /tmp/tmp22-2.txt awk ‘{$1}{if ($1>=100) print $2}’ /tmp/tmp11.txt > /tmp/tmp22-3.txt cut -c1-15 /tmp/tmp22-1.txt > /tmp/tmp33-1.txt cut -c1-15 /tmp/tmp22-2.txt > /tmp/tmp33-2.txt cut -c1-15 /tmp/tmp22-3.txt > /tmp/tmp33-3.txt wcblackip1=cat /tmp/tmp33-1.txt | wc -l wcblackip2=cat /tmp/tmp33-2.txt | wc -l wcblackip3=cat /tmp/tmp33-3.txt | wc -l ######################################
##---------------- To make a index.html -----------------------## ######################################echo "If the total IPs >2500 (total $wc at $date) AND if:" > /var/www/html/wwy/drop/index.html echo "you connect \">100\", you ip will be killed in 30min.
" >>/var/www/html/wwy/drop/index.html echo "you connect \"50-100\", you ip will be killed in 15min.
" >>/var/www/html/wwy/drop/index.html echo "you connect \"30-50\", you ip will be killed in 10min.
" >>/var/www/html/wwy/drop/index.html echo "
" >> /var/www/html/wwy/drop/index.html echo "These IPs (total $wcblackip3 + $wcblackip2 + $wcblackip1) were killed, at $date (look-up all IPs)
" >> /var/www/html/wwy/drop/index.html awk '{$1}{if ($1>=100) print $1, $2}' /tmp/tmp11.txt|sort -nr|awk '{print """"$1"""\t",""$2"""\t""kill 30min""
"}' >> /var/www/html/wwy/drop/index.html awk '{$1}{if ($1>=50 && $1<100) print $1, $2}' /tmp/tmp11.txt|sort -nr|awk '{print ""$1"\t",""$2"""\t""kill 15min""
"}' >> /var/www/html/wwy/drop/index.html awk '{$1}{if ($1>30 && $1<50) print $1, $2}' /tmp/tmp11.txt|sort -nr|awk '{print ""$1"\t",""$2"""\t""kill 10min""
"}' >> /var/www/html/wwy/drop/index.html echo "You can \"ctrl + F\" to find your ip's connects.(total $wc IPs at $date)
" > /var/www/html/wwy/all/index.html echo "" >> /var/www/html/wwy/all/index.html cat /tmp/tmp11.txt | sort -nr | awk '{print ""$1"\t",$2"\t""
"}' >> /var/www/html/wwy/all/index.html
#####################################
##----------------- Use iptables to DROP ---------------------## #####################################make_clr if [ -s /tmp/tmp33-3.txt ];then kill 30m /tmp/tmp33-3-clr.txt /tmp/tmp33-3.txt & sleep 1s fi if [ -s /tmp/tmp33-2.txt ];then kill 15m /tmp/tmp33-2-clr.txt /tmp/tmp33-2.txt & sleep 1s fi if [ -s /tmp/tmp33-1.txt ];then kill 10m /tmp/tmp33-1-clr.txt /tmp/tmp33-1.txt & sleep 1s fi
#-------------------------------
elif [ “KaTeX parse error: Expected 'EOF', got '&' at position 16: date2" -lt 5 ] &̲& [ "date2” -gt 3 ] then while read clrall;do clr_conns $clrall done < /tmp/tmp111.txt echo "clr at $date " >> /tmp/killip/tmp.log.txt fi#####################################
##------------------- make system log ------------------------## ##################################### if [ ! -e /tmp/killip/tmp.log.txt ]; then mkdir /tmp/killip touch /tmp/killip/tmp.log.txt fi echo “$wc $date $cpu $cpu2 $wcblackip3 + $wcblackip2 + $wcblackip1” >> /tmp/killip/tmp.log.txt转载地址:http://wiodi.baihongyu.com/