歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux編程 >> SHELL編程

利用ip_conntrack表實現封ip的shell腳本

   基本原理:  通過過濾ip_conntrack表得到ESTABLISHED狀態過多的ip, 然後用iptabels封掉一段時間,同時用hping工具將這些ip從表中清理掉,最後將被封的ip和一些其他信息寫到一個Html頁中,做簡單的發布  關於hping:  下載: http://www.hping.org/download.html  安裝: ./configure;make;make install  相關聯接: http://chinaunix.net/jh/4/367999.html  默認功能:  1, 當一個ip在ip_conntrack表中的ESTABLISHED狀態在30-50之間時, 此ip被封10分鐘,同時在ip_conntrack表中的記錄被清除;50-100之間封15分鐘,同時清表;100以上封30分鐘,同時清表,  2, 然後生成web頁  /var/www/html/wwy/drop/index.html --- 顯示被封的ip, 和cpu狀態等信息  /var/www/html/wwy/all/index.html --- 每一個ip的連接情況  3, 生成簡單的日志  /tmp/killip/tmp.log.txt  使用方法:  1, 需要安裝hping  2, 建議將腳本放到計劃任務中  3, 建議安裝並開啟apache, 為支持簡單的web發布,默認為 http://127.0.0.1/l/wwy/drop/index.htm  4, 如果表的大小大於20mb請慎用====================================================  代碼:

#!/bin/bash # #--------------------------------------------------------------------------------------- #Scrip name: killip, base on ip_conntrack, write by wwy. #--------------------------------------------------------------------------------------- cpu=`sar -u 1 1 awk '{print $7}' tail -1`% # while [ "`pidof sleep`" ];do echo "she is running, sorry" exit 1 done if [ ! "`lsmod grep ip_conntrack`" ]; then modprobe ip_conntrack fi #################################### ##---------------------- functions -----------------------------## #################################### function make_clr { while read clr33;do cat /tmp/tmp111.txt grep $clr33 >> /tmp/tmp33-3-clr.txt done < /tmp/tmp33-3.txt while read clr22;do cat /tmp/tmp111.txt grep $clr22 >> /tmp/tmp33-2-clr.txt done < /tmp/tmp33-2.txt while read clr11;do cat /tmp/tmp111.txt grep $clr11 >> /tmp/tmp33-1-clr.txt done < /tmp/tmp33-1.txt } function clr_conns { S_IP=$1 D_IP=$2 S_PORT=$3 D_PORT=$4 hping2 $D_IP -R -s $S_PORT -p $D_PORT -a $S_IP -k -c 1 >/dev/null 2>/dev/null &


} function kill() { SLEEP_TIME=$1 CLR_LIST=$2 BLACK_LIST=$3 while read blackip;do iptables -I FORWARD 2 -i eth0 -s $blackip/32 -j DROP done < $BLACK_LIST sleep $SLEEP_TIME #-----------------------------------# while read clr3;do clr_conns $clr3 done < $CLR_LIST #-----------------------------------# sleep 1 while read reblackip;do iptables -D FORWARD -i eth0 -s $reblackip/32 -j DROP done < $BLACK_LIST } ##################################### ##--------------- To make a "black list" ----------------------## ##################################### echo > /tmp/tmp11.txt echo > /tmp/tmp111.txt echo > /tmp/ip_conntrack.tmp echo > /tmp/tmp33-3-clr.txt echo > /tmp/tmp33-2-clr.txt echo > /tmp/tmp33-1-clr.txt echo > /tmp/tmp22-3.txt echo > /tmp/tmp22-2.txt echo > /tmp/tmp22-1.txt echo > /tmp/tmp33-3.txt echo > /tmp/tmp33-2.txt echo > /tmp/tmp33-1.txt if [ ! -e /var/www/html/wwy/index.html ];then mkdir /var/www/html/wwy/ mkdir /var/www/html/wwy/all mkdir /var/www/html/wwy/drop 5B toUCh /var/www/html/wwy/index.html fi #----------------------------------------------------------------------------# echo -e "cp /proc/net/ip_conntrack /tmp/ip_conntrack.tmp ......\c" cp /proc/net/ip_conntrack /tmp/ip_conntrack.tmp echo -e "done!\n" sleep 1 #----------------------------------------------------------------------------# wc=`cat /tmp/ip_conntrack.tmpgrep ESTABLISHEDawk -F= '{print $2,$3,$4,$5}'grep ^172. sortawk '{print $1,$3,$5,$7}'tee /tmp/tmp111.txtawk '{print $1}'uniq -ctee /tmp/tmp11.txtwc -l` date=`date '+%m/%d %H:%M'` cpu2=`sar -u 1 1 awk '{print $7}' tail -1`% date2=`date '+%H'` #----------------------------------------------------------------------------# sleep 1 #----------------------------------------------------------------------------# #if [ "$wc" -gt 2500 ] && [ "$date2" -gt 10 ] if [ "$wc" -ge 0 ] then #------------------------------ awk '{$1}{if ($1>30 && $1<50) print $2}' /tmp/tmp11.txt > /tmp/tmp22-1.txt awk '{$1}{if ($1>=50 && $1<100) print $2}' /tmp/tmp11.txt > /tmp/tmp22-2.txt awk '{$1}{if ($1>=100) print $2}' /tmp/tmp11.txt > /tmp/tmp22-3.txt cut -c1-15 /tmp/tmp22-1.txt > /tmp/tmp33-1.txt cut -c1-15 /tmp/tmp22-2.txt > /tmp/tmp33-2.txt cut -c1-15 /tmp/tmp22-3.txt > /tmp/tmp33-3.txt wcblackip1=`cat /tmp/tmp33-1.txt wc -l` wcblackip2=`cat /tmp/tmp33-2.txt wc -l` wcblackip3=`cat /tmp/tmp33-3.txt wc -l` ###################################### ##---------------- To make a index.html -----------------------## ######################################

echo "<b>If the total IPs >2500 <font color=\"#ff0000\">(total $wc at $date)</font> AND if:</b>" > /var/www/html/wwy/drop/index.html echo "<p>you connect <b>\">100\"</b>, you ip will be killed in <b>30min</b>.</p>" >>/var/www/html/wwy/drop/index.html echo "<p>you connect <b>\"50-100\"</b>, you ip will be killed in <b>15min</b>.</p>" >>/var/www/html/wwy/drop/index.html echo "<p>you connect <b>\"30-50\"</b>, you ip will be killed in <b>10min</b>.</p>" >>/var/www/html/wwy/drop/index.html echo "<hr color=\"#ff8000\">" >> /var/www/html/wwy/drop/index.html echo "<p><b><font color=\"#ff0000\">These IPs (total $wcblackip3 + $wcblackip2 + $wcblackip1) were killed, at <font size=5>$date</font></font> <a href=../all>(look-up all IPs)</a></b></p>" >> /var/www/html/wwy/drop/index.html awk '{$1}{if ($1>=100) print $1, $2}' /tmp/tmp11.txtsort -nrawk '{print "<p>""<font color=\"#ff0000\">"$1"</font>""\t","<b>"$2"</b>""\t""kill 30min""</p>"}' >> /var/www/html/wwy/drop/index.html awk '{$1}{if ($1>=50 && $1<100) print $1, $2}' /tmp/tmp11.txtsort -nrawk '{print "<p>"$1"\t","<b>"$2"</b>""\t""kill 15min""</p>"}' >> /var/www/html/wwy/drop/index.html awk '{$1}{if ($1>30 && $1<50) print $1, $2}' /tmp/tmp11.txtsort -nrawk '{print "<p>"$1"\t","<b>"$2"</b>""\t""kill 10min""</p>"}' >> /var/www/html/wwy/drop/index.html echo "<p><b>You can \"ctrl + F\" to find your ip's connects.(total $wc IPs at $date)</b></p>" > /var/www/html/wwy/all/index.html echo "<p><a href=../drop> <-- back </a></p>" >> /var/www/html/wwy/all/index.html cat /tmp/tmp11.txt sort -nr awk '{print "<p>"$1"\t",$2"\t""</p>"}' >> /var/www/html/wwy/all/index.html ##################################### ##----------------- Use iptables to DROP ---------------------## ##################################### make_clr if [ -s /tmp/tmp33-3.txt ];then kill 30m /tmp/tmp33-3-clr.txt /tmp/tmp33-3.txt & sleep 1s fi if [ -s /tmp/tmp33-2.txt ];then kill 15m /tmp/tmp33-2-clr.txt /tmp/tmp33-2.txt & sleep 1s fi if [ -s /tmp/tmp33-1.txt ];then kill 10m /tmp/tmp33-1-clr.txt /tmp/tmp33-1.txt & sleep 1s fi #------------------------------- elif [ "$date2" -lt 5 ] && [ "$date2" -gt 3 ] then while read clrall;do clr_conns $clrall done < /tmp/tmp111.txt echo "clr at $date " >> /tmp/killip/tmp.log.txt

fi ##################################### ##------------------- make system log ------------------------## ##################################### if [ ! -e /tmp/killip/tmp.log.txt ]; then mkdir /tmp/killip touch /tmp/killip/tmp.log.txt fi echo "$wc $date $cpu $cpu2 $wcblackip3 + $wcblackip2 + $wcblackip1" >> /tmp/killip/tmp.log.txt



##################################### ##----------------- Use iptables to DROP ---------------------## ##################################### make_clr if [ -s /tmp/tmp33-3.txt ];then kill 30m /tmp/tmp33-3-clr.txt /tmp/tmp33-3.txt & sleep 1s fi if [ -s /tmp/tmp33-2.txt ];then kill 15m /tmp/tmp33-2-clr.txt /tmp/tmp33-2.txt & sleep 1s fi if [ -s /tmp/tmp33-1.txt ];then kill 10m /tmp/tmp33-1-clr.txt /tmp/tmp33-1.txt & sleep 1s fi #------------------------------- elif [ "$date2" -lt 5 ] && [ "$date2" -gt 3 ] then while read clrall;do clr_conns $clrall done < /tmp/tmp111.txt echo "clr at $date " >> /tmp/killip/tmp.log.txt fi ##################################### ##------------------- make system log ------------------------## ##################################### if [ ! -e /tmp/killip/tmp.log.txt ]; then mkdir /tmp/killip touch /tmp/killip/tmp.log.txt fi echo "$wc $date $cpu $cpu2 $wcblackip3 + $wcblackip2 + $wcblackip1" >> /tmp/killip/tmp.log.txt



Copyright © Linux教程網 All Rights Reserved