Scripts
Fork

(Original repository, No fork origin)

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revisión	6e23bd2211b14669630226b07d401c871e824cdd (tree)
Tiempo	2016-01-09 19:32:25
Autor	Mathewka <mathewka@git....>
Commiter	Mathewka

Log Message

cc_iptables

Cambiar Resumen

add: cc_iptables/block_attack_ips.sh (diff)
add: cc_iptables/cc_iptables1.sh (diff)
add: cc_iptables/cc_iptables2.sh (diff)
add: cc_iptables/cc_nginx.sh (diff)
add: cc_iptables/ddos.sh (diff)
add: cc_iptables/ddos1.sh (diff)
add: cc_iptables/ddos2.sh (diff)
add: cc_iptables/iptables.sh (diff)
add: cc_iptables/netstat.sh (diff)
add: cc_iptables/nginx_log_cc_iptables.sh (diff)

Diferencia incremental

--- /dev/null

+++ b/cc_iptables/block_attack_ips.sh

		@@ -0,0 +1,42 @@
	1	+#!/bin/bash
	2	+# http://www.111cn.net/sys/linux/61035.htm
	3	+
	4	+logfile=/webserver/blog/logs/rainbow_access.log
	5	+function check_root(){
	6	+ if [ $EUID -ne 0 ]; then
	7	+ echo "This script must be run as root"
	8	+ exit 1
	9	+ fi
	10	+}
	11	+function block_ips(){
	12	+ blacklist=$@
	13	+ if [ ! -z "${blacklist}" ]; then
	14	+ for ip in ${blacklist}
	15	+ do
	16	+ if ! $(/sbin/iptables-save \| grep -wq ${ip}); then
	17	+ echo /sbin/iptables -I INPUT -s ${ip}/32 -p tcp -m tcp --dport 80 -j DROP
	18	+ /sbin/iptables -I INPUT -s ${ip}/32 -p tcp -m tcp --dport 80 -j DROP
	19	+ fi
	20	+ done
	21	+ fi
	22	+}
	23	+function check_login(){
	24	+ tailnum=10000
	25	+ page=wp-login.php
	26	+ retry=5
	27	+
	28	+ command="grep -w POST ${logfile} \|tail -n ${tailnum} \|grep -w ${page} \|awk '{print $1}' \|sort \|uniq -c \|awk '($1 > ${retry}){print $2}'"
	29	+ blacklist=$(eval ${command})
	30	+ block_ips ${blacklist}
	31	+}
	32	+function check_others(){
	33	+ tailnum=10000
	34	+ retry=400
	35	+
	36	+ command="tail -n ${tailnum} ${logfile} \|awk '{print $1}' \|sort \|uniq -c \|awk '($1 > ${retry}){print $2}'"
	37	+ blacklist=$(eval ${command})
	38	+ block_ips ${blacklist}
	39	+}
	40	+check_root
	41	+check_login
	42	+check_others
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/cc_iptables1.sh

		@@ -0,0 +1,9 @@
	1	+#!/bin/bash
	2	+##http://www.vsyour.com/post/140.html
	3	+num=100 #ÉÏÏÞ
	4	+cd /home/wwwlogs
	5	+#¶ÁÈ¡×îÐÂ1000Ìõ¼ÇÂ¼£¬Èç¹ûµ¥IP³¬¹ý100Ìõ¾Í·âµô¡£
	6	+for i in tail access.log -n 1000\|awk '{print $1}'\|sort\|uniq -c\|sort -rn\|awk '{if ($1>$num){print $2}}'
	7	+do
	8	+ iptables -I INPUT -p tcp -s $i --dport 80 -j DROP
	9	+done
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/cc_iptables2.sh

		@@ -0,0 +1,44 @@
	1	+#!/bin/bash
	2	+##http://yzs.me/2050.html
	3	+#º¯Êýban_now
	4	+ban_now() {
	5	+#Êä³öIPµÄÄÚÈÝ
	6	+echo $1
	7	+#Ö´ÐÐiptables¶Ô¸ÃIP·â½û
	8	+iptables -I INPUT -s $1 -p all -j DROP
	9	+#·â½ûºóÖ´ÐÐmailÃüÁî£¬¸øÖ¸¶¨ÓÊÏä·¢Ò»·âÓÊ¼þ
	10	+echo -e "IP:$1 was banned at $(date).\n\niptables filter tables:\n\n$(iptables -L -n -t filter)" \| mail -s "IP:$1 was banned at $(date)" your@email.com
	11	+}
	12	+#Ñ»·µÄ¿ªÊ¼
	13	+while [ "$loop" = "" ]
	14	+do
	15	+#Çå¿ÕÈÕÖ¾ÎÄ¼þ
	16	+cat>/var/log/nginx/iponly.log<<EOF
	17	+EOF
	18	+#ÑÓ³ÙÎåÃë
	19	+ping -c 5 127.0.0.1 >/dev/null 2>&1
	20	+#ºÏ²¢£¬ÅÅÐòIP£¬Êä³ö»ñÈ¡ÇëÇóÊý×î´óµÄIP¼°ÆäÇëÇóÊý£¬ÇëÇóÊýÓëIPÖ®¼äÊ¹ÓÃÓ¢ÎÄ¶ººÅ¸ô¿ª£¬È»ºó¸³Öµ¸øconnections
	21	+connections=$(cat /var/log/nginx/iponly.log \| sort -n \| uniq -c \| sort -nr \| awk '{print $1 "," $2}')
	22	+#ÅÐ¶Ï±äÁ¿connectionsÊÇ·ñÎª¿Õ
	23	+if [ "$connections" != "" ];then
	24	+#Êä³ö±äÁ¿connectionsµÄÄÚÈÝ
	25	+ echo $connections
	26	+#Á¬½ÓÊýµÄforÑ»·¿ªÊ¼
	27	+ for ipconntctions in $connections
	28	+ do
	29	+#½ØÈ¡Á¬½ÓÊý
	30	+ connectnumber=$(echo $ipconntctions \| cut -d "," -f 1)
	31	+#ÅÐ¶Ï¸ÃIPÁ¬½ÓÊýÊÇ·ñ´óÓÚ200
	32	+ test $connectnumber -ge 200 && banit=1
	33	+#´óÓÚ200£¬°ÑIP¸³Öµ¸ø±äÁ¿fuckingip
	34	+ if [ "$banit" = "1" ];then
	35	+ fuckingip=$(echo $ipconntctions \| cut -d "," -f 2)
	36	+ ban_now $fuckingip
	37	+ unset banit
	38	+ else
	39	+#·ñÔò£¬½áÊøforÑ»·
	40	+ break
	41	+ fi
	42	+ done
	43	+fi
	44	+done
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/cc_nginx.sh

		@@ -0,0 +1,16 @@
	1	+#!/bin/sh
	2	+##http://os.51cto.com/art/201103/249725_1.htm
	3	+nginx_home = /usr/local/nginx
	4	+log_path = /home/wwwroot/logs
	5	+
	6	+/usr/bin/tail -n 50000 $log_path/access.log \
	7	+
	8	+\|awk ¡®$8 ~/aspx/{print $2,$13}¡¯ \
	9	+
	10	+\|grep -i -v -E ¡°google\|yahoo\|baidu\|msnbot\|FeedSky\|sogou¡± \
	11	+
	12	+\|awk ¡®{print $1}¡¯\|sort\|uniq -c \|sort -rn \
	13	+
	14	+\|awk ¡®{if($1>150)print ¡°deny ¡°$2¡å;¡±}¡¯> $nginx_home/conf/vhosts/blockip.conf
	15	+
	16	+/bin/kill -HUP `cat $nginx_home/nginx.pid`
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/ddos.sh

		@@ -0,0 +1,85 @@
	1	+#!/bin/sh
	2	+#1
	3	+if [ -d '/usr/local/ddos' ]; then
	4	+ echo; echo; echo "Please un-install the previous version first"
	5	+ echo;
	6	+ echo 'Uninstall:';
	7	+ echo ;
	8	+ echo 'wget http://www.ctohome.com/linux-vps-pack/soft/ddos/uninstall.ddos;sh uninstall.ddos;';
	9	+ echo;
	10	+ echo;
	11	+ exit 0
	12	+else
	13	+ mkdir /usr/local/ddos
	14	+fi
	15	+clear
	16	+echo; echo 'Installing DOS-Deflate 0.6'; echo
	17	+echo; echo -n 'Downloading source files...'
	18	+wget -q -O /usr/local/ddos/ddos.conf http://www.ctohome.com/linux-vps-pack/soft/ddos/ddos.conf
	19	+echo -n '.'
	20	+wget -q -O /usr/local/ddos/LICENSE http://www.inetbase.com/scripts/ddos/LICENSE
	21	+echo -n '.'
	22	+wget -q -O /usr/local/ddos/ignore.ip.list http://www.ctohome.com/linux-vps-pack/soft/ddos/ignore.ip.list
	23	+
	24	+/sbin/ifconfig -a\|grep inet\|grep -v 127.0.0.1\|grep -v inet6\|awk '{print $2}'\|tr -d "addr:" >> /usr/local/ddos/ignore.ip.list;
	25	+chattr +i /usr/local/ddos/ignore.ip.list;
	26	+
	27	+echo -n '.'
	28	+wget -q -O /usr/local/ddos/ddos.sh http://www.ctohome.com/linux-vps-pack/soft/ddos/ddos-deflate.sh
	29	+chmod 0755 /usr/local/ddos/ddos.sh
	30	+cp -s /usr/local/ddos/ddos.sh /usr/local/sbin/ddos
	31	+echo '...done'
	32	+
	33	+echo; echo -n 'Creating cron to run script every minute.....(Default setting)'
	34	+/usr/local/ddos/ddos.sh --cron > /dev/null 2>&1
	35	+echo '.....done'
	36	+echo; echo 'DOS-Deflate Installation has completed.'
	37	+echo 'Config file is at /usr/local/ddos/ddos.conf'
	38	+echo 'ignore ip is at /usr/local/ddos/ignore.ip.list '
	39	+echo 'if you want edit it please use chattr -i /usr/local/ddos/ignore.ip.list first'
	40	+
	41	+service iptables restart
	42	+
	43	+clear
	44	+
	45	+echo 'Script license: /usr/local/ddos/LICENSE';
	46	+echo '';
	47	+echo '';
	48	+echo '';
	49	+echo '';
	50	+echo '=========================================================';
	51	+echo "====== DOS-Deflate Installation has completed ======";
	52	+echo "====== ======";
	53	+echo "====== http://www.ctohome.com/FuWuQi/df/318.html ======";
	54	+echo "====== ======";
	55	+echo "====== ======";
	56	+echo "====== ======";
	57	+echo "====== How to edit ddos configure file ======";
	58	+echo "====== ======";
	59	+echo "====== http://www.ctohome.com/FuWuQi/df/318.html ======";
	60	+echo "====== ======";
	61	+echo "====== ======";
	62	+echo "====== How to edit ignore IP list ======";
	63	+echo "====== ======";
	64	+echo "====== http://www.ctohome.com/FuWuQi/df/318.html ======";
	65	+echo "====== ======";
	66	+echo "====== ======";
	67	+echo "====== Block IP more than 50 connections ======";
	68	+echo "====== ======";
	69	+echo "====== /usr/local/ddos/ddos.sh -k 50 ======";
	70	+echo "====== ======";
	71	+echo "====== ======";
	72	+echo "====== ======";
	73	+echo "====== * List blocked IPs * ======";
	74	+echo "====== ======";
	75	+echo "====== iptables -L ======";
	76	+echo "====== ======";
	77	+echo "====== ======";
	78	+echo '=========================================================';
	79	+echo '';
	80	+echo '';
	81	+echo '****** Check ip connections now: ******';
	82	+echo '';
	83	+echo "netstat -ntu \| awk '{print $5}' \| cut -d: -f1 \| sort \| uniq -c \| sort -n";
	84	+echo '';
	85	+echo '';
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/ddos1.sh

		@@ -0,0 +1,9 @@
	1	+#!/bin/bash
	2	+##http://blog.liuts.com/post/101/#topreply
	3	+/bin/netstat -na\|grep ESTABLISHED\|awk ¡®{print $5}¡¯\|awk -F: ¡®{print $1}¡¯\|sort\|uniq -c\|sort -rn\|head -10\|grep -v -E ¡¯192.168\|127.0¡ä\|awk ¡®{if ($2!=null && $1>4) {print $2}}¡¯>/tmp/dropip
	4	+
	5	+for i in $(cat /tmp/dropip)
	6	+do
	7	+ /sbin/iptables -A INPUT -s $i -j DROP
	8	+ echo "$i kill at `date`">>/var/log/ddos
	9	+done
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/ddos2.sh

		@@ -0,0 +1,20 @@
	1	+#!/bin/sh
	2	+##http://www.oschina.net/code/snippet_17_9265
	3	+############### KILL DDOS ##############
	4	+iptables_log="/data/logs/iptables_conf.log"
	5	+### Iptables ÅäÖÃµ¼³öµÄÂ·¾¶£¬¿ÉÈÎÒâÐÞ¸Ä ###
	6	+########################################
	7	+status=`netstat -na\|awk '$5 ~ /[0-9]+:[0-9]+/ {print $5}'\|awk -F ":" -- '{print $1}' \|sort -n\|uniq -c \|sort -n\|tail -n 1\|grep -v 127.0.0.1`
	8	+NUM=`echo $status\|awk '{print $1}'`
	9	+IP=`echo $status\|awk '{print $2}'`
	10	+result=`echo "$NUM > 200" \| bc`
	11	+### Èç¹ûÍ¬Ê±Á¬½ÓÊý´óÓÚ 200 Ôò¸Éµô£¡###
	12	+if [ $result = 1 ]
	13	+then
	14	+echo IP:$IP is over $NUM, BAN IT!
	15	+/sbin/iptables -I INPUT -s $IP -j DROP
	16	+fi
	17	+########################################
	18	+iptables-save > ${iptables_log}
	19	+### Êä³öµ±Ç°µÄ iptable ÅäÖÃ×÷ÎªÈÕÖ¾ ###
	20	+########################################
		\ No newline at end of file

--- /dev/null

+++ b/cc_iptables/iptables.sh

		@@ -0,0 +1,42 @@
	1	+#!/bin/bash
	2	+modprobe ip_tables
	3	+modprobe iptable_nat
	4	+modprobe ip_nat_ftp
	5	+modprobe ip_conntrack
	6	+modprobe ip_conntrack_ftp
	7	+
	8	+ipt=/sbin/iptables
	9	+
	10	+lan=10.0.0.0/255.255.255.0
	11	+lo=127.0.0.1
	12	+
	13	+$ipt -F
	14	+$ipt -t nat -F
	15	+$ipt -X
	16	+$ipt -Z
	17	+
	18	+$ipt -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
	19	+$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	20	+$ipt -A OUTPUT -j ACCEPT
	21	+$ipt -A INPUT -s $lo -j ACCEPT
	22	+$ipt -A INPUT -s $lan -j ACCEPT
	23	+$ipt -A INPUT -s 111.11.11.11 -j ACCEPT
	24	+$ipt -A INPUT -p udp --sport 53 -j ACCEPT
	25	+$ipt -A INPUT -p udp --sport 123 -j ACCEPT
	26	+$ipt -A INPUT -p tcp --dport 25 -j ACCEPT
	27	+$ipt -A INPUT -p tcp --dport 80 -j ACCEPT
	28	+$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
	29	+$ipt -A INPUT -p tcp --dport 3306 -j ACCEPT
	30	+$ipt -A INPUT -p tcp --dport 9988 -j ACCEPT
	31	+$ipt -A INPUT -j REJECT
	32	+$ipt -A FORWARD -j REJECT
	33	+$ipt -I INPUT -s 123.45.6.7 -j DROP
	34	+
	35	+
	36	+####NAT
	37	+#echo '1' > /proc/sys/net/ipv4/ip_forward
	38	+#$ipt -t nat -A POSTROUTING -s 10.0.0.6 -j SNAT --to-source 198.7.56.11
	39	+#$ipt -t nat -A POSTROUTING -s 10.0.0.7 -j SNAT --to-source 198.7.56.11
	40	+
	41	+/sbin/service iptables save
	42	+echo ok

--- /dev/null

+++ b/cc_iptables/netstat.sh

		@@ -0,0 +1,6 @@
	1	+#!/bin/bash
	2	+#netstat -na\|grep ESTABLISHED\|awk '{print $5}'\|awk -F: '{print $1}'\|sort\|uniq -c\|sort -n \|tail -1 \|awk 'FS="[ ]+" {print $2}'
	3	+netstat -na\|grep ESTABLISHED\|awk '{print $5}'\|awk -F: '{print $1}'\|sort\|uniq -c\|sort -n
	4	+echo "ESTABLISHED ok"
	5	+netstat -an\| grep :80 \| grep -v 127.0.0.1 \|awk '{ print $5 }' \| sort\|awk -F: '{print $1,$4}' \| uniq -c \| awk '$1>2 {print $1,$2}'
	6	+echo "80 ok"

--- /dev/null

+++ b/cc_iptables/nginx_log_cc_iptables.sh

		@@ -0,0 +1,19 @@
	1	+#!/bin/bash
	2	+##email: ppabc#qq.com
	3	+##ppabc
	4	+tail www.aqzt.com.access.log -n 9999 \|awk '{print $1}'\|sort\|uniq -c\|sort -rn\|awk '{if ($1>200){print $2}}' > /data/nginxlogs/block_attack_ips.log
	5	+
	6	+/sbin/iptables -nL \|grep DROP \| awk '{print $4}' > /data/nginxlogs/iptables.log
	7	+
	8	+filename=`cat /data/nginxlogs/block_attack_ips.log`
	9	+for ip in $filename
	10	+do
	11	+if [ `grep $ip /data/nginxlogs/iptables.log` ]
	12	+then
	13	+ echo "Already exists"
	14	+else
	15	+ echo "add"
	16	+ /sbin/iptables -I INPUT -p tcp -s $ip --dport 80 -j DROP
	17	+fi
	18	+
	19	+done
		\ No newline at end of file

Scripts Fork

Commit

Tags

Frequently used words (click to add to your profile)

Commit MetaInfo

Log Message

Cambiar Resumen

Diferencia incremental

Scripts
Fork