#!/bin/bash
#Created by lrm
#date 2013-06-05
IGNORE_IP_LIST="/root/list" #白名单
iptables -L -n |awk '{print $4}' |grep -v '0.0.0.0' |grep -v '[A-Z]'|grep -v '[a-z]'|grep -v '^$' > /tmp/ip.txt
IP="/tmp/ip.txt"
list=`netstat -an |grep ^tcp.*:80|egrep -v 'LISTEN|127.0.0.1'|awk -F"[ ]+|[:]" '{print $6}'|sort|uniq -c|sort -rn|awk '{if ($1>200){print $2}}'`
for i in $list
do
grep "$i" $IGNORE_IP_LIST >/dev/null #判断IP是不是已经在白名单里面是的话退出
if [ $? = 0 ]
then
echo "no" >/dev/null
else
grep "$i" $IP >/dev/null #判断IP是不是已经在iptables里面是的话退出
if [ $? = 0 ]
then
echo "no" >/dev/null
else
iptables -I INPUT -s $i -j DROP >> /var/log/ip_list.log
mail -s "$i is killed " lrm929@163.com
fi
fi
done
然后写一个循环脚本让让它在后台执行
#!/bin/bash
while [ true ]; do
/bin/sleep 2
/shell/ddos.sh
done
下一篇:VLAN安全