centos redhat系列对抗ddos之居家必备利器 banip.txt_Linux

centos redhat系列对抗ddos之居家必备利器 banip.txt

 
############################################## 
#version="20100718" 
#author="phpsir" 
#author_email="phpsir@phpsir.com" 
############################################## 
maxnum=50 
runmin_max=300 
#runmin_max is clear time 
ipfile="/tmp/80link.txt" 
banip_data_file="/root/banip_data.txt" 
ipopenfile="/root/openip.txt" 
nsfile="/tmp/netstat80.txt" 

myip=`/sbin/ifconfig eth0 | grep inet | awk '{print $2}' | sed 's/addr://' | grep .` 
if [ ! -f $ipopenfile ] 
then 
echo "init $ipopenfile" 
touch $ipopenfile 
fi 
if [ -f $banip_data_file ] 
then 
source $banip_data_file 
echo "last runtime=$runtime" 
else 
echo "init $banip_data_file" 
echo 'runtime='`date "+%s"` > $banip_data_file 
source $banip_data_file 
runmin_max=-1 
fi 

echo "start shell" `date "+%y-%m-%d %h:%m:%s"` 
runmin=$((`date "+%s"`-$runtime)) 
if [ $runmin -gt $runmin_max ] 
then 
echo $runmin "is bigger than " $runmin_max 
echo "clear ips" 
/sbin/iptables -f 
echo 'runtime='`date "+%s"` > $banip_data_file 
else 
echo $runmin "is lowwer than " $runmin_max 
fi 

netstat -an | grep "$myip:80" > $nsfile 

echo "total links = " `cat $nsfile | wc -l ` 
echo "total links established = " `cat $nsfile | grep established | wc -l ` 
echo "total links sync = " `cat $nsfile | grep syn | wc -l ` 

cat $nsfile | awk '{print $5}' | awk -f: '{print $1}' | sort|uniq -c|sort -rn | head -n 10 > $ipfile 

cat $ipfile | while read oneline 
do 
ip=`echo $oneline | cut -d " " -f 2` 
num=`echo $oneline | cut -d " " -f 1` 
str="$ip has linked $num " 
banme="yes" 

for allowip in `cat $ipopenfile` 
do 
echo $ip | grep $allowip > /dev/null 
if [ $? -eq 0 ] 
then 
banme="no" 
echo $allowip "banme = " $banme 
/sbin/iptables -d input -p tcp -s $ip -d $myip --dport 80 -j reject > /dev/null 2>&1 
continue 
fi 
done 

if [ $banme = "yes" ] 
then 
if [ $num -gt "$maxnum" ] 
then 
/sbin/iptables -l -n | grep "$ip" >/dev/null 
status=`echo $?` 
if [ $status -eq 1 ] 
then 
echo "deny $ip ,because $str " 
/sbin/iptables -a input -p tcp -s $ip -d $myip --dport 80 -j reject 
echo "ban " $ip " ok " 
#/sbin/iptables -l -n | grep "$ip" 
else 
echo > /dev/null 
#echo "$str alread reject" 
fi 
else 
echo > /dev/null 
#echo "$str $ip ok ,less $maxnum " 
fi 
fi 

done 

echo "stop shell" `date "+%y-%m-%d %h:%m:%s"` 