本文主要是介绍shell - 计数, 日志查询访问量高的IP, iptable查访问包数, 按时间实施iptables命令,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
计数
- 在需要实现一些独立的需要计数的功能时,可以以子程序的形式实现
- 使用for循环加if语句实现
- 下面的子程序实现,检测五次是否,成功启动,一次成功则回到主程序,如果5次都不成功就发出报警邮件并退出程序;
check_service ()
{n=0for i in `seq 1 5`doservice httpd restart 2> /tmp/apache.errif [ $? -ne 0 ]thenn=$[$n+1]elsebreakfidoneif [ $n -eq 5]thenpython mail.py "*@163.com" "httpd service down" `cat /tmp/apache.err`exitfi
}
日志查询访问量高的IP, iptable查访问包数, 按时间实施iptables命令
参考日志
127.0.0.1 - - [30/Oct/2019:22:09:03 +0800] "HEAD /bc.html HTTP/1.0" 200 0 "-" "curl/7.29.0" "127.0.0.1"
127.0.0.1 - - [30/Oct/2019:22:09:16 +0800] "GET /bc.html HTTP/1.0" 200 18 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15" "192.168.87.1"
127.0.0.1 - - [30/Oct/2019:22:10:12 +0800] "HEAD /bc.html HTTP/1.0" 200 0 "-" "curl/7.29.0" "127.0.0.1"
127.0.0.1 - - [30/Oct/2019:22:10:44 +0800] "GET /bc.html HTTP/1.0" 200 18 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15" "192.168.87.1"
192.168.87.1 - - [30/Oct/2019:22:11:57 +0800] "GET /bc.html HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15" "-"
192.168.87.1 - - [30/Oct/2019:22:11:57 +0800] "GET /favicon.ico HTTP/1.1" 404 169 "http://192.168.87.133:8080/bc.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15" "-"
127.0.0.1 - - [30/Oct/2019:22:12:48 +0800] "GET HTTP://127.0.0.1/bc.html HTTP/1.1" 200 18 "-" "curl/7.29.0" "-"
127.0.0.1 - - [30/Oct/2019:22:14:52 +0800] "GET HTTP://www.test.com/bc.html HTTP/1.1" 200 18 "-" "curl/7.29.0" "-"
127.0.0.1 - - [30/Oct/2019:22:26:17 +0800] "HEAD /bc.html HTTP/1.0" 200 0 "-" "curl/7.29.0" "127.0.0.1"
127.0.0.1 - - [30/Oct/2019:22:26:22 +0800] "GET /bc.html HTTP/1.0" 200 18 "-" "curl/7.29.0" "127.0.0.1"
[root@second ~]# grep "2019:22:" !$ |awk '{print $1}' |sort -n|uniq -c
grep "2019:22:" /data/logs/b.log |awk '{print $1}' |sort -n|uniq -c9 127.0.0.14 192.168.87.1
- 使用时间可以区分出1分钟里的行数,或其他需要的时间;
- 加长筛选项可避免把不相关的行加进来;
前一分钟的日志
date=`date -d "-1 minute" +%Y:%H:%M`
grep "$date"
把访问次数高于某个数值的IP找出来
[root@second ~]# grep "2019:22:" /data/logs/b.log |awk '{print $1}' |sort -n|uniq -c | awk '$1>5 {print $2}'
127.0.0.1
封80端口的命令
/sbin/iptables -I INPUT -p tcp --dport 80 -s $IP -j REJECT
- 对某个iptables操作的筛选
下面是查找被封80访问的IP,访问正常后解封
[root@second ~]# iptables -I INPUT -p tcp --dport 80 -s 192.168.87.150 -j REJECT
[root@second ~]# iptables -nvL #有其他链的信息,需要进一步筛选;
Chain INPUT (policy ACCEPT 7 packets, 488 bytes)pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 192.168.87.150 0.0.0.0/0 tcp dpt:80 reject-with icmp-port-unreachableChain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 9 packets, 784 bytes)pkts bytes target a prot opt in out source destination
[root@second ~]# iptables -nvL INPUT --line-numbers #可以查到需要信息,带编号;
Chain INPUT (policy ACCEPT 474 packets, 33552 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT tcp -- * * 192.168.87.150 0.0.0.0/0 tcp dpt:80 reject-with icmp-port-unreachable
[root@second ~]# iptables -nvL INPUT --line-numbers |grep "tcp dpt:80 reject"
1 0 0 REJECT tcp -- * * 192.168.87.150 0.0.0.0/0 tcp dpt:80 reject-with icmp-port-unreachable
[root@second ~]# iptables -nvL INPUT --line-numbers |grep "tcp dpt:80 reject" |awk '$2<10 {print $1}' #把规则的条数列出来;
1
[root@second ~]# iptables -nvL INPUT --line-numbers |grep "tcp dpt:80 reject" |awk '$2<10 {print $1}' | sort -nr #如果多条规则要从最后开始删除,删除后规则编号不变;
1
删除的规则
/sbin/iptables -D INPUT $bianhao
/sbin/iptables -Z #清除规则后重新计数,用于下一次统计;
每分钟根据日志访问量封IP,每半小时按iptables统计访问包数解放IP(任务计划,每分钟实施)min=`date +%M`
if [ $min == "00" ] || [ $min == "30" ];thenunblock #子程序,要先解封;block #子程序,如果先封IP,新封IP iptable统计包数很少,会被解封;elseblock
fi
这篇关于shell - 计数, 日志查询访问量高的IP, iptable查访问包数, 按时间实施iptables命令的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!