简单查看日志 封杀蠕虫ip

标签：蠕虫 封杀 ip

#!/bin/bash

#

while true

do

awk ‘{print $1}‘ /usr/local/nginx/logs/access.log|grep -v "^$"|sort |uniq -c >/tmp/tmp.log

exec </tmp/tmp.log

while read line

do

  ip=`echo $line |awk ‘{print $2}‘`

  count=`echo $line | awk ‘{print $1}‘`

  if [ $count -gt 100 ] &&  [ `iptables -L -n |grep "$ip" |wc -l` -lt 1 ]

  then

  iptables -I INPUT -s $ip -j DROP （封杀IP）

  echo "$line is dropped" >> /tmp/droplist.log

fi

done

sleep 5

done

简单查看日志 封杀蠕虫ip

标签：蠕虫 封杀 ip

原文地址：http://yzg784534398.blog.51cto.com/9719002/1643892