#!/bin/sh
#date:2015-12-13
#filename:fang-DOS.sh
#version:v1.0
while true
do
#awk '{print $1}' access_2015-12-15.log|grep -v "^$"|sort|uniq -c >/tmp/tmp.log
netstat -an|grep EST|awk -F '[ :]+' '{print $6}'|sort|uniq -c >/tmp/tmp.log
exec </tmp/tmp.log
while read line
do
ip=`echo $line|awk '{print $2}'`
count=`echo $line|awk '{print $1}'`
if [ $count -gt 3 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]
then
iptables -I INPUT -s $ip -j DROP
echo "$line is dropped" >>/tmp/droplist.log
fi
done
sleep 5
done
更多内容请访问 李兴利博客