稍为改写了下DropBrute用于IPV6检测nginx的access_log

摘要:
/tmp/DropBrute.log'>###/etc/init.d/cronenable&##echo01.2.3.0/24>exit-1$ipt-N$iptChain>&
#!/bin/sh
#
# DropBrute.sh @20130516
#
# minimalist OpenWRT/dropbear ssh brute force attack banning script
#
# Installation steps:
#
# 1) Optionally edit the variables in the header of this script to customise
#    for your environment
#
# 2) Insert a reference for this rule in your firewall script before you
#    accept ssh, something like:
#
#    iptables -N DropBrute
#    iptables -I input_rule -i br-wan -p tcp --dport 22 -j DropBrute
#    iptables -I input_rule -i br-wan -p tcp --dport 22 -m state --state NEW -m limit --limit 6/min --limit-burst 6 -j ACCEPT
#
# 3) Run the script periodically out of cron:
#
#    echo '*/10 * * * * /usr/sbin/DropBrute.sh 2>&1 >> /tmp/DropBrute.log' >> /etc/crontabs/root
#
# 4) If cron is not enabled, you'll also need to run the following:
#
#    /etc/init.d/cron enable && /etc/init.d/cron start
#
#
# To whitelist hosts or networks, simply add a manual entry to the lease
# file with a leasetime of -1.  This can be done with the following syntax:
#
#    echo -1 192.168.1.0/24 >> /tmp/DropBrute.leases
#
# A static, or non-expiring blacklist of a host or network can also be
# added, just use a lease time of 0.  This can be done with the following syntax:
#
#    echo 0 1.2.3.0/24 >> /tmp/DropBrute.leases

# How many bad attempts before banning. Only the log entries from the
# current day are checked.
allowedAttempts=5

# How long IPs are banned for after the current day ends.
# default is 1 days
secondsToBan=$((1*60*60*24))

# the "lease" file - defaults to /tmp which does not persist across reboots
leaseFile=/tmp/DropBrute.leases

# This is the iptables chain that drop commands will go into.
# you will need to put a reference in your firewall rules for this
#iptChain=DropBrute
iptChain=input_wan_rule

# the IP Tables drop rule
iptDropRule='-j DROP'

# the IP Tables whitelist rule
iptWhiteRule='-j RETURN'

# You can put default leasefile entries in the following space.
# Syntax is simply "leasetime _space_ IP_or_network".  A leasetime of -1 is a
# whitelist entry, and a leastime of 0 is a permanent blacklist entry.
[ -f $leaseFile ] || cat <<__EOF__>>$leaseFile
-1 2400:1234:123:1000::/56
__EOF__

# End of user customizable variables (unless you know better )

ipt='/usr/sbin/ip6tables'

[ `date +'%s'` -lt 1320000000 ] && echo System date not set, aborting. && exit -1
$ipt -N $iptChain >&/dev/null

today=`date +'%d/%b/%Y'`
now=`date +'%s'`
nowPlus=$((now + secondsToBan))

echo Running DropBrute on `date` ($now)

# find new badIPs
for badIP in `cat /tmp/nginx/access.log | grep " 404 " | egrep ".*$today" | awk '{print $1}' | sort -u` ; do
  found=`cat /tmp/nginx/access.log | grep " 404 " | egrep ".*[$today" | awk '{print $1}' | fgrep $badIP | wc -l`
  if [ $found -gt $allowedAttempts ] ; then
    if [ `egrep  $badIP$ $leaseFile|wc -l` -gt 0 ] ; then
       [ `egrep  $badIP$ $leaseFile|cut -f1 -d ` -gt 0 ] && sed -i 's/^.* '$badIP$/$nowPlus $badIP/ $leaseFile
    else
       echo $nowPlus $badIP >> $leaseFile
    fi
  fi
done

# now parse the leaseFile
while read lease ; do
  leaseTime=`echo $lease|cut -f1 -d `
  leaseIP=`echo $lease|cut -f2 -d `
  if [ $leaseTime -lt 0 ] ; then
    if [ `$ipt -S $leaseChain|egrep  $leaseIP/32 | $leaseIP |fgrep -- "$iptWhiteRule"| wc -l` -lt 1 ] ; then
      echo Adding new whitelist rule for $leaseIP
      $ipt -I $iptChain -s $leaseIP $iptWhiteRule
    fi
  elif [ $leaseTime -ge 1 -a $now -gt $leaseTime ] ; then
    echo Expiring lease for $leaseIP
    $ipt -D $iptChain -s $leaseIP $iptDropRule
    sed -i /$leaseIP/d $leaseFile
  elif [ $leaseTime -ge 0 -a `$ipt -S $leaseChain|egrep  $leaseIP/32 | $leaseIP |wc -l` -lt 1 ] ; then
    echo Adding new rule for $leaseIP
    $ipt -A $iptChain -s $leaseIP $iptDropRule
  fi
done < $leaseFile

#!/bin/sh
#
# DropBrute.sh @20130516
#
# minimalist OpenWRT/dropbear ssh brute force attack banning script
#
# Installation steps:
#
# 1) Optionally edit the variables in the header of this script to customise
#    for your environment
#
# 2) Insert a reference for this rule in your firewall script before you
#    accept ssh, something like:
#
#    iptables -N DropBrute
#    iptables -I input_rule -i br-wan -p tcp --dport 22 -j DropBrute
#    iptables -I input_rule -i br-wan -p tcp --dport 22 -m state --state NEW -m limit --limit 6/min --limit-burst 6 -j ACCEPT
#
# 3) Run the script periodically out of cron:
#
#    echo '*/10 * * * * /usr/sbin/DropBrute.sh 2>&1 >> /tmp/DropBrute.log' >> /etc/crontabs/root
#
# 4) If cron is not enabled, you'll also need to run the following:
#
#    /etc/init.d/cron enable && /etc/init.d/cron start
#
#
# To whitelist hosts or networks, simply add a manual entry to the lease
# file with a leasetime of -1.  This can be done with the following syntax:
#
#    echo -1 192.168.1.0/24 >> /tmp/DropBrute.leases
#
# A static, or non-expiring blacklist of a host or network can also be
# added, just use a lease time of 0.  This can be done with the following syntax:
#
#    echo 0 1.2.3.0/24 >> /tmp/DropBrute.leases

# How many bad attempts before banning. Only the log entries from the
# current day are checked.
allowedAttempts=5

# How long IPs are banned for after the current day ends.
# default is 1 days
secondsToBan=$((1*60*60*24))

# the "lease" file - defaults to /tmp which does not persist across reboots
leaseFile=/tmp/DropBrute.leases

# This is the iptables chain that drop commands will go into.
# you will need to put a reference in your firewall rules for this
#iptChain=DropBrute
iptChain=input_wan_rule

# the IP Tables drop rule
iptDropRule='-j DROP'

# the IP Tables whitelist rule
iptWhiteRule='-j RETURN'

# You can put default leasefile entries in the following space.
# Syntax is simply "leasetime _space_ IP_or_network".  A leasetime of -1 is a
# whitelist entry, and a leastime of 0 is a permanent blacklist entry.
[ -f $leaseFile ] || cat <<__EOF__>>$leaseFile
-1 2408:8756:af3:f000::/56
__EOF__

# End of user customizable variables (unless you know better )

ipt='/usr/sbin/ip6tables'

[ `date +'%s'` -lt 1320000000 ] && echo System date not set, aborting. && exit -1
$ipt -N $iptChain >&/dev/null

today=`date +'%d/%b/%Y'`
now=`date +'%s'`
nowPlus=$((now + secondsToBan))

echo Running DropBrute on `date` ($now)

# find new badIPs
for badIP in `cat /tmp/nginx/access.log | grep " 404 " | egrep ".*$today" | awk '{print $1}' | sort -u` ; do
  found=`cat /tmp/nginx/access.log | grep " 404 " | egrep ".*[$today" | awk '{print $1}' | fgrep $badIP | wc -l`
  if [ $found -gt $allowedAttempts ] ; then
    if [ `egrep $badIP$ $leaseFile|wc -l` -gt 0 ] ; then
       [ `egrep $badIP$ $leaseFile|cut -f1 -d ` -gt 0 ] && sed -i 's/^.* '$badIP$/$nowPlus $badIP/ $leaseFile
    else
       echo $nowPlus $badIP >> $leaseFile
    fi
  fi
done

# now parse the leaseFile
while read lease ; do
  leaseTime=`echo $lease|cut -f1 -d `
  leaseIP=`echo $lease|cut -f2 -d `
  if [ $leaseTime -lt 0 ] ; then
    if [ `$ipt -S $leaseChain|egrep $leaseIP/32 | $leaseIP |fgrep -- "$iptWhiteRule"| wc -l` -lt 1 ] ; then
      echo Adding new whitelist rule for $leaseIP
      $ipt -I $iptChain -s $leaseIP $iptWhiteRule
    fi
  elif [ $leaseTime -ge 1 -a $now -gt $leaseTime ] ; then
    echo Expiring lease for $leaseIP
    $ipt -D $iptChain -s $leaseIP $iptDropRule
    sed -i /$leaseIP/d $leaseFile
  elif [ $leaseTime -ge 0 -a `$ipt -S $leaseChain|egrep $leaseIP/32 | $leaseIP |wc -l` -lt 1 ] ; then
    echo Adding new rule for $leaseIP
    $ipt -A $iptChain -s $leaseIP $iptDropRule
  fi
done < $leaseFile

免责声明:文章转载自《稍为改写了下DropBrute用于IPV6检测nginx的access_log》仅用于学习参考。如对内容有疑问,请及时联系本站处理。

上篇MLflow系列3:MLflow项目Qt之手动布局下篇

宿迁高防,2C2G15M,22元/月;香港BGP,2C5G5M,25元/月 雨云优惠码:MjYwNzM=

相关文章

分享公司Entity与DTO之间数据拷贝的方法

主题   最早以前自学java web的时候,数据库查询出来一个Entity对象(CMP对象).就直接传给前台展示了.并没有用到DTO对象,开始并没有觉得有什么不好...后来发现还是需要一些DTO对象来专门用来传值与前台展示用的.因为直接使用Entity对象有几个地方会比较麻烦: 1.Entity对象的成员域和数据库字段是对应的(比如使用hibernate...

Winform异步解决窗体耗时操作(Action专门用于无返回值,Func专门用于有返回值)

http://blog.csdn.net/config_man/article/details/25578767 [csharp]view plaincopy #region 调用timer控件实时查询开关机时间   private void timer1_Tick(object sender, EventArgs e)   {       str...

VBS创建文件

在桌面创建文件 文件名称为0.txt到5.txt 桌面 & 1.txt = 桌面1.txt才是在桌面删除文件1.txt Administrator桌面 & 1.txt = Administrator桌面1.txt,在Administrator文件夹下删除的文件名是桌面1.txt dim file,fileContent di...

mysql alter 添加索引

1.添加主键索引 ALTER TABLE `table_name` ADD PRIMARY KEY (`column`) 2.添加唯一索引 ALTER TABLE `table_name` ADD UNIQUE (`column`) 3.添加全文索引 ALTER TABLE `table_name` ADD FULLTEXT (`column`)...

[npm]npm audit fix

npm官网上查阅了对于npm audit fix的相关介绍。 npm audit : npm@5.10.0 & npm@6,允许开发人员分析复杂的代码,并查明特定的漏洞和缺陷。 npm audit fix :npm@6.1.0,  检测项目依赖中的漏洞并自动安装需要更新的有漏洞的依赖,而不必再自己进行跟踪和修复。 npm-audit 官网地址:do...

使用pageHelper遇到的问题

在做SSM整合的时候,遇到一个小问题,在我使用pageHelper的时候,分页的效果总是无法正确显示,卡了我几个小时,现在来说一下我的问题。  1.首先导入pageHelper的包: <!--引入pageHelper分页插件 --> <dependency> <groupId>com.github.pagehelper&...