Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to use Shell scripts to solve the production of DOS secure Linux servers. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

Introduction in computer science, Shell, commonly known as shell (used to distinguish it from kernel), refers to software (command parser) that "provides an operating interface for the user"; it is similar to command.com under DOS and later cmd.exe;, which receives user commands and then invokes the corresponding application.

According to the number of web logs or network connections, monitor that when the number of concurrent connections to a certain IP or PV reaches 100 within a short period of time, the firewall command is called to block the corresponding IP, and the monitoring frequency is every 3 minutes.

The firewall command is:

Iptables-I INPUT-s 10.0.0.10-j DROP

Let's start with the Web log.

Analysis of development ideas:

1. Analyze the IP address, and then remove it to determine the number of visits to each IP, and you can put it in the file.

[root@oldboy scripts] # awk'{print $1} 'access_2010-12-8.log | sort | uniq-c | sort-rn | head35 59.33.26.10523 123.122.65.2268 124.115.4.18 [root@oldboy scripts] # awk' {S [$1] +} END {for (k in S) print S [k], k} 'access_2010-12-8.log | sort-rn | head35 533.26.10523 123.65.2268 124.115.4.18

When the number of visits to IP reaches 100, it will be blocked.

If conditional clause is required

Read the deduplicated result file of 1, and use while.

Final answer

[root@oldboy scripts] # cat exam05.shangxue Bash while truedo awk'{S [$1] + +} END {for (k in S) print S [k] K} 'access_2010-12-8.log | sort-rn | head > / tmp/ip.log while read line do ip= `echo $line | awk' {print $2} '`echo $line | awk' {print $1} '`if [$count-ge 36-a `grep-w "$ip" / tmp/drop_$ (date +% F) .ip | wc-l`-lt 1] then iptables-I INPUT-s $ip-j DROP & & echo-e "$ipt `date +% F`" > > / tmp/drop_$ (date +% F) .ip fi done / tmp/ip.log sleep 5done

If it's a web log,

Pull netstat.log test from production environment

[root@oldboy scripts] # awk-F "[:] +'/ EST.*$/ {print $(NF-3)} 'netstat.log | awk' {S [$1] + +} END {for (k in S) print S [k] K}'| sort-rn | head4 118.242.18.1773 123.6.2233 114.250.250.1272 123.244.104.422 121.204.108.1601 59.53.166.1651 58.45.1891 42.95.73.1521 42.196.246.1801 36.46.160.100

If you are working, you can netstat-an | awk-F "[:] +" / EST.*$/ {print $(NF-3)} 'analysis

Final answer

[root@oldboy scripts] # cat exam05.END for while truedo awk-F "[:] +" / EST.*$/ {for $(NF-3)} 'netstat.log | awk' {S [$1] + +} END {for (k in S) print S [k] K}'| sort-rn | head > / tmp/ip.log while read line do ip= `echo $line | awk'{print $2} '`count= `echo $line | awk' {print $1} '`if [$count-ge 36-a `echo-w "$ip" / tmp/drop_$ (date +% F) .ip | wc-l`-lt 1] then iptables-I INPUT-s $ip-j DROP & & echo-e "$ipt `date +% F`" > > / tmp/drop_$ (date +% F) .ip fi done / tmp/ip.log sleep 5done

After reading the above, do you have any further understanding of how to use Shell scripts to solve DOS secure Linux server production? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.