Shulou(Shulou.com)06/02 Report--

This article catalogue

11. Iptables automatically blocks the IP12 that frequently visits the website, determines whether the user enters an IP address 13, determines whether the user enters a number 14, finds files containing keywords in a given directory, and monitors the directory. Append the newly created file name to the log 16, provide the user with multiple network card selections 17, view the network card real-time traffic 18, MySQL database backup 19, Nginx service management script 20, the user selects the Linux host to connect according to the menu

11. Iptables automatically blocks frequent IP visits to websites

Scenario: malicious access, security precautions 1) block IP method 1: according to the access log (Nginx as an example) #! / bin/bashDATE=$ (date +% d/%b/%Y:%H:%M) ABNORMAL_IP=$ (tail-n5000 access.log | grep $DATE | awk'{a [$1] + +} END {for (i in a) if (a [I] > 100) print I}') # first tail prevents files from being too large and slow to read The number adjusts the maximum number of visitors per minute. Awk cannot filter the log directly because it contains special characters. For IP in $ABNORMAL_IP; do if [$(iptables-vnL | grep-c "$IP")-eq 0]; then iptables-I INPUT-s $IP-j DROP fidone method 2: connection established through TCP #! / bin/bashABNORMAL_IP=$ (netstat-an | awk'$4 purplet 80 $/ & & $6~/ESTABLISHED/ {gsub (/: [0-9] + /, ", $5) {a [$5] + +}} END {for (i in a) if (a [I] > 100) print I}') # gsub removes the colon and port of the fifth column (client IP) for IP in $ABNORMAL_IP; do if [$(iptables-vnL | grep-c "$IP")-eq 0] Then iptables-I INPUT-s $IP-j DROP fidone2) blocks IP method 1 that SSH attempts to log in more than 10 times per minute: get login status through lastb: #! / bin/bashDATE=$ (date + "% a% b% e% HGV% M") # week, month, day, hour, day, hour, day, week, month, day, day, hour, day, week, month, day, hour, day, month, day, week, month, day, day, hour, day, month, day, hour, day, month, day, week, month, day, hour, day, month, day, day, day, While% d shows 07ABNORMALLIQUE $(lastb | grep "$DATE" | awk'{a [$3] + +} END {for (i in a) if (a [I] > 10) print I}') for IP in $ABNORMAL_IP Do if [$(iptables-vnL | grep-c "$IP")-eq 0] Then iptables-I INPUT-s $IP-j DROP fidone method 2: obtain login status #! / bin/bashDATE=$ (date + "b% d% H") ABNORMAL_IP= "$(tail-n10000 / var/log/auth.log | grep" $DATE "| awk'/ Failed/ {a [(NF-3)] + +} END {for (i in a) if (a [I] > 5) print I}')" for IP in $ABNORMAL_IP Do if [$(iptables-vnL | grep-c "$IP")-eq 0]; then iptables-An INPUT-s $IP-j DROP echo "$(date +"% F% T ")-iptables-An INPUT-s $IP-j DROP" > > ~ / ssh-login-limit.log fidone

12. Determine whether the IP address entered by the user

Method 1: IP function check_ip () {IP=$1 VALID_CHECK=$ (echo $function). '$1 < = 255 yuan 2

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.