本帖最后由 kashu 于 2013-7-1 13:39 编辑
[Bash shell] 纯文本查看 复制代码 DATE=`date +"%Y%m%d_%H%M%S"`
ddos_path=/tmp/ddos
email=xxxxx@qq.com
#生成ddos目录
[ -d $ddos_path ] || mkdir -p $ddos_path
[ -d $ddos_path/log ] || mkdir $ddos_path/log
[ -d $ddos_path/dat ] || mkdir $ddos_path/dat
#移动上一次创建的文件
mv $ddos_path/*.log $ddos_path/log/ 2>/dev/null
mv $ddos_path/*.dat $ddos_path/dat/ 2>/dev/null
#获取并生成服务器ip地址列表
function_get_ddosip()
{
echo "[execute get_ddosip]">$ddos_path/$DATE.log
echo "export $ddos_path/ip.txt files">>$ddos_path/$DATE.log
echo "[execte]:netstat -an|grep 80|grep 'EST'|awk '{print $5}'|cut -d: -f 1|sort|uniq">>$ddos_path/$DATE.log
netstat -an|grep 80|grep 'EST'|awk '{print $5}'|cut -d: -f 1|sort|uniq -c>$ddos_path/ip.txt
if [ -e ${ddos_path}/ip.txt ];then
echo "${ddos_path}/ip.txt create success!">>$ddos_path/$DATE.log
sleep 1
else
echo "${ddos_path}/ip.txt create incorrect!">>$ddos_path/$DATE.log
exit 0
fi
}
function_get_ddosip
#判断系统是否遭受DDOS攻击
ip_status=`/bin/cat $ddos_path/ip.txt |wc -l`
if [ ${ip_status} -eq 0 ];then
echo "no ddos attack!">>$ddos_path/$DATE.log
echo "do not excute change_ipdata">>$ddos_path/$DATE.log
exit 0;
fi
#重新生成ip地址列表文件
function_change_ipdata()
{
echo "[execute change_ipdata]">>$ddos_path/$DATE.log
echo "change from $ddos_path/ip.txt TO $ddos_path/$DATE.dat">>$ddos_path/$DATE.log
echo "[execte]:bin/cat $ddos_path/ip.txt">>$ddos_path/$DATE.log
/bin/cat $ddos_path/ip.txt | awk '{if( $1 >= 100 ) {print $1,$2}}'>$ddos_path/ip.tmp
/bin/cat $ddos_path/ip.tmp| awk '{ now=strftime( "%y%m%d %T", systime() ); print now " | "$1" | "$2 }'>$ddos_path/$DATE.dat
if [ -e ${ddos_path}/$DATE.dat ];then
echo "${ddos_path}/$DATE.dat change success!">>$ddos_path/$DATE.log
sleep 1
else
echo "${ddos_path}/$DATE.dat change incorrect!">>$ddos_path/$DATE.log
exit 0
fi
}
#sendmail邮件发送
function_mail_send()
{
#sed -i '1 i\Warning! The server has a DDOS attack' $ddos_path/$DATE.dat
mail -s "DDos Wroning" $email <$ddos_path/$DATE.dat
}
#muu邮件发送
function_mutt_send()
{
/usr/local/mutt/bin/mutt -s "DDOS REPORT" -c $email <$ddos_path/$DATE.dat
}
function_change_ipdata
#过滤DDOS攻击源地址
function_iptables_rule()
{
echo "[execute iptables_rule]">>$ddos_path/$DATE.log
echo "get $ddos_path/$DATE.dat files data">>$ddos_path/$DATE.log
for i in `/bin/cat $ddos_path/$DATE.dat|awk '{print $6}'`
do
echo iptables -A INPUT -p tcp -s ${i} -j DROP >>$ddos_path/$DATE.log
/sbin/iptables -A INPUT -p tcp -s ${i} -j DROP
sleep 1
#执行邮件发送
# function_mail_send
function_mutt_send
done
}
function_iptables_rule
|