批量屏蔽符合條件的IP地址,支持添加白名單,IP段,增量,大於指定次數的IP
阿新 • • 發佈:2018-05-03
{0} pytho 防火墻 bsp key val 日誌 並且 log
批量屏蔽符合條件的IP地址,支持添加白名單,IP段,增量
大概的思路是利用sh,從日誌中提取出來對應的IP地址,然後再交由python進行對比,判斷,最終將需要添加至iptables列表中的IP寫入到一個文件中,然後再由sh進行寫入到iptables中
#!/bin/sh tmpmaillog="/usr/local/*/test/tmpmaillog" sortiptmp="/usr/local/*/test/sortiptmp" iptableslist="/usr/local/*/test/iptableslist" ipbankip="/usr/local/*/test/ipbank" ipwhite="/usr/local/*/test/ipwhite" #printlog 函數說明 #兩個參數,一,是否打印日誌,二,日誌內容 #一可選,0,1,0表示不打印日誌內容出來,1表示打印日誌內容出來 LOGFILE_PATH="/var/log/ipbanklog" NOWTIME=`date "+%Y-%m-%d %H:%M:%S"` function printlog() { LOG_CONTENT="$NOWTIME $2" #echo $LOG_CONTENT if [ $1 -ne 0 ]; then echo $LOG_CONTENT echo $LOG_CONTENT>>$LOGFILE_PATHelse echo $LOG_CONTENT>>$LOGFILE_PATH fi } #檢查上一條命令執行是否正常,不正常退出 check_error_exit() { #echo $?"+++++++++++" RUSELT=$? if [ ${RUSELT} -ne 0 ]; then printlog 1 "#[ERROR] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" printlog 1 "#[ERROR] 恭喜,光榮而偉大的報錯了 : "$1 printlog 1 "#[ERROR] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" exit 1 fi } #輸出顏色字體 function echo_colour() { if [ $1 -eq 0 ]; then echo -e "\033[41;37m ${2} \033[0m" return 0 fi if [ $1 -eq 1 ]; then echo -e "\033[43;37m ${2} \033[0m" return 0 fi if [ $1 -eq 2 ]; then echo -e "\033[47;30m ${2} \033[0m" return 0 fi } #輸出使用方法 output_usage() { echo "-----------使用說明----------------" echo "#sh ${0} <隊列名稱>" echo echo "#當發生堵隊列情況時的處理腳本" echo "#執行過程:" echo "#1、先刪除cache_xxx目錄中的郵件文件" echo "#2、再清理Redis中的task_queue:xxx、task_data:xxx的鍵值" echo "#處理人:cs" echo "#處理時間:2018-4-12" echo "#當前版本:VERSION 1" echo "----------------------------------" } #打印結束符 print_end() { printlog 1 "<<<<<<<<<<<<<<<<<<<<<<END<<<<<<<<<<<<<<<<<<<<<<<<<<" } printlog 1 ">>>>>>>>>>>>>>>>>>>>>>>>>>Start>>>>>>>>>>>>>>>>>>>>>>>>>>" cat /usr/local/*/app/log/authenticator.log|grep ‘none‘>${tmpmaillog} ip_regex="[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}" cat ${tmpmaillog}| egrep -o $ip_regex|sort|uniq -c>${sortiptmp} /sbin/iptables -L -n|grep ‘DROP‘|awk ‘{print $4}‘>${iptableslist} /usr/local/*/app/engine/bin/python /usr/local/*/test/ipbank.py 3 $ipwhite $sortiptmp $iptableslist $ipbankip printlog 0 "Start_IP_to_iptables_DROP" for ipone in `cat $ipbankip` do #echo $ipone printlog 0 $ipone /sbin/iptables -I INPUT -s $ipone -j DROP done printlog 0 "Success Add `wc -l $ipbankip` IP Iptables." print_end
#coding: utf-8 import sys def ipban(num,ipWhiteFile,sortiptmpfile,iptableslistfile,ipbankipfile): try: num=int(num) addiplist=[] whiteiplist=[] whitenetworklist=[] iptableslist=[] white_dict = {} #讀取白名單文件,生成需要屏蔽的IP列表與網段列表 for ln in file(ipWhiteFile,"r"): (value,key)=ln.strip().split() white_dict[key] = value for k,v in white_dict.items(): #print k,v if v in "ip": whiteiplist.append(k) #whiteiplist.extend(white_dict[k]) #print k else: whitenetworklist.append(k) #根據排序好的IP列表,過濾少於多少次的IP,並且排除白名單IP,最終生成需要添加的IP地址 fsort=open(sortiptmpfile,"r") for line in fsort.readlines(): linelist=line.split() if int(linelist[0])>num: if linelist[1] not in whiteiplist: addiplist.append(linelist[1]) fsort.close() #刪除指定的IP段IP endlist=[] for addone in addiplist: for whitenetworkone in whitenetworklist: if whitenetworkone in addone: endlist.append(addone) break addip=list(set(addiplist).difference(set(endlist))) #讀取現有的iptables屏蔽的IP,生成列表 for iptabone in file(iptableslistfile,"r"): iptableslist.extend(iptabone.strip().split()) #將iptables屏蔽的IP,從排序好的IP列表中刪除掉 addip=list(set(addip).difference(set(iptableslist))) #將最終需要屏蔽的IP列表寫到白名單文件列表中 writeipadd=file(ipbankipfile,"w") for ipone in addip: writeipadd.write(ipone) writeipadd.write("\n") writeipadd.close() print "Success:%s" %(len(addip)) except: print "Error" help() def help(): print "-"*30+"Help"+"-"*30 print sys.argv[0]+"\t[num]"+"\t[ipWhiteFile]"+"\t[sortiptmp]"+"\t[iptableslist]"+"\t[ipbankip]" print "\n" print "##num:\t\t---跳過少於多少次的IP連接" print "##ipWhiteFile:\t---IP白名單列表,一行一個" print "##sortiptmp:\t---排序後的IP地址列表" print "##iptableslist:\t---IP防火墻已經屏蔽的IP地址列表,不需要排序" print "##ipbankip:\t---最終生成的屏蔽IP地址列表" print "-"*30+"Help"+"-"*30 if __name__ == "__main__": try: #print sys.argv print "Strat" num = sys.argv[1] ipWhiteFile = sys.argv[2] sortiptmpfile = sys.argv[3] iptableslistfile = sys.argv[4] ipbankipfile = sys.argv[5] ipban(num,ipWhiteFile,sortiptmpfile,iptableslistfile,ipbankipfile) except: help() else: print "Not Main" print sys.argv
批量屏蔽符合條件的IP地址,支持添加白名單,IP段,增量,大於指定次數的IP