我有一个测试服务器,该测试服务器不断接收阻止我的Apache服务器的请求(命中)。
逐一阻止IPS的工作,并且是不切实际的(iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP)。我认为是否可以一次阻止所有ips.log文件上的IP。
可以做一个脚本来执行此操作?
error.log
[Fri Jan 31 02:39:54.827551 2014] [:error] [pid 2442] [client 198.98.104.231:2078] script '/var/www/banner_160x600.php' not found or unable to stat, referer: ://www.beautifulstarrysky.com/index.php?option=com_mailto&tmpl=component&link=b9131f144a565bd8b091fd4d5699cfe18c2b60eb
[Fri Jan 31 02:39:54.967606 2014] [:error] [pid 2543] [client 23.19.50.19:2465] script '/var/www/header53621.php' not found or unable to stat
[Fri Jan 31 02:39:54.986088 2014] [:error] [pid 2481] [client 192.151.152.245:3851] script '/var/www/ads.php' not found or unable to stat, referer: http://www.fashionwomenclothes.com/index.php?option=com_content&view=article&id=4772:2013-10-26-01-03-30&catid=20:clothes-shops&Itemid=103
...
尝试以下类似
之类的东西#!/bin/bash
while read -r line; do
[[ $line =~ 'client '([^:]+) ]] && iptables -I INPUT -s "${BASH_REMATCH[1]}" -j DROP
done < error.log
这将匹配"client "和COLON之间的所有内容(请参阅@John1024的以这种方式这样做的评论,然后使用BASH_REMATCH)
BASH_REMATCH
An array variable whose members are assigned by the =~ binary
operator to the [[ conditional command. The element with index
0 is the portion of the string matching the entire regular
expression. The element with index n is the portion of the
string matching the nth parenthesized subexpression. This vari‐
able is read-only.
使用awk
awk '/error/{split($10,a,":");printf "iptables -I INPUT -s %s -j DROPn", a[1]}' file |sh
首先在没有|sh的情况下运行AWK命令以确认输出正确,然后添加|sh阻止IPS。