批量屏蔽符合条件的IP地址,支持添加白名单,IP段,增量
大概的思路是利用sh,从日志中提取出来对应的IP地址,然后再交由python进行对比,判断,最终将需要添加至iptables列表中的IP写入到一个文件中,然后再由sh进行写入到iptables中
#!/bin/sh
tmpmaillog="/usr/local/*/test/tmpmaillog"
sortiptmp="/usr/local/*/test/sortiptmp"
iptableslist="/usr/local/*/test/iptableslist"
ipbankip="/usr/local/*/test/ipbank"
ipwhite="/usr/local/*/test/ipwhite"
#printlog 函数说明
#两个参数,一,是否打印日志,二,日志内容
#一可选,0,1,0表示不打印日志内容出来,1表示打印日志内容出来
LOGFILE_PATH="/var/log/ipbanklog"
NOWTIME=`date "+%Y-%m-%d %H:%M:%S"`
function printlog()
{
LOG_CONTENT="$NOWTIME $2"
#echo $LOG_CONTENT
if [ $1 -ne 0 ]; then
echo $LOG_CONTENT
echo $LOG_CONTENT>>$LOGFILE_PATH
else
echo $LOG_CONTENT>>$LOGFILE_PATH
fi
}
#检查上一条命令执行是否正常,不正常退出
check_error_exit()
{
#echo $?"+++++++++++"
RUSELT=$?
if [ ${RUSELT} -ne 0 ]; then
printlog 1 "#[ERROR] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
printlog 1 "#[ERROR] 恭喜,光荣而伟大的报错了 : "$1
printlog 1 "#[ERROR] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
exit 1
fi
}
#输出颜色字体
function echo_colour()
{
if [ $1 -eq 0 ]; then
echo -e "�33[41;37m ${2} �33[0m"
return 0
fi
if [ $1 -eq 1 ]; then
echo -e "�33[43;37m ${2} �33[0m"
return 0
fi
if [ $1 -eq 2 ]; then
echo -e "�33[47;30m ${2} �33[0m"
return 0
fi
}
#输出使用方法
output_usage()
{
echo "-----------处理机制----------------"
echo "#1.shell根据条件提取指定日志中内容"
echo "#2.python进行对比iptables与白名单文件"
echo "#3.shell进行添加至ip防火墙中"
echo "--------------------------------"
echo -e "
"
echo "-----------使用步骤-----------"
echo "#在/usr/local/*/目录中建一个test的目录,然后将ipbank.py与ipbank.sh的文件进到test的目录中"
echo -e "�33[41;37m#找到start_run函数中备注的需要编辑下面的这条语句,编辑为你自已需要提取的日志内容 �33[0m"
echo "#然后可以再手动运行一下#sh ipbank.sh即可"
echo "#如果需要自动运行的话,可以添加至crontab中,格式如下:"
echo "#*/5 * * * * /bin/sh /usr/local/*/test/ipbank.sh start"
echo "------------------------------"
echo -e "
"
echo "------------使用参数--------------"
echo "#sh ipbank.sh start -----运行"
echo "#sh ipbank.sh help -----打印帮助"
echo "----------------------------------"
}
#打印结束符
print_end()
{
printlog 1 "<<<<<<<<<<<<<<<<<<<<<<END<<<<<<<<<<<<<<<<<<<<<<<<<<"
}
start_run()
{
printlog 1 ">>>>>>>>>>>>>>>>>>>>>>>>>>Start>>>>>>>>>>>>>>>>>>>>>>>>>>"
#需要编辑下面的这条语句
#############################
cat /usr/local/*/app/log/authenticator.log|grep 'none'>${tmpmaillog}
#############################
check_error_exit "提取日志异常,请检查上面的提取日志命令是否正常"
ip_regex="[[:digit:]]{1,3}.[[:digit:]]{1,3}.[[:digit:]]{1,3}.[[:digit:]]{1,3}"
cat ${tmpmaillog}| egrep -o $ip_regex|sort|uniq -c>${sortiptmp}
/sbin/iptables -L -n|grep 'DROP'|awk '{print $4}'>${iptableslist}
/usr/local/*/app/engine/bin/python /usr/local/*/test/ipbank.py 3 $ipwhite $sortiptmp $iptableslist $ipbankip
printlog 0 "Start_IP_to_iptables_DROP"
for ipone in `cat $ipbankip`
do
#echo $ipone
printlog 0 $ipone
/sbin/iptables -I INPUT -s $ipone -j DROP
done
printlog 0 "Success Add `wc -l $ipbankip` IP Iptables."
print_end
}
_RET_VAL=0
case "$1" in
"start")
start_run ;
;;
"help")
output_usage ;
_RET_VAL=$? ;
;;
*)
output_usage ;
_RET_VAL=1 ;
;;
esac
exit $_RET_VAL
#coding: utf-8 import sys def ipban(num,ipWhiteFile,sortiptmpfile,iptableslistfile,ipbankipfile): try: num=int(num) addiplist=[] whiteiplist=[] whitenetworklist=[] iptableslist=[] white_dict = {} #读取白名单文件,生成需要屏蔽的IP列表与网段列表 for ln in file(ipWhiteFile,"r"): (value,key)=ln.strip().split() white_dict[key] = value for k,v in white_dict.items(): #print k,v if v in "ip": whiteiplist.append(k) #whiteiplist.extend(white_dict[k]) #print k else: whitenetworklist.append(k) #根据排序好的IP列表,过滤少于多少次的IP,并且排除白名单IP,最终生成需要添加的IP地址 fsort=open(sortiptmpfile,"r") for line in fsort.readlines(): linelist=line.split() if int(linelist[0])>num: if linelist[1] not in whiteiplist: addiplist.append(linelist[1]) fsort.close() #删除指定的IP段IP endlist=[] for addone in addiplist: for whitenetworkone in whitenetworklist: if whitenetworkone in addone: endlist.append(addone) break addip=list(set(addiplist).difference(set(endlist))) #读取现有的iptables屏蔽的IP,生成列表 for iptabone in file(iptableslistfile,"r"): iptableslist.extend(iptabone.strip().split()) #将iptables屏蔽的IP,从排序好的IP列表中删除掉 addip=list(set(addip).difference(set(iptableslist))) #将最终需要屏蔽的IP列表写到白名单文件列表中 writeipadd=file(ipbankipfile,"w") for ipone in addip: writeipadd.write(ipone) writeipadd.write(" ") writeipadd.close() print "Success:%s" %(len(addip)) except: print "Error" help() def help(): print "-"*30+"Help"+"-"*30 print sys.argv[0]+" [num]"+" [ipWhiteFile]"+" [sortiptmp]"+" [iptableslist]"+" [ipbankip]" print " " print "##num: ---跳过少于多少次的IP连接" print "##ipWhiteFile: ---IP白名单列表,一行一个" print "##sortiptmp: ---排序后的IP地址列表" print "##iptableslist: ---IP防火墙已经屏蔽的IP地址列表,不需要排序" print "##ipbankip: ---最终生成的屏蔽IP地址列表" print "-"*30+"Help"+"-"*30 if __name__ == "__main__": try: #print sys.argv print "Strat" num = sys.argv[1] ipWhiteFile = sys.argv[2] sortiptmpfile = sys.argv[3] iptableslistfile = sys.argv[4] ipbankipfile = sys.argv[5] ipban(num,ipWhiteFile,sortiptmpfile,iptableslistfile,ipbankipfile) except: help() else: print "Not Main" print sys.argv