보안장비를 사용하면 간단하게 막으련만... 여의치 않아 스크립트를 작성하였다.
#/bin/bashhelp(){ echo "" echo "/var/log/maillog is default" echo "iptable apply is not default" echo "banCount 100 is default" echo "-a : iptable applied" echo "-f : maillog FILE PATH" echo "-c : ban count" echo "" echo "Usae : $0 -a -c 100 -f /var/log/maillog " exit 0}ignoreIPs=("111.222.333.444" "111.111.111.111")maillog="/var/log/maillog"banCount=100fw=false# 옵션이름 뒤에 :이 붙은 것은 값을 필요로 함을 의미합니다.while getopts ac:f: optdo case $opt in a) fw=true ;; c) banCount=$OPTARG ;; f) maillog=$OPTARG ;; *) help exit 0 ;; esacdonebanIPs=`grep -E 'user not found|password fail' ${maillog} | awk -F: '{print $NF}' | sort | uniq -dc | awk '{if ($1 > '"${banCount}"') print $NF}'`for banIP in $banIPsdo for ignoreIP in ${ignoreIPs[@]} do if [ $ignoreIP == $banIP ] then # echo "ignore IP: ${ignoreIP}" # echo "ban IP : $banIP" break fi done echo "ban IP : $banIP ,whois : $(geoiplookup $banIP)" if [ $fw = true ] ; then iptables -A INPUT -s ${banIP}/24 -j DROP fi doneif [ $fw = true ] ; then #remove duplicate iptables rules #http://www.krazyworks.com/remove-duplicate-iptables-rules/ /sbin/service iptables save /sbin/iptables-save | awk '!x[$0]++' > /tmp/iptables.conf /sbin/iptables -F /sbin/iptables-restore < /tmp/iptables.conf /sbin/service iptables save /sbin/service iptables restart if [ -f /tmp/iptables.conf ] ; then /bin/rm -f /tmp/iptables.conf ; fifi
댓글 없음:
댓글 쓰기