我有一个解析varnishnnishncsa日志文件的脚本。该脚本的目的是,如果有人访问服务器上的某个URL,它会将他们的ip地址添加到iptables以锁定它们。
在我的脚本中,我有一个忽略我的静态办公室IP地址的声明(这样我就不会把自己锁在服务器之外)。
我正在尝试添加更多的IP地址以排除它们被锁定,但是当我这样做时,它似乎打破了脚本。
#!/bin/bash
for address in `cat /var/log/brute.txt | grep -v -f /var/log/applied_brute.txt`; do
/bin/echo $address >> /var/log/applied_brute.txt
if [ "$address" != "my.of.fi.ce.ip" ]; then
IPTABLE=`echo $address | awk '{ print "/sbin/iptables -A INPUT -s "$0" -j DROP -m state --state NEW,ESTABLISHED,RELATED\n"}'`
fi
echo $IPTABLE
$IPTABLE
done
unset address
unset IPTABLE
我想要的是声明
if [ "$address" != "my.of.fi.ce.ip" ]; then
为它添加更多的IP地址。
答案 0 :(得分:1)
您可以使用grep或fgrep并拥有
if fgrep -q "$address" /etc/files-of-addresses-to-avoid ; then
# $address should be avoided
else
# $address should not be avoided
fi
(也许你想要/var/log/brute.txt而不是/etc/files-of-addresses-to-avoid等......)
您可能对fail2ban感兴趣,它会做您想要达到的目标。
答案 1 :(得分:1)
怎么样:
#!/bin/bash
for address in `grep -v -f /var/log/applied_brute.txt < /var/log/brute.txt`; do
echo $address >> /var/log/applied_brute.txt
if ! grep -q -F -x $address /etc/my-office-addresses.txt; then
IPTABLE="/sbin/iptables -A INPUT -s "$address" -j DROP -m state --state NEW,ESTABLISHED,RELATED"
echo $IPTABLE
$IPTABLE
fi
done
将办公地址存储在/etc/my-office-addresses.txt
使用的grep选项:
-F : Fixed strings (treat pattern literally, not as regex. This option is not really required in this case, since the input data in all the files used is assumed to be in standard format.)
-x : line match (address = 192.168.0.1 would have matched line = 192.168.0.100 , if this option is missed.)
-q : Do not print result to stdout.
答案 2 :(得分:1)
如果你的ip地址数量非常有限,你可以使用AND:
if [ "$address" != "my.of.fi.ce.ip" -a "$address" != "my.other.of.fi.ce.ip" -a "$address" != "my.la.st.ip" ]; then
答案 3 :(得分:0)
如何创建一个本地IP地址数组,然后在内部“for循环”中查看它们。