我想做的是使用netstat -an | grep ESTABLISHED通过whois搜索来检查系统中的所有IP地址,并禁止所有属于中国的IP地址。
所以我想知道如何实现这一目标?可能通过将字符串通过管道传递到彼此的命令中?但是我该怎么办呢?
(试图在不增加ssh安全性的情况下禁止中国,我希望通过bash或python实现此目的)
我到目前为止的代码:
#!/bin/bash
netstat -an | grep ESTABLISHED > log.txt;
myvar=$(awk -F"|" '{print $NF}' log.txt)
whois $myvar
我正在努力使该国家/地区是否为中国并禁止ip的过程自动化。
答案 0 :(得分:2)
这是一个用bash编写的示例,
#!/bin/bash
# shellcheck disable=SC2155
# Automatically ban IP from country
# Copyright (C) 2019 Lucas Ramage <ramage.lucas@protonmail.com>
# SPDX-License-Identifier: MIT
set -euo pipefail
IFS=$'\n\t'
# netstat output:
# Proto Recv-Q Send-Q Local Address Foreign Address State
get_ip_addr() {
# Awk splits the 5th column, Foreign Address, to get the IP
echo "${1}" | awk '{ split($5, a, ":"); print a[1] }'
}
# whois output:
# OrgName: Internet Assigned Numbers Authority
# OrgId: IANA
# Address: 12025 Waterfront Drive
# Address: Suite 300
# City: Los Angeles
# StateProv: CA
# PostalCode: 90292
# Country: US <-- We want this one
# RegDate:
# Updated: 2012-08-31
# Ref: https://rdap.arin.net/registry/entity/IANA
get_country() {
# Returns nothing if Country not set
whois "${1}" | awk '/Country/ { print $NF }'
}
check_country() {
# Implements a whitelist, instead of a blacklist
local COUNTRIES="US"
# Iterate through whitelist
for country in $COUNTRIES; do
# Check entry to see if its in the whitelist
if [ "${country}" == "${1}" ]; then
echo 1 # true
fi
done
}
block_ip() {
# Remove the `echo` in order to apply command; must have proper privileges, i.e sudo
echo sudo iptables -A INPUT -s "${1}" -j "${2}"
}
main() {
# Established Connections
local ESTCON=$(netstat -an | grep ESTABLISHED)
for entry in $ESTCON; do
local ip=$(get_ip_addr "${entry}")
local country=$(get_country "${ip}")
local is_allowed=$(check_country "${country}")
local policy='DROP' # or REJECT
if [ ! "${is_allowed}" -eq "1" ]; then
block_ip "${ip}" "${policy}"
fi
done
}
main
我将亲自运行shellcheck,然后进行进一步测试。
此外,您可能想研究fail2ban或类似的内容。
答案 1 :(得分:-1)