1.脚本统计生成deny_ip文件
#!/usr/bin/bash
#Tate:2022.3.30
#Author:Yingjian
#function: 统计5分钟之内的访问ip
#env
#脚本存放的目录
workdir=`cd $(dirname $0);pwd`
if [ $# -eq 0 ];then
echo "Usage: $0 {统计几分钟内的ip}"
exit 2
fi
logfile=/var/log/nginx/access_nginx.log
last_minutes=5
start_time=`date -d "$last_minutes minutes ago" +"%H:%M:%S"`
echo $start_time
stop_time=`date +"%H:%M:%S"`
echo $stop_time
tail -n 10000 $logfile |awk -v st="$start_time" -v et="$stop_time" '{t=substr($4,RSTAR+14,21);if(t>=st && t<=et) {print $0}}' \
|awk '{print $1}'|sort |uniq -c|sort -nr > $workdir/5min_log_ip.txt
ip=`cat $workdir/5min_log_ip.txt |awk '{if($1 >=2)print $2}'`
for line in $ip
do
echo "$line" >>$workdir/5min_deny_ip.txt
done
rm -rf $workdir/5min_log_ip.txt
- 将生成的deny_ip文件通过py脚本发送邮件
#/usr/bin/python3
#Tate:2022.3.30
#Author:Yingjian
#Function: 发送邮件
import smtplib,subprocess
from email.mime.text import MIMEText
mail_host = 'smtp.163.com'
mail_user = 'yj_***@163.com'
mail_pass = 'M*******QBXNNV'
sender = 'yj_***@163.com'
receivers = ['yj_***@163.com']
f = open("/data/scripts/5min_deny_ip.txt")
content = f.read()
message = MIMEText(content,'plain','utf-8')
message['Subject'] = '违规ip'
message['From'] = sender
message['To'] = receivers[0]
try:
smtpObj = smtplib.SMTP()
#连接到服务器
#smtpObj.connect(mail_host,25)
smtpObj = smtplib.SMTP_SSL(mail_host,465)
#登录到服务器
smtpObj.login(mail_user,mail_pass)
#发送
if len(content) != 0:
smtpObj.sendmail(
sender,receivers,message.as_string())
else:
print("内容为空不发送")
#退出
smtpObj.quit()
print('success')
except smtplib.SMTPException as e:
print('error',e) #打印错误
- 测试
为了方便测试 调整了脚本中的内容 具体需要请自行更改
cat 5min_deny_ip.txt
123.152.250.171
205.169.39.165
162.142.125.7
8.210.62.122
65.155.30.101
45.76.198.102
39.96.139.169
194.38.20.161
190.119.163.98
157.230.216.203
143.198.231.14
109.237.103.9
109.237.103.38
123.152.250.171
205.169.39.165
162.142.125.7
8.210.62.122
65.155.30.101
45.76.198.102
39.96.139.169
194.38.20.161
190.119.163.98
157.230.216.203
143.198.231.14
109.237.103.9
109.237.103.38
python3 5min_deny_ip.txt
success
