bashshell.png

I. 主理人序

最近写判定,涉及到了浮点数之间,浮点数与整数之间的比较,在此做一个记录,以便之后查阅。

II. 学习资料

1.Shell 基本运算符
2.Shell 基本运算符.pdf

III. 浮点数比较

因为bcawk都支持浮点数,可以使用bc进行处理:

#!/bin/bash
min=1.8 #假设近期一分钟系统平均负载为1.8
max=5 #最大阈值为5

if [ `echo "$min < $max"|bc` -eq 1 ] ; then
echo  "$min < $max ";
else
echo "$min > $max ";
fi

*以上比较方法亦适合整数间比较、整数与浮点数之间的比较;

IV. shell中整数大小比较

大于 -gt (geater than)
小于 -lt (less than)
等于 -eq (equal)
大于等于 -ge (greater or equal)
小于等于 -le (less or equal)

#!/bin/bash
min=1
max=3
if [ $min -lt $max ];then
echo "$min < $max ";
else
echo "$min > $max ";
fi

V. shell中的逻辑运算符

-o (or)
-a (and)
! (not)

#!/bin/bash
min=1
medium=2
max=3

if [ $min -lt $max -o $medium -lt $max  ];then
echo "$max is biggest numbber.";
else
echo "$max is not the biggest number.";
fi

VI. shell中判断一个文件(file)或目录(directory)是否存在

#!/bin/bash
file=/home/limbopro.txt
if [ -e $file ]
then
echo "$file is exist";
fi
#!/bin/bash

directory=/home/limbopro
if [ ! -e $directory ]
then
echo "$directory is not exist";
mkdir -p $directory;
fi

VII. 最近的学习报告

最近一两个月,由于生活场景需要:如利用 QuantumultX 屏蔽网页广告,以及更精细的屏蔽 CC 攻击,更深入的学习了以下几点知识:

1.正则表达式(于grep命令的灵活运用)
2.nginx access.log(提取符合特征的 日志)
3.waf(lua 的高效)
4.Cloudflare api(巨大waf)

bash Cloudflare api & blackip ban

#!/bin/bash 

maxrequest=1 #503状态次数大于等于1则记录 #全纪录
maxtimes=1 #拉取最近N分钟的请求至临时日志
maxrequestF5=30 #503状态次数大于等于30则记录 #恶意刷新

function define()
{
    #引入参数环节
    ori_log_path="/home/wwwlogs/limbopro.xyz/access.log" #原始日志存放位置
    rm /home/tnt/access.log.tmp >/dev/null 2>&1; #清除拉取的日志
    tmp_log_path="/home/tnt/access.log.tmp" #生成的临时日志存放位置
    date_stamp=`date -d "-"$maxtimes"min" +%Y:%H:%M:%S` #引入时间范围参数
    day_stamp=`date +%d` #日期
}

function gather()
{
    awk -F '[/ "[]' -vnstamp="$date_stamp" -vdstamp="$day_stamp" '$7>=nstamp && $5==dstamp' ${ori_log_path} > ${tmp_log_path}; #根据时间范围从原始日志处读取并写入临时日志
    log_num=`cat ${tmp_log_path} | wc -l`; #计算时间范围内的网络请求次数
}


function main()
{
    define
    gather
}
## 拉取日志结束

main

## 赋值 503
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
error_log_path=/home/tnt/access.log.503 #503日志存储位置
error_log_path_bak=/home/tnt/access.log.503.bak #503日志存储位置备份
> /home/tnt/access.challenge.iplist; #大判断
echocf=/home/tnt/access.challenge.iplist #Cloudflare 黑名单收集 会销毁

##提交IP黑名单数据至 Cloudflare
##block, challenge, whitelist, js_challenge
##Cloudflare 配置文件

CFEMAIL="#CFEMAIL"
CFAPIKEY="#CFAPIKEY"
ZONESID="#ZONESID"
IPADDR=$(</home/tnt/access.challenge.iplist)

##从临时日志 
##抓取符合503状态的日志并存入 
##/home/tnt/access.log.503

rm /home/tnt/access.log.503 >/dev/null 2>&1; #清除生成的日志
# ipv4 grep -oP "(\w{1,3}\.){3}\w{1,3}.*?\s503\s(?!(.*?Googlebot|.*?bot|.*?Bot)).*" ${tmp_log_path} >> ${error_log_path}; # 从临时日志抓取符合503状态的部分日志存入 /home/tnt/access.log.503
grep -oP "((\w{1,3}\.){3}\w{1,3}|(\w{1,4}\:){7}\w{1,4}).*?\s(503|499)\s(?!(.*?Googlebot|.*?bot|.*?Bot)).*" ${tmp_log_path} >> ${error_log_path}; # 从临时日志抓取符合503状态的部分日志存入 /home/tnt/access.log.503
grep -oP "((\w{1,3}\.){3}\w{1,3}|(\w{1,4}\:){7}\w{1,4}).*?\s(503|499)\s(?!(.*?Googlebot|.*?bot|.*?Bot)).*" ${tmp_log_path} >> ${error_log_path_bak}; # 从临时日志抓取符合503状态的部分日志存入 /home/tnt/access.log.503.bak

for ip in $(awk '{cnt[$1]++;}END{for(i in cnt){printf("%s\t%s\n", cnt[i], i);}}' ${error_log_path} | awk '{if($1>'$maxrequest') print $2}') 
do  

date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
echo "${ip}" >> $echocf;
echo "$date ${ip}" >> /home/tnt/access.challenge.iplist.bak;

done

#cat /home/tnt/access.challenge.iplist;
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
ip_num=$(grep -c "" /home/tnt/access.challenge.iplist);

if [ $ip_num -le 2 ]; #综合IP数量判断

#Part1 # 执行小封禁 -------
then # 执行小封禁

> /home/tnt/access.challenge.f5.iplist;
echocfF5=/home/tnt/access.challenge.f5.iplist
IPADDRF5=$(</home/tnt/access.challenge.f5.iplist)

for ip in $(awk '{cnt[$1]++;}END{for(i in cnt){printf("%s\t%s\n", cnt[i], i);}}' ${error_log_path} | awk '{if($1>'$maxrequestF5') print $2}') 
do  

date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
echo "${ip}" >> $echocfF5;
echo "$date ${ip}" >> /home/tnt/access.challenge.f5.iplist.bak;

done

cat /home/tnt/access.challenge.f5.iplist;
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
ip_num_F5=$(grep -c "" /home/tnt/access.challenge.f5.iplist);
echo "$date 本次封禁IP数量为 $ip_num_F5 个"

#cat $IPADDR >> /home/tnt/cf.repeat.bak;

for IPADDRF5 in ${IPADDRF5[@]}; do
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONESID/firewall/access_rules/rules" \
  -H "X-Auth-Email: $CFEMAIL" \
  -H "X-Auth-Key: $CFAPIKEY" \
  -H "Content-Type: application/json" \
  --data '{"mode":"block","configuration":{"target":"ip","value":"'$IPADDRF5'"},"notes":"60rates-block"}' >/dev/null 2>&1;
done

cat /home/tnt/access.challenge.f5.iplist >> /home/tnt/cf.repeat.bak; # 送到下一个分析脚本 /home/tnt/cf.repeat.sh

#Part2 # 执行大封禁 -------
else # 否则执行大封禁
for IPADDR in ${IPADDR[@]}; do
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONESID/firewall/access_rules/rules" \
  -H "X-Auth-Email: $CFEMAIL" \
  -H "X-Auth-Key: $CFAPIKEY" \
  -H "Content-Type: application/json" \
  --data '{"mode":"block","configuration":{"target":"ip","value":"'$IPADDR'"},"notes":"Xddos-block"}' >/dev/null 2>&1;
#  sed -i '/'$IPADDR'/d' "$ori_log_path"; # 重复的日志会耽误执行下一次分析
done

fi

最后修改:2021 年 01 月 13 日 12 : 52 AM