반응형
nginx 공격 아이피(attacker ip) 추출
tail -n 10000 access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10
$ tail -n 10000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10
554 111.111.111.111
210 222.222.222.222
57 222.222.222.223
56 222.222.222.224
50 222.222.222.225
48 222.222.222.226
48 222.222.222.227
45 222.222.222.228
44 222.222.222.229
44 222.222.222.230
구성 예)
server {
...
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
Module ngx_stream_access_module
Module ngx_stream_access_module The ngx_stream_access_module module (1.9.2) allows limiting access to certain client addresses. Example Configuration server { ... deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; }
nginx.org
deny_ip.sh 스크립트 편집
vim deny_ip.sh
$ vim deny_ip.sh
#!/bin/bash
# define colors
C_DEFAULT="\033[0m"
C_BLACK="\033[30m"
C_RED="\033[1;31m"
C_GREEN="\033[32m"
C_YELLOW="\033[33m"
C_BLUE="\033[34m"
C_PURPLE="\033[35m"
C_CYAN="\033[36m"
C_WHITE="\033[0;37m"
C_BG_BLACK="\033[40m"
C_BG_RED="\033[41m"
C_BG_GREEN="\033[42m"
C_BG_YELLOW="\033[43m"
C_BG_BLUE="\033[44m"
C_BG_PURPLE="\033[45m"
C_BG_CYAN="\033[46m"
C_BG_LIGHTGRAY="\033[47m"
RANK="${1:-10}"
LOGLINE="${2:-10000}"
LOGFILE="${3:-/var/log/nginx/access.log}"
echo -e "\n${C_RED}Count\tIP${C_DEFAULT}"
tail -n ${LOGLINE} ${LOGFILE} | awk '{printf ("%5s\t\n", $1)}' | sort | uniq -c | sort -nr | head -n ${RANK}
echo -e "\n${C_RED}Count\tIP\t\tHTTP Code${C_DEFAULT}"
tail -n ${LOGLINE} ${LOGFILE} | awk '{printf ("%5s\t%s\n", $1, $9)}' | sort | uniq -c | sort -nr | head -n ${RANK}
echo -e "\n"
deny_ip.sh 실행
./deny_ip.sh
./deny_ip.sh 5 10 /var/nginx/access.log
728x90
반응형
'리눅스' 카테고리의 다른 글
[리눅스] vsftpd 데몬(서비스) 추가 구성하기 (0) | 2021.05.18 |
---|---|
[명령어] rsync 명령어 (0) | 2021.05.13 |
[명령어] timedatectl 명령어 (0) | 2021.04.26 |
[리눅스] 웹서버 SSL Protocol 및 Cipher Suite 설정 권장 값 (0) | 2021.04.21 |
[리눅스] centos8 network 재기동 (0) | 2021.04.12 |