본문 바로가기

리눅스

[리눅스] nginx 공격 아이피(attacker ip) 추출

반응형

nginx 공격 아이피(attacker ip) 추출

tail -n 10000 access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10
$ tail -n 10000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10
    554 111.111.111.111
    210 222.222.222.222
     57 222.222.222.223
     56 222.222.222.224
     50 222.222.222.225
     48 222.222.222.226
     48 222.222.222.227
     45 222.222.222.228
     44 222.222.222.229
     44 222.222.222.230

구성 예)

server {
    ...
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    allow 2001:0db8::/32;
    deny  all;
}

nginx.org

 

Module ngx_stream_access_module

Module ngx_stream_access_module The ngx_stream_access_module module (1.9.2) allows limiting access to certain client addresses. Example Configuration server { ... deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; }

nginx.org

deny_ip.sh 스크립트 편집

vim deny_ip.sh
$ vim deny_ip.sh
#!/bin/bash

# define colors
C_DEFAULT="\033[0m"
C_BLACK="\033[30m"
C_RED="\033[1;31m"
C_GREEN="\033[32m"
C_YELLOW="\033[33m"
C_BLUE="\033[34m"
C_PURPLE="\033[35m"
C_CYAN="\033[36m"
C_WHITE="\033[0;37m"
C_BG_BLACK="\033[40m"
C_BG_RED="\033[41m"
C_BG_GREEN="\033[42m"
C_BG_YELLOW="\033[43m"
C_BG_BLUE="\033[44m"
C_BG_PURPLE="\033[45m"
C_BG_CYAN="\033[46m"
C_BG_LIGHTGRAY="\033[47m"

RANK="${1:-10}"
LOGLINE="${2:-10000}"
LOGFILE="${3:-/var/log/nginx/access.log}"

echo -e "\n${C_RED}Count\tIP${C_DEFAULT}"
tail -n ${LOGLINE} ${LOGFILE} | awk '{printf ("%5s\t\n", $1)}' | sort | uniq -c | sort -nr | head -n ${RANK}
echo -e "\n${C_RED}Count\tIP\t\tHTTP Code${C_DEFAULT}"
tail -n ${LOGLINE} ${LOGFILE} | awk '{printf ("%5s\t%s\n", $1, $9)}' | sort | uniq -c | sort -nr | head -n ${RANK}
echo -e "\n"

deny_ip.sh 실행

./deny_ip.sh

./deny_ip.sh 5 10 /var/nginx/access.log

 

728x90
반응형