主理人序
最近写判定,涉及到了浮点数之间,浮点数与整数之间的比较,在此做一个记录,以便之后查阅。
学习资料
1.Shell 基本运算符;
2.Shell 基本运算符.pdf
浮点数比较
因为bc和awk都支持浮点数,可以使用bc进行处理:
#!/bin/bash
min=1.8 #假设近期一分钟系统平均负载为1.8
max=5 #最大阈值为5
if [ `echo "$min < $max"|bc` -eq 1 ] ; then
echo "$min < $max ";
else
echo "$min > $max ";
fi*以上比较方法亦适合整数间比较、整数与浮点数之间的比较;
shell中整数大小比较
大于 -gt (geater than)
小于 -lt (less than)
等于 -eq (equal)
大于等于 -ge (greater or equal)
小于等于 -le (less or equal)
#!/bin/bash
min=1
max=3
if [ $min -lt $max ];then
echo "$min < $max ";
else
echo "$min > $max ";
fishell中的逻辑运算符
或 -o (or)
与 -a (and)
非 ! (not)
#!/bin/bash
min=1
medium=2
max=3
if [ $min -lt $max -o $medium -lt $max ];then
echo "$max is biggest numbber.";
else
echo "$max is not the biggest number.";
fishell中判断一个文件(file)或目录(directory)是否存在
#!/bin/bash
file=/home/limbopro.txt
if [ -e $file ]
then
echo "$file is exist";
fi
#!/bin/bash
directory=/home/limbopro
if [ ! -e $directory ]
then
echo "$directory is not exist";
mkdir -p $directory;
fi
最近的学习报告
最近一两个月,由于生活场景需要:如利用 QuantumultX 屏蔽网页广告,以及更精细的屏蔽 CC 攻击,更深入的学习了以下几点知识:
1.正则表达式(于grep命令的灵活运用)
2.nginx access.log(提取符合特征的 日志)
3.waf(lua 的高效)
4.Cloudflare api(巨大waf)
bash Cloudflare api & blackip ban
#!/bin/bash
maxrequest=1 #503状态次数大于等于1则记录 #全纪录
maxtimes=1 #拉取最近N分钟的请求至临时日志
maxrequestF5=30 #503状态次数大于等于30则记录 #恶意刷新
function define()
{
#引入参数环节
ori_log_path="/home/wwwlogs/limbopro.com/access.log" #原始日志存放位置
rm /home/tnt/access.log.tmp >/dev/null 2>&1; #清除拉取的日志
tmp_log_path="/home/tnt/access.log.tmp" #生成的临时日志存放位置
date_stamp=`date -d "-"$maxtimes"min" +%Y:%H:%M:%S` #引入时间范围参数
day_stamp=`date +%d` #日期
}
function gather()
{
awk -F '[/ "[]' -vnstamp="$date_stamp" -vdstamp="$day_stamp" '$7>=nstamp && $5==dstamp' ${ori_log_path} > ${tmp_log_path}; #根据时间范围从原始日志处读取并写入临时日志
log_num=`cat ${tmp_log_path} | wc -l`; #计算时间范围内的网络请求次数
}
function main()
{
define
gather
}
## 拉取日志结束
main
## 赋值 503
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
error_log_path=/home/tnt/access.log.503 #503日志存储位置
error_log_path_bak=/home/tnt/access.log.503.bak #503日志存储位置备份
> /home/tnt/access.challenge.iplist; #大判断
echocf=/home/tnt/access.challenge.iplist #Cloudflare 黑名单收集 会销毁
##提交IP黑名单数据至 Cloudflare
##block, challenge, whitelist, js_challenge
##Cloudflare 配置文件
CFEMAIL="#CFEMAIL"
CFAPIKEY="#CFAPIKEY"
ZONESID="#ZONESID"
IPADDR=$(</home/tnt/access.challenge.iplist)
##从临时日志
##抓取符合503状态的日志并存入
##/home/tnt/access.log.503
rm /home/tnt/access.log.503 >/dev/null 2>&1; #清除生成的日志
# ipv4 grep -oP "(\w{1,3}\.){3}\w{1,3}.*?\s503\s(?!(.*?Googlebot|.*?bot|.*?Bot)).*" ${tmp_log_path} >> ${error_log_path}; # 从临时日志抓取符合503状态的部分日志存入 /home/tnt/access.log.503
grep -oP "((\w{1,3}\.){3}\w{1,3}|(\w{1,4}\:){7}\w{1,4}).*?\s(503|499)\s(?!(.*?Googlebot|.*?bot|.*?Bot)).*" ${tmp_log_path} >> ${error_log_path}; # 从临时日志抓取符合503状态的部分日志存入 /home/tnt/access.log.503
grep -oP "((\w{1,3}\.){3}\w{1,3}|(\w{1,4}\:){7}\w{1,4}).*?\s(503|499)\s(?!(.*?Googlebot|.*?bot|.*?Bot)).*" ${tmp_log_path} >> ${error_log_path_bak}; # 从临时日志抓取符合503状态的部分日志存入 /home/tnt/access.log.503.bak
for ip in $(awk '{cnt[$1]++;}END{for(i in cnt){printf("%s\t%s\n", cnt[i], i);}}' ${error_log_path} | awk '{if($1>'$maxrequest') print $2}')
do
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
echo "${ip}" >> $echocf;
echo "$date ${ip}" >> /home/tnt/access.challenge.iplist.bak;
done
#cat /home/tnt/access.challenge.iplist;
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
ip_num=$(grep -c "" /home/tnt/access.challenge.iplist);
if [ $ip_num -le 2 ]; #综合IP数量判断
#Part1 # 执行小封禁 -------
then # 执行小封禁
> /home/tnt/access.challenge.f5.iplist;
echocfF5=/home/tnt/access.challenge.f5.iplist
IPADDRF5=$(</home/tnt/access.challenge.f5.iplist)
for ip in $(awk '{cnt[$1]++;}END{for(i in cnt){printf("%s\t%s\n", cnt[i], i);}}' ${error_log_path} | awk '{if($1>'$maxrequestF5') print $2}')
do
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
echo "${ip}" >> $echocfF5;
echo "$date ${ip}" >> /home/tnt/access.challenge.f5.iplist.bak;
done
cat /home/tnt/access.challenge.f5.iplist;
date=$(env LANG=en_US.UTF-8 date "+%e/%b/%Y/%R")
ip_num_F5=$(grep -c "" /home/tnt/access.challenge.f5.iplist);
echo "$date 本次封禁IP数量为 $ip_num_F5 个"
#cat $IPADDR >> /home/tnt/cf.repeat.bak;
for IPADDRF5 in ${IPADDRF5[@]}; do
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONESID/firewall/access_rules/rules" \
-H "X-Auth-Email: $CFEMAIL" \
-H "X-Auth-Key: $CFAPIKEY" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"'$IPADDRF5'"},"notes":"60rates-block"}' >/dev/null 2>&1;
done
cat /home/tnt/access.challenge.f5.iplist >> /home/tnt/cf.repeat.bak; # 送到下一个分析脚本 /home/tnt/cf.repeat.sh
#Part2 # 执行大封禁 -------
else # 否则执行大封禁
for IPADDR in ${IPADDR[@]}; do
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONESID/firewall/access_rules/rules" \
-H "X-Auth-Email: $CFEMAIL" \
-H "X-Auth-Key: $CFAPIKEY" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"'$IPADDR'"},"notes":"Xddos-block"}' >/dev/null 2>&1;
# sed -i '/'$IPADDR'/d' "$ori_log_path"; # 重复的日志会耽误执行下一次分析
done
fi
版权属于:毒奶
联系我们:https://limbopro.com/6.html
毒奶搜索:https://limbopro.com/search.html
机场推荐:https://limbopro.com/865.html IEPL专线/100Gb/¥15/月起
毒奶导航:https://limbopro.com/daohang/index.html本文链接:https://limbopro.com/archives/13543.html
本文采用 CC BY-NC-SA 4.0 许可协议,转载或引用本文时请遵守许可协议,注明出处、不得用于商业用途!
