防止ddos攻击,当某个ip访问过于频繁不合理时,对其进行屏蔽
bash
#!/bin/bash
DATE=$(date +%d/%b/%Y:%H:%M)
LOG_FILE=/usr/local/nginx/logs/demo2.access.log
ABNORMAL_IP=$(tail -n5000 $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>10)print i}')
for IP in $ABNORMAL_IP; do
if [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; then
iptables -I INPUT -s $IP -j DROP
echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log
fi
doneroot@linux-lyz test1# chmod +x ddos.sh
root@linux-lyz test1# ./ddos.sh
root@linux-lyz test1#
nginx 日志按日期切割
bash
#!/bin/bash
LOG_DIR=/usr/local/nginx/logs
YESTERDAY_TIME=$(date -d "yesterday" +%F)
LOG_MONTH_DIR=$LOG_DIR/$(date +"%Y-%m")
LOG_FILE_LIST="default.access.log"
for LOG_FILE in $LOG_FILE_LIST; do
[ ! -d $LOG_MONTH_DIR ] && mkdir -p $LOG_MONTH_DIR
mv $LOG_DIR/$LOG_FILE $LOG_MONTH_DIR/${LOG_FILE}_${YESTERDAY_TIME}
done
kill -USR1 $(cat /var/run/nginx.pid)root@linux-lyz test1# ./split_nginx_log.sh
root@linux-lyz test1# mkdir -p /usr/local/nginx/logs/2024-12
root@linux-lyz test1# mv /usr/local/nginx/logs/default.access.log /usr/local/nginx/logs/2024-12/default.access.log_2024-12-16
root@linux-lyz test1# kill -USR1 25423
root@linux-lyz test1#