• 技术文章 >Python技术 >Python基础教程

    python如何通过日志分析加入黑名单

    爱喝马黛茶的安东尼爱喝马黛茶的安东尼2019-07-03 11:04:21原创2746

    python通过日志分析加入黑名单

    监控nginx日志,若有人攻击,则加入黑名单,操作步骤如下:

    1.读取日志文件

    2.分隔文件,取出ip

    3.将取出的ip放入list,然后判读ip的次数

    4.若超过设定的次数,则加入黑名单

    相关推荐:《Python视频教程

    日志信息如下:

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    11

    12

    13

    14

    15

    16

    17

    18

    19

    20

    21

    22

    23

    24

    25

    26

    27

    28

    29

    178.210.90.90 - - [04/Jun/2017:03:44:13 +0800] "GET /wp-includes/logo_img.php HTTP/1.0" 302 161 "

    http://nnzhp.cn/wp-includes/logo_img.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4

    (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4" "10.3.152.221"

    178.210.90.90 - - [04/Jun/2017:03:44:13 +0800] "GET /blog HTTP/1.0" 301 233 "

    logo_img.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko)

    Chrome/5.0.375.99 Safari/533.4" "10.3.152.221"

    178.210.90.90 - - [04/Jun/2017:03:44:15 +0800] "GET /blog/ HTTP/1.0" 200 38278 "

    logo_img.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/

    5.0.375.99 Safari/533.4" "10.3.152.221"

    66.249.75.29 - - [04/Jun/2017:03:45:55 +0800] "GET /bbs/forum.php?mod=forumdisplay&fid=574&filter=hot HTTP/1.1"

    200 17482 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-"

    37.9.169.20 - - [04/Jun/2017:03:47:59 +0800] "GET /wp-admin/security.php HTTP/1.1" 302 161 "

    /security.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome

    /5.0.375.99 Safari/533.4" "-"

    37.9.169.20 - - [04/Jun/2017:03:48:01 +0800] "GET /blog HTTP/1.1" 301 233 "

    security.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko)

    Chrome/5.0.375.99 Safari/533.4" "-"

    37.9.169.20 - - [04/Jun/2017:03:48:02 +0800] "GET /blog/ HTTP/1.1" 200 38330 "

    security.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko)

     Chrome/5.0.375.99 Safari/533.4" "-"

    37.9.169.20 - - [04/Jun/2017:03:48:21 +0800] "GET /wp-admin/security.php HTTP/1.1" 302 161 "

    wp-admin/security.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko)

    Chrome/5.0.375.99 Safari/533.4" "-"

    37.9.169.20 - - [04/Jun/2017:03:48:21 +0800] "GET /blog HTTP/1.1" 301 233 "

     "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99

     Safari/533.4" "-"

    37.9.169.20 - - [04/Jun/2017:03:48:23 +0800] "GET /blog/ HTTP/1.1" 200 38330 "http://nnzhp.cn/wp-admin/security.php"

    "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99

    Safari/533.4" "-"

    代码如下:

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    11

    12

    13

    14

    15

    import os

    import time

    #os.system('ipconfig')  #用来操作系统命令

    while True:

        list_ip = []

        with open('access.log') as fp:

            for line in fp:

                ip = line.split()[0]   #获取ip

                list_ip.append(ip)

        os.system('>access.log')   #清空文件内容

        set_ips = set(list_ip)     #去除重复的ip值

        for ip in set_ips:

            if list_ip.count(ip) >200:  #若list_ip内重复出现的ip次数大于200,则加入黑名单

                os.system('iptables -I INPUT 1 -p tcp -s %s  -j DROP' % ip)

        time.sleep(60)

    专题推荐:python 日志分析 加入黑名单
    上一篇:python3函数 下一篇:python抽象基类之_subclasshook_方法

    相关文章推荐

    • Python如何使用数据库的连接池• Python如何实现邮件的发送• Python之JSON函数介绍

    全部评论我要评论

    © 2021 Python学习网 苏ICP备2021003149号-1

  • 取消发布评论
    • 

    Python学习网

    首页 首页视频视频手册手册图文图文文章文章社区社区