python如何通过日志分析加入黑名单
python通过日志分析加入黑名单
监控nginx日志,若有人攻击,则加入黑名单,操作步骤如下:
1.读取日志文件
2.分隔文件,取出ip
3.将取出的ip放入list,然后判读ip的次数
4.若超过设定的次数,则加入黑名单
相关推荐:《Python视频教程》
日志信息如下:
178.210.90.90--[04/Jun/2017:03:44:13+0800]"GET/wp-includes/logo_img.phpHTTP/1.0"302161" http://nnzhp.cn/wp-includes/logo_img.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4 (KHTML,likeGecko)Chrome/5.0.375.99Safari/533.4""10.3.152.221" 178.210.90.90--[04/Jun/2017:03:44:13+0800]"GET/blogHTTP/1.0"301233" logo_img.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko) Chrome/5.0.375.99Safari/533.4""10.3.152.221" 178.210.90.90--[04/Jun/2017:03:44:15+0800]"GET/blog/HTTP/1.0"20038278" logo_img.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko)Chrome/ 5.0.375.99Safari/533.4""10.3.152.221" 66.249.75.29--[04/Jun/2017:03:45:55+0800]"GET/bbs/forum.php?mod=forumdisplay&fid=574&filter=hotHTTP/1.1" 20017482"-""Mozilla/5.0(compatible;Googlebot/2.1;+http://www.google.com/bot.html)""-" 37.9.169.20--[04/Jun/2017:03:47:59+0800]"GET/wp-admin/security.phpHTTP/1.1"302161" /security.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko)Chrome /5.0.375.99Safari/533.4""-" 37.9.169.20--[04/Jun/2017:03:48:01+0800]"GET/blogHTTP/1.1"301233" security.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko) Chrome/5.0.375.99Safari/533.4""-" 37.9.169.20--[04/Jun/2017:03:48:02+0800]"GET/blog/HTTP/1.1"20038330" security.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko) Chrome/5.0.375.99Safari/533.4""-" 37.9.169.20--[04/Jun/2017:03:48:21+0800]"GET/wp-admin/security.phpHTTP/1.1"302161" wp-admin/security.php""Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko) Chrome/5.0.375.99Safari/533.4""-" 37.9.169.20--[04/Jun/2017:03:48:21+0800]"GET/blogHTTP/1.1"301233" "Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko)Chrome/5.0.375.99 Safari/533.4""-" 37.9.169.20--[04/Jun/2017:03:48:23+0800]"GET/blog/HTTP/1.1"20038330"http://nnzhp.cn/wp-admin/security.php" "Mozilla/5.0(Windows;U;WindowsNT5.1;en-US)AppleWebKit/533.4(KHTML,likeGecko)Chrome/5.0.375.99 Safari/533.4""-"
代码如下:
importos
importtime
#os.system('ipconfig')#用来操作系统命令
whileTrue:
list_ip=[]
withopen('access.log')asfp:
forlineinfp:
ip=line.split()[0]#获取ip
list_ip.append(ip)
os.system('>access.log')#清空文件内容
set_ips=set(list_ip)#去除重复的ip值
foripinset_ips:
iflist_ip.count(ip)>200:#若list_ip内重复出现的ip次数大于200,则加入黑名单
os.system('iptables-IINPUT1-ptcp-s%s-jDROP'%ip)
time.sleep(60)
THE END
