根据nginx日志抓取中国大陆IP段
#! /bin/bash
exec >>/tmp/addcnip.log 2>> /tmp/addcnip.log
echo " "
echo begin at `date`
d=`date +%y%m%d --date "-1 hour"`
d1=`date +%d --date "-1 hour"`
d2=`date +y%m%d%H --date "-1 hour"`
d3=`date +%H --date "-1 hour"`
svnpath=http://lishiming.5d6d.com/svn/cnip
logfile=/home/logs/access-$d2\_log
count1=`wc -l /usr/local/sbin/newcnip.txt|awk '{print $1}'`
accipf=/usr/local/sbin/nocnip.txt
newcnipf=/usr/local/sbin/newcnip.txt
dip=192.168.1.102
ipt=/sbin/iptables
awk '{print $1}' $logfile |sort -n|uniq |grep -v '^$'|grep -v '_'>/tmp/initip.txt
rm -f /tmp/cnip.txt
rm -f /tmp/initip2.txt
rm -f /tmp/nocnip.txt
for ip in `cat /tmp/initip.txt`; do
n=`grep $ip $accipf|wc -l`
if [ "$n" = "0" ] ; then
echo $ip >>/tmp/initip2.txt
fi
done
killall whois
for ip in `cat /tmp/initip2.txt|grep -v '^$'`; do
[ -d /tmp/whois ] || mkdir /tmp/whois
whois $ip >/tmp/whois/$ip
coun=`cat /tmp/whois/$ip |grep 'ountry'|awk '{print $2}'|head -n1`
if [ "$coun" = "CN" ] || [ "$coun" = "cn" ]; then
ippool=`cat /tmp/whois/$ip |grep 'netnum' |awk '{print $2"-"$4}'`
echo $ippool >>/tmp/cnip.txt
else
echo $ip >>/tmp/nocnip.txt
fi
rm -f /tmp/whois/$ip
done
cat $accipf >>/tmp/nocnip.txt
grep -v '^$' /tmp/nocnip.txt|sort -n |uniq >$accipf
cat $newcnipf |grep -v '^$'>>/tmp/cnip.txt
count2=`grep -v '^$' /tmp/cnip.txt|sort -n |uniq |wc -l |awk '{print $1}'`
if [ "$count1" -lt "$count2" ]; then
sort -n /tmp/cnip.txt |uniq |grep -v '^$'>$newcnipf
/bin/cp -f $newcnipf /tmp/cnip/$d1-cnip.txt
$ipt -F
for ip in `cat $newcnipf|grep -v '^$'`; do
$ipt -I INPUT -m iprange --src-range $ip -d $dip -j DROP
done
for ip2 in `cat /usr/local/sbin/goodip.txt`; do
$ipt -I INPUT -s $ip2 -d $dip -j ACCEPT
done
if [ "$d3" != "00" ] ; then
/usr/bin/svn remove $svnpath\/$d.txt -m 'if exist'
fi
/usr/bin/svn import /tmp/cnip/$d1-cnip.txt $svnpath\/$d.txt -m 'add cnip'
fi
echo end `date`
exec >>/tmp/addcnip.log 2>> /tmp/addcnip.log
echo " "
echo begin at `date`
d=`date +%y%m%d --date "-1 hour"`
d1=`date +%d --date "-1 hour"`
d2=`date +y%m%d%H --date "-1 hour"`
d3=`date +%H --date "-1 hour"`
svnpath=http://lishiming.5d6d.com/svn/cnip
logfile=/home/logs/access-$d2\_log
count1=`wc -l /usr/local/sbin/newcnip.txt|awk '{print $1}'`
accipf=/usr/local/sbin/nocnip.txt
newcnipf=/usr/local/sbin/newcnip.txt
dip=192.168.1.102
ipt=/sbin/iptables
awk '{print $1}' $logfile |sort -n|uniq |grep -v '^$'|grep -v '_'>/tmp/initip.txt
rm -f /tmp/cnip.txt
rm -f /tmp/initip2.txt
rm -f /tmp/nocnip.txt
for ip in `cat /tmp/initip.txt`; do
n=`grep $ip $accipf|wc -l`
if [ "$n" = "0" ] ; then
echo $ip >>/tmp/initip2.txt
fi
done
killall whois
for ip in `cat /tmp/initip2.txt|grep -v '^$'`; do
[ -d /tmp/whois ] || mkdir /tmp/whois
whois $ip >/tmp/whois/$ip
coun=`cat /tmp/whois/$ip |grep 'ountry'|awk '{print $2}'|head -n1`
if [ "$coun" = "CN" ] || [ "$coun" = "cn" ]; then
ippool=`cat /tmp/whois/$ip |grep 'netnum' |awk '{print $2"-"$4}'`
echo $ippool >>/tmp/cnip.txt
else
echo $ip >>/tmp/nocnip.txt
fi
rm -f /tmp/whois/$ip
done
cat $accipf >>/tmp/nocnip.txt
grep -v '^$' /tmp/nocnip.txt|sort -n |uniq >$accipf
cat $newcnipf |grep -v '^$'>>/tmp/cnip.txt
count2=`grep -v '^$' /tmp/cnip.txt|sort -n |uniq |wc -l |awk '{print $1}'`
if [ "$count1" -lt "$count2" ]; then
sort -n /tmp/cnip.txt |uniq |grep -v '^$'>$newcnipf
/bin/cp -f $newcnipf /tmp/cnip/$d1-cnip.txt
$ipt -F
for ip in `cat $newcnipf|grep -v '^$'`; do
$ipt -I INPUT -m iprange --src-range $ip -d $dip -j DROP
done
for ip2 in `cat /usr/local/sbin/goodip.txt`; do
$ipt -I INPUT -s $ip2 -d $dip -j ACCEPT
done
if [ "$d3" != "00" ] ; then
/usr/bin/svn remove $svnpath\/$d.txt -m 'if exist'
fi
/usr/bin/svn import /tmp/cnip/$d1-cnip.txt $svnpath\/$d.txt -m 'add cnip'
fi
echo end `date`
none
