攻击排查脚本

jrhapt01:/usr/local/apache-tomcat-7.0.55_8081/logs> cat get_ip.sh  cat localhost_access_log.2015-07-13.txt  | grep '/web/noauth?method=%2Fvalidate%2Fcode%2Fsend&mobilePhone=' | grep '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'  | awk '{print $NF}' | sort -ujrhapt01:/usr/local/apache-tomcat-7.0.55_8081/logs> cat rsync_ip.sh sh ./get_ip.sh >ip.txtpasswd=xxxxxexpect <<!spawn rsync -avH ip.txt root@11.0.1.108:/root/sbin/expect {    "(yes/no)?" {        send "yes\n"        expect "password:"        send "$passwd\n"    }        "password:" {        send "$passwd\n"    } }expect eofexit!use POSIX;  #if ( $#ARGV < 0 ){  #        print "please input your database name!\n";  #                exit(-1);  #                    }  #my $name= $ARGV[0];my $SDATE = strftime("%Y-%m-%d",localtime());#@ip=`cat localhost_access_log.$SDATE.txt  | grep '/web/noauth?method=%2Fvalidate%2Fcode%2Fsend&mobilePhone=' | grep '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'  | awk '{print $NF}' | sort -u`;$file="localhost_access_log.$SDATE.txt";open (LOG ,"<","$file");                      while (<LOG>) {                      chomp;  if ($_ =~ /.* "GET\s*(.*?)=.*\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/){ $url=$1;$ip=$2; $log{$url}++; $hash{$ip}++;}};while(my($url, $times) = each %log) {                     print "$url count(*) ==   $times\n"};while(my($ip, $times) = each %hash) {                   print "$ip count(*) ==   $times\n"};