版权声明
转载请与作者联系,转载时请务必标明文章原始出处和作者信息及本声明。
|
|
|
微信扫描二维码进入 Netkiller 微信订阅号 QQ群:128659835 请注明“读者” |
快速响应
网络排查步骤
$ sudo ping -f -c 100 www.example.com
通过dig/nslookup 检查域名情况
dig any www.example.com dig a www.example.com
curl -I http://www.example.com/ | grep cache Cache-Control: no-store, no-cache Pragma: no-cache
如果HTTP头含有no-cache将不会缓存
ciscoasa# sh conn count 24566 in use, 96715 most used
ciscoasa# sh processes memory -------------------------------------------------------------- Allocs Allocated Frees Freed Process (bytes) (bytes) -------------------------------------------------------------- 0 0 0 0 *System Main* 5858 26689794 3234 1197494 Init Thread 0 0 0 0 PTHREAD-562 0 0 0 0 PTHREAD-563 0 0 0 0 PTHREAD-564 49 1818 4 1098 DATAPATH-0-565 0 0 0 0 RADIUS Proxy Event Daemon 0 0 0 0 tcp_thread 31947887 13900097341 31949842 13766093055 Dispatch Unit 4 4208 0 0 RADIUS Proxy Listener 63 1008 63 1512 npshim_thread 0 0 0 0 pci_nt_bridge 0 0 0 0 RADIUS Proxy Time Keeper 81950655 5936345273 81938669 5913942729 snmp 2 152 0 0 CF OIR 7 14163 3 8356 Integrity FW Task 0 0 0 0 lina_int 0 0 0 0 Chunk Manager 0 0 0 0 TLS Proxy Inspector 25 16444 0 0 ci/console 0 0 519 1519316 ssm4ge_cfg_poll_thread 1 5242924 6 16712 PIX Garbage Collector 0 0 0 0 emweb/cifs_timer 65 330668 16 10851 fover_thread 0 0 0 0 IP Address Assign 3 8356 0 0 netfs_mount_handler 8 1424854 0 0 lu_ctl 5716 11040501 9208 12204861 vpnfol_thread_msg 1 640 0 0 Reload Control Thread 0 0 0 0 QoS Support Module 2 32 458 91856 arp_timer 0 0 0 0 update_cpu_usage 12879656 748246700 12879659 748279632 vpnfol_thread_timer 0 0 70 2466 ssh/timer 204 11577 265 13285 aaa 0 0 0 0 Client Update Task 0 0 0 0 arp_forward_thread 0 0 0 0 health_check 44 117004 2 20 vpnfol_thread_sync 30 1713931 5 33004 UserFromCert Thread 0 0 0 0 Checkheaps 0 0 0 0 Lic TMR 0 0 0 0 vpnfol_thread_unsent 0 0 0 0 tcp_fast 276 36356 80 23188 NIC status poll 0 0 0 0 Integrity Fw Timer Thread 0 0 0 0 CMGR Server Process 0 0 0 0 tcp_slow 1 24 0 0 EAPoUDP-sock 0 0 0 0 CMGR Timer Process 4 1472 0 0 Quack process 0 0 0 0 udp_timer 0 0 0 0 EAPoUDP 0 0 0 0 Session Manager 0 0 0 0 CTCP Timer process 0 0 2 336 fover_rx 0 0 0 0 vPif_stats_cleaner 0 0 0 0 L2TP data daemon 0 0 0 0 fover_tx 3 2591535 0 0 uauth 0 0 0 0 L2TP mgmt daemon 0 0 0 0 fover_tx_2 0 0 0 0 Uauth_Proxy 0 0 0 0 ppp_timer_thread 159 47085 20 223 fover_ip 0 0 0 0 dbgtrace 0 0 0 0 vpnlb_timer_thread 262 1240512 251 1239700 fover_rep 2 641084 0 0 IPsec message handler 7384 3572119 4560 2771973 fover_parse 107498 4529120 96214 4340128 ssh 0 0 0 0 SSL 18104 1285263 15172 1033048 CTM message handler 0 0 0 0 fover_ifc_test 0 0 0 0 SMTP 0 0 0 0 NAT security-level reconfiguration 2 268 0 0 fover_health_monitoring_thread 0 0 0 0 netfs_vnode_reclaim 0 0 3 8356 557mcfix 1 36 1 36 Logger 0 0 0 0 ICMP event handler 0 0 0 0 ha_trans_ctl_tx 0 0 0 0 557statspoll 0 0 0 0 Syslog Retry Thread 0 0 0 0 Dynamic Filter VC Housekeeper 0 0 0 0 ha_trans_data_tx 0 0 0 0 Thread Logger 0 0 8 1088 IP Background 295 129951 166 46926 fover_FSM_thread 27 75204 10 160 listen/telnet 2496 616744 4497 1226008 tmatch compile thread 3711 1675346 3 676 lu_rx 162 451224 56 896 listen/ssh 0 0 0 0 Crypto PKI RECV 0 0 0 0 lu_dynamic_sync 0 0 0 0 Crypto CA 1953 184753 2129 124421 SNMP Notify Thread 0 0 0 0 CERT API 283 6824377 120 4312334 rtcli async executor process 0 0 0 0 uauth_urlb clean 0 0 0 0 IP Thread 0 0 0 0 pm_timer_thread 51 5692 2 336 ARP Thread 3 8356 0 0 vpnlb_thread 0 0 0 0 IKE Timekeeper 2 2560 0 0 icmp_thread 2 5664 0 0 block_diag 30 908491 0 0 netfs_thread_init 21 42270 0 0 IKE Daemon 0 0 0 0 udp_thread
ciscoasa# sh processes cpu-usage PC Thread 5Sec 1Min 5Min Process 0805520c 1c5afdf8 0.0% 0.0% 0.0% block_diag 081a86c4 1c5afa08 26.6% 21.5% 35.4% Dispatch Unit 083b6b35 1c5af618 0.0% 0.0% 0.0% CF OIR 08a5ef60 1c5af420 0.0% 0.0% 0.0% lina_int 08bfd46c 1c5af228 0.9% 0.9% 0.8% ssm4ge_cfg_poll_thread 08069f06 1c5aee38 0.0% 0.0% 0.0% Reload Control Thread 08072196 1c5aec40 0.0% 0.0% 0.0% aaa 08c73c5d 1c5aea48 0.0% 0.0% 0.0% UserFromCert Thread 080a6f36 1c5ae658 0.0% 0.0% 0.0% CMGR Server Process 080a7445 1c5ae460 0.0% 0.0% 0.0% CMGR Timer Process 081a7aec 1c5ada88 0.0% 0.0% 0.0% dbgtrace 0844d35c 1c5ad2a8 0.0% 0.0% 0.0% 557mcfix 0844d17e 1c5ad0b0 0.0% 0.0% 0.0% 557statspoll 08c73c5d 1c5abef8 0.0% 0.0% 0.0% netfs_thread_init 09311e85 1c5ab520 0.0% 0.0% 0.0% Chunk Manager 088e2cbe 1c5ab328 0.0% 0.0% 0.0% PIX Garbage Collector 088d6084 1c5ab130 0.0% 0.0% 0.0% IP Address Assign 08ab0196 1c5aaf38 0.0% 0.0% 0.0% QoS Support Module 0895273f 1c5aad40 0.0% 0.0% 0.0% Client Update Task 09361e8a 1c5aab48 0.0% 0.0% 0.0% Checkheaps 08ab46c5 1c5aa560 0.0% 0.0% 0.0% Quack process 08b0c232 1c5aa368 0.0% 0.0% 0.0% Session Manager 08c1f4b5 1c5a9f78 0.0% 0.0% 0.0% uauth 08bbdaf5 1c5a9d80 0.0% 0.0% 0.0% Uauth_Proxy 08bf419e 1c5a9798 0.0% 0.0% 0.0% SSL 08c1d446 1c5a95a0 0.0% 0.0% 0.0% SMTP 08c15df6 1c5a93a8 0.0% 0.0% 0.0% Logger 08c166a8 1c5a91b0 0.0% 0.0% 0.0% Syslog Retry Thread 08c1066e 1c5a8fb8 0.0% 0.0% 0.0% Thread Logger 08e448a2 1c5a81f0 0.0% 0.0% 0.0% vpnlb_thread 08f0bb35 1c5a7a10 0.0% 0.0% 0.0% pci_nt_bridge 08279c1d 1c5a7620 0.0% 0.0% 0.0% TLS Proxy Inspector 08b25ed3 1c5a7428 0.0% 0.0% 0.0% emweb/cifs_timer 0869fa57 1c5a7230 0.0% 0.0% 0.0% netfs_mount_handler 08535028 1c5a7038 0.0% 0.0% 0.0% arp_timer 0853cdac 1c5a6e40 0.0% 0.0% 0.0% arp_forward_thread 085acbc5 1c5a6c48 0.0% 0.0% 0.0% Lic TMR 08c22491 1c5a6a50 0.0% 0.0% 0.0% tcp_fast 08c255f0 1c5a6858 0.0% 0.0% 0.0% tcp_slow 08c50bc9 1c5a6660 0.0% 0.0% 0.0% udp_timer 080fd9f8 1c5a6468 0.0% 0.0% 0.0% CTCP Timer process 08df3493 1c5a6270 0.0% 0.0% 0.0% L2TP data daemon 08df4263 1c5a6078 0.0% 0.0% 0.0% L2TP mgmt daemon 08de05f8 1c5a5e80 0.0% 0.0% 0.0% ppp_timer_thread 08e44d77 1c5a5c88 0.0% 0.0% 0.0% vpnlb_timer_thread 08114d7f 1c5a5a90 0.0% 0.0% 0.0% IPsec message handler 0812904c 1c5a5898 0.0% 0.0% 0.0% CTM message handler 089b1589 1c5a56a0 0.0% 0.0% 0.0% NAT security-level reconfiguration 08ae0068 1c5a54a8 0.0% 0.0% 0.0% ICMP event handler 08dafa74 1c5a52b0 0.0% 0.0% 0.0% Dynamic Filter VC Housekeeper 08837353 1c5a50b8 0.0% 0.0% 0.0% IP Background 08190627 1c5a4ec0 0.0% 0.0% 0.0% tmatch compile thread 089e0f75 1c5a4cc8 0.0% 0.0% 0.0% Crypto PKI RECV 089e44aa 1c5a4ad0 0.0% 0.0% 0.0% Crypto CA 08a1b8e3 1c5a48d8 0.0% 0.0% 0.0% CERT API 088f4e48 1c5a46e0 0.0% 0.0% 0.0% uauth_urlb clean 088dc0bf 1c5a44e8 0.0% 0.0% 0.0% pm_timer_thread 084c3609 1c5a42f0 0.0% 0.0% 0.0% IKE Timekeeper 084b6fa1 1c5a40f8 0.0% 0.0% 0.0% IKE Daemon 08bd096a 1c5a3f00 0.0% 0.0% 0.0% RADIUS Proxy Event Daemon 08b9f28b 1c5a3d08 0.0% 0.0% 0.0% RADIUS Proxy Listener 08bcf567 1c5a3b10 0.0% 0.0% 0.0% RADIUS Proxy Time Keeper 08523ff5 1c5a3918 0.0% 0.0% 0.0% Integrity FW Task 081c065b 1c5a3720 0.0% 0.0% 0.0% ci/console 083f1e25 1c5a3528 0.0% 0.0% 0.0% fover_thread 08dc8595 1c5a3330 0.0% 0.0% 0.0% lu_ctl 0891511c 1c5a3138 0.0% 0.0% 0.0% update_cpu_usage 0890e89c 1c5a2f40 0.0% 0.0% 0.0% health_check 0891047a 1c5a2b50 0.0% 0.0% 0.0% NIC status poll 083df75c 1c5a2568 0.0% 0.0% 0.0% fover_rx 083da51d 1c5a2370 0.0% 0.0% 0.0% fover_tx 083da51d 1c5a2178 0.0% 0.0% 0.0% fover_tx_2 083ea450 1c5a1f80 0.0% 0.0% 0.0% fover_ip 083f29a1 1c5a1d88 0.0% 0.0% 0.0% fover_rep 083e9ab1 1c5a1b90 0.0% 0.0% 0.0% fover_parse 083c954e 1c5a1998 0.0% 0.0% 0.0% fover_ifc_test 083ccbfc 1c5a17a0 0.0% 0.0% 0.0% fover_health_monitoring_thread 08405637 1c5a15a8 0.0% 0.0% 0.0% ha_trans_ctl_tx 08405637 1c5a13b0 0.0% 0.0% 0.0% ha_trans_data_tx 083fcef7 1c5a11b8 0.0% 0.0% 0.0% fover_FSM_thread 08dc7c23 1c5a0fc0 0.0% 0.0% 0.0% lu_rx 08dc7aec 1c5a0dc8 0.0% 0.0% 0.0% lu_dynamic_sync 08b5865b 1c5a0bd0 0.0% 0.0% 0.0% SNMP Notify Thread 08c73c5d 1c5a09d8 0.0% 0.0% 0.0% rtcli async executor process 0852cfa6 1c5a07e0 0.0% 0.0% 0.0% IP Thread 085345ae 1c5a05e8 0.0% 0.0% 0.0% ARP Thread 08452e20 1c5a03f0 0.0% 0.0% 0.0% icmp_thread 08c51b46 1c5a01f8 0.0% 0.0% 0.0% udp_thread 08c275cc 1c5a0000 0.0% 0.0% 0.0% tcp_thread 08c314e3 1c59fe08 0.0% 0.0% 0.0% npshim_thread 08c50c78 1c59fc10 0.0% 0.0% 0.0% snmp 08e2446d 1c59f430 0.0% 0.0% 0.0% vpnfol_thread_msg 08e2adc2 1c59f238 0.0% 0.0% 0.0% vpnfol_thread_timer 08e28fe2 1c59f040 0.0% 0.0% 0.0% vpnfol_thread_sync 08e2a8cc 1c59ee48 0.0% 0.0% 0.0% vpnfol_thread_unsent 08520388 1c59ec50 0.0% 0.0% 0.0% Integrity Fw Timer Thread 08b9f28b 1c59ea58 0.0% 0.0% 0.0% EAPoUDP-sock 081e7585 1c59e860 0.0% 0.0% 0.0% EAPoUDP 0869fb3c 1c59d8a0 0.0% 0.0% 0.0% netfs_vnode_reclaim 08c32604 1c5993b8 0.0% 0.0% 0.0% listen/telnet 08c32604 1c5991c0 0.0% 0.0% 0.0% listen/ssh 08be4fcb 1c593538 0.0% 0.0% 0.0% ssh/timer 0894478f 1c58ea68 0.0% 0.0% 0.0% vPif_stats_cleaner 08bde96c 1c58e090 0.1% 0.1% 0.0% ssh
#sh processes cpu Core 0: CPU utilization for five seconds: 45%; one minute: 48%; five minutes: 48% Core 1: CPU utilization for five seconds: 65%; one minute: 67%; five minutes: 65% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 913 819 111558 0.00 0.00 0.00 0 init 2 0 79 10683 0.00 0.00 0.00 0 kthreadd 3 539 89135 6050 0.00 0.00 0.00 0 migration/0 4 61 7014 8702 0.00 0.00 0.00 0 ksoftirqd/0 5 427 69673 6138 0.00 0.00 0.00 0 migration/1 6 270 25742 10514 0.00 0.00 0.00 0 ksoftirqd/1 7 83620 4003799 503 0.00 0.00 0.00 0 events/0 8 92461 4041828 560 0.00 0.00 0.00 0 events/1 9 5 638 9235 0.00 0.00 0.00 0 khelper 61 17938 4541 167018 0.00 0.00 0.00 0 kblockd/0 62 13034 3381 44183 0.00 0.00 0.00 0 kblockd/1 75 0 21 1285 0.00 0.00 0.00 0 khubd 78 0 23 652 0.00 0.00 0.00 0 kseriod 83 7 26 271961 0.00 0.00 0.00 0 kmmcd 120 16 63 264634 0.00 0.00 0.00 0 pdflush 121 6643 526691 4459 0.00 0.00 0.00 0 pdflush 122 0 29 206 0.00 0.00 0.00 0 kswapd0 123 0 31 161 0.00 0.00 0.00 0 aio/0 124 0 33 121 0.00 0.00 0.00 0 aio/1 291 0 35 171 0.00 0.00 0.00 0 kpsmoused 309 0 37 162 0.00 0.00 0.00 0 rpciod/0 310 0 39 128 0.00 0.00 0.00 0 rpciod/1 354 70 417 168637 0.00 0.00 0.00 0 udevd 709 107 3272 32827 0.00 0.00 0.00 0 loop1 725 0 55 1072 0.00 0.00 0.00 0 loop2 741 163 3951 41297 0.00 0.00 0.00 0 loop3 2191 84 623 135617 0.00 0.00 0.00 0 dbus-daemon 2527 0 418 2040 0.00 0.00 0.00 0 portmap
4507R-A#sh processes mem System memory : 2011676K total, 804381K used, 1207295K free, 85476K kernel reserved Lowest(b) : 658784256 PID Text Data Stack Dynamic RSS Total Process 1 252 448 84 412 1616 3616 init 2 0 0 0 0 0 0 kthreadd 3 0 0 0 0 0 0 migration/0 4 0 0 0 0 0 0 ksoftirqd/0 5 0 0 0 0 0 0 migration/1 6 0 0 0 0 0 0 ksoftirqd/1 7 0 0 0 0 0 0 events/0 8 0 0 0 0 0 0 events/1 9 0 0 0 0 0 0 khelper 61 0 0 0 0 0 0 kblockd/0 62 0 0 0 0 0 0 kblockd/1 75 0 0 0 0 0 0 khubd 78 0 0 0 0 0 0 kseriod 83 0 0 0 0 0 0 kmmcd 120 0 0 0 0 0 0 pdflush 121 0 0 0 0 0 0 pdflush 122 0 0 0 0 0 0 kswapd0 123 0 0 0 0 0 0 aio/0 124 0 0 0 0 0 0 aio/1 291 0 0 0 0 0 0 kpsmoused 309 0 0 0 0 0 0 rpciod/0 310 0 0 0 0 0 0 rpciod/1 354 92 180 84 136 484 2188 udevd 709 0 0 0 0 0 0 loop1 725 0 0 0 0 0 0 loop2 741 0 0 0 0 0 0 loop3 2191 424 164 84 132 1172 3180 dbus-daemon 2527 76 160 84 132 532 1788 portmap 2533 76 160 84 132 532 1788 portmap 2571 196 320 84 132 748 2964 xinetd 2575 196 320 84 132 748 2964 xinetd 4302 96 172 84 132 704 2032 vsi work/0 4303 88 168 84 132 360 1700 vsi work/1 4438 72 160 84 132 580 1676 watchdog 4667 84 160 84 132 484 2436 sleep 4988 848 272 84 212 1508 3108 app_printf.sh 5038 148 44512 84 1056 5228 57316 slproc 5254 848 272 84 212 1508 3108 app_printf.sh 5343 212 225496 84 1960 10492 255560 ha_mgr 5349 196 132852 84 708 5868 148024 oscore_p 5353 848 456 84 396 1740 3292 btrace_rotate.s 5358 144 149724 84 1216 5520 166472 hwcontrol 5362 80 124612 84 692 4960 136840 ns_oir_proxy 5365 80 157472 84 728 6124 172312 sysmgr 5371 152 132852 84 708 5812 147884 profiled 5379 308 135128 84 992 9092 154612 os_info_p 5383 620 691456 84 5128 22816 729672 eicored 5387 1132 233692 84 4632 30240 309096 ffm 5397 100 241144 84 1140 8672 261576 plogd 5474 88 166648 84 704 6220 182276 pdsd 5515 104 158864 84 1064 7336 178840 iifd 7968 848 276 84 216 1512 3112 app_printf.sh 7989 848 276 84 216 1512 3112 app_printf.sh 7993 848 276 84 216 1512 3112 app_printf.sh 7996 848 276 84 216 1512 3112 app_printf.sh 7998 848 276 84 216 1512 3112 app_printf.sh 8002 848 276 84 216 1512 3112 app_printf.sh 8005 848 276 84 216 1512 3112 app_printf.sh 8007 848 276 84 216 1512 3112 app_printf.sh 8018 848 272 84 212 1508 3108 app_printf.sh 8021 848 276 84 216 1512 3112 app_printf.sh 8047 848 276 84 216 1512 3112 app_printf.sh 8067 848 276 84 216 1512 3112 app_printf.sh 8079 168 265572 84 1240 8856 290468 installer 8107 228 177096 84 1820 10780 195264 snmp_subagent 8171 84 236 84 132 560 1852 inotifywait 8176 124 132852 84 704 5880 147868 ngdumper_provid 8202 144 231844 84 8308 18244 252956 cli_agent 8219 68 233732 84 1172 8192 254488 dtmgr 8905 848 452 84 392 1732 3288 rollback_timer. 9131 84 236 84 132 588 1852 inotifywait 9438 848 276 84 216 1512 3112 app_printf.sh 9447 848 276 84 216 1512 3112 app_printf.sh 9449 848 276 84 216 1512 3112 app_printf.sh 9479 848 276 84 216 1512 3112 app_printf.sh 9513 848 276 84 216 1512 3112 app_printf.sh 9612 84 124788 84 868 5348 138596 netd 10016 1048 298392 84 1208 12920 330740 licensed 10050 65284 798780 84 244 955940 1013012 iosd 10078 848 276 84 216 1512 3112 app_printf.sh 10374 92 116416 84 684 5048 129620 liin_tap 10544 848 276 84 216 1512 3112 app_printf.sh 10803 848 276 84 216 1512 3112 app_printf.sh 10910 848 500 84 440 1828 3336 oom_poll.sh 10912 160 141252 84 700 7284 227852 cpumemd 10916 264 257528 84 1268 10492 291216 licenseagentd 11353 848 276 84 216 1512 3112 app_printf.sh 11357 848 276 84 216 1512 3112 app_printf.sh 11411 848 276 84 216 1512 3112 app_printf.sh 11586 88 168 84 132 500 1700 klogd 11792 848 276 84 216 1512 3112 app_printf.sh
查看TCP状态
# netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}' TIME_WAIT 352 CLOSE_WAIT 2 FIN_WAIT1 150 FIN_WAIT2 25 ESTABLISHED 97 SYN_RECV 40 CLOSING 2 LAST_ACK 24
链接IP统计
# netstat -ant |awk -F: '{print $8}'|sort |sed '/^$/d'|uniq -c |sort -nr|head -10 89 113.128.130.75 30 183.0.7.92 24 203.93.27.94 19 222.218.106.25 14 113.205.162.59 13 183.39.147.50 13 114.224.155.226 12 123.126.50.77 12 113.106.63.1 11 172.16.1.2 # netstat -ant |awk -F: '{print $8}'|sort |sed '/^$/d'|uniq -c |sort -nr|head -10 | awk '{print $2}'
for ip in $(netstat -ant |awk -F: '{print $8}'|sort |sed '/^$/d'|uniq -c |sort -nr|head -10 | gawk '{print $2}') do echo $ip iptables -I INPUT -p tcp --dport 80 -s $ip -j DROP done
#防止SYN攻击 轻量级预防 iptables -N syn-flood iptables -A INPUT -p tcp --syn -j syn-flood iptables -I syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -j RETURN iptables -A syn-flood -j REJECT #防止DOS太多连接进来,可以允许外网网卡每个IP最多15个初始连接,超过的丢弃 iptables -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 15 -j DROP iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT #用Iptables抵御DDOS (参数与上相同) iptables -A INPUT -p tcp --syn -m limit --limit 12/s --limit-burst 24 -j ACCEPT iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A OUTPUT -p tcp --dport 2049 -j REJECT iptables -A OUTPUT -p tcp -m multiport --dports 22,21 -j REJECT iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "XXDD0S" -j DROP iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "ChinaCache" -j DROP iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "Baiduspider" -j DROP iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "QQDownload" -j DROP iptables -A INPUT -i eth0 -p tcp --dport 80 --syn -m connlimit --connlimit-above 10 -j DROP
Automatic Updates
http://your.server.name/server-status?refresh=N
<Location /directory/file.html> Order allow,deny #Allow from all Deny from all </Location>
确认 Timeout 时间
grep Timeout /usr/local/apache/conf/extra/httpd-default.conf
#!/bin/bash ######################################## # Homepage: http://netkiller.github.com # Author: neo <openunix@163.com> ######################################## BLACK=/tmp/black.lst PIPE=/tmp/pipe pidfile=/tmp/firewall.pid KEYWORD=XXDD0S ######################################## if [ -z $1 ]; then echo "$0 clear|fw|collect|process|close" fi if [ "$1" == "clear" ]; then rm -rf $BLACK rm -rf $PIPE echo "Clear OK!!!" fi if [ "$1" == "close" ]; then kill `cat $pidfile` echo > $pidfile fi if [ ! -f $BLACK ]; then touch $BLACK fi if [ ! -e $PIPE ]; then mkfifo $PIPE fi if [ "$1" == 'fw' ]; then iptables -A OUTPUT -p tcp --dport 2049 -j REJECT iptables -A OUTPUT -p tcp -m multiport --dports 22,21 -j REJECT fi if [ "$1" == "collect" ]; then killall tail ACCESSLOG=/www/logs/www.example.com/access.$(date +'%Y-%m-%d').log for (( ; ; )) do tail -f $ACCESSLOG | grep $KEYWORD | cut -d ' ' -f1 > $PIPE done & echo $! > $pidfile fi if [ "$1" == "process" ]; then for (( ; ; )) do while read line do grep $line ${BLACK} if [ $? -eq 1 ] ; then echo $line >> ${BLACK} iptables -I INPUT -p tcp --dport 80 -s $line -j DROP fi done < $PIPE done & echo $! >> $pidfile fi