Thursday, 2 February 2012

Some important single command line script


To find out no of hits to all domains in a cpanel server
-----------------------------------------------------------------------------
# for i in `cut -d: -f1 /etc/trueuserdomains`;do echo "$i= `cut -d' ' -f1 /usr/local/apache/domlogs/$i|wc -l`" >> file;done

To find out no of hits to a domain
-------------------------------------------------------
# cut -d " "  -f1 /usr/local/apache/domlogs/domain.com |sort|uniq -c |sort -n


To find out the IP's that are taking more than 100 connections to a domain
----------------------------------------------------------------------------------------------

# cut -d " "  -f1 /usr/local/apache/domlogs/domain.com |sort|uniq -c|sort -n |awk  '{if ($1 > 100) print $2}'

Block the ips whose no of connections greater than 100 to a domain
--------------------------------------------------------------------------------------
# for i in `cut -d " "  -f1 /usr/local/apache/domlogs/domain.com |sort|uniq -c|sort -n |awk  '{if ($1 > 100) print $2}'`; do iptables -A INPUT -s $i -j DROP; done ; /etc/init.d/iptables save


Block the ips whose no of connections greater than 10 incase of SYN flood attacks
---------------------------------------------------------------------------------------------------------
# for i in `netstat -anp|grep -i syn|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -n|awk '{if ($1 > 10) print $2}'`;do iptables -A INPUT -s $i -j DROP;done;/etc/init.d/iptables save




No comments:

Post a Comment