Slackware 12.2 - Squid filedescriptors control - Squid 2.7 ========================================================== Public domain ******************************************************************************** ### Prepare kernel source (2.6.27.7) cd /usr/src wget "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.7.tar.bz2" tar xf linux-2.6.27.7.tar.bz2 ln -sfn linux-2.6.27.7 linux cd linux make mrproper cp /boot/config .config make oldconfig make all make modules_install ******************************************************************************** ### ipset installation cd /usr/src wget -c http://ipset.netfilter.org/ipset-4.5.tar.bz2 tar xf ipset-4.5.tar.bz2 cd ipset-4.5 make KERNEL_DIR=/usr/src/linux make KERNEL_DIR=/usr/src/linux install make KERNEL_DIR=/usr/src/linux clean ******************************************************************************** ### iptables upgrade (1.4.2 to 1.4.7) cd /usr/src mkdir iptables-pkg cd iptables-pkg wget "ftp://ftp.netfilter.org/pub/iptables/iptables-1.4.7.tar.bz2" wget "http://slackware.at/data/slackware-12.2/source/n/iptables/iptables.SlackBuild" wget "http://slackware.at/data/slackware-12.2/source/n/iptables/slack-desc" sed -i -e 's,VERSION=1.4.2,VERSION=1.4.7,' iptables.SlackBuild chmod +x iptables.SlackBuild ./iptables.SlackBuild mv /tmp/iptables-1.4.7-i486-1.tgz . upgradepkg iptables-1.4.7-i486-1.tgz ******************************************************************************** ### /root/scripts/filedescriptors.sh #!/bin/bash MAX="2000" WEBREDIR="172.16.20.1:8000" PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin" # Delete previous mangle rules while :; do NUM=$(iptables -t mangle -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1) if [ "${NUM}" == "" ]; then break; fi iptables -t mangle -D PREROUTING ${NUM} done # Delete previous nat rules while :; do NUM=$(iptables -t nat -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1) if [ "${NUM}" == "" ]; then break; fi iptables -t nat -D PREROUTING ${NUM} done # Delete previous ipset rules ipset -F ipset -X # Add new rules ipset -N virus-redirect iptree --timeout 60 iptables -t mangle -I PREROUTING -m set --match-set virus-redirect src -j ACCEPT iptables -t nat -I PREROUTING -m set --match-set virus-redirect src -p tcp --dport 80 --j DNAT --to ${WEBREDIR} # Searching for bad users forever sleep 5 while :; do /usr/local/squid/bin/squidclient mgr:filedescriptors > /tmp/filedescriptors.squid tail -n +14 /tmp/filedescriptors.squid |\ awk '{print$6}' |\ sed -e 's,:.*,,' |\ sort | uniq -c | sort | tail -100 > /tmp/filedescriptors.tmp COUNT=$(cat /tmp/filedescriptors.tmp | wc -l) for I in $(seq 1 $COUNT); do LINE=$(tail -$I /tmp/filedescriptors.tmp | head -1) NUM=$(echo $LINE | awk '{print$1}') IP=$(echo $LINE | awk '{print$2}') if [ "$NUM" -ge "$MAX" ]; then ipset -q -A virus-redirect $IP if [ "$?" == "0" ]; then NOW=$(date +"%F %T") printf "%s : %5d %s\n" "$NOW" "$NUM" "$IP" fi fi done rm -f /tmp/filedescriptors.squid /tmp/filedescriptors.tmp sleep 1 done ******************************************************************************** ### /etc/rc.d/rc.local /usr/bin/env SCREENDIR="/root/.screen" \ /usr/bin/screen -dmS descriptors /root/scripts/filedescriptors.sh ******************************************************************************** ### /var/www/htdocs/index.html

کاربر عزیز

کامپیوتر شما به ویروسهای شبکه ای آلوده می باشد

لطفا با استفاده از آنتی ویروس، کامپیوتر خود را پاکسازی فرمایید

با تشکر

******************************************************************************** _BY: Pejman Moghadam_ _TAG: squid, filedescriptor, ipset, kernel, iptables, screen_ _DATE: 2011-08-29 23:33:33_