watch -n1 -d iptables-save -c     방화벽테이블 보기

watch -n 1 -d "netstat -ant | grep :80 | awk '{print \$5}' | cut -d : -f 1 | sort | uniq | wc -l"    웹접속보기

###########################

Boot_IP_Check

###########################

#!/bin/bash

MAIL_LIST="이메일"
LOG_DIR=/Boot_IP_Check
LOG_FILE=$LOG_DIR/IP_Check
SUBJECT="BOOT IP_Address Change"
MAIL_BODY=""
if [ ! -d $LOG_DIR ]; then

mkdir -p $LOG_DIR

fi

if [ ! -e $LOG_FILE ]; then
        ifconfig eth0 | awk '{ if( NR == "2" ) print $2 }' > $LOG_FILE

        elif [ "`cat $LOG_FILE`" != "`ifconfig eth0 | awk '{ if( NR == "2" ) print $2}'`" ]; then
                rdate -s time.bora.net
                TIME=`date`
                MAIL_BODY="before `cat $LOG_FILE`  |  after `ifconfig eth0 | awk '{ if( NR == "2" ) print $2}'` :::::::::$TIME"
                echo $MAIL_BODY | /bin/mail -s "$SUBJECT" "$MAIL_LIST"
                ifconfig eth0 | awk '{ if( NR == "2" ) print $2 }' > $LOG_FILE
fi

vi /etc/rc.d/rc.local

/Boot_IP_Check

yum install clamav clamd

vi /etc/freshclam.conf 수정

#DatabaseMirror db.xy.clamav.net

DatabaseMirror db.us.clamav.net  로변경

freshclam   <--- clam 업데이트

clamscan -r /home /etc /var /root -l /var/log/clamav/scan.log

vi /etc/crontab

00 04 * * * root clamscan -r /home /etc /var /root -l /var/log/clamav/scan.log

00 03 * * * root freshclam

##############################

LoginFail

#############################

#!/bin/bash

DIR="/LoginFail"

YESTERDAY=`date +%F --date '1 days ago'`

LOG_FILE=$DIR/LF_$YESTERDAY.log

ADMIN_EMAIL="이메일주소"

CNT="200"

if [ ! -d $DIR ]; then
mkdir -p $DIR
fi

echo "Login Failed List $YESTERDAY" > $LOG_FILE

echo "-----------------------------------------------------------" >> $LOG_FILE

echo "Login Failed List : TELNET" >> $LOG_FILE

grep 'FAILED' /var/log/secure | grep "`LANG=C date +'%b %e' --date '1 days ago'`" |awk -F'FROM' '{ print $2 }' $1 | awk -F'FOR' '{ print $1 }' $1 |sort | uniq -c | sort -r >> $LOG_FILE

echo "-----------------------------------------------------------" >> $LOG_FILE

echo "Login Failed List : SSH" >> $LOG_FILE

grep 'Failed' /var/log/secure | grep "`LANG=C date +'%b %e' --date '1 days ago'`" |awk -F'from' '{ print $2 }' $1 | awk -F'port' '{ print $1 }' $1 |sort | uniq -c | sort -r >> $LOG_FILE

if [ -e $LOG_FILE ] ;then
        tmp=`ls -l $LOG_FILE | awk '{print $5}'`
        if [ `expr $tmp` -gt `expr $CNT` ]; then

        cat $LOG_FILE |  mail -s "Login Failed list : $YESTERDAY" $ADMIN_EMAIL
        fi
fi

[root@jo:~]#mkdir /usr/local/src/ntop
[root@jo:~]#cd /usr/local/src/ntop/
[root@jo:/usr/local/src/ntop]#wget http://sourceforge.net/projects/ntop/files/ntop/ntop-3.3.10/ntop-3.3.10.tar.gz/download
 
[root@jo:/usr/local/src/ntop]#tar xvfz ntop-3.3.10.tar.gz
 
[root@jo:/usr/local/src/ntop]#cd ntop-3.3.10
-------------------------------------------------------------------------------
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --help --> 옵션 도움말
Starting ntop automatic configuration system v.0.2.3
Please be patient, there is a lot to do...
This script should help you to configure 'ntop'
Usage: autogen.sh [OPTION]...
-h, --help display this message and exit
-v, --version print version information and exit
-d, --debug enable verbose shell tracing
-p, --purge purge all files which are not part of the source package
--noconfig skip the ./configure execution
Any unrecognized options will be passed to ./configure, e.g.:
./autogen.sh --prefix=/usr
becomes
./configure --prefix=/usr
-------------------------------------------------------------------------------
 
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --prefix=/usr/local/ntop
 
Error! You need to have libevent 1.4.X or better. --> 에러 났다.
--> libevent 1.4 이상 필요하단다.

-------------------------------------------------------------------------------

<libevent 다운로드 및 설치>
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#cd ..
[root@jo:/usr/local/src/ntop]#wget http://www.monkey.org/~provos/libevent-1.4.12-stable.tar.gz
 
[root@jo:/usr/local/src/ntop]#tar xvfz libevent-1.4.12-stable.tar.gz
 
[root@jo:/usr/local/src/ntop/libevent-1.4.12-stable]#./configure && make && make install
 
[root@jo:/usr/local/src/ntop/libevent-1.4.12-stable]#cd ../ntop-3.3.10
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --prefix=/usr/local/ntop
 
configure: error: Unable to find RRD at /usr/local/rrdtool: please use --with-rrd-home=DIR
--> rrdtool 이 없다고 에러 났다 깔아야 된다.

<library 설치>
--> rrdtool을 설치하기 전에 몇 가지 라이브러리들이 설치 되어 있어야 한다.
"Yum install" 명령으로 설치 해준다.
[root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#yum install zlib zlib-devel libpng libpng-devel freetype freetype-devel libart_lgpl libart_lgpl-devel libpcap libpcap-devel ?y
[root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#yum install -y libpcap-*

<rrdtool 다운로드 및 설치>
--> 대표적인 모니터링 툴 MRTG도 이걸 이용.., 라우터 모니터링에도 이용
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#cd ..
[root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.2.tar.gz
 
[root@jo:/usr/local/src/ntop]#tar xvfz rrdtool-1.4.2.tar.gz
 
[root@jo:/usr/local/src/ntop]#cd rrdtool-1.4.2
[root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#./configure --prefix=/usr/local/rrdtool --disable-python --disable-tcl --enable-shared
 
checking whether build environment is sane... configure: error: newly created file is older than distributed files!
Check your system clock
#rdate ?s time.bora.net --> 시간 맞춤.
 
[root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/libs/pixman-0.10.0.tar.gz
[root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/libs/cairo-1.6.4.tar.gz
[root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/libs/pango-1.17.5.tar.gz
[root@jo:/usr/local/src/ntop]yum install libxml2* -y
[root@jo:/usr/local/src/ntop]yum install fontconfig-devel -y
--------------------[root@jo:/usr/local/src/ntop]#yum install glib2 glib2-devel ?y
 
[root@jo:/usr/local/src/ntop]#tar xvfz pixman-0.10.0.tar.gz
[root@jo:/usr/local/src/ntop]#cd pixman-0.10.0
[root@jo:/usr/local/src/ntop/pixman-0.10.0]#./configure && make && make install
 
[root@jo:/usr/local/src/ntop]#export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/lib/pkgconfig
 
[root@jo:/usr/local/src/ntop/pixman-0.10.0]#cd ..
[root@jo:/usr/local/src/ntop]#tar xvfz cairo-1.6.4.tar.gz
[root@jo:/usr/local/src/ntop]#cd cairo-1.6.4
[root@jo:/usr/local/src/ntop/cairo-1.6.4]#./configure && make && make install

------------------------------------------------------------------------------------------------------------------------------
[root@jo:/usr/local/src/ntop]#tar xvfz pango-1.17.5.tar.gz
[root@jo:/usr/local/src/ntop]#cd pango-1.17.5
[root@jo:/usr/local/src/ntop/pango-1.17.5]#./configure && make && make install
 
<rrdtool설치>
[root@jo:/usr/local/src/ntop/pango-1.17.5]#cd ../rrdtool-1.4.2
[root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#./configure --prefix=/usr/local/rrdtool --disable-python --disable-tcl --enable-shared && make && make install

<ntop 다시 설치>

[root@jo:/usr/local/src/ntop/ntop-3.3.10]#wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.6.tar.gz
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#tar xvzf GeoIP-1.4.6.tar.gz
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#cd GeoIP-1.4.6/
[root@jo:/usr/local/src/ntop/ntop-3.3.10/GeoIP-1.4.6]#./configure --prefix=/usr/local/GeoIP
[root@jo:/usr/local/src/ntop/ntop-3.3.10/GeoIP-1.4.6]#make && make install
 
[root@jo:/usr/local/src/ntop/ntop-3.3.10/GeoIP-1.4.6]#cd /usr/local/src/ntop/ntop-3.3.10
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#mkdir m4
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --prefix=/usr/local/ntop
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#make && make install
 
[root@jo:/usr/local/ntop]#ls
bin etc include lib man share var
--> 설치된 디렉토리 확인
 
[root@jo:/usr/local/ntop]#ls etc/
GeoIP.conf GeoIP.conf.default ntop
[root@jo:/usr/local/ntop]#cd etc/ntop/
[root@jo:/usr/local/ntop/etc/ntop]#ls
GeoIPASNum.dat GeoLiteCity.dat ntop-cert.pem oui.txt.gz specialMAC.txt.gz
 
[root@jo:/usr/local/ntop/bin]#mkdir -p /usr/local/ntop/var/ntop/rrd
--------------------------------------------------------------------------------------------------------------------------
[root@jo:/usr/local/ntop]#useradd -M -c "NTOP USER" -s /bin/false ntop
[root@jo:/usr/local/ntop]#chown -R ntop.ntop /usr/local/ntop/
[root@jo:/usr/local/ntop]#/usr/local/ntop/bin/ntop -u ntop -w 3001 -P /usr/local/ntop -r 60 -i eth0
--> -w : http, -W : https
--> -r : refresh
--> -i : 모니터링할 인터페이스
--> -d : 데몬으로 띄움. 지금은 ?d 안 붙임.
 
[root@jo:~]#ps -ef |grep ntop
ntop 2236 21466 0 14:34 pts/0 00:00:00 /usr/local/ntop/bin/ntop -u ntop -w 3001 -P /usr/local/ntop -r 60 -i eth0
root 2402 2387 0 14:36 pts/1 00:00:00 grep --color ntop
[root@jo:~]#netstat -nlp |grep ntop
tcp 0 0 :::3001 :::* LISTEN 2236/ntop
udp 0 0 0.0.0.0:34641 0.0.0.0:* 2236/ntop
 
#iptables -A INPUT -p tcp --sport 1024: -m multiport --dports 3000,3001 -m state --state NEW -j ACCEPT

---------------------------------------------------------------------------------------------------------------------------

ntop설치.txt

#yum -y install iftop  트래픽 툴

vi /etc/init.d/shaping

#!/bin/bash
#  tc uses the following units when passed as a parameter.
#  kbps: Kilobytes per second
#  mbps: Megabytes per second
#  kbit: Kilobits per second
#  mbit: Megabits per second
#  bps: Bytes per second
#       Amounts of data can be specified in:
#       kb or k: Kilobytes
#       mb or m: Megabytes
#       mbit: Megabits
#       kbit: Kilobits
#  To get the byte figure from bits, divide the number by 8 bit
#
# tc명령어의 위치를 입력합니다.

TC=/sbin/tc

# 대역폭을 제한하기 위한 이더넷 인터페이스를 지정합니다.
IF=eth0

# 다운로드 속도 제한
DNLD=1mbit

# 업로드 속도 제한
UPLD=1mbit

# 속도 제한을 적용할 호스트의 IP 주소
IP=192.168.0.1
IP=192.168.0.2

# Filter options for limiting the intended interface.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"

start() {
# We'll use Hierarchical Token Bucket (HTB) to shape bandwidth.
# For detailed configuration options, please consult Linux man
# page.

$TC qdisc add dev $IF root handle 1: htb default 30
$TC class add dev $IF parent 1: classid 1:1 htb rate $DNLD
$TC class add dev $IF parent 1: classid 1:2 htb rate $UPLD
$U32 match ip dst $IP/32 flowid 1:1
$U32 match ip src $IP/32 flowid 1:2

# The first line creates the root qdisc, and the next two lines
# create two child qdisc that are to be used to shape download
# and upload bandwidth.
#
# The 4th and 5th line creates the filter to match the interface.
# The 'dst' IP address is used to limit download speed, and the
# 'src' IP address is used to limit upload speed.
}

stop() {

# Stop the bandwidth shaping.
$TC qdisc del dev $IF root

restart() {
# Self-explanatory.
    stop
    sleep 1
    start
}

show() {

# Display status of traffic control status.
$TC -s qdisc ls dev $IF

}

case "$1" in
  start)
    echo -n "Starting bandwidth shaping: "
    start    echo "done"
    ;;
  stop)
    echo -n "Stopping bandwidth shaping: "
    stop    echo "done"
    ;;
  restart)
    echo -n "Restarting bandwidth shaping: "
    restart    echo "done"
    ;;
  show)    echo "Bandwidth shaping status for $IF:"
    show
    echo ""
    ;;
  *)    pwd=$(pwd)
    echo "Usage: tc.bash {start|stop|restart|show}"
    ;;
esac

exit 0