1, download php
apt install php or
yum install php
2. Use the php command to determine the ip attribution
vi ip.php
<?php $ip="192.168.1.109"; $json=file_get_contents('http://ip.taobao.com/service/getIpInfo.php?ip='.$ip); $arr=json_decode($json); echo $arr->data->country; echo $arr->data->area; echo $arr->data->region; echo $arr->data->city; echo $arr->data->isp; ?>
Test: php ip.php
3.1 Check whether the login IP is included in the file normal_ip.txt
#!/bin/bash for i in `who | grep "(" | cut -d "(" -f 2 | cut -d ")" -f 1` do count=`echo $i | grep "[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}" | wc -l` if [ $count -ne 1 ];then ip=`arp -a $i | cut -d "(" -f 2 | cut -d ")" -f 1` else ip=$i be count=`grep $ip normal_ip.txt | wc -l` if [ $count -ne 1 ];then sudo sed -i '2s@^.*$@$ip="'$ip'";@' ip.php extremely_address=`sudo php ip.php` hostname=`hostname` echo "$ip abnormally logs in to host $hostname, attribution: $extremely_address" be done
3.2 Detect whether the login IP is included in the file normal_ip.txt, and determine whether the IP belongs to the intranet or Shenzhen
#!/bin/bash for i in `who | grep "(" | cut -d "(" -f 2 | cut -d ")" -f 1` do count=`echo $i | grep "[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}" | wc -l` if [ $count -ne 1 ];then ip=`arp -a $i | cut -d "(" -f 2 | cut -d ")" -f 1` else ip=$i be count=`grep $ip normal_ip.txt | wc -l` if [ $count -ne 1 ];then sudo sed -i '2s@^.*$@$ip="'$ip'";@' ip.php extremely_address=`sudo php ip.php` hostname=`hostname` count=`echo $extremely_address | grep 内网 | wc -l` count2=`echo $extremely_address | grep Shenzhen | wc -l` if [ $count -eq 0 -a $count2 -eq 0];then echo "$ip abnormal login $hostname, attribution: $extremely_address" else echo "$ip normally logs into $hostname, attribution: $extremely_address" be be done
4. crontab executes the above command every minute