1, download php
apt install php or
yum install php
2. Use the php command to determine the ip attribution
vi ip.php
<?php
$ip="192.168.1.109";
$json=file_get_contents('http://ip.taobao.com/service/getIpInfo.php?ip='.$ip);
$arr=json_decode($json);
echo $arr->data->country;
echo $arr->data->area;
echo $arr->data->region;
echo $arr->data->city;
echo $arr->data->isp;
?>
Test: php ip.php
3.1 Check whether the login IP is included in the file normal_ip.txt
#!/bin/bash
for i in `who | grep "(" | cut -d "(" -f 2 | cut -d ")" -f 1`
do
count=`echo $i | grep "[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}" | wc -l`
if [ $count -ne 1 ];then
ip=`arp -a $i | cut -d "(" -f 2 | cut -d ")" -f 1`
else
ip=$i
be
count=`grep $ip normal_ip.txt | wc -l`
if [ $count -ne 1 ];then
sudo sed -i '2s@^.*$@$ip="'$ip'";@' ip.php
extremely_address=`sudo php ip.php`
hostname=`hostname`
echo "$ip abnormally logs in to host $hostname, attribution: $extremely_address"
be
done
3.2 Detect whether the login IP is included in the file normal_ip.txt, and determine whether the IP belongs to the intranet or Shenzhen
#!/bin/bash
for i in `who | grep "(" | cut -d "(" -f 2 | cut -d ")" -f 1`
do
count=`echo $i | grep "[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}" | wc -l`
if [ $count -ne 1 ];then
ip=`arp -a $i | cut -d "(" -f 2 | cut -d ")" -f 1`
else
ip=$i
be
count=`grep $ip normal_ip.txt | wc -l`
if [ $count -ne 1 ];then
sudo sed -i '2s@^.*$@$ip="'$ip'";@' ip.php
extremely_address=`sudo php ip.php`
hostname=`hostname`
count=`echo $extremely_address | grep 内网 | wc -l`
count2=`echo $extremely_address | grep Shenzhen | wc -l`
if [ $count -eq 0 -a $count2 -eq 0];then
echo "$ip abnormal login $hostname, attribution: $extremely_address"
else
echo "$ip normally logs into $hostname, attribution: $extremely_address"
be
be
done
4. crontab executes the above command every minute