Guys, Here is the script that you can use :
----
This script is used to identify overloading script (http & non-http scripts)...
----
#!/bin/bash
echo
echo "Date/Time CPU% ProcessID ScriptPath"
echo =======================================================================
ps auxw | grep -v root | grep -v /mysql/ | awk '{printf "%d %d\n",$2,$3}' | \
( while read psid cpu; do
if [ $cpu -gt 2 ]; then
lsof -p $psid | grep /home | grep -v sess_ | awk '{print $9}' | \
( while read script_path; do
date +"%m/%d/%Y %H:%M:%S $cpu $psid $script_path"
date +"%m/%d/%Y %H:%M:%S,$cpu,$psid,$script_path" >> /root/sshd-script-overload.log
#mail -s "DDOS ALRT: ESTAB atk on domain.com from $ips ($num conn). Atkr blocked." root < /dev/null > /dev/null
done
)
fi
done
)
echo
----
try :)
No comments:
Post a Comment