脚本开源下载地址 :
https://github.com/jiuqi9997/autouam
通过检测系统负载(cpu或load)自动开启cloudflare UAM和challenge(验证码)
注意!默认challenge=1,将在开启UAM的同时开启验证码。如果你不想,请将它设为0
不要修改或删除 status.txt 和 filter.txt 和 ruleid.txt,记录攻击状态和规则 id 的。
#!/bin/bash # # Usage: # screen -dmS autouam && # screen -x -S autouam -p 0 -X stuff "bash /root/autouam.sh" && # screen -x -S autouam -p 0 -X stuff $'n' # mode="load" # 两种模式可选,一:cpu 二:load challenge="1" # 是否同时开启验证码质询 设为 1 即开启 keeptime="30" # ≈开盾最小时间,如 60 则开盾 60 秒内负载降低不会关,60 秒后关 interval="0.5" # 检测间隔时间,默认 0.5 秒 email="눈_눈" # CloudFlare 账号邮箱 api_key="눈_눈" # CloudFlare API KEY zone_id="눈_눈" # 区域 ID 在域名的概述页面获取 default_security_level="high" # 默认安全等级 关闭 UAM 时将会把安全等级调整为它 api_url="https://api.cloudflare.com/client/v4/zones/$zone_id/settings/security_level" # API 的地址 api_url1="https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules" # API 的地址之二 api_url2="https://api.cloudflare.com/client/v4/zones/$zone_id/filters" # API 的地址之三 # 安装依赖 if [ ! $(which jq 2> /dev/null) ]; then echo "jq not found!" if [ -f "/usr/bin/yum" ] && [ -d "/etc/yum.repos.d" ]; then yum install jq -y elif [ -f "/usr/bin/apt-get" ] && [ -f "/usr/bin/dpkg" ]; then apt-get install jq -y fi fi for((;;)) do if [ "$mode" = "cpu" ]; then check=90 #5 秒内 CPU 连续超过 80 则开启 UAM【可以根据您的服务器负荷情况调整】 #系统空闲时间 TIME_INTERVAL=5 time=$(date "+%Y-%m-%d %H:%M:%S") LAST_CPU_INFO=$(cat /proc/stat | grep -w cpu | awk '{print $2,$3,$4,$5,$6,$7,$8}') LAST_SYS_IDLE=$(echo $LAST_CPU_INFO | awk '{print $4}') LAST_TOTAL_CPU_T=$(echo $LAST_CPU_INFO | awk '{print $1+$2+$3+$4+$5+$6+$7}') sleep ${TIME_INTERVAL} NEXT_CPU_INFO=$(cat /proc/stat | grep -w cpu | awk '{print $2,$3,$4,$5,$6,$7,$8}') NEXT_SYS_IDLE=$(echo $NEXT_CPU_INFO | awk '{print $4}') NEXT_TOTAL_CPU_T=$(echo $NEXT_CPU_INFO | awk '{print $1+$2+$3+$4+$5+$6+$7}') #系统空闲时间 SYSTEM_IDLE=`echo ${NEXT_SYS_IDLE} ${LAST_SYS_IDLE} | awk '{print $1-$2}'` #CPU 总时间 TOTAL_TIME=`echo ${NEXT_TOTAL_CPU_T} ${LAST_TOTAL_CPU_T} | awk '{print $1-$2}'` load=`echo ${SYSTEM_IDLE} ${TOTAL_TIME} | awk '{printf "%.2f", 100-$1/$2*100}'` else load=$(cat /proc/loadavg | colrm 5) check=$(cat /proc/cpuinfo | grep "processor" | wc -l) fi if [ ! -f "status.txt" ];then echo "" > status.txt else status=$(cat status.txt) fi if [ -f "ruleid.txt" ]; then ruleid=$(cat ruleid.txt) fi if [ -f "filterid.txt" ]; then filterid=$(cat filterid.txt) fi now=$(date +%s) time=$(date +%s -r status.txt) echo "当前$mode 负载:$load" if [[ $status -eq 1 ]] then echo "UAM ON!" if [ "$challenge" -eq 1 ]; then echo "Challenge ON!" fi else echo "UAM OFF!" if [ "$challenge" -eq 1 ]; then echo "Challenge OFF!" fi fi newtime=`expr $now - $time` closetime=`expr $keeptime - $newtime` if [[ $load <$check ]]&&[[ $status -eq 1 ]]&&[[ $newtime -gt $keeptime ]] then echo -e "n$mode 负载低于$check,当前已开盾超过规定时间$newtime 秒,尝试调整至默认安全等级($default_security_level)" # Disable Under Attack Mode result=$(curl -X PATCH "$api_url" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --data "{ "value": "$default_security_level" }" --silent | jq -r '.success') if [ "$result" = "true" ]; then echo 0 > status.txt echo -e "n 成功" fi if [ "$challenge" -eq 1 ]; then result=$(curl -X DELETE "$api_url1/$ruleid" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --silent) result1=$(curl -X DELETE "$api_url2/$filterid" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --silent) if [ $(echo $result | jq -r '.success') -a $(echo $result1 | jq -r '.success') ]; then echo -e "n 验证码关闭成功" fi fi elif [[ $load <$check ]] then echo -e "n$mode 负载低于$check,不做任何改变,状态持续了$newtime 秒" if [[ $status -eq 1 ]] then echo -e "将于$closetime 秒后调整安全等级至$default_security_level" fi elif [[ $load >$check ]] && [[ $status -eq 1 ]] && [[ $newtime -gt $keeptime ]] then echo -e "n$mode 负载高于$check,当前已开启 UAM 超过$keeptime 秒,UAM 无效" elif [[ $load >$check ]] && [[ $status -eq 1 ]] then echo -e "n$mode 负载高于$check,当前已开启($newtime 秒),请再观察" elif [[ $load >$check ]] then echo -e "n$mode 负载高于$check,开启 UAM" # Enable Under Attack Mode result=$(curl -X PATCH "$api_url" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --data "{ "value": "under_attack" }" --silent | jq -r '.success') if [ "$result" = "true" ]; then echo 1 > status.txt echo -e "n 成功" fi if [ "$challenge" -eq 1 ]; then while : do result=$(curl -X POST "$api_url2" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --data '[{ "expression": "(not cf.client.bot)" }]' --silent) if [ $(echo $result | jq -r '.success') == "true" ]; then filterid=$(echo $result | jq -r '.result[].id') else filterid=$(echo $result | jq -r '.errors[].meta.id') for i in $filterid do result1=$(curl -X DELETE "$api_url2/$i" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --silent) done if [ $(echo $result1 | jq -r '.success') ]; then echo "n 冲突的 filter 删除成功" fi fi if [ $(echo $result | jq -r '.success') == "true" ]; then break fi done result=$(curl -X POST "$api_url1" -H "X-Auth-Email: $email" -H "X-Auth-Key: $api_key" -H "Content-Type: application/json" --data "[{ "action": "challenge", "filter": { "id": "$filterid", "expression": "(not cf.client.bot)" } }]" --silent) if [ $(echo $result | jq -r '.success') == "true" ]; then ruleid=$(echo $result | jq -r '.result[].id') echo "$filterid" > filterid.txt echo "$ruleid" > ruleid.txt echo -e "验证码开启成功,规则 id:$ruleid" fi fi else echo 0 > status.txt fi sleep $interval clear done
使用方法
- 在
dash.cloudflare.com
生成过去apikey,将它们填入脚本内。 - 执行
screen -dmS autouam && screen -x -S autouam -p 0 -X stuff "bash /root/autouam.sh" && screen -x -S autouam -p 0 -X stuff $'n'
启动脚本,注意替换脚本路径。 - 执行
screen -r autouam -d
查看运行状态,ctrl+A+D断开screen,脚本继续运行。
- THE END -
最后修改:2021年7月11日
共有 0 条评论