python检测异常ip，并查询ip详细信息

#!/usr/local/bin/python3
# coding:utf-8

import string, subprocess, send_mail
from time import strftime, gmtime, sleep, re
import urllib.request, re


def filter_tags(htmlstr):
    re_cdata = re.compile('//<![CDATA[[^>]*//]]>', re.I)  # 匹配CDATA
    re_script = re.compile('<s*script[^>]*>[^<]*<s*/s*scripts*>', re.I)  # Script
    re_style = re.compile('<s*style[^>]*>[^<]*<s*/s*styles*>', re.I)  # style
    re_br = re.compile('<brs*?/?>')  # 处理换行
    re_h = re.compile('</?w+[^>]*>')  # HTML标签
    re_comment = re.compile('<!--[^>]*-->')  # HTML注释
    s = re_cdata.sub('', htmlstr)  # 去掉CDATA
    s = re_script.sub('', s)  # 去掉SCRIPT
    s = re_style.sub('', s)  # 去掉style
    s = re_br.sub('
', s)  # 将br转换为换行
    s = re_h.sub('', s)  # 去掉HTML 标签
    s = re_comment.sub('', s)
    blank_line = re.compile('
+')
    s = blank_line.sub('
', s)
    return s


def ip_info(ip):
    # url = 'http://ip.taobao.com/service/getIpInfo.php?ip=%s' % ip
    url = 'http://www.ip.cn/index.php?ip=%s' % ip
    f = urllib.request.Request(url)
    f.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0')
    response = ((urllib.request.urlopen(f)).read()).decode('utf-8')
    ip_information = (filter_tags(response)).split('
	')[19]
    return ip_information


tcptmpStr = (
((subprocess.Popen("ss -antp |grep -v LISTEN", shell=True, stdout=subprocess.PIPE)).stdout.read()).decode()).strip()
whiteIp = ['127.0.0.1', 'x.x.x.x', 'x.x.x.x']
whitePort = ['80', '22', '3306']
# udptmpStr = ((subprocess.check_output(["netstat", "-nulp"])).decode('utf-8')).strip()
# get tcp connect
#
# def getTCPservice(tcptmpStr):
tmpList = tcptmpStr.split("
")
del tmpList[0]
# newList = []

for i in tmpList:
    val = i.split()
    del val[0:3]

    valTmpip = (val[1].split(":"))[-2]  # remote addr
    valTmpprot = (val[0].split(":"))[-1]  # local port

    if valTmpip not in whiteIp and valTmpprot not in whitePort:
        with open('/var/openresty/nginx/logs/suspicious.txt', 'a') as f:
            current_time = '#================<< Capture Time : ' + strftime("%Y-%m-%d %H:%M:%S",
                                                                            gmtime()) + ' >>==============
'
            f.write(current_time)
            f.write(val[2] + '
')
            f.write(valTmpip + '
')
            sleep(5)
            ipInfo = ip_info(valTmpip)
            f.write(ipInfo)
            # send_mail.sendMail('/var/openresty/nginx/logs/suspicious.txt')