From 523bf67d5cb2aecab817add63277fd6c6acc98a5 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Sat, 27 Jun 2015 13:00:25 +0200 Subject: [PATCH] add IPv6 support to RBL scripts --- rbl_expire.sh | 32 ++++++++++++------ rbl_generate.sh | 88 ++++++++++++++++++++++++++++++++++--------------- 2 files changed, 84 insertions(+), 36 deletions(-) diff --git a/rbl_expire.sh b/rbl_expire.sh index e590c13..d3f784b 100755 --- a/rbl_expire.sh +++ b/rbl_expire.sh @@ -2,16 +2,28 @@ # # Expire old RBL records +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" maxage=96 # in hours -rblfile="/var/lib/rbldns/list" -egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do - if [ "$timestamp" -gt "0" ]; then - expiration=$(echo "$(date +%s)-$timestamp" | bc) +if [ $listtype -eq 4 ]; then + egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do + if [ "$timestamp" -gt "0" ]; then + expiration=$(echo "$(date +%s)-$timestamp" | bc) + + if [ "$expiration" -gt "$(($maxage * 3600))" ]; then + #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" + fi + fi + done +fi - if [ "$expiration" -gt "$(($maxage * 3600))" ]; then - #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" - sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" - fi - fi -done +# FIXME: ipv6 regex needed +if [ $listtype -eq 6 ]; then + : +fi diff --git a/rbl_generate.sh b/rbl_generate.sh index 786dd0a..5bab221 100755 --- a/rbl_generate.sh +++ b/rbl_generate.sh @@ -3,18 +3,38 @@ # Add new IPs to the RBL based on these detection methods: # - undetected spam # - fail2ban banned IPs +# +# $1 parameter tells if it goes to an IPv4 or IPv6 list + +listtype=$1 +if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then + echo "first parameter is mandatory and must be either 4 or 6." + exit 1 +fi +rblfile="/var/lib/rbldns/listv$listtype" + +function dnsq { + if [ $listtype == "4" ]; then + echo "$(dig +short $1)" + elif [ $listtype == "6" ]; then + echo "$(dig +short AAAA $1)" + else + echo "unknown, fix it" + fi +} -rblfile="/var/lib/rbldns/list" static_white=( -$(dig +short lugh.ch) -$(dig +short oxi.ch) -$(dig +short mail.zephry.ch) +$(dnsq lugh.ch) +$(dnsq ipv6.lugh.ch) +$(dnsq oxi.ch) +$(dnsq mail.zephry.ch) +$(dnsq moni-und-oli.ch) ) static_black=( -$(dig +tcp +short www.uceprotect.net) -$(dig +tcp +short rsync-mirrors.uceprotect.net) -$(dig +tcp +short www.backscatterer.org) -$(dig +tcp +short unimatrix.admins.ws) +$(dnsq www.uceprotect.net) +$(dnsq rsync-mirrors.uceprotect.net) +$(dnsq www.backscatterer.org) +$(dnsq unimatrix.admins.ws) ) fail2ban_chains=( fail2ban-dovecot @@ -38,12 +58,18 @@ spamtrap=( $(grep ' -> ' /var/log/mail.log | awk -F'[][]' '{print $6}') ) +if [ $listtype -eq 4 ]; then + testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782" +elif [ $listtype -eq 6 ]; then + testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782" +fi + if [ ! -s $rblfile ]; then cat << HEREDOC > $rblfile -# Automatically generated at $(date) by $0 +# Automatically generated at $(date) by $0 $1 # Test entry http://www.ietf.org/rfc/rfc5782.txt -127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782 +$testentry :127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details # Whitelist @@ -56,14 +82,16 @@ $(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") HEREDOC fi -# fail2ban -for ip in ${iptables_banned[@]}; do - if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then - # Add IP - geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) - printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile - fi -done +# fail2ban (IPv4 only) +if [ $listtype -eq 4 ]; then + for ip in ${iptables_banned[@]}; do + if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi + done +fi # SPAM for ip in ${spamtrap[@]}; do @@ -71,21 +99,29 @@ for ip in ${spamtrap[@]}; do # Add IP # IPv4 or IPv6 switch if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then - geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + if [ $listtype -eq 6 ]; then + geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi else - geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + if [ $listtype -eq 4 ]; then + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile + fi fi - printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile fi done # Generate user friendly web-viewable list -echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt -echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/list.txt -cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt +echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt -for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do +for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do newtime=$(date -d @$(echo $timestamp)) - sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt + sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt done + +# Concatenate IPv4 and IPv6 lists together +cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt