weeheavy/scripts
1
0
Fork 0
Code Pull requests Activity

add IPv6 support to RBL scripts

Browse source
This commit is contained in:
Oliver Ladner 2015-06-27 13:00:25 +02:00
commit 523bf67d5c
2 changed files with 84 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

32
rbl_expire.sh
View file

@ -2,16 +2,28 @@
# #
# Expire old RBL records # Expire old RBL records
listtype=$1
if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then
echo "first parameter is mandatory and must be either 4 or 6."
exit 1
fi
rblfile="/var/lib/rbldns/listv$listtype"
maxage=96 # in hours maxage=96 # in hours
rblfile="/var/lib/rbldns/list"
egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do if [ $listtype -eq 4 ]; then
if [ "$timestamp" -gt "0" ]; then egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
expiration=$(echo "$(date +%s)-$timestamp" | bc) if [ "$timestamp" -gt "0" ]; then
expiration=$(echo "$(date +%s)-$timestamp" | bc)
if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
#echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
fi
fi
done
fi
if [ "$expiration" -gt "$(($maxage * 3600))" ]; then # FIXME: ipv6 regex needed
#echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" if [ $listtype -eq 6 ]; then
sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" :
fi fi
fi
done

88
rbl_generate.sh
View file

@ -3,18 +3,38 @@
# Add new IPs to the RBL based on these detection methods: # Add new IPs to the RBL based on these detection methods:
# - undetected spam # - undetected spam
# - fail2ban banned IPs # - fail2ban banned IPs
#
# $1 parameter tells if it goes to an IPv4 or IPv6 list
listtype=$1
if ! [[ "$listtype" =~ ^[4,6]+$ ]]; then
echo "first parameter is mandatory and must be either 4 or 6."
exit 1
fi
rblfile="/var/lib/rbldns/listv$listtype"
function dnsq {
if [ $listtype == "4" ]; then
echo "$(dig +short $1)"
elif [ $listtype == "6" ]; then
echo "$(dig +short AAAA $1)"
else
echo "unknown, fix it"
fi
}
rblfile="/var/lib/rbldns/list"
static_white=( static_white=(
$(dig +short lugh.ch) $(dnsq lugh.ch)
$(dig +short oxi.ch) $(dnsq ipv6.lugh.ch)
$(dig +short mail.zephry.ch) $(dnsq oxi.ch)
$(dnsq mail.zephry.ch)
$(dnsq moni-und-oli.ch)
) )
static_black=( static_black=(
$(dig +tcp +short www.uceprotect.net) $(dnsq www.uceprotect.net)
$(dig +tcp +short rsync-mirrors.uceprotect.net) $(dnsq rsync-mirrors.uceprotect.net)
$(dig +tcp +short www.backscatterer.org) $(dnsq www.backscatterer.org)
$(dig +tcp +short unimatrix.admins.ws) $(dnsq unimatrix.admins.ws)
) )
fail2ban_chains=( fail2ban_chains=(
fail2ban-dovecot fail2ban-dovecot
@ -38,12 +58,18 @@ spamtrap=(
$(grep ' -> <hans.muster@lugh.ch>' /var/log/mail.log | awk -F'[][]' '{print $6}') $(grep ' -> <hans.muster@lugh.ch>' /var/log/mail.log | awk -F'[][]' '{print $6}')
) )
if [ $listtype -eq 4 ]; then
testentry="127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782"
elif [ $listtype -eq 6 ]; then
testentry="::ffff:7f00:2 RFC 5782 test entry # 0 # Test entry RFC 5782"
fi
if [ ! -s $rblfile ]; then if [ ! -s $rblfile ]; then
cat << HEREDOC > $rblfile cat << HEREDOC > $rblfile
# Automatically generated at $(date) by $0 # Automatically generated at $(date) by $0 $1
# Test entry http://www.ietf.org/rfc/rfc5782.txt # Test entry http://www.ietf.org/rfc/rfc5782.txt
127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782 $testentry
:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details :127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details
# Whitelist # Whitelist
@ -56,14 +82,16 @@ $(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}")
HEREDOC HEREDOC
fi fi
# fail2ban # fail2ban (IPv4 only)
for ip in ${iptables_banned[@]}; do if [ $listtype -eq 4 ]; then
if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then for ip in ${iptables_banned[@]}; do
# Add IP if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) # Add IP
printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
fi printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
done fi
done
fi
# SPAM # SPAM
for ip in ${spamtrap[@]}; do for ip in ${spamtrap[@]}; do
@ -71,21 +99,29 @@ for ip in ${spamtrap[@]}; do
# Add IP # Add IP
# IPv4 or IPv6 switch # IPv4 or IPv6 switch
if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then
geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) if [ $listtype -eq 6 ]; then
geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
fi
else else
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) if [ $listtype -eq 4 ]; then
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
fi
fi fi
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
fi fi
done done
# Generate user friendly web-viewable list # Generate user friendly web-viewable list
echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/listv$listtype.txt
echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/list.txt echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/listv$listtype.txt
cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/listv$listtype.txt
for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do for timestamp in $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv$listtype.txt | awk {'print $2'}); do
newtime=$(date -d @$(echo $timestamp)) newtime=$(date -d @$(echo $timestamp))
sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/listv$listtype.txt
done done
# Concatenate IPv4 and IPv6 lists together
cat /var/www/virtsrv/lugh.ch/listv4.txt $(grep -e '^[0-9]' /var/www/virtsrv/lugh.ch/listv6.txt) > /var/www/virtsrv/lugh.ch/list.txt