rbl: sanity checks, fix IPv6 geoip lookup, extend duration to 4 days
This commit is contained in:
parent
553fe88d83
commit
5eae4ecb43
2 changed files with 10 additions and 5 deletions
|
|
@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
# Expire old RBL records
|
# Expire old RBL records
|
||||||
|
|
||||||
maxage=48 # in hours
|
maxage=96 # in hours
|
||||||
rblfile="/var/lib/rbldns/list"
|
rblfile="/var/lib/rbldns/list"
|
||||||
|
|
||||||
egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
|
egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
|
||||||
|
|
@ -10,7 +10,7 @@ egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'
|
||||||
expiration=$(echo "$(date +%s)-$timestamp" | bc)
|
expiration=$(echo "$(date +%s)-$timestamp" | bc)
|
||||||
|
|
||||||
if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
|
if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
|
||||||
#echo "entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
|
#echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
|
||||||
sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
|
sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,7 @@ fi
|
||||||
|
|
||||||
# fail2ban
|
# fail2ban
|
||||||
for ip in ${iptables_banned[@]}; do
|
for ip in ${iptables_banned[@]}; do
|
||||||
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
|
if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
|
||||||
# Add IP
|
# Add IP
|
||||||
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
||||||
printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
|
printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
|
||||||
|
|
@ -67,9 +67,14 @@ done
|
||||||
|
|
||||||
# SPAM
|
# SPAM
|
||||||
for ip in ${spamtrap[@]}; do
|
for ip in ${spamtrap[@]}; do
|
||||||
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
|
if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
|
||||||
# Add IP
|
# Add IP
|
||||||
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
# IPv4 or IPv6 switch
|
||||||
|
if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then
|
||||||
|
geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
||||||
|
else
|
||||||
|
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
|
||||||
|
fi
|
||||||
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
|
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue