diff --git a/rbl_expire.sh b/rbl_expire.sh new file mode 100755 index 0000000..c5c532c --- /dev/null +++ b/rbl_expire.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# +# Expire old RBL records + +maxage=48 # in hours +rblfile="/var/lib/rbldns/list" + +egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do + if [ "$timestamp" -gt "0" ]; then + expiration=$(echo "$(date +%s)-$timestamp" | bc) + + if [ "$expiration" -gt "$(($maxage * 3600))" ]; then + #echo "entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)" + sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?" + fi + fi +done diff --git a/rbl_generate.sh b/rbl_generate.sh new file mode 100755 index 0000000..31a5be1 --- /dev/null +++ b/rbl_generate.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# +# Add new IPs to the RBL based on these detection methods: +# - undetected spam +# - fail2ban banned IPs + +rblfile="/var/lib/rbldns/list" +static_white=( +$(dig +short lugh.ch) +$(dig +short oxi.ch) +$(dig +short mail.zephry.ch) +) +static_black=( +$(dig +tcp +short www.uceprotect.net) +$(dig +tcp +short rsync-mirrors.uceprotect.net) +$(dig +tcp +short www.backscatterer.org) +$(dig +tcp +short unimatrix.admins.ws) +) +fail2ban_chains=( +fail2ban-dovecot +fail2ban-sasl +fail2ban-ssh +fail2ban-tumgreyspf +fail2ban-turbine +fail2ban-apache-digest +) +ban_ip=() + +# Get currently banned IPs from fail2ban chains +iptables_banned=( +$(for chain in ${fail2ban_chains[@]}; do + /sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0' +done | sort | uniq) +) + + +if [ ! -s $rblfile ]; then +cat << HEREDOC > $rblfile +# Automatically generated at $(date) by $0 +:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details +# Whitelist +$(printf "!%s # 0\n" "${static_white[@]}") + +# Blacklist +$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") + +# Recent temporary listings +HEREDOC +fi + +for ip in ${iptables_banned[@]}; do + if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then + # Add IP + geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) + printf "%s # $(date +%s) # Service login attempts/SPAM/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile + fi +done + +# Generate user friendly web-viewable list +echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt +cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt + +for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do + newtime=$(date -d @$(echo $timestamp)) + sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt + +done + +#for location in $(awk {'print $1'} /var/www/virtsrv/lugh.ch/list.txt | grep -v ^IP); do +# geoip=$(geoiplookup $location | sed 's/.*Edition: //') +# sed -i "s/\(^$location.*\)/\1\t$geoip/" /var/www/virtsrv/lugh.ch/list.txt +#done