weeheavy/scripts
1
0
Fork 0
Code Pull requests Activity

added RBL generate/expire scripts

Browse source
This commit is contained in:
Oliver Ladner 2015-03-26 19:55:39 +01:00
commit 72eb89db56
2 changed files with 89 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
rbl_expire.sh Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
# Expire old RBL records
maxage=48 # in hours
rblfile="/var/lib/rbldns/list"
egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
if [ "$timestamp" -gt "0" ]; then
expiration=$(echo "$(date +%s)-$timestamp" | bc)
if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
#echo "entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
fi
fi
done

72
rbl_generate.sh Executable file
View file

@ -0,0 +1,72 @@
#!/usr/bin/env bash
#
# Add new IPs to the RBL based on these detection methods:
# - undetected spam
# - fail2ban banned IPs
rblfile="/var/lib/rbldns/list"
static_white=(
$(dig +short lugh.ch)
$(dig +short oxi.ch)
$(dig +short mail.zephry.ch)
)
static_black=(
$(dig +tcp +short www.uceprotect.net)
$(dig +tcp +short rsync-mirrors.uceprotect.net)
$(dig +tcp +short www.backscatterer.org)
$(dig +tcp +short unimatrix.admins.ws)
)
fail2ban_chains=(
fail2ban-dovecot
fail2ban-sasl
fail2ban-ssh
fail2ban-tumgreyspf
fail2ban-turbine
fail2ban-apache-digest
)
ban_ip=()
# Get currently banned IPs from fail2ban chains
iptables_banned=(
$(for chain in ${fail2ban_chains[@]}; do
/sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0'
done | sort | uniq)
)
if [ ! -s $rblfile ]; then
cat << HEREDOC > $rblfile
# Automatically generated at $(date) by $0
:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details
# Whitelist
$(printf "!%s # 0\n" "${static_white[@]}")
# Blacklist
$(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}")
# Recent temporary listings
HEREDOC
fi
for ip in ${iptables_banned[@]}; do
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
# Add IP
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # Service login attempts/SPAM/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
fi
done
# Generate user friendly web-viewable list
echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt
cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt
for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do
newtime=$(date -d @$(echo $timestamp))
sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt
done
#for location in $(awk {'print $1'} /var/www/virtsrv/lugh.ch/list.txt | grep -v ^IP); do
# geoip=$(geoiplookup $location | sed 's/.*Edition: //')
# sed -i "s/\(^$location.*\)/\1\t$geoip/" /var/www/virtsrv/lugh.ch/list.txt
#done