weeheavy/scripts
1
0
Fork 0
Code Pull requests Activity

rbl: several updates:

Browse source 
- update fail2ban chains
 - generate test entry
 - catch spam trap mails resp. IP addresses
This commit is contained in:
root 2015-04-12 15:10:34 +02:00
commit d22b815127
1 changed files with 23 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

32
rbl_generate.sh
View file

@ -20,8 +20,8 @@ fail2ban_chains=(
fail2ban-dovecot fail2ban-dovecot
fail2ban-sasl fail2ban-sasl
fail2ban-ssh fail2ban-ssh
fail2ban-ssh-ddos
fail2ban-tumgreyspf fail2ban-tumgreyspf
fail2ban-turbine
fail2ban-apache-digest fail2ban-apache-digest
) )
ban_ip=() ban_ip=()
@ -33,10 +33,18 @@ $(for chain in ${fail2ban_chains[@]}; do
done | sort | uniq) done | sort | uniq)
) )
# Get SPAM mails sent to specific address
spamtrap=(
$(grep ' -> <hans.muster@lugh.ch>' /var/log/mail.log | awk -F'[][]' '{print $6}')
)
if [ ! -s $rblfile ]; then if [ ! -s $rblfile ]; then
cat << HEREDOC > $rblfile cat << HEREDOC > $rblfile
# Automatically generated at $(date) by $0 # Automatically generated at $(date) by $0
# Test entry http://www.ietf.org/rfc/rfc5782.txt
127.0.0.2 RFC 5782 test entry # 0 # Test entry RFC 5782
:127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details :127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details
# Whitelist # Whitelist
$(printf "!%s # 0\n" "${static_white[@]}") $(printf "!%s # 0\n" "${static_white[@]}")
@ -48,25 +56,31 @@ $(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}")
HEREDOC HEREDOC
fi fi
# fail2ban
for ip in ${iptables_banned[@]}; do for ip in ${iptables_banned[@]}; do
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
# Add IP # Add IP
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # Service login attempts/SPAM/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
fi
done
# SPAM
for ip in ${spamtrap[@]}; do
if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
# Add IP
geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
printf "%s # $(date +%s) # SPAM mail to trap address # %s\n" "$ip" "$geoip" >> $rblfile
fi fi
done done
# Generate user friendly web-viewable list # Generate user friendly web-viewable list
echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt
cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt echo -e "--\t\t-----------\t\t\t-----\t\t\t\t\t-------" >> /var/www/virtsrv/lugh.ch/list.txt
cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | grep -v '^127.0.0.2' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt
for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do
newtime=$(date -d @$(echo $timestamp)) newtime=$(date -d @$(echo $timestamp))
sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt
done done
#for location in $(awk {'print $1'} /var/www/virtsrv/lugh.ch/list.txt | grep -v ^IP); do
# geoip=$(geoiplookup $location | sed 's/.*Edition: //')
# sed -i "s/\(^$location.*\)/\1\t$geoip/" /var/www/virtsrv/lugh.ch/list.txt
#done