#!/usr/bin/env bash # # Add new IPs to the RBL based on these detection methods: # - undetected spam # - fail2ban banned IPs rblfile="/var/lib/rbldns/list" static_white=( $(dig +short lugh.ch) $(dig +short oxi.ch) $(dig +short mail.zephry.ch) ) static_black=( $(dig +tcp +short www.uceprotect.net) $(dig +tcp +short rsync-mirrors.uceprotect.net) $(dig +tcp +short www.backscatterer.org) $(dig +tcp +short unimatrix.admins.ws) ) fail2ban_chains=( fail2ban-dovecot fail2ban-sasl fail2ban-ssh fail2ban-tumgreyspf fail2ban-turbine fail2ban-apache-digest ) ban_ip=() # Get currently banned IPs from fail2ban chains iptables_banned=( $(for chain in ${fail2ban_chains[@]}; do /sbin/iptables -nL $chain | grep '^DROP' | awk {'print $4'} | grep -v '0.0.0.0/0' done | sort | uniq) ) if [ ! -s $rblfile ]; then cat << HEREDOC > $rblfile # Automatically generated at $(date) by $0 :127.0.0.2:$ is listed because of misbehaviour. See http://lugh.ch/dnsbl.html for details # Whitelist $(printf "!%s # 0\n" "${static_white[@]}") # Blacklist $(printf "%s # 0 # Infinite listing (UCEPROTECT)\n" "${static_black[@]}") # Recent temporary listings HEREDOC fi for ip in ${iptables_banned[@]}; do if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then # Add IP geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'}) printf "%s # $(date +%s) # Service login attempts/SPAM/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile fi done # Generate user friendly web-viewable list echo -e "IP\t\tDate listed\t\t\tCause\t\t\t\t\t\tCountry" > /var/www/virtsrv/lugh.ch/list.txt cat $rblfile | grep -v -i uceprotect | grep '^[1-9]' | sed 's/ # /\t/g' >> /var/www/virtsrv/lugh.ch/list.txt for timestamp in $(grep '^[0-9]' /var/www/virtsrv/lugh.ch/list.txt | awk {'print $2'}); do newtime=$(date -d @$(echo $timestamp)) sed -i "s/$timestamp/$newtime/" /var/www/virtsrv/lugh.ch/list.txt done #for location in $(awk {'print $1'} /var/www/virtsrv/lugh.ch/list.txt | grep -v ^IP); do # geoip=$(geoiplookup $location | sed 's/.*Edition: //') # sed -i "s/\(^$location.*\)/\1\t$geoip/" /var/www/virtsrv/lugh.ch/list.txt #done